From 9f34dd164a932ea20378b6ec0ca57127680e1d16 Mon Sep 17 00:00:00 2001 From: Camille Date: Sat, 30 May 2026 00:23:11 +0200 Subject: [PATCH] ci: harden OneDev pipeline per review feedback --- .gitignore | 2 + .onedev-buildspec.yml | 86 +++++++++++++++++++++++++++++++----- README.md | 23 ++++++++++ apps/frontend/vite.config.ts | 4 ++ ci/Dockerfile | 17 +++++++ ci/setup-toolchain.sh | 18 ++++++++ 6 files changed, 140 insertions(+), 10 deletions(-) create mode 100644 ci/Dockerfile create mode 100755 ci/setup-toolchain.sh diff --git a/.gitignore b/.gitignore index 44426c1..175d52d 100644 --- a/.gitignore +++ b/.gitignore @@ -78,6 +78,8 @@ desktop.ini # Tests & Coverage # ────────────────────────────────────────── coverage/ +reports/ +.m2/ apps/backend/target/surefire-reports/ # ────────────────────────────────────────── diff --git a/.onedev-buildspec.yml b/.onedev-buildspec.yml index 320c5a1..7cdfebc 100644 --- a/.onedev-buildspec.yml +++ b/.onedev-buildspec.yml @@ -1,6 +1,18 @@ # OneDev CI/CD — CityGame monorepo # Docs: https://docs.onedev.io/category/cicd +# +# Image CI recommandée (propriété ciBuildImage) : +# docker build -f ci/Dockerfile -t /citygame-ci:latest . +# docker push /citygame-ci:latest +# Puis Admin → Job Properties → ciBuildImage = /citygame-ci:latest +# +# Publication Docker (job Docker Publish) : configurer la connexion registry +# sur l'exécuteur Docker OneDev (voir tutorial Build/Publish Docker Image). version: 47 +properties: +- name: ciBuildImage + value: maven:3.9-eclipse-temurin-21 + # Remplacer par votre image ci/Dockerfile publiée, ex. registry.example.com/citygame-ci:latest jobs: - name: Build and Test steps: @@ -13,31 +25,49 @@ jobs: cloneDepth: 1 condition: SUCCESSFUL optional: false + - type: SetupCacheStep + name: set up dependency caches + key: citygame-deps + checksumFiles: pnpm-lock.yaml apps/backend/pom.xml + paths: + - node_modules + - .pnpm-store + - .nx/cache + - .m2 + uploadStrategy: UPLOAD_IF_NOT_EXACT_MATCH + condition: SUCCESSFUL + optional: false - type: CommandStep name: build and test runInContainer: true - image: node:20-bookworm + image: '@property:ciBuildImage@' interpreter: type: DefaultInterpreter commands: | set -e set -o pipefail - apt-get update -qq - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq openjdk-21-jdk-headless + bash ci/setup-toolchain.sh corepack enable corepack prepare pnpm@10.33.2 --activate export CI=true - export NX_NO_CLOUD=true + export HOME="$(pwd)" + mkdir -p .m2 reports/apps/frontend pnpm install --frozen-lockfile - pnpm exec nx run-many -t build --parallel=2 --skip-nx-cache - pnpm exec nx run-many -t test --parallel=2 --skip-nx-cache + pnpm exec nx run-many -t build --parallel=2 + pnpm exec nx run-many -t test --parallel=2 condition: SUCCESSFUL optional: false + - type: PublishJUnitTestReportStep + name: publish test reports + reportName: Test Results + filePatterns: apps/backend/target/surefire-reports/**/*.xml reports/apps/frontend/**/*.xml + condition: ALWAYS + optional: false triggers: - type: BranchUpdateTrigger branches: main master develop feature/* release/* ci/* @@ -46,8 +76,6 @@ jobs: branches: main master develop userMatch: anyone retryCondition: never - maxRetries: 2 - retryDelay: 30 timeout: 3600 - name: Docker Build steps: @@ -91,6 +119,44 @@ jobs: branches: main master develop userMatch: anyone retryCondition: never - maxRetries: 2 - retryDelay: 30 + timeout: 7200 +- name: Docker Publish + steps: + - type: CheckoutStep + name: checkout + cloneCredential: + type: DefaultCredential + withLfs: false + withSubmodules: false + cloneDepth: 1 + condition: SUCCESSFUL + optional: false + - type: BuildImageStep + name: publish frontend image + buildPath: . + dockerfile: apps/frontend/Dockerfile + output: + type: RegistryOutput + tags: citygame-frontend:latest citygame-frontend:@build_version@ + platforms: linux/amd64 + condition: SUCCESSFUL + optional: false + - type: BuildImageStep + name: publish backend image + buildPath: . + dockerfile: apps/backend/Dockerfile + output: + type: RegistryOutput + tags: citygame-backend:latest citygame-backend:@build_version@ + platforms: linux/amd64 + condition: SUCCESSFUL + optional: false + jobDependencies: + - jobName: Docker Build + requireSuccessful: true + triggers: + - type: BranchUpdateTrigger + branches: main master + userMatch: anyone + retryCondition: never timeout: 7200 diff --git a/README.md b/README.md index 5cf0582..8f62543 100644 --- a/README.md +++ b/README.md @@ -181,6 +181,29 @@ CORS_ALLOWED_ORIGINS=https://votredomaine.com --- +## CI/CD (OneDev) + +Le fichier [`.onedev-buildspec.yml`](.onedev-buildspec.yml) définit trois jobs : + +| Job | Rôle | +|-----|------| +| **Build and Test** | `pnpm install`, build NX, tests, rapports JUnit | +| **Docker Build** | Vérifie les Dockerfiles (`DockerLoadOutput`) | +| **Docker Publish** | Push registry sur `main` / `master` uniquement | + +**Image CI recommandée** (évite `apt-get` à chaque run) : + +```bash +docker build -f ci/Dockerfile -t /citygame-ci:latest . +docker push /citygame-ci:latest +``` + +Dans OneDev : **Project → Settings → Build → Job Properties** → `ciBuildImage` = `/citygame-ci:latest`. + +Configurer la connexion registry sur l’exécuteur Docker pour le job **Docker Publish** ([doc](https://docs.onedev.io/tutorials/cicd/build-docker-image)). + +--- + ## License MIT \ No newline at end of file diff --git a/apps/frontend/vite.config.ts b/apps/frontend/vite.config.ts index 4a222e1..d444fae 100644 --- a/apps/frontend/vite.config.ts +++ b/apps/frontend/vite.config.ts @@ -34,6 +34,10 @@ export default defineConfig({ environment: 'jsdom', setupFiles: ['./src/test-setup.ts'], include: ['src/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'], + reporters: ['default', 'junit'], + outputFile: { + junit: path.resolve(__dirname, '../../reports/apps/frontend/junit.xml'), + }, coverage: { reportsDirectory: '../../coverage/apps/frontend', provider: 'v8', diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 0000000..07896fa --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,17 @@ +# Toolchain CI CityGame — Java 21 (Maven) + Node 20 + pnpm +# Build : docker build -f ci/Dockerfile -t /citygame-ci:latest . +# Puis définir la propriété OneDev ciBuildImage sur cette image. +FROM maven:3.9-eclipse-temurin-21 + +RUN apt-get update -qq \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates \ + && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs \ + && corepack enable \ + && corepack prepare pnpm@10.33.2 --activate \ + && apt-get purge -y curl \ + && apt-get autoremove -y -qq \ + && rm -rf /var/lib/apt/lists/* + +ENV CI=true +WORKDIR /workspace diff --git a/ci/setup-toolchain.sh b/ci/setup-toolchain.sh new file mode 100755 index 0000000..c544c62 --- /dev/null +++ b/ci/setup-toolchain.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# Fallback si la propriété ciBuildImage pointe encore vers maven:3.9-eclipse-temurin-21 +set -euo pipefail + +if command -v pnpm >/dev/null 2>&1; then + exit 0 +fi + +echo ">>> Installing Node 20 + pnpm (use image citygame-ci for faster CI)..." +apt-get update -qq +DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates +curl -fsSL https://deb.nodesource.com/setup_20.x | bash - +DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs +corepack enable +corepack prepare pnpm@10.33.2 --activate +apt-get purge -y curl +apt-get autoremove -y -qq +rm -rf /var/lib/apt/lists/*