when: - branch: main event: push steps: # Etape 1 : Validation syntaxique du docker-compose.yml - name: validate image: docker:27-cli volumes: - /var/run/docker.sock:/var/run/docker.sock environment: PS_DOMAIN: presta.syoul.fr PS_ADMIN_FOLDER: admin-secure DB_PASSWORD: placeholder DB_ROOT_PASSWORD: placeholder PRESTASHOP_ADMIN_EMAIL: placeholder PRESTASHOP_ADMIN_PASSWORD: placeholder commands: - docker compose config --quiet - echo "docker-compose.yml valide" # Etape 2 : Verifications de securite - name: security-check image: alpine:3.20 commands: - | if [ -f .env ]; then echo "ERREUR: .env ne doit pas etre commite dans le depot !" exit 1 fi - 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)' - echo "Verifications de securite OK" # Etape 3a : Ecriture du .env depuis les secrets # NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep - name: write-env image: alpine:3.20 environment: TEST_STATIC: hello-world PS_DOMAIN: from_secret: ps_domain PS_ADMIN_FOLDER: from_secret: ps_admin_folder PRESTASHOP_ADMIN_EMAIL: from_secret: prestashop_admin_email PRESTASHOP_ADMIN_PASSWORD: from_secret: prestashop_admin_password DB_ROOT_PASSWORD: from_secret: db_root_password DB_PASSWORD: from_secret: db_password commands: - env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)" # Etape 3b : Deploiement sur sonic via Docker socket - name: deploy image: docker:27-cli volumes: - /var/run/docker.sock:/var/run/docker.sock - /opt/prestashop:/opt/prestashop commands: - cp .env.deploy /opt/prestashop/.env - chmod 600 /opt/prestashop/.env - cp docker-compose.yml /opt/prestashop/docker-compose.yml - cd /opt/prestashop && docker compose pull - cd /opt/prestashop && docker compose up -d --remove-orphans - cd /opt/prestashop && docker compose ps - docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}' > .container_ip # Etape 3c : Enregistrement dans Consul (Registrator ne peut pas ecrire prestashop : ACL) - name: register-consul image: alpine:3.20 environment: TEST_STATIC: hello CONSUL_TOKEN: from_secret: consul_token commands: - apk add --no-cache --quiet curl iproute2 - | CONSUL_HOST=$(ip route show default | awk '/default/{print $3; exit}') CONSUL_HOST=${CONSUL_HOST:-172.17.0.1} CONTAINER_IP=$(cat .container_ip) DOMAIN=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2) CTOK=$(env | grep '^CONSUL_TOKEN=' | cut -d= -f2-) curl -sf -X PUT "http://$CONSUL_HOST:8500/v1/agent/service/register" \ -H "Content-Type: application/json" \ -H "X-Consul-Token: $CTOK" \ -d "{\"Name\":\"prestashop\",\"Address\":\"$CONTAINER_IP\",\"Port\":80,\"Tags\":[\"urlprefix-$DOMAIN/\"]}" echo "Service enregistre dans Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/" # Etape 4 : Healthcheck post-deploiement - name: healthcheck image: alpine:3.20 commands: - apk add --no-cache --quiet curl - | SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2) if [ -z "$SITE" ]; then echo "ERREUR: PS_DOMAIN non defini dans .env.deploy" exit 1 fi TARGET="http://$SITE" echo "Healthcheck sur $TARGET (max 10 minutes)..." MAX=60 i=0 until [ $i -ge $MAX ]; do CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null) echo "Tentative $((i+1))/$MAX - HTTP $CODE" if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then echo "PrestaShop repond correctement sur $TARGET" exit 0 fi i=$((i+1)) sleep 10 done echo "ERREUR: PrestaShop ne repond pas apres 10 minutes" exit 1 # Notification en cas d'echec - name: notify-failure image: alpine:3.20 commands: - 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"' - 'echo "Branche: ${CI_COMMIT_BRANCH}"' when: - status: failure