name: CD - Deploy on main on: push: branches: - main jobs: deploy: runs-on: [self-hosted, prod] steps: # 1) Vérifier Node.js (pas d'installation dynamique) - name: Verify Node.js shell: sh run: | if command -v node >/dev/null 2>&1; then echo "Node.js version:" node -v else echo "❌ Node.js is not installed on the runner" exit 1 fi # 2) Vérifier Java 17 & Maven (préinstallés sur le VPS) - name: Verify Java & Maven shell: sh run: | if ! command -v java >/dev/null 2>&1; then echo "❌ Java is not installed on the runner" exit 1 fi if ! command -v mvn >/dev/null 2>&1; then echo "❌ Maven is not installed on the runner" exit 1 fi echo "Java version:" java -version echo "Maven version:" mvn -version # 3) Détecter JAVA_HOME dynamiquement - name: Detect JAVA_HOME dynamically shell: sh run: | JAVA_BIN=$(readlink -f "$(command -v java)") JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")") echo "Detected JAVA_HOME=$JAVA_HOME" echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV" # 4) Checkout du dépôt - name: Checkout repository uses: actions/checkout@v4 # 5) Informations de contexte (sans secrets) - name: Show context information shell: sh run: | echo "Commit:" git rev-parse HEAD echo "JAVA_HOME=$JAVA_HOME" java -version mvn -version docker --version docker-compose --version || docker compose version # 6) Export de la configuration NON sensible - name: Export database configuration shell: sh run: | echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV" echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV" # 7) Création des secrets runtime (PRODUCTION) - name: Create runtime secrets shell: sh run: | mkdir -p secrets echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt chmod 600 secrets/* # 8) Build Maven (jar final) - name: Build backend with Maven shell: sh run: | mvn -B clean package -DskipTests # 9) Déploiement avec docker-compose (prod) - name: Deploy using docker-compose (prod) shell: sh run: | export COMPOSE_PROJECT_NAME=fiscad cd "$GITHUB_WORKSPACE" echo "Workspace: $(pwd)" cat secrets/postgresPassword.txt echo "POSTGRES_DB_FISCAD=$POSTGRES_DB_FISCAD" echo "POSTGRES_USER_FISCAD=$POSTGRES_USER_FISCAD" ls -l secrets/ docker-compose -f docker-compose-prod.yml pull || true docker-compose -f docker-compose-prod.yml down --remove-orphans docker-compose -f docker-compose-prod.yml up -d --build # 10) Test bloquant : connexion PostgreSQL - name: Test database connection shell: sh run: | echo "⏳ Waiting for PostgreSQL to be ready..." for i in $(seq 1 12); do if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then break fi sleep 5 done echo "🔍 Testing database connection..." docker exec fiscad-db sh -c " export PGPASSWORD=\$(cat /run/secrets/postgresPassword) && psql -h localhost \ -U ${POSTGRES_USER_FISCAD} \ -d ${POSTGRES_DB_FISCAD} \ -c 'SELECT 1;' " # 11) OK Nettoyage des secrets (sécurité OBLIGATOIRE) - name: Cleanup secrets if: always() shell: sh run: | rm -rf secrets # 12) Nettoyage des images Docker inutilisées - name: Cleanup unused Docker images shell: sh run: | docker image prune -f || true