judaur2005/fiscad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d6d278d786fac551460e4a1551b42d755ce9a73
fiscad/.gitea/workflows/cd-main.yml
Aurince AKAKPO 19a9c6a33a
All checks were successful
CI - Build & Test (develop) / build-and-test (pull_request) Successful in 26s
Details
correction profil actif
2025-12-20 10:59:23 +01:00

140 lines
4.1 KiB
YAML
Raw Blame History

name: CD - Deploy on main
on:
push:
branches:
- main
jobs:
deploy:
runs-on: [self-hosted, prod]
steps:
# 1) Vérifier Node.js (pas d'installation dynamique)
- name: Verify Node.js
shell: sh
run: |
if command -v node >/dev/null 2>&1; then
echo "Node.js version:"
node -v
else
echo "❌ Node.js is not installed on the runner"
exit 1
fi
# 2) Vérifier Java 17 & Maven (préinstallés sur le VPS)
- name: Verify Java & Maven
shell: sh
run: |
if ! command -v java >/dev/null 2>&1; then
echo "❌ Java is not installed on the runner"
exit 1
fi
if ! command -v mvn >/dev/null 2>&1; then
echo "❌ Maven is not installed on the runner"
exit 1
fi
echo "Java version:"
java -version
echo "Maven version:"
mvn -version
# 3) Détecter JAVA_HOME dynamiquement
- name: Detect JAVA_HOME dynamically
shell: sh
run: |
JAVA_BIN=$(readlink -f "$(command -v java)")
JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
echo "Detected JAVA_HOME=$JAVA_HOME"
echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"
# 4) Checkout du dépôt
- name: Checkout repository
uses: actions/checkout@v4
# 5) Informations de contexte (sans secrets)
- name: Show context information
shell: sh
run: |
echo "Commit:"
git rev-parse HEAD
echo "JAVA_HOME=$JAVA_HOME"
java -version
mvn -version
docker --version
docker-compose --version || docker compose version
# 6) Export de la configuration NON sensible
- name: Export database configuration
shell: sh
run: |
echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"
# 7) Création des secrets runtime (PRODUCTION)
- name: Create runtime secrets
shell: sh
run: |
mkdir -p secrets
echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt
echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt
echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
chmod 600 secrets/*
# 8) Build Maven (jar final)
- name: Build backend with Maven
shell: sh
run: |
mvn -B clean package -DskipTests
# 9) Déploiement avec docker-compose (prod)
- name: Deploy using docker-compose (prod)
shell: sh
run: |
export COMPOSE_PROJECT_NAME=fiscad
cd "$GITHUB_WORKSPACE"
echo "Workspace: $(pwd)"
cat secrets/postgresPassword.txt
ls -l secrets/
docker-compose -f docker-compose-prod.yml pull || true
docker-compose -f docker-compose-prod.yml down --remove-orphans
docker-compose -f docker-compose-prod.yml up -d --build
# 10) Test bloquant : connexion PostgreSQL
- name: Test database connection
shell: sh
run: |
echo "⏳ Waiting for PostgreSQL to be ready..."
for i in $(seq 1 12); do
if docker exec fiscad-db pg_isready -U ${POSTGRES_USER_FISCAD} >/dev/null 2>&1; then
break
fi
sleep 5
done
echo "🔍 Testing database connection..."
docker exec fiscad-db sh -c "
export PGPASSWORD=\$(cat /run/secrets/postgresPassword) &&
psql -h localhost \
-U ${POSTGRES_USER_FISCAD} \
-d ${POSTGRES_DB_FISCAD} \
-c 'SELECT 1;'
"
# 11) OK Nettoyage des secrets (sécurité OBLIGATOIRE)
- name: Cleanup secrets
if: always()
shell: sh
run: |
rm -rf secrets
# 12) Nettoyage des images Docker inutilisées
- name: Cleanup unused Docker images
shell: sh
run: |
docker image prune -f || true
Reference in New Issue View Git Blame Copy Permalink