develop #35
3
.env
3
.env
@@ -1,2 +1,3 @@
|
|||||||
POSTGRES_DB=abomey_db
|
POSTGRES_DB=abomey_db
|
||||||
POSTGRES_USER=infocad_user
|
POSTGRES_USER=infocad_user
|
||||||
|
POSTGRES_PASSWORD=W5fwD({9*q53
|
||||||
@@ -7,36 +7,39 @@ on:
|
|||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
deploy:
|
deploy:
|
||||||
runs-on: self-hosted
|
runs-on: [self-hosted, prod]
|
||||||
|
|
||||||
# 🔒 PROTECTION : empêche toute exécution via `act`
|
|
||||||
#if: ${{ !env.ACT }}
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
# 1) S'assurer que Node.js est installé
|
# 1) Vérifier Node.js (pas d'installation dynamique)
|
||||||
- name: Ensure Node.js is installed
|
- name: Verify Node.js
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
if command -v node >/dev/null 2>&1; then
|
if command -v node >/dev/null 2>&1; then
|
||||||
echo "Node.js already installed: $(node -v)"
|
echo "Node.js version:"
|
||||||
|
node -v
|
||||||
else
|
else
|
||||||
apk update && apk add --no-cache nodejs
|
echo "❌ Node.js is not installed on the runner"
|
||||||
echo "Node.js installed: $(node -v)"
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 2) S'assurer que Java 17 & Maven sont installés
|
# 2) Vérifier Java 17 & Maven (préinstallés sur le VPS)
|
||||||
- name: Ensure Java & Maven are installed
|
- name: Verify Java & Maven
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
if ! command -v java >/dev/null 2>&1; then
|
if ! command -v java >/dev/null 2>&1; then
|
||||||
apk update && apk add --no-cache openjdk17-jdk
|
echo "❌ Java is not installed on the runner"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
java -version
|
|
||||||
|
|
||||||
if ! command -v mvn >/dev/null 2>&1; then
|
if ! command -v mvn >/dev/null 2>&1; then
|
||||||
apk update && apk add --no-cache maven
|
echo "❌ Maven is not installed on the runner"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "Java version:"
|
||||||
|
java -version
|
||||||
|
echo "Maven version:"
|
||||||
mvn -version
|
mvn -version
|
||||||
|
|
||||||
# 3) Détecter JAVA_HOME dynamiquement
|
# 3) Détecter JAVA_HOME dynamiquement
|
||||||
@@ -45,6 +48,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
JAVA_BIN=$(readlink -f "$(command -v java)")
|
JAVA_BIN=$(readlink -f "$(command -v java)")
|
||||||
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
|
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
|
||||||
|
echo "Detected JAVA_HOME=$JAVA_HOME"
|
||||||
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
|
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
# 4) Checkout du dépôt
|
# 4) Checkout du dépôt
|
||||||
@@ -60,26 +64,17 @@ jobs:
|
|||||||
echo "JAVA_HOME=$JAVA_HOME"
|
echo "JAVA_HOME=$JAVA_HOME"
|
||||||
java -version
|
java -version
|
||||||
mvn -version
|
mvn -version
|
||||||
|
docker --version
|
||||||
|
docker-compose --version || docker compose version
|
||||||
|
|
||||||
# 6) S'assurer que Docker CLI & docker-compose sont installés
|
# 6) Export de la configuration NON sensible
|
||||||
- name: Ensure Docker & docker-compose are installed
|
|
||||||
shell: sh
|
|
||||||
run: |
|
|
||||||
if command -v docker >/dev/null 2>&1; then
|
|
||||||
docker version || true
|
|
||||||
else
|
|
||||||
apk update && apk add --no-cache docker docker-compose
|
|
||||||
docker version || true
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 7) Fournir la configuration NON sensible
|
|
||||||
- name: Export database configuration
|
- name: Export database configuration
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
|
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
|
||||||
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
|
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
# 8) Création des secrets runtime (PRODUCTION)
|
# 7) Création des secrets runtime (PRODUCTION)
|
||||||
- name: Create runtime secrets
|
- name: Create runtime secrets
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
@@ -89,31 +84,37 @@ jobs:
|
|||||||
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
|
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
|
||||||
chmod 600 secrets/*
|
chmod 600 secrets/*
|
||||||
|
|
||||||
# 9) Build Maven (jar final)
|
# 8) Build Maven (jar final)
|
||||||
- name: Build backend with Maven
|
- name: Build backend with Maven
|
||||||
shell: sh
|
shell: sh
|
||||||
run: mvn -B clean package -DskipTests
|
run: |
|
||||||
|
mvn -B clean package -DskipTests
|
||||||
|
|
||||||
# 10) Déploiement avec docker-compose (prod)
|
# 9) Déploiement avec docker-compose (prod)
|
||||||
- name: Deploy using docker-compose (prod)
|
- name: Deploy using docker-compose (prod)
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
export COMPOSE_PROJECT_NAME=fiscad
|
export COMPOSE_PROJECT_NAME=fiscad
|
||||||
|
|
||||||
cd "$GITHUB_WORKSPACE"
|
cd "$GITHUB_WORKSPACE"
|
||||||
pwd
|
echo "Workspace: $(pwd)"
|
||||||
ls -l secrets/
|
ls -l secrets/
|
||||||
|
|
||||||
docker-compose -f docker-compose-prod.yml pull || true
|
docker-compose -f docker-compose-prod.yml pull || true
|
||||||
docker-compose -f docker-compose-prod.yml down --remove-orphans
|
docker-compose -f docker-compose-prod.yml down --remove-orphans
|
||||||
docker-compose -f docker-compose-prod.yml up -d --build
|
docker-compose -f docker-compose-prod.yml up -d --build
|
||||||
|
|
||||||
# 11) ✅ TEST BLOQUANT : connexion PostgreSQL
|
# 10) Test bloquant : connexion PostgreSQL
|
||||||
- name: Test database connection
|
- name: Test database connection
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
echo "⏳ Waiting for PostgreSQL to be ready..."
|
echo "⏳ Waiting for PostgreSQL to be ready..."
|
||||||
sleep 10
|
for i in $(seq 1 12); do
|
||||||
|
if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
echo "🔍 Testing database connection..."
|
echo "🔍 Testing database connection..."
|
||||||
docker exec fiscad-db sh -c "
|
docker exec fiscad-db sh -c "
|
||||||
@@ -124,13 +125,15 @@ jobs:
|
|||||||
-c 'SELECT 1;'
|
-c 'SELECT 1;'
|
||||||
"
|
"
|
||||||
|
|
||||||
# 12) Nettoyage des secrets (OBLIGATOIRE)
|
# 11) Nettoyage des secrets (sécurité OBLIGATOIRE)
|
||||||
- name: Cleanup secrets
|
- name: Cleanup secrets
|
||||||
if: always()
|
if: always()
|
||||||
shell: sh
|
shell: sh
|
||||||
run: rm -rf secrets
|
run: |
|
||||||
|
rm -rf secrets
|
||||||
|
|
||||||
# 13) Nettoyage des images Docker inutilisées
|
# 12) Nettoyage des images Docker inutilisées
|
||||||
- name: Cleanup unused Docker images
|
- name: Cleanup unused Docker images
|
||||||
shell: sh
|
shell: sh
|
||||||
run: docker image prune -f || true
|
run: |
|
||||||
|
docker image prune -f || true
|
||||||
@@ -11,44 +11,51 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
# 1) Node.js
|
# 1) Vérifier Node.js (aucune installation automatique en CI natif)
|
||||||
- name: Ensure Node.js is installed
|
- name: Verify Node.js
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
if command -v node >/dev/null 2>&1; then
|
if command -v node >/dev/null 2>&1; then
|
||||||
echo "Node.js already installed: $(node -v)"
|
echo "Node.js version:"
|
||||||
|
node -v
|
||||||
else
|
else
|
||||||
apk update && apk add --no-cache nodejs
|
echo "❌ Node.js is not installed on the runner"
|
||||||
echo "Node.js installed: $(node -v)"
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# 2) Java & Maven
|
# 2) Vérifier Java & Maven (préinstallés sur le VPS)
|
||||||
- name: Ensure Java & Maven are installed
|
- name: Verify Java & Maven
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
if ! command -v java >/dev/null 2>&1; then
|
if ! command -v java >/dev/null 2>&1; then
|
||||||
apk update && apk add --no-cache openjdk17-jdk
|
echo "❌ Java is not installed on the runner"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
java -version
|
|
||||||
|
|
||||||
if ! command -v mvn >/dev/null 2>&1; then
|
if ! command -v mvn >/dev/null 2>&1; then
|
||||||
apk update && apk add --no-cache maven
|
echo "❌ Maven is not installed on the runner"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "Java version:"
|
||||||
|
java -version
|
||||||
|
echo "Maven version:"
|
||||||
mvn -version
|
mvn -version
|
||||||
|
|
||||||
# 3) JAVA_HOME
|
# 3) Détecter JAVA_HOME dynamiquement
|
||||||
- name: Detect JAVA_HOME dynamically
|
- name: Detect JAVA_HOME dynamically
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
JAVA_BIN=$(readlink -f "$(command -v java)")
|
JAVA_BIN=$(readlink -f "$(command -v java)")
|
||||||
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
|
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
|
||||||
|
echo "Detected JAVA_HOME=$JAVA_HOME"
|
||||||
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
|
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
# 4) Checkout
|
# 4) Checkout du dépôt
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
# 5) Secrets runtime (CI)
|
# 5) Création des secrets runtime (CI uniquement)
|
||||||
- name: Create runtime secrets
|
- name: Create runtime secrets
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
@@ -58,21 +65,15 @@ jobs:
|
|||||||
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
|
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
|
||||||
chmod 600 secrets/*
|
chmod 600 secrets/*
|
||||||
|
|
||||||
# 6) Vérification outils
|
# 6) Build & tests Maven
|
||||||
- name: Show Java & Maven versions
|
- name: Build & Test with Maven
|
||||||
shell: sh
|
shell: sh
|
||||||
run: |
|
run: |
|
||||||
echo "JAVA_HOME=$JAVA_HOME"
|
mvn -B clean verify
|
||||||
java -version
|
|
||||||
mvn -version
|
|
||||||
|
|
||||||
# 7) Build & tests
|
# 7) Nettoyage des secrets (sécurité)
|
||||||
- name: Build with Maven
|
|
||||||
shell: sh
|
|
||||||
run: mvn -B clean verify
|
|
||||||
|
|
||||||
# 8) Nettoyage
|
|
||||||
- name: Cleanup secrets
|
- name: Cleanup secrets
|
||||||
if: always()
|
if: always()
|
||||||
shell: sh
|
shell: sh
|
||||||
run: rm -rf secrets
|
run: |
|
||||||
|
rm -rf secrets
|
||||||
@@ -32,4 +32,5 @@ public interface ParcelleGeomService {
|
|||||||
void linkParcelleToParcelleGeom(String nupProvisoir,Long parcelleId);
|
void linkParcelleToParcelleGeom(String nupProvisoir,Long parcelleId);
|
||||||
|
|
||||||
///List<ParcelleGeom> getListParcelle(String nupProvisoir);
|
///List<ParcelleGeom> getListParcelle(String nupProvisoir);
|
||||||
|
//toto
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user