fix(ci): suppression consul_token + KV Fabio — routing gere par Registrator via labels

.woodpecker.yml

@@ -54,6 +54,28 @@ steps:
       - echo "=== up ==="
       - cd /opt/dtrack && docker compose up -d --remove-orphans
       - cd /opt/dtrack && docker compose ps
+      - |
+        PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/dtrack/.env | cut -d= -f2)
+        DOMAIN=$(grep '^DTRACK_DOMAIN=' /opt/dtrack/.env | cut -d= -f2)
+
+        # --- Certificat TLS (acme.sh via sonic-acme-1) ---
+        # Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur
+        ACME_EXIT=0
+        docker exec sonic-acme-1 /app/acme.sh \
+          --home /etc/acme.sh \
+          --issue -d "$DOMAIN" \
+          --webroot /usr/share/nginx/html \
+          --server letsencrypt \
+          --accountemail support+acme@asycn.io || ACME_EXIT=$?
+        if [ "$ACME_EXIT" -ne 0 ] && [ "$ACME_EXIT" -ne 2 ]; then
+          echo "ERREUR: acme.sh a echoue (exit $ACME_EXIT)"
+          exit 1
+        fi
+        docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/fullchain.cer /host/certs/$DOMAIN-cert.pem
+        docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
+        echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
+
+        # Fabio routing gere automatiquement par Registrator via les labels SERVICE_* du compose
 
   # TEST deploy : verifie que les conteneurs sont running
   # NOTE: pas de ${VAR} (substitue par Woodpecker) — utiliser $VAR sans accolades