Sprint 1 : scaffolding complet de Glibredecision

Plateforme de decisions collectives pour Duniter/G1. Backend FastAPI async + PostgreSQL (14 tables, 8 routers, 6 services, moteur de vote avec formule d'inertie WoT/Smith/TechComm). Frontend Nuxt 4 + Nuxt UI v3 + Pinia (9 pages, 5 stores). Infrastructure Docker + Woodpecker CI + Traefik. Documentation technique et utilisateur (15 fichiers). Seed : Licence G1, Engagement Forgeron v2.0.0, 4 protocoles de vote. 30 tests unitaires (formules, mode params, vote nuance) -- tous verts. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 12:46:11 +01:00
commit 25437f24e3
100 changed files with 10236 additions and 0 deletions
--- a/docker/backend.Dockerfile
+++ b/docker/backend.Dockerfile
@@ -0,0 +1,44 @@
+# syntax = docker/dockerfile:1
+
+FROM python:3.11-slim AS base
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1
+
+WORKDIR /app
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# ── Build ─────────────────────────────────────────────────────────────────────
+FROM base AS build
+
+COPY backend/requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY backend/ .
+
+# ── Production ────────────────────────────────────────────────────────────────
+FROM base AS production
+
+COPY --from=build /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=build /usr/local/bin/uvicorn /usr/local/bin/uvicorn
+COPY --from=build /usr/local/bin/alembic /usr/local/bin/alembic
+COPY --from=build /app /app
+
+EXPOSE 8002
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl -f http://localhost:8002/api/health || exit 1
+
+CMD ["sh", "-c", "alembic upgrade head && uvicorn app.main:app --host 0.0.0.0 --port 8002"]
+
+# ── Development ───────────────────────────────────────────────────────────────
+FROM base AS development
+
+COPY backend/requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+WORKDIR /app
+CMD ["sh", "-c", "alembic upgrade head && uvicorn app.main:app --host 0.0.0.0 --port 8002 --reload"]
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -0,0 +1,37 @@
+version: "3.9"
+
+# Dev overrides -- usage:
+#   docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml up
+
+services:
+  postgres:
+    ports:
+      - "5432:5432"
+
+  backend:
+    build:
+      target: development
+    volumes:
+      - ../backend:/app
+    ports:
+      - "8002:8002"
+    environment:
+      DEBUG: "true"
+      CORS_ORIGINS: '["http://localhost:3002"]'
+    labels: []
+
+  frontend:
+    build:
+      target: development
+    volumes:
+      - ../frontend:/app
+    ports:
+      - "3002:3002"
+    environment:
+      NUXT_PUBLIC_API_BASE: http://localhost:8002/api/v1
+    labels: []
+
+  ipfs:
+    ports:
+      - "5001:5001"
+      - "8080:8080"
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -0,0 +1,85 @@
+version: "3.9"
+
+services:
+  postgres:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB:-glibredecision}
+      POSTGRES_USER: ${POSTGRES_USER:-glibredecision}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-change-me-in-production}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-glibredecision} -d ${POSTGRES_DB:-glibredecision}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
+    networks:
+      - glibredecision
+
+  backend:
+    build:
+      context: ../
+      dockerfile: docker/backend.Dockerfile
+      target: production
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-glibredecision}:${POSTGRES_PASSWORD:-change-me-in-production}@postgres:5432/${POSTGRES_DB:-glibredecision}
+      SECRET_KEY: ${SECRET_KEY:-change-me-in-production-with-a-real-secret-key}
+      DEBUG: "false"
+      CORS_ORIGINS: '["https://${DOMAIN:-glibredecision.org}"]'
+      DUNITER_RPC_URL: ${DUNITER_RPC_URL:-wss://gdev.p2p.legal/ws}
+      IPFS_API_URL: http://ipfs:5001
+      IPFS_GATEWAY_URL: http://ipfs:8080
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.glibredecision-api.rule=Host(`${DOMAIN:-glibredecision.org}`) && PathPrefix(`/api`)"
+      - "traefik.http.routers.glibredecision-api.entrypoints=websecure"
+      - "traefik.http.routers.glibredecision-api.tls.certresolver=letsencrypt"
+      - "traefik.http.services.glibredecision-api.loadbalancer.server.port=8002"
+    networks:
+      - glibredecision
+      - traefik
+
+  frontend:
+    build:
+      context: ../
+      dockerfile: docker/frontend.Dockerfile
+      target: production
+    restart: unless-stopped
+    depends_on:
+      - backend
+    environment:
+      NUXT_PUBLIC_API_BASE: https://${DOMAIN:-glibredecision.org}/api/v1
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.glibredecision-front.rule=Host(`${DOMAIN:-glibredecision.org}`)"
+      - "traefik.http.routers.glibredecision-front.entrypoints=websecure"
+      - "traefik.http.routers.glibredecision-front.tls.certresolver=letsencrypt"
+      - "traefik.http.services.glibredecision-front.loadbalancer.server.port=3000"
+    networks:
+      - glibredecision
+      - traefik
+
+  ipfs:
+    image: ipfs/kubo:latest
+    restart: unless-stopped
+    volumes:
+      - ipfs-data:/data/ipfs
+    networks:
+      - glibredecision
+
+volumes:
+  postgres-data:
+  ipfs-data:
+
+networks:
+  glibredecision:
+    driver: bridge
+  traefik:
+    external: true
--- a/docker/frontend.Dockerfile
+++ b/docker/frontend.Dockerfile
@@ -0,0 +1,45 @@
+# syntax = docker/dockerfile:1
+
+ARG NODE_VERSION=20-slim
+
+FROM node:${NODE_VERSION} AS base
+
+WORKDIR /src
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends curl && \
+    rm -rf /var/lib/apt/lists/*
+
+# ── Build ─────────────────────────────────────────────────────────────────────
+FROM base AS build
+
+ENV NODE_ENV=development
+
+COPY frontend/package.json frontend/package-lock.json* ./
+RUN npm ci
+
+COPY frontend/ .
+RUN npm run build
+
+# ── Production ────────────────────────────────────────────────────────────────
+FROM base AS production
+
+ENV PORT=3000 \
+    NODE_ENV=production
+
+COPY --from=build /src/.output /src/.output
+
+EXPOSE $PORT
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+    CMD curl -f http://localhost:${PORT}/ || exit 1
+
+CMD ["node", ".output/server/index.mjs"]
+
+# ── Development ───────────────────────────────────────────────────────────────
+FROM base AS development
+
+ENV NODE_ENV=development
+
+WORKDIR /app
+ENTRYPOINT ["npm", "run", "dev"]