syoul/prestashop-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
235321985bbf41200b6660d074f2c7b7de91b559
prestashop-test/.woodpecker.yml
syoul 235321985b
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
fix: acme.sh --home /etc/acme.sh pour stocker le cert sur le volume persistant 
Sans --home, acme.sh ecrit dans /root/.acme.sh (non persiste).
Avec --home /etc/acme.sh (volume sonic_acme), le cert survit aux recreations
du container sonic-acme-1 et le chemin de copie vers /host/certs/ est correct.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-17 21:37:00 +01:00

147 lines
5.7 KiB
YAML
Raw Blame History

when:
- branch: main
event: push
steps:
# Etape 1 : Validation syntaxique du docker-compose.yml
- name: validate
image: docker:27-cli
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
PS_DOMAIN: presta.syoul.fr
PS_ADMIN_FOLDER: admin-secure
DB_PASSWORD: placeholder
DB_ROOT_PASSWORD: placeholder
PRESTASHOP_ADMIN_EMAIL: placeholder
PRESTASHOP_ADMIN_PASSWORD: placeholder
commands:
- docker compose config --quiet
- echo "docker-compose.yml valide"
# Etape 2 : Verifications de securite
- name: security-check
image: alpine:3.20
commands:
- |
if [ -f .env ]; then
echo "ERREUR: .env ne doit pas etre commite dans le depot !"
exit 1
fi
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
- echo "Verifications de securite OK"
# Etape 3a : Ecriture du .env et du token Consul depuis les secrets
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
- name: write-env
image: alpine:3.20
environment:
TEST_STATIC: hello-world
PS_DOMAIN:
from_secret: ps_domain
PS_ADMIN_FOLDER:
from_secret: ps_admin_folder
PRESTASHOP_ADMIN_EMAIL:
from_secret: prestashop_admin_email
PRESTASHOP_ADMIN_PASSWORD:
from_secret: prestashop_admin_password
DB_ROOT_PASSWORD:
from_secret: db_root_password
DB_PASSWORD:
from_secret: db_password
CONSUL_TOKEN:
from_secret: consul_token
commands:
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
- env | grep '^CONSUL_TOKEN=' | cut -d= -f2- > .consul_token
# Etape 3b : Deploiement sur sonic via Docker socket
# Le token Consul est lu depuis .consul_token (ecrit par write-env) car
# volumes + from_secret = secrets vides (bug Woodpecker next)
#
# Modele pipeline sonic : cette etape est generique pour tout service deploye sur sonic.
# Elle gere : deploy Docker Compose + cert TLS (acme.sh) + Consul + Fabio KV
- name: deploy
image: docker:27-cli
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/prestashop:/opt/prestashop
commands:
- cp .env.deploy /opt/prestashop/.env
- chmod 600 /opt/prestashop/.env
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
- cd /opt/prestashop && docker compose pull
- cd /opt/prestashop && docker compose up -d --remove-orphans
- cd /opt/prestashop && docker compose ps
- |
CONTAINER_IP=$(docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}')
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
CTOK=$(cat $CI_WORKSPACE/.consul_token)
# --- Certificat TLS (acme.sh via sonic-acme-1) ---
# acme.sh est idempotent : skip si cert valide, renouvelle si proche expiration
# Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur
# --home /etc/acme.sh = volume persistant sonic_acme (sinon /root/.acme.sh non persiste)
docker exec sonic-acme-1 /app/acme.sh \
--home /etc/acme.sh \
--issue -d "$DOMAIN" \
--webroot /usr/share/nginx/html \
--server letsencrypt \
--accountemail support+acme@asycn.io; ACME_EXIT=$?
if [ "$ACME_EXIT" -ne 0 ] && [ "$ACME_EXIT" -ne 2 ]; then
echo "ERREUR: acme.sh a echoue (exit $ACME_EXIT)"
exit 1
fi
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/fullchain.cer /host/certs/$DOMAIN-cert.pem
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
# --- Enregistrement Consul ---
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul services register \
-address "$CONTAINER_IP" -port 80 -name prestashop -tag "urlprefix-$DOMAIN/"
echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
# --- Routes Fabio KV (HTTP + HTTPS) ---
ROUTES=$(printf 'route add prestashop %s/ http://%s:80/\nroute add prestashop %s:443/ http://%s:80/' "$DOMAIN" "$CONTAINER_IP" "$DOMAIN" "$CONTAINER_IP")
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES"
echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80"
# Etape 4 : Healthcheck post-deploiement
- name: healthcheck
image: alpine:3.20
commands:
- apk add --no-cache --quiet curl
- |
SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2)
if [ -z "$SITE" ]; then
echo "ERREUR: PS_DOMAIN non defini dans .env.deploy"
exit 1
fi
TARGET="http://$SITE"
echo "Healthcheck sur $TARGET (max 10 minutes)..."
MAX=60
i=0
until [ $i -ge $MAX ]; do
CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null)
echo "Tentative $((i+1))/$MAX - HTTP $CODE"
if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then
echo "PrestaShop repond correctement sur $TARGET"
exit 0
fi
i=$((i+1))
sleep 10
done
echo "ERREUR: PrestaShop ne repond pas apres 10 minutes"
exit 1
# Notification en cas d'echec
- name: notify-failure
image: alpine:3.20
commands:
- 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"'
- 'echo "Branche: ${CI_COMMIT_BRANCH}"'
when:
- status: failure
Reference in New Issue View Git Blame Copy Permalink