4ccddc69e3
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Ajout etape register-consul : recupere l'IP du conteneur sur le reseau sonic et enregistre le service dans Consul avec le token ACL via l'API HTTP. Registrator loggue "added" mais son token n'a pas les droits service:write sur "prestashop" -> le service disparaissait de Consul apres chaque deploy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
129 lines
4.5 KiB
YAML
129 lines
4.5 KiB
YAML
when:
|
|
- branch: main
|
|
event: push
|
|
|
|
steps:
|
|
|
|
# Etape 1 : Validation syntaxique du docker-compose.yml
|
|
- name: validate
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
PS_DOMAIN: presta.syoul.fr
|
|
PS_ADMIN_FOLDER: admin-secure
|
|
DB_PASSWORD: placeholder
|
|
DB_ROOT_PASSWORD: placeholder
|
|
PRESTASHOP_ADMIN_EMAIL: placeholder
|
|
PRESTASHOP_ADMIN_PASSWORD: placeholder
|
|
commands:
|
|
- docker compose config --quiet
|
|
- echo "docker-compose.yml valide"
|
|
|
|
# Etape 2 : Verifications de securite
|
|
- name: security-check
|
|
image: alpine:3.20
|
|
commands:
|
|
- |
|
|
if [ -f .env ]; then
|
|
echo "ERREUR: .env ne doit pas etre commite dans le depot !"
|
|
exit 1
|
|
fi
|
|
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
|
|
- echo "Verifications de securite OK"
|
|
|
|
# Etape 3a : Ecriture du .env depuis les secrets
|
|
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
|
|
- name: write-env
|
|
image: alpine:3.20
|
|
environment:
|
|
TEST_STATIC: hello-world
|
|
PS_DOMAIN:
|
|
from_secret: ps_domain
|
|
PS_ADMIN_FOLDER:
|
|
from_secret: ps_admin_folder
|
|
PRESTASHOP_ADMIN_EMAIL:
|
|
from_secret: prestashop_admin_email
|
|
PRESTASHOP_ADMIN_PASSWORD:
|
|
from_secret: prestashop_admin_password
|
|
DB_ROOT_PASSWORD:
|
|
from_secret: db_root_password
|
|
DB_PASSWORD:
|
|
from_secret: db_password
|
|
commands:
|
|
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
|
|
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
|
|
|
|
# Etape 3b : Deploiement sur sonic via Docker socket
|
|
- name: deploy
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /opt/prestashop:/opt/prestashop
|
|
commands:
|
|
- cp .env.deploy /opt/prestashop/.env
|
|
- chmod 600 /opt/prestashop/.env
|
|
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
|
- cd /opt/prestashop && docker compose pull
|
|
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
|
- cd /opt/prestashop && docker compose ps
|
|
- docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}' > .container_ip
|
|
|
|
# Etape 3c : Enregistrement dans Consul (Registrator ne peut pas ecrire prestashop : ACL)
|
|
- name: register-consul
|
|
image: alpine:3.20
|
|
environment:
|
|
TEST_STATIC: hello
|
|
CONSUL_TOKEN:
|
|
from_secret: consul_token
|
|
commands:
|
|
- apk add --no-cache --quiet curl iproute2
|
|
- |
|
|
CONSUL_HOST=$(ip route show default | awk '/default/{print $3; exit}')
|
|
CONSUL_HOST=${CONSUL_HOST:-172.17.0.1}
|
|
CONTAINER_IP=$(cat .container_ip)
|
|
DOMAIN=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2)
|
|
CTOK=$(env | grep '^CONSUL_TOKEN=' | cut -d= -f2-)
|
|
curl -sf -X PUT "http://$CONSUL_HOST:8500/v1/agent/service/register" \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-Consul-Token: $CTOK" \
|
|
-d "{\"Name\":\"prestashop\",\"Address\":\"$CONTAINER_IP\",\"Port\":80,\"Tags\":[\"urlprefix-$DOMAIN/\"]}"
|
|
echo "Service enregistre dans Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
|
|
|
|
# Etape 4 : Healthcheck post-deploiement
|
|
- name: healthcheck
|
|
image: alpine:3.20
|
|
commands:
|
|
- apk add --no-cache --quiet curl
|
|
- |
|
|
SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2)
|
|
if [ -z "$SITE" ]; then
|
|
echo "ERREUR: PS_DOMAIN non defini dans .env.deploy"
|
|
exit 1
|
|
fi
|
|
TARGET="http://$SITE"
|
|
echo "Healthcheck sur $TARGET (max 10 minutes)..."
|
|
MAX=60
|
|
i=0
|
|
until [ $i -ge $MAX ]; do
|
|
CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null)
|
|
echo "Tentative $((i+1))/$MAX - HTTP $CODE"
|
|
if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then
|
|
echo "PrestaShop repond correctement sur $TARGET"
|
|
exit 0
|
|
fi
|
|
i=$((i+1))
|
|
sleep 10
|
|
done
|
|
echo "ERREUR: PrestaShop ne repond pas apres 10 minutes"
|
|
exit 1
|
|
|
|
# Notification en cas d'echec
|
|
- name: notify-failure
|
|
image: alpine:3.20
|
|
commands:
|
|
- 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"'
|
|
- 'echo "Branche: ${CI_COMMIT_BRANCH}"'
|
|
when:
|
|
- status: failure
|