feat(ci): image unifiée runner+agents (Dockerfile.ci, entrypoint, compose, helper)

.cursorignore

@@ -21,3 +21,4 @@ tests/reports/
 !/.cursor
 !/AGENTS.md
 
+

.gitignore

@@ -34,3 +34,4 @@ git-installer.exe
 
 # Ne pas ignorer .cursor ni AGENTS.md
 
+

TEMPLATE_VERSION

@@ -1,2 +1,3 @@
 v2025.08.3
 
+

docker-compose.ci.yml

@@ -0,0 +1,19 @@
+services:
+  project-ci:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile.ci
+    image: 4nk-template-ci:latest
+    environment:
+      - RUNNER_MODE=${RUNNER_MODE:-agents}
+      - TARGET_DIR=/work
+      - OUTPUT_DIR=/work/tests/reports/agents
+      - BASE_URL
+      - REGISTRATION_TOKEN
+    volumes:
+      - ./:/work
+      - ${HOME}/.4nk_template/.env:/root/.4nk_template/.env:ro
+    tty: true
+    labels:
+      - "com.4nk.template=ci"
+

docker/Dockerfile.ci

@@ -0,0 +1,26 @@
+FROM gitea/act_runner:nightly
+
+USER root
+
+RUN apk update || true && \
+    (apk add --no-cache bash curl jq git coreutils dos2unix || \
+     (apt-get update && apt-get install -y bash curl jq git coreutils dos2unix)) && \
+    mkdir -p /app /work /root/.4nk_template && chmod 700 /root/.4nk_template
+
+WORKDIR /app
+
+# Copier les scripts agents
+COPY scripts /work/scripts
+
+# Normaliser les fins de ligne et permissions
+RUN find /work/scripts -type f -name "*.sh" -print0 | xargs -0 -r dos2unix -f && \
+    find /work/scripts -type f -name "*.sh" -exec chmod +x {} +
+
+# Entrypoint unifié: lance le runner si variables présentes, sinon agents
+COPY docker/entrypoint.ci.sh /entrypoint.sh
+RUN dos2unix -f /entrypoint.sh && chmod +x /entrypoint.sh
+
+WORKDIR /work
+
+ENTRYPOINT ["/entrypoint.sh"]
+

docker/entrypoint.ci.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Charge l'env utilisateur si monté
+if [[ -f "/root/.4nk_template/.env" ]]; then
+  set -a
+  . "/root/.4nk_template/.env"
+  set +a
+fi
+
+MODE="${RUNNER_MODE:-agents}"
+TARGET_DIR="${TARGET_DIR:-/work}"
+OUTPUT_DIR="${OUTPUT_DIR:-/work/tests/reports/agents}"
+
+normalize_scripts() {
+  if command -v dos2unix >/dev/null 2>&1; then
+    find /work/scripts -type f -name "*.sh" -print0 | xargs -0 -r dos2unix -f || true
+  fi
+  find /work/scripts -type f -name "*.sh" -exec chmod +x {} + || true
+}
+
+start_runner() {
+  # Démarre le runner gitea/act_runner (processus au premier plan)
+  # Requiert : GITEA_INSTANCE_URL (BASE_URL), REGISTRATION_TOKEN ou config existante
+  if [[ -n "${BASE_URL:-}" && -n "${REGISTRATION_TOKEN:-}" ]]; then
+    act_runner register --no-interactive \
+      --instance "$BASE_URL" \
+      --token "$REGISTRATION_TOKEN" \
+      --labels "self-hosted,linux" || true
+  fi
+  exec act_runner daemon
+}
+
+run_agents() {
+  normalize_scripts
+  mkdir -p "$OUTPUT_DIR"
+  cd "$TARGET_DIR"
+  /work/scripts/agents/run.sh "$TARGET_DIR" "$OUTPUT_DIR" all || true
+  echo "Rapports disponibles dans $OUTPUT_DIR" >&2
+}
+
+case "$MODE" in
+  runner) start_runner ;;
+  agents) run_agents ;;
+  both)
+    start_runner &
+    run_agents
+    wait -n || true
+    ;;
+  *) run_agents ;;
+esac

scripts/checks/version_alignment.sh

@@ -19,3 +19,4 @@ fi
 
 echo "Version alignment OK"
 
+

scripts/dev/run_project_ci.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Build et lance le conteneur unifié (runner+agents) sur ce projet
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
+cd "$ROOT_DIR"
+
+# Build image
+docker compose -f docker-compose.ci.yml build
+
+# Exécuter agents par défaut
+RUNNER_MODE="${RUNNER_MODE:-agents}" BASE_URL="${BASE_URL:-}" REGISTRATION_TOKEN="${REGISTRATION_TOKEN:-}" \
+  docker compose -f docker-compose.ci.yml up --remove-orphans --abort-on-container-exit

scripts/release/guard.sh

@@ -64,3 +64,4 @@ esac
 
 echo "[release-guard] OK"
 
+

scripts/security/audit.sh

@@ -34,3 +34,4 @@ fi
 echo "[security-audit] terminé rc=$rc"
 exit $rc
 
+