d97b522162
- Ajout label LETSENCRYPT_HOST sur le container prestashop : sonic-acme-1 (acme-companion) emet le cert et le copie dans /host/certs/ Fabio le detecte par SNI sans redemarrage - Route Fabio KV mise a jour : HTTP et HTTPS (domain:443) en une seule cle Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
123 lines
4.5 KiB
YAML
123 lines
4.5 KiB
YAML
when:
|
|
- branch: main
|
|
event: push
|
|
|
|
steps:
|
|
|
|
# Etape 1 : Validation syntaxique du docker-compose.yml
|
|
- name: validate
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
environment:
|
|
PS_DOMAIN: presta.syoul.fr
|
|
PS_ADMIN_FOLDER: admin-secure
|
|
DB_PASSWORD: placeholder
|
|
DB_ROOT_PASSWORD: placeholder
|
|
PRESTASHOP_ADMIN_EMAIL: placeholder
|
|
PRESTASHOP_ADMIN_PASSWORD: placeholder
|
|
commands:
|
|
- docker compose config --quiet
|
|
- echo "docker-compose.yml valide"
|
|
|
|
# Etape 2 : Verifications de securite
|
|
- name: security-check
|
|
image: alpine:3.20
|
|
commands:
|
|
- |
|
|
if [ -f .env ]; then
|
|
echo "ERREUR: .env ne doit pas etre commite dans le depot !"
|
|
exit 1
|
|
fi
|
|
- 'grep -q "^\.env$" .gitignore || (echo "ERREUR: .env manquant dans .gitignore" && exit 1)'
|
|
- echo "Verifications de securite OK"
|
|
|
|
# Etape 3a : Ecriture du .env et du token Consul depuis les secrets
|
|
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
|
|
- name: write-env
|
|
image: alpine:3.20
|
|
environment:
|
|
TEST_STATIC: hello-world
|
|
PS_DOMAIN:
|
|
from_secret: ps_domain
|
|
PS_ADMIN_FOLDER:
|
|
from_secret: ps_admin_folder
|
|
PRESTASHOP_ADMIN_EMAIL:
|
|
from_secret: prestashop_admin_email
|
|
PRESTASHOP_ADMIN_PASSWORD:
|
|
from_secret: prestashop_admin_password
|
|
DB_ROOT_PASSWORD:
|
|
from_secret: db_root_password
|
|
DB_PASSWORD:
|
|
from_secret: db_password
|
|
CONSUL_TOKEN:
|
|
from_secret: consul_token
|
|
commands:
|
|
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
|
|
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
|
|
- env | grep '^CONSUL_TOKEN=' | cut -d= -f2- > .consul_token
|
|
|
|
# Etape 3b : Deploiement sur sonic via Docker socket + enregistrement Consul
|
|
# Le token est lu depuis .consul_token (ecrit par write-env) car
|
|
# volumes + from_secret = secrets vides (bug Woodpecker next)
|
|
- name: deploy
|
|
image: docker:27-cli
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /opt/prestashop:/opt/prestashop
|
|
commands:
|
|
- cp .env.deploy /opt/prestashop/.env
|
|
- chmod 600 /opt/prestashop/.env
|
|
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
|
- cd /opt/prestashop && docker compose pull
|
|
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
|
- cd /opt/prestashop && docker compose ps
|
|
- |
|
|
CONTAINER_IP=$(docker inspect prestashop --format '{{.NetworkSettings.Networks.sonic.IPAddress}}')
|
|
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
|
|
CTOK=$(cat $CI_WORKSPACE/.consul_token)
|
|
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul services register \
|
|
-address "$CONTAINER_IP" -port 80 -name prestashop -tag "urlprefix-$DOMAIN/"
|
|
echo "Consul: prestashop -> $CONTAINER_IP:80 urlprefix-$DOMAIN/"
|
|
ROUTES="route add prestashop $DOMAIN/ http://$CONTAINER_IP:80/
|
|
route add prestashop $DOMAIN:443/ http://$CONTAINER_IP:80/"
|
|
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put fabio/config "$ROUTES"
|
|
echo "Fabio KV: routes HTTP+HTTPS $DOMAIN -> $CONTAINER_IP:80"
|
|
|
|
# Etape 4 : Healthcheck post-deploiement
|
|
- name: healthcheck
|
|
image: alpine:3.20
|
|
commands:
|
|
- apk add --no-cache --quiet curl
|
|
- |
|
|
SITE=$(grep '^PS_DOMAIN=' .env.deploy | cut -d= -f2)
|
|
if [ -z "$SITE" ]; then
|
|
echo "ERREUR: PS_DOMAIN non defini dans .env.deploy"
|
|
exit 1
|
|
fi
|
|
TARGET="http://$SITE"
|
|
echo "Healthcheck sur $TARGET (max 10 minutes)..."
|
|
MAX=60
|
|
i=0
|
|
until [ $i -ge $MAX ]; do
|
|
CODE=$(curl -sSo /dev/null -w "%{http_code}" "$TARGET" 2>/dev/null)
|
|
echo "Tentative $((i+1))/$MAX - HTTP $CODE"
|
|
if [ "$CODE" = "200" ] || [ "$CODE" = "301" ] || [ "$CODE" = "302" ]; then
|
|
echo "PrestaShop repond correctement sur $TARGET"
|
|
exit 0
|
|
fi
|
|
i=$((i+1))
|
|
sleep 10
|
|
done
|
|
echo "ERREUR: PrestaShop ne repond pas apres 10 minutes"
|
|
exit 1
|
|
|
|
# Notification en cas d'echec
|
|
- name: notify-failure
|
|
image: alpine:3.20
|
|
commands:
|
|
- 'echo "ECHEC pipeline #${CI_BUILD_NUMBER} sur commit ${CI_COMMIT_SHA}"'
|
|
- 'echo "Branche: ${CI_COMMIT_BRANCH}"'
|
|
when:
|
|
- status: failure
|