roxane/.gitea/workflows/deploy-preprod.yml

name: Deploy Roxane to Preprod

on:
  push:
    branches:
      - release

jobs:
  deploy:
    runs-on: docker

    container:
      image: nebulaed/php83-node22

    steps:
      - name: Install network & SSH tools
        run: |
          set -e
          apt update
          apt install -y iproute2 iputils-ping openssh-client git

      - name: Show IPv6 network
        run: |
          ip -6 addr
          ip -6 route

      - name: Ping IPv6 preprod server
        run: |
          ping6 -c 3 2a01:e0a:bfe:a8a0::205

      - name: Configure SSH
        env:
          SSH_HOST: ${{ vars.PREPROD_HOST }}
          SSH_PORT: ${{ vars.PREPROD_PORT }}
        run: |
          set -e
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh

          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519

          ssh-keyscan -6 -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts

          echo "SSH_HOST_SSH=$SSH_HOST" >> "$GITEA_ENV"

      - name: Checkout code
        run: |
          set -e
          git clone ${{ vars.GIT_REPO }} /workspace/roxane
          cd /workspace/roxane
          git checkout release

      - name: Deploy Roxane to preprod
        env:
          SSH_USER: ${{ vars.PREPROD_USER }}
          SSH_PORT: ${{ vars.PREPROD_PORT }}
          PREPROD_PATH: ${{ vars.PREPROD_PATH }}
          # GIT_REPO: ${{ vars.GIT_REPO }}  # Ancien système : le serveur preprod tirait le code depuis Gitea
          #                                  # Ne fonctionne plus car Free bloque les ports entrants
        run: |
          set -e

          echo "[>>] Envoi du code vers le serveur preprod..."
          # Crée l'archive depuis le runner et l'envoie directement par SSH
          # Le serveur preprod n'a plus besoin de contacter Gitea
          git -C /workspace/roxane archive --format=tar.gz release | \
            ssh -6 -o StrictHostKeyChecking=yes \
                -o ConnectTimeout=10 \
                -o ServerAliveInterval=60 \
                -p "$SSH_PORT" \
                "$SSH_USER@$SSH_HOST_SSH" \
                "mkdir -p $PREPROD_PATH && tar -xz -C $PREPROD_PATH"

          ssh -6 -o StrictHostKeyChecking=yes \
              -o ConnectTimeout=10 \
              -o ServerAliveInterval=60 \
              -p "$SSH_PORT" \
              "$SSH_USER@$SSH_HOST_SSH" bash -l -s <<'EOF' "$PREPROD_PATH"
          set -e

          PREPROD_PATH="$1"

          cd "$PREPROD_PATH"

          # Ancien système (commenté) :
          # if [ ! -d "$PREPROD_PATH/.git" ]; then
          #   echo "[!] Repository not found. Cloning from $GIT_REPO..."
          #   mkdir -p "$(dirname "$PREPROD_PATH")"
          #   git clone "$GIT_REPO" "$PREPROD_PATH"
          #   cd "$PREPROD_PATH"
          #   git checkout release
          # else
          #   cd "$PREPROD_PATH"
          #   git config --global --add safe.directory "$PREPROD_PATH" 2>/dev/null || true
          #   echo "[>>] Pulling latest Roxane release..."
          #   git fetch origin
          #   git checkout release
          #   git reset --hard origin/release
          #   git clean -fd
          # fi

          echo "[*] Installing Composer dependencies..."
          composer install --no-dev --optimize-autoloader --no-interaction --prefer-dist

          echo "[~] Building frontend with Vite..."
          npm ci --prefer-offline
          npm run build

          echo "[DB] Running database migrations..."
          php artisan migrate --force

          echo "[++] Optimizing Roxane..."
          php artisan config:cache
          php artisan route:cache
          php artisan view:cache
          php artisan event:cache

          echo "[<>] Restarting queue workers..."
          php artisan queue:restart || true
          sudo supervisorctl reread
          sudo supervisorctl update
          sudo supervisorctl restart roxane-worker:*

          echo "[OK] Roxane deployed successfully to preprod!"
          EOF

      - name: Verify deployment
        if: success()
        env:
          SSH_USER: ${{ vars.PREPROD_USER }}
          SSH_PORT: ${{ vars.PREPROD_PORT }}
          PREPROD_PATH: ${{ vars.PREPROD_PATH }}
        run: |
          ssh -6 -o StrictHostKeyChecking=yes \
              -p "$SSH_PORT" \
              "$SSH_USER@$SSH_HOST_SSH" bash -l -s <<'EOF' "$PREPROD_PATH"
          set -e
          cd "$1"

          echo "[?] Verifying deployment..."
          echo "Laravel version: $(php artisan --version)"
          echo "Déploiement effectué le : $(date)"
          EOF

      - name: Cleanup on failure
        if: failure()
        env:
          SSH_USER: ${{ vars.PREPROD_USER }}
          SSH_PORT: ${{ vars.PREPROD_PORT }}
          PREPROD_PATH: ${{ vars.PREPROD_PATH }}
        run: |
          ssh -6 -o StrictHostKeyChecking=yes \
              -p "$SSH_PORT" \
              "$SSH_USER@$SSH_HOST_SSH" bash -l -s <<'EOF' "$PREPROD_PATH"
          cd "$1"

          echo "[!!] Deployment failed. Rolling back optimizations..."
          php artisan config:clear || true
          php artisan route:clear || true
          php artisan view:clear || true
          php artisan cache:clear || true
          EOF