name: build-and-push-int-dev on: push: tags: - int-dev jobs: build_push: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: Prepare SSH agent (optional) shell: bash run: | set -euo pipefail eval "$(ssh-agent -s)" if [ -n "${{ secrets.SSH_PRIVATE_KEY || '' }}" ]; then echo "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' | ssh-add - >/dev/null 2>&1 || true fi mkdir -p ~/.ssh ssh-keyscan git.4nkweb.com >> ~/.ssh/known_hosts 2>/dev/null || true echo "SSH agent ready: $SSH_AUTH_SOCK" # Rendre l'agent dispo aux steps suivants echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV" - name: Load .env(.example) and export NEXT_PUBLIC_* variables shell: bash run: | set -euo pipefail set -a if [ -f .env ]; then . ./.env elif [ -f .env.example ]; then # Parser .env.example même s'il est formaté en tableau Markdown # On retire la bordure '|' éventuelle et on ne garde que les lignes KEY=VALUE tmpenv=$(mktemp) sed -E 's/^\|\s*//; s/\s*\|\s*$//' .env.example \ | awk 'NF>0' \ | grep -E '^[A-Z0-9_]+=.*' \ > "$tmpenv" # Charger uniquement les variables . "$tmpenv" rm -f "$tmpenv" fi set +a echo "Environment NEXT_PUBLIC_* available (current step):" || true env | grep '^NEXT_PUBLIC_' || true # Exporter pour les étapes suivantes via GITHUB_ENV count=0 while IFS='=' read -r key value; do echo "$key=$value" >> "$GITHUB_ENV" count=$((count+1)) done < <(env | grep '^NEXT_PUBLIC_') if [ "$count" -eq 0 ]; then echo "Aucune variable NEXT_PUBLIC_* détectée (ni .env/.env.example ni secrets). Abandon." >&2 exit 1 fi - name: Compute Docker tag from commit message or fallback id: tag shell: bash run: | set -euo pipefail msg=$(git log -1 --pretty=%B) if [[ "$msg" =~ ci:\ docker_tag=([a-zA-Z0-9._:-]+) ]]; then tag="${BASH_REMATCH[1]}" else tag="dev-test" fi echo "TAG=$tag" | tee -a $GITHUB_OUTPUT - name: Docker login (git.4nkweb.com) shell: bash env: REG_USER: ${{ secrets.USER }} REG_TOKEN: ${{ secrets.TOKEN }} run: | set -euo pipefail echo "$REG_TOKEN" | docker login git.4nkweb.com -u "$REG_USER" --password-stdin - name: Build image (target int-dev) shell: bash env: DOCKER_BUILDKIT: "1" run: | set -euo pipefail if [ -n "${SSH_AUTH_SOCK:-}" ]; then buildArgs=() # 1) Ajouter toutes les variables NEXT_PUBLIC_* chargées depuis .env while IFS='=' read -r key _; do [ -n "$key" ] || continue val="${!key:-}" buildArgs+=(--build-arg "$key=$val") done < <(env | grep '^NEXT_PUBLIC_' | cut -d= -f1 | sort) # 2) Fallback/override possibles depuis les secrets CI pour certaines clés critiques [ -n "${{ secrets.NEXT_PUBLIC_4NK_URL || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_4NK_URL="${{ secrets.NEXT_PUBLIC_4NK_URL }}") [ -n "${{ secrets.NEXT_PUBLIC_4NK_IFRAME_URL || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_4NK_IFRAME_URL="${{ secrets.NEXT_PUBLIC_4NK_IFRAME_URL }}") [ -n "${{ secrets.NEXT_PUBLIC_IDNOT_CLIENT_ID || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_IDNOT_CLIENT_ID="${{ secrets.NEXT_PUBLIC_IDNOT_CLIENT_ID }}") # 3) Fail si aucune variable NEXT_PUBLIC_* n'est définie if ! env | grep -q '^NEXT_PUBLIC_'; then echo "Aucune variable NEXT_PUBLIC_* détectée (ni .env/.env.example ni secrets). Abandon." >&2 exit 1 fi docker build --target int-dev --ssh default "${buildArgs[@]}" \ -t git.4nkweb.com/4nk/lecoffre-front:${{ steps.tag.outputs.TAG }} \ -f Dockerfile . else echo "SSH_AUTH_SOCK non défini: l'agent SSH n'est pas disponible. Assurez-vous de définir secrets.SSH_PRIVATE_KEY." exit 1 fi - name: Push image shell: bash run: | set -euo pipefail docker push git.4nkweb.com/4nk/lecoffre-front:${{ steps.tag.outputs.TAG }}