112 lines
3.5 KiB
YAML
112 lines
3.5 KiB
YAML
when:
|
|
branch: main
|
|
event: push
|
|
|
|
steps:
|
|
|
|
# Etape 1 : Validation syntaxique du docker-compose.yml
|
|
validate:
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
PS_DOMAIN: presta.syoul.fr
|
|
PS_ADMIN_FOLDER: admin-secure
|
|
DB_PASSWORD: placeholder
|
|
DB_ROOT_PASSWORD: placeholder
|
|
PRESTASHOP_ADMIN_EMAIL: placeholder
|
|
PRESTASHOP_ADMIN_PASSWORD: placeholder
|
|
commands:
|
|
- docker compose config --quiet
|
|
- echo "docker-compose.yml valide"
|
|
|
|
# Etape 2 : Verifications de securite
|
|
security-check:
|
|
image: alpine:3.20
|
|
commands:
|
|
- |
|
|
if [ -f .env ]; then
|
|
echo "ERREUR: .env ne doit pas etre commite dans le depot !"
|
|
exit 1
|
|
fi
|
|
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
|
|
- echo "Verifications de securite OK"
|
|
|
|
# Etape 3 : Deploiement sur sonic via Docker socket
|
|
deploy:
|
|
image: docker:27-cli
|
|
environment:
|
|
PS_DOMAIN:
|
|
from_secret: PS_DOMAIN
|
|
PS_ADMIN_FOLDER:
|
|
from_secret: PS_ADMIN_FOLDER
|
|
PRESTASHOP_ADMIN_EMAIL:
|
|
from_secret: PRESTASHOP_ADMIN_EMAIL
|
|
PRESTASHOP_ADMIN_PASSWORD:
|
|
from_secret: PRESTASHOP_ADMIN_PASSWORD
|
|
DB_ROOT_PASSWORD:
|
|
from_secret: DB_ROOT_PASSWORD
|
|
DB_PASSWORD:
|
|
from_secret: DB_PASSWORD
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /opt/prestashop:/opt/prestashop
|
|
commands:
|
|
# Generer le .env sur le serveur a partir des secrets Woodpecker
|
|
# Woodpecker est la source de verite unique pour tous les secrets
|
|
- |
|
|
cat > /opt/prestashop/.env << EOF
|
|
PS_DOMAIN=${PS_DOMAIN}
|
|
PS_ADMIN_FOLDER=${PS_ADMIN_FOLDER}
|
|
PRESTASHOP_ADMIN_EMAIL=${PRESTASHOP_ADMIN_EMAIL}
|
|
PRESTASHOP_ADMIN_PASSWORD=${PRESTASHOP_ADMIN_PASSWORD}
|
|
DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
|
|
DB_PASSWORD=${DB_PASSWORD}
|
|
EOF
|
|
- chmod 600 /opt/prestashop/.env
|
|
# Deployer
|
|
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
|
- cd /opt/prestashop && docker compose pull
|
|
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
|
- cd /opt/prestashop && docker compose ps
|
|
|
|
# Etape 4 : Healthcheck post-deploiement
|
|
# PS_DOMAIN n'est pas sensible, passe en valeur directe pour eviter
|
|
# les problemes d'injection de secret dans les blocs multilignes
|
|
healthcheck:
|
|
image: curlimages/curl:8.11.0
|
|
environment:
|
|
PS_DOMAIN:
|
|
from_secret: PS_DOMAIN
|
|
commands:
|
|
- |
|
|
TARGET="http://${PS_DOMAIN}"
|
|
if [ -z "${PS_DOMAIN}" ]; then
|
|
echo "ERREUR: PS_DOMAIN non defini, verifier le secret Woodpecker"
|
|
exit 1
|
|
fi
|
|
echo "Healthcheck sur ${TARGET} (max 10 minutes)..."
|
|
MAX=60
|
|
i=0
|
|
until [ $i -ge $MAX ]; do
|
|
HTTP_CODE=$(curl -sSo /dev/null -w "%{http_code}" "${TARGET}" 2>/dev/null)
|
|
echo "Tentative $((i+1))/${MAX} - HTTP ${HTTP_CODE}"
|
|
if [ "${HTTP_CODE}" = "200" ] || [ "${HTTP_CODE}" = "301" ] || [ "${HTTP_CODE}" = "302" ]; then
|
|
echo "PrestaShop repond correctement sur ${TARGET}"
|
|
exit 0
|
|
fi
|
|
i=$((i+1))
|
|
sleep 10
|
|
done
|
|
echo "ERREUR: PrestaShop ne repond pas apres 10 minutes"
|
|
exit 1
|
|
|
|
# Notification en cas d'echec
|
|
notify-failure:
|
|
image: alpine:3.20
|
|
commands:
|
|
- 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"'
|
|
- 'echo "Branche: ${CI_COMMIT_BRANCH}"'
|
|
when:
|
|
status: failure
|