feat: déploiement multi-branches avec URL par branche

- Déclenche le pipeline sur main, dev et ci uniquement
- main → APP_DOMAIN (domaine racine, pas de préfixe)
- dev/ci → branche.APP_DOMAIN (sous-domaine par branche)
- Dossier de déploiement isolé par branche : /opt/g1flux/<branche>/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.woodpecker.yml

@@ -1,5 +1,8 @@
 when:
-  - branch: main
+  - branch:
+      - main
+      - dev
+      - ci
     event: push
 
 steps:
@@ -88,11 +91,20 @@ steps:
   - name: write-env
     image: alpine:3.20
     environment:
-      APP_DOMAIN:
+      APP_DOMAIN_BASE:
         from_secret: app_domain
     commands:
-      - env | grep -E "^(APP_DOMAIN)=" > .env.deploy
+      - |
-      - OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z') && REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z') && BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-') && echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
+        BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
+        if [ "$CI_COMMIT_BRANCH" = "main" ]; then
+          EFFECTIVE_DOMAIN="$APP_DOMAIN_BASE"
+        else
+          EFFECTIVE_DOMAIN="$BRANCH.$APP_DOMAIN_BASE"
+        fi
+        OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z')
+        REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z')
+        echo "APP_DOMAIN=$EFFECTIVE_DOMAIN" > .env.deploy
+        echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
       - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
 
   # Etape 5b : Validation du .env.deploy
@@ -120,12 +132,18 @@ steps:
       - /var/run/docker.sock:/var/run/docker.sock
       - /opt/g1flux:/opt/g1flux
     commands:
-      - cp .env.deploy /opt/g1flux/.env
-      - chmod 600 /opt/g1flux/.env
-      - cp docker-compose.yml /opt/g1flux/docker-compose.yml
-      - cd /opt/g1flux && docker compose stop
       - |
-        DOMAIN=$(grep '^APP_DOMAIN=' /opt/g1flux/.env | cut -d= -f2)
+        BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
+        DEPLOY_DIR="/opt/g1flux/$BRANCH"
+        mkdir -p "$DEPLOY_DIR"
+        cp .env.deploy "$DEPLOY_DIR/.env"
+        chmod 600 "$DEPLOY_DIR/.env"
+        cp docker-compose.yml "$DEPLOY_DIR/docker-compose.yml"
+        cd "$DEPLOY_DIR" && docker compose stop
+      - |
+        BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
+        DEPLOY_DIR="/opt/g1flux/$BRANCH"
+        DOMAIN=$(grep '^APP_DOMAIN=' "$DEPLOY_DIR/.env" | cut -d= -f2)
 
         # Certificat TLS (acme.sh, idempotent)
         # Exit 0 = emis/renouvele, exit 2 = skip (cert valide), autres = erreur
@@ -143,8 +161,11 @@ steps:
         docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/fullchain.cer /host/certs/$DOMAIN-cert.pem
         docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
         echo "Cert TLS OK (acme exit $ACME_EXIT)"
-      - cd /opt/g1flux && docker compose up -d --remove-orphans
+      - |
-      - cd /opt/g1flux && docker compose ps
+        BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
+        DEPLOY_DIR="/opt/g1flux/$BRANCH"
+        cd "$DEPLOY_DIR" && docker compose up -d --remove-orphans
+        docker compose ps
 
   # Etape 7 : Verification que le container est running
   - name: test-deploy
@@ -154,7 +175,9 @@ steps:
       - /opt/g1flux:/opt/g1flux
     commands:
       - |
-        PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/g1flux/.env | cut -d= -f2)
+        BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
+        DEPLOY_DIR="/opt/g1flux/$BRANCH"
+        PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' "$DEPLOY_DIR/.env" | cut -d= -f2)
         STATUS=$(docker inspect --format '{{.State.Status}}' "$PROJECT-app" 2>/dev/null || echo "absent")
         echo "$PROJECT-app : $STATUS"
         [ "$STATUS" = "running" ] || { echo "FAIL: container non running"; exit 1; }