fix(compose): depends_on service_started — le step healthcheck CI gere l'attente

.woodpecker.yml

@@ -51,52 +51,75 @@ steps:
       - cd /opt/dtrack && docker compose config
       - echo "=== pull ==="
       - cd /opt/dtrack && docker compose pull --no-parallel
+      - echo "=== stop (deregistre Registrator avant challenge ACME) ==="
+      - cd /opt/dtrack && docker compose stop
+      - |
+        DOMAIN=$(grep '^DTRACK_DOMAIN=' /opt/dtrack/.env | cut -d= -f2)
+
+        # --- Certificat TLS ---
+        # Apres docker compose stop : Registrator a deregistre les conteneurs de Fabio.
+        # La route globale */.well-known/acme-challenge/* peut repondre sans interference.
+        # Exit 0 = emis/renouvele, exit 2 = skip (cert valide), autres = erreur
+        ACME_EXIT=0
+        docker exec sonic-acme-1 /app/acme.sh \
+          --home /etc/acme.sh \
+          --issue -d "$DOMAIN" \
+          --webroot /usr/share/nginx/html \
+          --server letsencrypt \
+          --accountemail support+acme@asycn.io || ACME_EXIT=$?
+        if [ "$ACME_EXIT" -ne 0 ] && [ "$ACME_EXIT" -ne 2 ]; then
+          echo "ERREUR: acme.sh a echoue (exit $ACME_EXIT)"
+          exit 1
+        fi
+        docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/fullchain.cer /host/certs/$DOMAIN-cert.pem
+        docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
+        echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
       - echo "=== up ==="
       - cd /opt/dtrack && docker compose up -d --remove-orphans
       - cd /opt/dtrack && docker compose ps
+      # Fabio routing gere automatiquement par Registrator via les labels SERVICE_* du compose
 
   # TEST deploy : verifie que les conteneurs sont running
+  # NOTE: pas de ${VAR} (substitue par Woodpecker) — utiliser $VAR sans accolades
   - name: test-deploy
     image: docker:27-cli
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/dtrack:/opt/dtrack
     commands:
       - |
         PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/dtrack/.env | cut -d= -f2)
-        for CONTAINER in apiserver frontend; do
+        STATUS=$(docker inspect --format '{{.State.Status}}' "$PROJECT-apiserver" 2>/dev/null || echo "absent")
-          STATUS=$(docker inspect --format '{{.State.Status}}' "${PROJECT}-${CONTAINER}" 2>/dev/null || echo "absent")
+        echo "$PROJECT-apiserver : $STATUS"
-          echo "${PROJECT}-${CONTAINER} : $STATUS"
+        [ "$STATUS" = "running" ] || { echo "FAIL: apiserver non running"; exit 1; }
-          [ "$STATUS" = "running" ] || { echo "FAIL: ${CONTAINER} non running"; exit 1; }
+        echo "PASS: apiserver running"
-          echo "PASS: ${CONTAINER} running"
+        STATUS=$(docker inspect --format '{{.State.Status}}' "$PROJECT-frontend" 2>/dev/null || echo "absent")
-        done
+        echo "$PROJECT-frontend : $STATUS"
+        [ "$STATUS" = "running" ] || { echo "FAIL: frontend non running"; exit 1; }
+        echo "PASS: frontend running"
 
-  # Etape 3 : Healthcheck HTTP sur l'apiserver
+  # Etape 3 : Healthcheck via Docker — poll le statut interne du conteneur
+  # Pas de requete HTTPS publique : Fabio/TLS ne sont pas encore configures ici
   - name: healthcheck
-    image: alpine:3.20
+    image: docker:27-cli
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /opt/dtrack:/opt/dtrack
     commands:
-      - apk add --no-cache --quiet curl
       - |
-        DOMAIN=$(grep '^DTRACK_DOMAIN=' .env.deploy | cut -d= -f2)
+        PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/dtrack/.env | cut -d= -f2)
-        if [ -z "$DOMAIN" ]; then
+        echo "Attente healthcheck Docker sur $PROJECT-apiserver (max 5 min)..."
-          echo "ERREUR: DTRACK_DOMAIN non defini dans .env.deploy"
+        MAX=30
-          exit 1
-        fi
-        TARGET="https://$DOMAIN/api/version"
-        echo "Healthcheck sur $TARGET (max 2 minutes)..."
-        MAX=12
         i=0
         until [ $i -ge $MAX ]; do
-          RESPONSE=$(curl -sf "$TARGET" 2>/dev/null)
+          HEALTH=$(docker inspect --format '{{.State.Health.Status}}' "$PROJECT-apiserver" 2>/dev/null || echo "absent")
-          if [ $? -eq 0 ]; then
+          echo "Tentative $((i+1))/$MAX — $PROJECT-apiserver : $HEALTH"
-            echo "PASS: apiserver repond"
+          [ "$HEALTH" = "healthy" ] && echo "PASS: apiserver healthy" && exit 0
-            echo "version: $RESPONSE"
+          [ "$HEALTH" = "absent" ] && echo "FAIL: conteneur introuvable" && exit 1
-            exit 0
-          fi
           i=$((i+1))
-          echo "Tentative $i/$MAX - retry dans 10s"
           sleep 10
         done
-        echo "ERREUR: apiserver ne repond pas apres 2 minutes"
+        echo "FAIL: apiserver non healthy apres 5 minutes"
         exit 1
 
   # Notification en cas d'echec

docker-compose.yml

@@ -9,10 +9,8 @@ services:
     restart: always
     environment:
       # Stockage H2 interne — suffisant pour une team, pas de PostgreSQL requis
-      # Les deux formes sont supportees selon la version (< 4.12 vs >= 4.12)
       ALPINE_DATABASE_MODE: internal
       ALPINE_DATA_DIRECTORY: /data
-      EXTRA_JAVA_OPTIONS: "-Xmx4g"
     volumes:
       - dtrack_data:/data
     healthcheck:
@@ -42,7 +40,7 @@ services:
       API_BASE_URL: https://${DTRACK_DOMAIN}
     depends_on:
       apiserver:
-        condition: service_healthy
+        condition: service_started
     networks:
       - dtrack-net
       - sonic