ci: remplace Traefik par Fabio/Consul (pattern sonic)

- docker-compose.yml : labels SERVICE_* Registrator, réseau sonic external,
  container_name explicite, name COMPOSE_PROJECT_NAME
- pipeline : APP_DOMAIN (au lieu de DOMAIN), ACME sonic-acme-1 pour TLS,
  test-deploy sans suffixe -1 (container_name fixe)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

docker/docker-compose.yml

@@ -1,13 +1,14 @@
-version: "3.9"
+name: ${COMPOSE_PROJECT_NAME:-ehv-decision-main}
 
 services:
   postgres:
     image: postgres:16-alpine
-    restart: unless-stopped
+    container_name: ${COMPOSE_PROJECT_NAME:-ehv-decision-main}-postgres
+    restart: always
     environment:
       POSTGRES_DB: ${POSTGRES_DB:-libredecision}
       POSTGRES_USER: ${POSTGRES_USER:-libredecision}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-change-me-in-production}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
     volumes:
       - postgres-data:/var/lib/postgresql/data
     healthcheck:
@@ -18,63 +19,57 @@ services:
       start_period: 30s
     networks:
       - libredecision
+    # Pas de label SERVICE_* : postgres non exposé publiquement
 
   backend:
     image: libredecision-backend:latest
-    build:
-      context: ../
-      dockerfile: docker/backend.Dockerfile
-      target: production
-    restart: unless-stopped
+    container_name: ${COMPOSE_PROJECT_NAME:-ehv-decision-main}-backend
+    restart: always
     depends_on:
       postgres:
         condition: service_healthy
     environment:
-      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-libredecision}:${POSTGRES_PASSWORD:-change-me-in-production}@postgres:5432/${POSTGRES_DB:-libredecision}
-      SECRET_KEY: ${SECRET_KEY:-change-me-in-production-with-a-real-secret-key}
+      DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-libredecision}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB:-libredecision}
+      SECRET_KEY: ${SECRET_KEY}
       DEBUG: "false"
-      CORS_ORIGINS: '["https://${DOMAIN:-libredecision.org}"]'
+      CORS_ORIGINS: '["https://${APP_DOMAIN:-libredecision.org}"]'
       DUNITER_RPC_URL: ${DUNITER_RPC_URL:-wss://gdev.p2p.legal/ws}
       IPFS_API_URL: http://ipfs:5001
       IPFS_GATEWAY_URL: http://ipfs:8080
     labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.libredecision-api.rule=Host(`${DOMAIN:-libredecision.org}`) && PathPrefix(`/api`)"
-      - "traefik.http.routers.libredecision-api.entrypoints=websecure"
-      - "traefik.http.routers.libredecision-api.tls.certresolver=letsencrypt"
-      - "traefik.http.services.libredecision-api.loadbalancer.server.port=8002"
+      # Registrator enregistre dans Consul, Fabio route automatiquement
+      - SERVICE_8002_NAME=${COMPOSE_PROJECT_NAME:-ehv-decision-main}-backend-8002
+      - SERVICE_8002_TAGS=urlprefix-${APP_DOMAIN:-libredecision.org}/api/*
+      # TCP : HTTP check échoue si le service redirige (301/302)
+      - SERVICE_8002_CHECK_TCP=true
     networks:
       - libredecision
-      - traefik
+      - sonic
 
   frontend:
     image: libredecision-frontend:latest
-    build:
-      context: ../
-      dockerfile: docker/frontend.Dockerfile
-      target: production
-    restart: unless-stopped
+    container_name: ${COMPOSE_PROJECT_NAME:-ehv-decision-main}-frontend
+    restart: always
     depends_on:
       - backend
     environment:
-      NUXT_PUBLIC_API_BASE: https://${DOMAIN:-libredecision.org}/api/v1
+      NUXT_PUBLIC_API_BASE: https://${APP_DOMAIN:-libredecision.org}/api/v1
     labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.libredecision-front.rule=Host(`${DOMAIN:-libredecision.org}`)"
-      - "traefik.http.routers.libredecision-front.entrypoints=websecure"
-      - "traefik.http.routers.libredecision-front.tls.certresolver=letsencrypt"
-      - "traefik.http.services.libredecision-front.loadbalancer.server.port=3000"
+      - SERVICE_3000_NAME=${COMPOSE_PROJECT_NAME:-ehv-decision-main}-frontend-3000
+      - SERVICE_3000_TAGS=urlprefix-${APP_DOMAIN:-libredecision.org}/*
+      - SERVICE_3000_CHECK_TCP=true
     networks:
-      - libredecision
-      - traefik
+      - sonic
 
   ipfs:
     image: ipfs/kubo:latest
-    restart: unless-stopped
+    container_name: ${COMPOSE_PROJECT_NAME:-ehv-decision-main}-ipfs
+    restart: always
     volumes:
       - ipfs-data:/data/ipfs
     networks:
       - libredecision
+    # Pas de label SERVICE_* : ipfs non exposé publiquement
 
 volumes:
   postgres-data:
@@ -83,5 +78,5 @@ volumes:
 networks:
   libredecision:
     driver: bridge
-  traefik:
+  sonic:
     external: true