ci: harden OneDev pipeline per review feedback

2026-05-30 00:23:11 +02:00 · 2026-05-30 00:23:11 +02:00 · 9f34dd164a
commit 9f34dd164a
parent 2051bfe1e6
6 changed files with 140 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@ -78,6 +78,8 @@ desktop.ini
 # Tests & Coverage
 # ──────────────────────────────────────────
 coverage/
+reports/
+.m2/
 apps/backend/target/surefire-reports/

 # ──────────────────────────────────────────
--- a/.onedev-buildspec.yml
+++ b/.onedev-buildspec.yml
@ -1,6 +1,18 @@
 # OneDev CI/CD — CityGame monorepo
 # Docs: https://docs.onedev.io/category/cicd
+#
+# Image CI recommandée (propriété ciBuildImage) :
+#   docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+#   docker push <registry>/citygame-ci:latest
+# Puis Admin → Job Properties → ciBuildImage = <registry>/citygame-ci:latest
+#
+# Publication Docker (job Docker Publish) : configurer la connexion registry
+# sur l'exécuteur Docker OneDev (voir tutorial Build/Publish Docker Image).
 version: 47
+properties:
+- name: ciBuildImage
+  value: maven:3.9-eclipse-temurin-21
+  # Remplacer par votre image ci/Dockerfile publiée, ex. registry.example.com/citygame-ci:latest
 jobs:
 - name: Build and Test
  steps:
@ -13,31 +25,49 @@ jobs:
    cloneDepth: 1
    condition: SUCCESSFUL
    optional: false
+  - type: SetupCacheStep
+    name: set up dependency caches
+    key: citygame-deps
+    checksumFiles: pnpm-lock.yaml apps/backend/pom.xml
+    paths:
+    - node_modules
+    - .pnpm-store
+    - .nx/cache
+    - .m2
+    uploadStrategy: UPLOAD_IF_NOT_EXACT_MATCH
+    condition: SUCCESSFUL
+    optional: false
  - type: CommandStep
    name: build and test
    runInContainer: true
-    image: node:20-bookworm
+    image: '@property:ciBuildImage@'
    interpreter:
      type: DefaultInterpreter
      commands: |
        set -e
        set -o pipefail

-        apt-get update -qq
-        DEBIAN_FRONTEND=noninteractive apt-get install -y -qq openjdk-21-jdk-headless
+        bash ci/setup-toolchain.sh

        corepack enable
        corepack prepare pnpm@10.33.2 --activate

        export CI=true
-        export NX_NO_CLOUD=true
+        export HOME="$(pwd)"
+        mkdir -p .m2 reports/apps/frontend

        pnpm install --frozen-lockfile

-        pnpm exec nx run-many -t build --parallel=2 --skip-nx-cache
-        pnpm exec nx run-many -t test --parallel=2 --skip-nx-cache
+        pnpm exec nx run-many -t build --parallel=2
+        pnpm exec nx run-many -t test --parallel=2
    condition: SUCCESSFUL
    optional: false
+  - type: PublishJUnitTestReportStep
+    name: publish test reports
+    reportName: Test Results
+    filePatterns: apps/backend/target/surefire-reports/**/*.xml reports/apps/frontend/**/*.xml
+    condition: ALWAYS
+    optional: false
  triggers:
  - type: BranchUpdateTrigger
    branches: main master develop feature/* release/* ci/*
@ -46,8 +76,6 @@ jobs:
    branches: main master develop
    userMatch: anyone
  retryCondition: never
-  maxRetries: 2
-  retryDelay: 30
  timeout: 3600
 - name: Docker Build
  steps:
@ -91,6 +119,44 @@ jobs:
    branches: main master develop
    userMatch: anyone
  retryCondition: never
-  maxRetries: 2
-  retryDelay: 30
+  timeout: 7200
+- name: Docker Publish
+  steps:
+  - type: CheckoutStep
+    name: checkout
+    cloneCredential:
+      type: DefaultCredential
+    withLfs: false
+    withSubmodules: false
+    cloneDepth: 1
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish frontend image
+    buildPath: .
+    dockerfile: apps/frontend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-frontend:latest citygame-frontend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish backend image
+    buildPath: .
+    dockerfile: apps/backend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-backend:latest citygame-backend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  jobDependencies:
+  - jobName: Docker Build
+    requireSuccessful: true
+  triggers:
+  - type: BranchUpdateTrigger
+    branches: main master
+    userMatch: anyone
+  retryCondition: never
  timeout: 7200
--- a/README.md
+++ b/README.md
@ -181,6 +181,29 @@ CORS_ALLOWED_ORIGINS=https://votredomaine.com

 ---

+## CI/CD (OneDev)
+
+Le fichier [`.onedev-buildspec.yml`](.onedev-buildspec.yml) définit trois jobs :
+
+| Job | Rôle |
+|-----|------|
+| **Build and Test** | `pnpm install`, build NX, tests, rapports JUnit |
+| **Docker Build** | Vérifie les Dockerfiles (`DockerLoadOutput`) |
+| **Docker Publish** | Push registry sur `main` / `master` uniquement |
+
+**Image CI recommandée** (évite `apt-get` à chaque run) :
+
+```bash
+docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+docker push <registry>/citygame-ci:latest
+```
+
+Dans OneDev : **Project → Settings → Build → Job Properties** → `ciBuildImage` = `<registry>/citygame-ci:latest`.
+
+Configurer la connexion registry sur l’exécuteur Docker pour le job **Docker Publish** ([doc](https://docs.onedev.io/tutorials/cicd/build-docker-image)).
+
+---
+
 ## License

 MIT
--- a/apps/frontend/vite.config.ts
+++ b/apps/frontend/vite.config.ts
@ -34,6 +34,10 @@ export default defineConfig({
    environment: 'jsdom',
    setupFiles: ['./src/test-setup.ts'],
    include: ['src/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
+    reporters: ['default', 'junit'],
+    outputFile: {
+      junit: path.resolve(__dirname, '../../reports/apps/frontend/junit.xml'),
+    },
    coverage: {
      reportsDirectory: '../../coverage/apps/frontend',
      provider: 'v8',
--- a/ci/Dockerfile
+++ b/ci/Dockerfile
@ -0,0 +1,17 @@
+# Toolchain CI CityGame — Java 21 (Maven) + Node 20 + pnpm
+# Build : docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+# Puis définir la propriété OneDev ciBuildImage sur cette image.
+FROM maven:3.9-eclipse-temurin-21
+
+RUN apt-get update -qq \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates \
+  && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs \
+  && corepack enable \
+  && corepack prepare pnpm@10.33.2 --activate \
+  && apt-get purge -y curl \
+  && apt-get autoremove -y -qq \
+  && rm -rf /var/lib/apt/lists/*
+
+ENV CI=true
+WORKDIR /workspace
--- a/ci/setup-toolchain.sh
+++ b/ci/setup-toolchain.sh
@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# Fallback si la propriété ciBuildImage pointe encore vers maven:3.9-eclipse-temurin-21
+set -euo pipefail
+
+if command -v pnpm >/dev/null 2>&1; then
+  exit 0
+fi
+
+echo ">>> Installing Node 20 + pnpm (use image citygame-ci for faster CI)..."
+apt-get update -qq
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates
+curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs
+corepack enable
+corepack prepare pnpm@10.33.2 --activate
+apt-get purge -y curl
+apt-get autoremove -y -qq
+rm -rf /var/lib/apt/lists/*