EHV/decision
7
0
Fork 0
forked from yvv/decision
Code Pull Requests Activity

ci: build local sans registry, pattern sejeteralo
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
- Suppression write-docker-creds et secrets docker_registry/username/password
- build-backend/frontend : docker build local sur sonic (docker.sock)
- sbom-generate : scan des images locales via docker.sock
- docker-compose.yml : ajout image: libredecision-{backend,frontend}:latest
- deploy : suppression docker compose pull (images locales)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
2026-03-23 14:59:42 +01:00
parent 3e702fdbf3
commit 488114791c
2 changed files with 26 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
.woodpecker.yml
View File

@@ -29,88 +29,43 @@ steps:
- npm ci - npm ci
- npm run build - npm run build
# NOTE: from_secret + pas de volumes : compatible # NOTE: volumes + pas de from_secret : compatible
- name: write-docker-creds - name: build-backend
image: alpine:3.20 image: docker:27-cli
depends_on: depends_on:
- test-backend - test-backend
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- docker build -t libredecision-backend:latest -f docker/backend.Dockerfile --target production .
- echo "Image backend construite"
# NOTE: volumes + pas de from_secret : compatible
- name: build-frontend
image: docker:27-cli
depends_on:
- test-frontend - test-frontend
environment:
REGISTRY:
from_secret: docker_registry
REGISTRY_USER:
from_secret: docker_username
REGISTRY_PASS:
from_secret: docker_password
commands:
- echo "REGISTRY=$REGISTRY" > .docker-creds
- echo "REGISTRY_USER=$REGISTRY_USER" >> .docker-creds
- echo "REGISTRY_PASS=$REGISTRY_PASS" >> .docker-creds
- echo "Docker creds ecrites"
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis.
- name: docker-backend
image: docker:27-cli
depends_on:
- write-docker-creds
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
commands: commands:
- | - docker build -t libredecision-frontend:latest -f docker/frontend.Dockerfile --target production .
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2) - echo "Image frontend construite"
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
IMAGE="$REGISTRY/$REPO/backend"
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
-f docker/backend.Dockerfile \
--target production \
.
docker push "$IMAGE:latest"
docker push "$IMAGE:$SHA"
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis. # NOTE: volumes + pas de from_secret : compatible
- name: docker-frontend
image: docker:27-cli
depends_on:
- write-docker-creds
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
IMAGE="$REGISTRY/$REPO/frontend"
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
-f docker/frontend.Dockerfile \
--target production \
.
docker push "$IMAGE:latest"
docker push "$IMAGE:$SHA"
# SBOM — inventaire des dépendances (filesystem scan, pas de registry auth requis)
- name: sbom-generate - name: sbom-generate
image: alpine:3.20 image: alpine:3.20
depends_on: depends_on:
- docker-backend - build-backend
- docker-frontend - build-frontend
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands: commands:
- apk add --no-cache curl - apk add --no-cache curl
- curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin latest - curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin latest
- mkdir -p .reports - mkdir -p .reports
- syft dir:backend -o cyclonedx-json --file .reports/sbom-backend.cyclonedx.json - syft libredecision-backend:latest -o cyclonedx-json --file .reports/sbom-backend.cyclonedx.json
- syft dir:frontend -o cyclonedx-json --file .reports/sbom-frontend.cyclonedx.json - syft libredecision-frontend:latest -o cyclonedx-json --file .reports/sbom-frontend.cyclonedx.json
- echo "SBOM genere" - echo "SBOM generes"
# NOTE: volumes + pas de from_secret : compatible # NOTE: volumes + pas de from_secret : compatible
- name: sbom-scan - name: sbom-scan
@@ -197,7 +152,7 @@ steps:
- cp .env.deploy /opt/libredecision/.env - cp .env.deploy /opt/libredecision/.env
- chmod 600 /opt/libredecision/.env - chmod 600 /opt/libredecision/.env
- cp docker/docker-compose.yml /opt/libredecision/docker-compose.yml - cp docker/docker-compose.yml /opt/libredecision/docker-compose.yml
- cd /opt/libredecision && docker compose pull # Images construites localement dans la pipeline : pas de docker compose pull
- cd /opt/libredecision && docker compose up -d --remove-orphans - cd /opt/libredecision && docker compose up -d --remove-orphans
- cd /opt/libredecision && docker compose ps - cd /opt/libredecision && docker compose ps

2
docker/docker-compose.yml
View File

@@ -20,6 +20,7 @@ services:
- libredecision - libredecision
backend: backend:
image: libredecision-backend:latest
build: build:
context: ../ context: ../
dockerfile: docker/backend.Dockerfile dockerfile: docker/backend.Dockerfile
@@ -47,6 +48,7 @@ services:
- traefik - traefik
frontend: frontend:
image: libredecision-frontend:latest
build: build:
context: ../ context: ../
dockerfile: docker/frontend.Dockerfile dockerfile: docker/frontend.Dockerfile