refactor: suppression consul_token pipeline + restart always

- Retire consul_token du pipeline (write-env + deploy) :
  Registrator gere le routage Fabio via labels SERVICE_* automatiquement
- Supprime le bloc KV Fabio manuel dans le step deploy
- Passe prestashop et db en restart: always
- Ajoute /docs-sbom dans .gitignore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitignore

@@ -1,3 +1,4 @@
+/docs-sbom
 /docs-syoul
 /docs-sonic
 /plans

.woodpecker.yml

@@ -38,7 +38,6 @@ steps:
   # Etape 3a : Ecriture du .env depuis les secrets
   # NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
   # NOTE: from_secret et volumes: incompatibles dans le meme step (bug Woodpecker next)
-  #       -> consul_token ecrit dans .consul_token ici, lu dans deploy
   - name: write-env
     image: alpine:3.20
     environment:
@@ -54,20 +53,16 @@ steps:
         from_secret: db_root_password
       DB_PASSWORD:
         from_secret: db_password
-      CONSUL_TOKEN:
-        from_secret: consul_token
     commands:
       - env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
       # COMPOSE_PROJECT_NAME : convention user-project-branch, genere depuis les vars CI
       - OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z') && REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z') && BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-') && echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
-      # consul_token ecrit seul (depuis from_secret, sans volumes)
-      - env | grep '^CONSUL_TOKEN=' | cut -d= -f2 > .consul_token
       - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
 
   # Etape 3b : Deploiement sur sonic via Docker socket
   # Modele pipeline sonic : deploy Docker Compose + cert TLS (acme.sh)
   # Registrator enregistre automatiquement le container dans Consul via les labels SERVICE_*
-  # Consul valide le service via SERVICE_80_CHECK_HTTP -> Fabio route le trafic automatiquement
+  # et publie les routes dans Fabio sans intervention manuelle
   - name: deploy
     image: docker:27-cli
     volumes:
@@ -75,14 +70,12 @@ steps:
       - /opt/prestashop:/opt/prestashop
     commands:
       - cp .env.deploy /opt/prestashop/.env
-      - cp .consul_token /opt/prestashop/.consul_token
-      - chmod 600 /opt/prestashop/.env /opt/prestashop/.consul_token
+      - chmod 600 /opt/prestashop/.env
       - cp docker-compose.yml /opt/prestashop/docker-compose.yml
       - cd /opt/prestashop && docker compose pull
       - cd /opt/prestashop && docker compose up -d --remove-orphans
       - cd /opt/prestashop && docker compose ps
       - |
-        PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/prestashop/.env | cut -d= -f2)
         DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
 
         # --- Certificat TLS (acme.sh via sonic-acme-1) ---
@@ -105,16 +98,6 @@ steps:
         docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
         echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
 
-        # --- Mise a jour KV Fabio ---
-        # Sous-cle fabio/config/$PROJECT pour coexister avec les autres projets sans les ecraser
-        # IP relue apres docker compose up (nouvelle stack = nouvelle IP Docker)
-        CTOK=$(cat /opt/prestashop/.consul_token)
-        IP=$(docker inspect "$PROJECT-app" --format '{{(index .NetworkSettings.Networks "sonic").IPAddress}}')
-        ROUTES=$(printf 'route add %s %s/* http://%s:80/\nroute add %s %s:443/* http://%s:80/' \
-          "$PROJECT" "$DOMAIN" "$IP" "$PROJECT" "$DOMAIN" "$IP")
-        docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put "fabio/config/$PROJECT" "$ROUTES"
-        echo "KV Fabio: fabio/config/$PROJECT -> $IP:80"
-
   # Etape 4 : Configuration post-deploiement (SSL, cache)
   # Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
   # puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)

docker-compose.yml

@@ -6,7 +6,7 @@ services:
   prestashop:
     image: prestashop/prestashop:8-apache
     container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-app
-    restart: unless-stopped
+    restart: always
     depends_on:
       db:
         condition: service_healthy
@@ -45,7 +45,7 @@ services:
   db:
     image: mariadb:10.11
     container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-db
-    restart: unless-stopped
+    restart: always
     environment:
       MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
       MYSQL_DATABASE: prestashop