judaur2005/fiscad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
555f13508e759f1d2c7372ec9f17d3b3b9b91a06
fiscad/.gitea/workflows/cd-main.yml
Aurince AKAKPO bd900a93c6
All checks were successful
CI - Build & Test (develop) / build-and-test (pull_request) Successful in 28s
Details
correction docker composer avec les secrets
2025-12-18 11:35:18 +01:00

135 lines
4.0 KiB
YAML
Raw Blame History

name: CD - Deploy on main
on:
push:
branches:
- main
jobs:
deploy:
runs-on: self-hosted
# 🔒 PROTECTION : empêche toute exécution via `act`
if: ${{ !env.ACT }}
steps:
# 1) S'assurer que Node.js est installé
- name: Ensure Node.js is installed
shell: sh
run: |
if command -v node >/dev/null 2>&1; then
echo "Node.js already installed: $(node -v)"
else
apk update && apk add --no-cache nodejs
echo "Node.js installed: $(node -v)"
fi
# 2) S'assurer que Java 17 & Maven sont installés
- name: Ensure Java & Maven are installed
shell: sh
run: |
if ! command -v java >/dev/null 2>&1; then
apk update && apk add --no-cache openjdk17-jdk
fi
java -version
if ! command -v mvn >/dev/null 2>&1; then
apk update && apk add --no-cache maven
fi
mvn -version
# 3) Détecter JAVA_HOME dynamiquement
- name: Detect JAVA_HOME dynamically
shell: sh
run: |
JAVA_BIN=$(readlink -f "$(command -v java)")
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
# 4) Checkout du dépôt
- name: Checkout repository
uses: actions/checkout@v4
# 5) Informations de contexte (sans secrets)
- name: Show context information
shell: sh
run: |
echo "Commit:"
git rev-parse HEAD
echo "JAVA_HOME=$JAVA_HOME"
java -version
mvn -version
# 6) S'assurer que Docker CLI & docker-compose sont installés
- name: Ensure Docker & docker-compose are installed
shell: sh
run: |
if command -v docker >/dev/null 2>&1; then
docker version || true
else
apk update && apk add --no-cache docker docker-compose
docker version || true
fi
# 7) Fournir la configuration NON sensible
- name: Export database configuration
shell: sh
run: |
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
# 8) Création des secrets runtime (PRODUCTION)
- name: Create runtime secrets
shell: sh
run: |
mkdir -p secrets
echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt
echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
chmod 600 secrets/*
# 9) Build Maven (jar final)
- name: Build backend with Maven
shell: sh
run: mvn -B clean package -DskipTests
# 10) Déploiement avec docker-compose (prod)
- name: Deploy using docker-compose (prod)
shell: sh
run: |
export COMPOSE_PROJECT_NAME=fiscad
cd "$GITHUB_WORKSPACE"
ls -l secrets/
docker-compose -f docker-compose-prod.yml pull || true
docker-compose -f docker-compose-prod.yml down --remove-orphans
docker-compose -f docker-compose-prod.yml up -d --build
# 11) ✅ TEST BLOQUANT : connexion PostgreSQL
- name: Test database connection
shell: sh
run: |
echo "⏳ Waiting for PostgreSQL to be ready..."
sleep 10
echo "🔍 Testing database connection..."
docker exec fiscad-db sh -c "
export PGPASSWORD=\$(cat /run/secrets/postgresPassword) &&
psql -h localhost \
-U ${POSTGRES_USER_FISCAD} \
-d ${POSTGRES_DB_FISCAD} \
-c 'SELECT 1;'
"
# 12) Nettoyage des secrets (OBLIGATOIRE)
- name: Cleanup secrets
if: always()
shell: sh
run: rm -rf secrets
# 13) Nettoyage des images Docker inutilisées
- name: Cleanup unused Docker images
shell: sh
run: docker image prune -f || true
Reference in New Issue View Git Blame Copy Permalink