when: - branch: main event: push steps: # Etape 1 : Validation syntaxique du docker-compose.yml - name: validate image: docker:27-cli volumes: - /var/run/docker.sock:/var/run/docker.sock environment: PS_DOMAIN: presta.syoul.fr PS_ADMIN_FOLDER: admin-secure DB_PASSWORD: placeholder DB_ROOT_PASSWORD: placeholder PRESTASHOP_ADMIN_EMAIL: placeholder PRESTASHOP_ADMIN_PASSWORD: placeholder commands: - docker compose config --quiet - echo "docker-compose.yml valide" # Etape 2 : Verifications de securite - name: security-check image: alpine:3.20 commands: - | if [ -f .env ]; then echo "ERREUR: .env ne doit pas etre commite dans le depot !" exit 1 fi - 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)' - echo "Verifications de securite OK" # Etape 3a : Ecriture du .env et du token Consul depuis les secrets # NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep - name: write-env image: alpine:3.20 environment: TEST_STATIC: hello-world PS_DOMAIN: from_secret: ps_domain PS_ADMIN_FOLDER: from_secret: ps_admin_folder PRESTASHOP_ADMIN_EMAIL: from_secret: prestashop_admin_email PRESTASHOP_ADMIN_PASSWORD: from_secret: prestashop_admin_password DB_ROOT_PASSWORD: from_secret: db_root_password DB_PASSWORD: from_secret: db_password CONSUL_TOKEN: from_secret: consul_token commands: - env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy - echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)" - env | grep '^CONSUL_TOKEN=' | cut -d= -f2- > .consul_token # Etape 3b : Deploiement sur sonic via Docker socket + enregistrement Consul # Le token est lu depuis .consul_token (ecrit par write-env) car # volumes + from_secret = secrets vides (bug Woodpecker next) - name: deploy image: docker:27-cli volumes: - /var/run/docker.sock:/var/run/docker.sock - /opt/prestashop:/opt/prestashop commands: - cp .env.deploy /opt/prestashop/.env - chmod 600 /opt/prestashop/.env - cp docker-compose.yml /opt/prestashop/docker-compose.yml - cd /opt/prestashop && docker compose pull - cd /opt/prestashop && docker compose up -d --remove-orphans - cd /opt/prestashop && docker compose ps - | CONTAINER_IP=$(docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}') DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2) CTOK=$(cat $CI_WORKSPACE/.consul_token) docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul services register \ -address "$CONTAINER_IP" -port 80 -name prestashop -tag "urlprefix-$DOMAIN/" echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/" ROUTES=$(printf 'route add prestashop %s/ http://%s:80/\nroute add prestashop %s:443/ http://%s:80/' "$DOMAIN" "$CONTAINER_IP" "$DOMAIN" "$CONTAINER_IP") docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES" echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80" # Etape 4 : Healthcheck post-deploiement - name: healthcheck image: alpine:3.20 commands: - apk add --no-cache --quiet curl - | SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2) if [ -z "$SITE" ]; then echo "ERREUR: PS_DOMAIN non defini dans .env.deploy" exit 1 fi TARGET="http://$SITE" echo "Healthcheck sur $TARGET (max 10 minutes)..." MAX=60 i=0 until [ $i -ge $MAX ]; do CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null) echo "Tentative $((i+1))/$MAX - HTTP $CODE" if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then echo "PrestaShop repond correctement sur $TARGET" exit 0 fi i=$((i+1)) sleep 10 done echo "ERREUR: PrestaShop ne repond pas apres 10 minutes" exit 1 # Notification en cas d'echec - name: notify-failure image: alpine:3.20 commands: - 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"' - 'echo "Branche: ${CI_COMMIT_BRANCH}"' when: - status: failure