ci: trigger deploy

fix: generate .env from secrets in CI
test
2026-03-21 22:36:37 +01:00 · 2026-03-21 22:35:23 +01:00 · 2026-03-21 22:33:21 +01:00 · 2026-03-21 22:31:42 +01:00 · 2026-03-21 22:20:38 +01:00 · 2026-03-21 22:16:47 +01:00
2 changed files with 34 additions and 14 deletions
--- a/.env.example
+++ b/.env.example
@@ -11,7 +11,7 @@ DEBUG=false
 # --- Base de données PostgreSQL ---
 POSTGRES_DB=auditshield
 POSTGRES_USER=auditshield
-POSTGRES_PASSWORD=changeme-strong-password
+POSTGRES_PASSWORD=AuditShield!

 # Construit automatiquement par docker-compose, à définir manuellement en dev local :
 DATABASE_URL=postgresql://auditshield:changeme-strong-password@localhost:5432/auditshield
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -24,18 +24,38 @@ jobs:
            echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT
          fi

-      - name: Deploy to NAS
-        uses: appleboy/ssh-action@v1
-        with:
-          host: ${{ secrets.NAS_HOST }}
-          username: ${{ secrets.NAS_USER }}
-          key: ${{ secrets.NAS_SSH_KEY }}
-          script: |
-            mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}
-            cd ${{ steps.env.outputs.PROJECT_PATH }}
-            git clone https://gitea.rigolet.tech/vincent/auditshield.git . 2>/dev/null || git pull
-            cp .env.example .env 2>/dev/null || true
-            sudo docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans
-            sudo docker image prune -f
+      - name: Setup SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.NAS_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/nas_key
+          chmod 600 ~/.ssh/nas_key
+          ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts 2>/dev/null

+      - name: Copy files to NAS
+        run: |
+          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
+            "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}"
+          tar --exclude='.git' --exclude='node_modules' --exclude='.env' -czf - . | \
+            ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
+            "tar -xzf - -C ${{ steps.env.outputs.PROJECT_PATH }}"

+      - name: Setup env file
+        run: |
+          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
+            "cat > ${{ steps.env.outputs.PROJECT_PATH }}/.env << 'EOF'
+SECRET_KEY=${{ secrets.APP_SECRET_KEY }}
+DEBUG=false
+POSTGRES_DB=auditshield
+POSTGRES_USER=auditshield
+POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
+DATABASE_URL=postgresql://auditshield:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/auditshield
+REDIS_URL=redis://redis:6379/0
+NEXT_PUBLIC_API_URL=https://auditshield.rigolet.tech
+DOMAIN=auditshield.rigolet.tech
+TAG=latest
+EOF"
+
+      - name: Deploy
+        run: |
+          ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \
+            "cd ${{ steps.env.outputs.PROJECT_PATH }} && /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans && /usr/local/bin/docker image prune -f"
Author	SHA1	Message	Date
Vincent	88c3088cc1	ci: trigger deploy	2026-03-21 22:36:37 +01:00
Vincent	ae32eabc9c	fix: generate .env from secrets in CI	2026-03-21 22:35:23 +01:00
Vincent	69a3e55aa9	test	2026-03-21 22:33:21 +01:00
Vincent	001209d12c	add secrets	2026-03-21 22:31:42 +01:00
Vincent	c8088251dd	ci: use base64 encoded SSH key Some checks failed Deploy / deploy (push) Failing after 9s Details	2026-03-21 22:20:38 +01:00
Vincent	7cc7ba66d8	ci: complete deploy workflow with tar+ssh Some checks failed Deploy / deploy (push) Failing after 26s Details	2026-03-21 22:16:47 +01:00
Vincent	3c6356b578	ci: use tar+ssh instead of rsync Some checks failed Deploy / deploy (push) Failing after 26s Details	2026-03-21 22:13:06 +01:00
Vincent	87d2f0add3	Update rsync Some checks failed Deploy / deploy (push) Failing after 8s Details	2026-03-21 22:11:22 +01:00
Vincent	4eae30c0e5	fadsfsa Some checks failed Deploy / deploy (push) Failing after 8s Details	2026-03-21 22:09:47 +01:00
Vincent	a39ff7b3b1	ci: install rsync on runner Some checks failed Deploy / deploy (push) Failing after 7s Details	2026-03-21 22:07:46 +01:00
Vincent	c535d00947	Merge branch 'dev' of ssh://gitea.rigolet.tech:222/vincent/auditshield into dev Some checks failed Deploy / deploy (push) Failing after 7s Details	2026-03-21 22:05:27 +01:00
Vincent	12cfb49c87	Merge branch 'feature/ci-deploy' into dev	2026-03-21 22:04:13 +01:00
vincent	046f542f6a	Merge pull request 'feature/ci-deploy' (#4 ) from feature/ci-deploy into dev Some checks failed Deploy / deploy (push) Failing after 10s Details Reviewed-on: #4	2026-03-21 20:58:58 +00:00
Vincent	f733cd7d5b	deploy : change ssh setting	2026-03-21 21:57:10 +01:00