Corentin JOGUET
668576cdc4
Conception complete (Phase 0) pour formation-hub Acadenice : - 19 docs Merise Agile + UML + GitOps + plans (tests/deploy/ops/api) cf docs/00-readme.md pour l'index complet - Stack Docker compose (Docmost + Baserow + Postgres + Redis + MinIO local FS) compose.yml + compose.staging.yml + compose.prod.yml - CI/CD GitHub Actions skeleton (ci, deploy-staging, deploy-prod) - Bridge service skeleton (Hono + TS + Biome + Vitest + zod + pino) - Templates GitHub : PR + 3 issue types + CODEOWNERS + dependabot.yml - Scripts ops : healthcheck, backup quotidien, smoke-test post-deploy - LICENSE AGPL-3.0 + SECURITY.md + CONTRIBUTING.md + CHANGELOG.md - Diagramme drawIO archi infra (XML importable dans diagrams.net) Decisions structurelles enregistrees : - Scope CFA + Agence avec entite PERSONNE pivot multi-roles (ADR-001) - Stack composite Docmost AGPL + Baserow MIT + bridge custom (ADR-001) - Path B : UX quasi-unified via Tiptap node-views custom (ADR-002) - Monorepo trunk-based development (ADR-003) - Postgres separe Docmost/Baserow (ADR-004) - Bridge stack Node 22 + Hono (ADR-005) - Repo neuf prefere a fork Docmost - Prod-like des le jour 1 (pas MVP)
81 lines
2.4 KiB
YAML
81 lines
2.4 KiB
YAML
name: Deploy Production
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*.*.*"
|
|
workflow_dispatch:
|
|
inputs:
|
|
ref:
|
|
description: "Tag a deployer (ex: v1.2.3)"
|
|
required: true
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: deploy-prod
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy to production
|
|
runs-on: ubuntu-latest
|
|
environment: production # required reviewers configures GitHub UI
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.inputs.ref || github.ref_name }}
|
|
|
|
- name: Validate compose configs
|
|
run: docker compose -f compose.yml -f compose.prod.yml config > /dev/null
|
|
|
|
- name: Deploy via SSH
|
|
uses: appleboy/ssh-action@v1
|
|
with:
|
|
host: ${{ secrets.PROD_HOST }}
|
|
username: ${{ secrets.PROD_USER }}
|
|
key: ${{ secrets.PROD_SSH_KEY }}
|
|
script_stop: true
|
|
script: |
|
|
set -euo pipefail
|
|
cd /opt/formation-hub
|
|
git fetch --tags
|
|
git checkout ${{ github.event.inputs.ref || github.ref_name }}
|
|
docker compose -f compose.yml -f compose.prod.yml pull
|
|
docker compose -f compose.yml -f compose.prod.yml up -d
|
|
./scripts/healthcheck.sh
|
|
|
|
- name: Smoke test
|
|
run: |
|
|
set -euo pipefail
|
|
curl -fsS --max-time 10 ${{ secrets.PROD_URL }}/api/health || exit 1
|
|
|
|
- name: Watch logs (5 min)
|
|
run: |
|
|
# Optionnel : monitor logs apres deploy
|
|
echo "Post-deploy watch — verifier monitoring/alerts pendant 30 min"
|
|
|
|
- name: Notify on success
|
|
if: success()
|
|
uses: slackapi/slack-github-action@v1
|
|
with:
|
|
payload: |
|
|
{
|
|
"text": "PROD deployed: ${{ github.event.inputs.ref || github.ref_name }} — sha ${{ github.sha }}"
|
|
}
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
|
continue-on-error: true
|
|
|
|
- name: Notify on failure
|
|
if: failure()
|
|
uses: slackapi/slack-github-action@v1
|
|
with:
|
|
payload: |
|
|
{
|
|
"text": "PROD deploy FAILED — ${{ github.event.inputs.ref || github.ref_name }}. Run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
}
|
|
env:
|
|
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
|
|
continue-on-error: true
|