1ef176c2e0
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Convention renommée user-project-branch (syoul-prestashop-main)
- COMPOSE_PROJECT_NAME généré dynamiquement depuis CI vars (CI_REPO_OWNER/CI_REPO_NAME/CI_COMMIT_BRANCH) avec tr pour lowercase + /→-
- SERVICE_NAME → ${COMPOSE_PROJECT_NAME}-app
- SERVICE_80_NAME → ${COMPOSE_PROJECT_NAME}-app-80
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
168 lines
6.9 KiB
YAML
168 lines
6.9 KiB
YAML
when:
|
|
- branch: main
|
|
event: push
|
|
|
|
steps:
|
|
|
|
# Etape 1 : Validation syntaxique du docker-compose.yml
|
|
# Les vars CI (CI_REPO_OWNER, CI_COMMIT_BRANCH) sont injectees automatiquement par Woodpecker
|
|
- name: validate
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
DB_PASSWORD: placeholder
|
|
DB_ROOT_PASSWORD: placeholder
|
|
PRESTASHOP_ADMIN_EMAIL: placeholder
|
|
PRESTASHOP_ADMIN_PASSWORD: placeholder
|
|
commands:
|
|
- |
|
|
export COMPOSE_PROJECT_NAME=$(printf '%s-%s-%s' "$CI_REPO_OWNER" "$CI_REPO_NAME" "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-')
|
|
export PS_DOMAIN="validate.example.com"
|
|
export PS_ADMIN_FOLDER="admin-secure"
|
|
docker compose config --quiet
|
|
- echo "docker-compose.yml valide"
|
|
|
|
# Etape 2 : Verifications de securite
|
|
- name: security-check
|
|
image: alpine:3.20
|
|
commands:
|
|
- |
|
|
if [ -f .env ]; then
|
|
echo "ERREUR: .env ne doit pas etre commite dans le depot !"
|
|
exit 1
|
|
fi
|
|
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
|
|
- echo "Verifications de securite OK"
|
|
|
|
# Etape 3a : Ecriture du .env depuis les secrets
|
|
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
|
|
- name: write-env
|
|
image: alpine:3.20
|
|
environment:
|
|
PS_DOMAIN:
|
|
from_secret: ps_domain
|
|
PS_ADMIN_FOLDER:
|
|
from_secret: ps_admin_folder
|
|
PRESTASHOP_ADMIN_EMAIL:
|
|
from_secret: prestashop_admin_email
|
|
PRESTASHOP_ADMIN_PASSWORD:
|
|
from_secret: prestashop_admin_password
|
|
DB_ROOT_PASSWORD:
|
|
from_secret: db_root_password
|
|
DB_PASSWORD:
|
|
from_secret: db_password
|
|
commands:
|
|
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
|
|
# COMPOSE_PROJECT_NAME : convention user-project-branch, genere depuis les vars CI
|
|
- OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z') && REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z') && BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-') && echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
|
|
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
|
|
|
|
# Etape 3b : Deploiement sur sonic via Docker socket
|
|
# Modele pipeline sonic : deploy Docker Compose + cert TLS (acme.sh)
|
|
# Registrator enregistre automatiquement le container dans Consul via les labels SERVICE_*
|
|
# Consul valide le service via SERVICE_80_CHECK_HTTP -> Fabio route le trafic automatiquement
|
|
- name: deploy
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /opt/prestashop:/opt/prestashop
|
|
commands:
|
|
- cp .env.deploy /opt/prestashop/.env
|
|
- chmod 600 /opt/prestashop/.env
|
|
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
|
- cd /opt/prestashop && docker compose pull
|
|
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
|
- cd /opt/prestashop && docker compose ps
|
|
- |
|
|
PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/prestashop/.env | cut -d= -f2)
|
|
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
|
|
|
|
# --- Certificat TLS (acme.sh via sonic-acme-1) ---
|
|
# acme.sh est idempotent : skip si cert valide, renouvelle si proche expiration
|
|
# Exit 0 = emis/renouvele, exit 2 = skip (domaine inchange), autres = erreur
|
|
# --home /etc/acme.sh = volume persistant sonic_acme (sinon /root/.acme.sh non persiste)
|
|
# || ACME_EXIT=$? capture le code sans declencher set -e (contrairement a ; ACME_EXIT=$?)
|
|
ACME_EXIT=0
|
|
docker exec sonic-acme-1 /app/acme.sh \
|
|
--home /etc/acme.sh \
|
|
--issue -d "$DOMAIN" \
|
|
--webroot /usr/share/nginx/html \
|
|
--server letsencrypt \
|
|
--accountemail support+acme@asycn.io || ACME_EXIT=$?
|
|
if [ "$ACME_EXIT" -ne 0 ] && [ "$ACME_EXIT" -ne 2 ]; then
|
|
echo "ERREUR: acme.sh a echoue (exit $ACME_EXIT)"
|
|
exit 1
|
|
fi
|
|
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/fullchain.cer /host/certs/$DOMAIN-cert.pem
|
|
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
|
|
echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
|
|
|
|
# Etape 4 : Configuration post-deploiement (SSL, cache)
|
|
# Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
|
|
# puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)
|
|
- name: configure
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
commands:
|
|
- |
|
|
PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' .env.deploy | cut -d= -f2)
|
|
DB_PASS=$(grep '^DB_PASSWORD=' .env.deploy | cut -d= -f2)
|
|
echo "Attente fin installation PrestaShop (ps_configuration)..."
|
|
MAX=60
|
|
i=0
|
|
until [ $i -ge $MAX ]; do
|
|
READY=$(docker exec "$PROJECT-db" mysql -uprestashop -p"$DB_PASS" -se \
|
|
"SELECT COUNT(*) FROM prestashop.ps_configuration WHERE name='PS_SSL_ENABLED';" 2>/dev/null || echo 0)
|
|
if [ "$READY" -gt "0" ] 2>/dev/null; then
|
|
echo "Base prete, activation SSL..."
|
|
docker exec "$PROJECT-db" mysql -uprestashop -p"$DB_PASS" prestashop -e \
|
|
"UPDATE ps_configuration SET value='1' WHERE name IN ('PS_SSL_ENABLED','PS_SSL_ENABLED_EVERYWHERE');"
|
|
docker exec "$PROJECT-app" rm -rf /var/www/html/var/cache/prod/ 2>/dev/null || true
|
|
echo "SSL active dans DB, cache efface"
|
|
break
|
|
fi
|
|
i=$((i+1))
|
|
echo "Tentative $i/$MAX - installation en cours..."
|
|
sleep 10
|
|
done
|
|
[ $i -ge $MAX ] && echo "AVERTISSEMENT: timeout configure SSL" || true
|
|
|
|
# Etape 5 : Healthcheck post-deploiement
|
|
- name: healthcheck
|
|
image: alpine:3.20
|
|
commands:
|
|
- apk add --no-cache --quiet curl
|
|
- |
|
|
SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2)
|
|
if [ -z "$SITE" ]; then
|
|
echo "ERREUR: PS_DOMAIN non defini dans .env.deploy"
|
|
exit 1
|
|
fi
|
|
TARGET="http://$SITE"
|
|
echo "Healthcheck sur $TARGET (max 10 minutes)..."
|
|
MAX=60
|
|
i=0
|
|
until [ $i -ge $MAX ]; do
|
|
CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null)
|
|
echo "Tentative $((i+1))/$MAX - HTTP $CODE"
|
|
if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then
|
|
echo "PrestaShop repond correctement sur $TARGET"
|
|
exit 0
|
|
fi
|
|
i=$((i+1))
|
|
sleep 10
|
|
done
|
|
echo "ERREUR: PrestaShop ne repond pas apres 10 minutes"
|
|
exit 1
|
|
|
|
# Notification en cas d'echec
|
|
- name: notify-failure
|
|
image: alpine:3.20
|
|
commands:
|
|
- 'echo "ECHEC pipeline #$CI_BUILD_NUMBER sur commit $CI_COMMIT_SHA"'
|
|
- 'echo "Branche: $CI_COMMIT_BRANCH"'
|
|
when:
|
|
- status: failure
|