fiscad/.gitea/workflows/cd-main.yml

name: CD - Deploy on main

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: self-hosted

    steps:

      # 1) S'assurer que Node.js est installé
      - name: Ensure Node.js is installed
        shell: sh
        run: |
          if command -v node >/dev/null 2>&1; then
            echo "Node.js already installed: $(node -v)"
          else
            apk update && apk add --no-cache nodejs
            echo "Node.js installed: $(node -v)"
          fi

      # 2) S'assurer que Java 17 & Maven sont installés
      - name: Ensure Java & Maven are installed
        shell: sh
        run: |
          if ! command -v java >/dev/null 2>&1; then
            apk update && apk add --no-cache openjdk17-jdk
          fi
          java -version

          if ! command -v mvn >/dev/null 2>&1; then
            apk update && apk add --no-cache maven
          fi
          mvn -version

      # 3) Détecter JAVA_HOME dynamiquement
      - name: Detect JAVA_HOME dynamically
        shell: sh
        run: |
          JAVA_BIN=$(readlink -f "$(command -v java)")
          JAVA_HOME=$(dirname "$(dirname "$JAVA_BIN")")
          echo "JAVA_HOME=$JAVA_HOME" >> "$GITHUB_ENV"

      # 4) Checkout du dépôt
      - name: Checkout repository
        uses: actions/checkout@v4

      # 5) Informations de contexte (sans secrets)
      - name: Show context information
        shell: sh
        run: |
          echo "Commit:"
          git rev-parse HEAD
          echo "JAVA_HOME=$JAVA_HOME"
          java -version
          mvn -version

      # 6) S'assurer que Docker CLI & docker-compose sont installés
      - name: Ensure Docker & docker-compose are installed
        shell: sh
        run: |
          if command -v docker >/dev/null 2>&1; then
            docker version || true
          else
            apk update && apk add --no-cache docker docker-compose
            docker version || true
          fi

      # 7) Fournir la configuration NON sensible (OBLIGATOIRE)
      #    (POSTGRES_DB et POSTGRES_USER ne sont PAS des secrets)
      - name: Export database configuration
        shell: sh
        run: |
          echo "POSTGRES_DB_FISCAD=fiscad_db" >> "$GITHUB_ENV"
          echo "POSTGRES_USER_FISCAD=fiscad_user" >> "$GITHUB_ENV"

      # 8) Création des secrets runtime (PRODUCTION)
      - name: Create runtime secrets
        shell: sh
        run: |
          mkdir -p secrets
          echo "${{ secrets.DEFAULT_USER_NAME }}" > secrets/defaultUserName.txt
          echo "${{ secrets.DEFAULT_USER_PASSWORD }}" > secrets/defaultUserPassword.txt
          echo "${{ secrets.POSTGRES_PASSWORD_FISCAD }}" > secrets/postgresPassword.txt
          chmod 600 secrets/*

      # 9) Build Maven (jar final)
      - name: Build backend with Maven
        shell: sh
        run: mvn -B clean package -DskipTests

      # 10) Déploiement avec docker-compose (prod)
      - name: Deploy using docker-compose (prod)
        shell: sh
        run: |
          export COMPOSE_PROJECT_NAME=fiscad

          docker-compose -f docker-compose-prod.yml pull || true
          docker-compose -f docker-compose-prod.yml down --remove-orphans
          docker-compose -f docker-compose-prod.yml up -d --build

      # 11) Nettoyage des secrets (OBLIGATOIRE)
      - name: Cleanup secrets
        if: always()
        shell: sh
        run: rm -rf secrets

      # 12) Nettoyage des images Docker inutilisées
      - name: Cleanup unused Docker images
        shell: sh
        run: docker image prune -f || true