ci: harden OneDev pipeline per review feedback

.gitignore

@@ -78,6 +78,8 @@ desktop.ini
 # Tests & Coverage
 # ──────────────────────────────────────────
 coverage/
+reports/
+.m2/
 apps/backend/target/surefire-reports/
 
 # ──────────────────────────────────────────

.onedev-buildspec.yml

@@ -1,6 +1,18 @@
 # OneDev CI/CD — CityGame monorepo
 # Docs: https://docs.onedev.io/category/cicd
+#
+# Image CI recommandée (propriété ciBuildImage) :
+#   docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+#   docker push <registry>/citygame-ci:latest
+# Puis Admin → Job Properties → ciBuildImage = <registry>/citygame-ci:latest
+#
+# Publication Docker (job Docker Publish) : configurer la connexion registry
+# sur l'exécuteur Docker OneDev (voir tutorial Build/Publish Docker Image).
 version: 47
+properties:
+- name: ciBuildImage
+  value: maven:3.9-eclipse-temurin-21
+  # Remplacer par votre image ci/Dockerfile publiée, ex. registry.example.com/citygame-ci:latest
 jobs:
 - name: Build and Test
   steps:
@@ -13,31 +25,49 @@ jobs:
     cloneDepth: 1
     condition: SUCCESSFUL
     optional: false
+  - type: SetupCacheStep
+    name: set up dependency caches
+    key: citygame-deps
+    checksumFiles: pnpm-lock.yaml apps/backend/pom.xml
+    paths:
+    - node_modules
+    - .pnpm-store
+    - .nx/cache
+    - .m2
+    uploadStrategy: UPLOAD_IF_NOT_EXACT_MATCH
+    condition: SUCCESSFUL
+    optional: false
   - type: CommandStep
     name: build and test
     runInContainer: true
-    image: node:20-bookworm
+    image: '@property:ciBuildImage@'
     interpreter:
       type: DefaultInterpreter
       commands: |
         set -e
         set -o pipefail
 
-        apt-get update -qq
+        bash ci/setup-toolchain.sh
-        DEBIAN_FRONTEND=noninteractive apt-get install -y -qq openjdk-21-jdk-headless
 
         corepack enable
         corepack prepare pnpm@10.33.2 --activate
 
         export CI=true
-        export NX_NO_CLOUD=true
+        export HOME="$(pwd)"
+        mkdir -p .m2 reports/apps/frontend
 
         pnpm install --frozen-lockfile
 
-        pnpm exec nx run-many -t build --parallel=2 --skip-nx-cache
+        pnpm exec nx run-many -t build --parallel=2
-        pnpm exec nx run-many -t test --parallel=2 --skip-nx-cache
+        pnpm exec nx run-many -t test --parallel=2
     condition: SUCCESSFUL
     optional: false
+  - type: PublishJUnitTestReportStep
+    name: publish test reports
+    reportName: Test Results
+    filePatterns: apps/backend/target/surefire-reports/**/*.xml reports/apps/frontend/**/*.xml
+    condition: ALWAYS
+    optional: false
   triggers:
   - type: BranchUpdateTrigger
     branches: main master develop feature/* release/* ci/*
@@ -46,8 +76,6 @@ jobs:
     branches: main master develop
     userMatch: anyone
   retryCondition: never
-  maxRetries: 2
-  retryDelay: 30
   timeout: 3600
 - name: Docker Build
   steps:
@@ -91,6 +119,44 @@ jobs:
     branches: main master develop
     userMatch: anyone
   retryCondition: never
-  maxRetries: 2
+  timeout: 7200
-  retryDelay: 30
+- name: Docker Publish
+  steps:
+  - type: CheckoutStep
+    name: checkout
+    cloneCredential:
+      type: DefaultCredential
+    withLfs: false
+    withSubmodules: false
+    cloneDepth: 1
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish frontend image
+    buildPath: .
+    dockerfile: apps/frontend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-frontend:latest citygame-frontend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish backend image
+    buildPath: .
+    dockerfile: apps/backend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-backend:latest citygame-backend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  jobDependencies:
+  - jobName: Docker Build
+    requireSuccessful: true
+  triggers:
+  - type: BranchUpdateTrigger
+    branches: main master
+    userMatch: anyone
+  retryCondition: never
   timeout: 7200

README.md

@@ -181,6 +181,29 @@ CORS_ALLOWED_ORIGINS=https://votredomaine.com
 
 ---
 
+## CI/CD (OneDev)
+
+Le fichier [`.onedev-buildspec.yml`](.onedev-buildspec.yml) définit trois jobs :
+
+| Job | Rôle |
+|-----|------|
+| **Build and Test** | `pnpm install`, build NX, tests, rapports JUnit |
+| **Docker Build** | Vérifie les Dockerfiles (`DockerLoadOutput`) |
+| **Docker Publish** | Push registry sur `main` / `master` uniquement |
+
+**Image CI recommandée** (évite `apt-get` à chaque run) :
+
+```bash
+docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+docker push <registry>/citygame-ci:latest
+```
+
+Dans OneDev : **Project → Settings → Build → Job Properties** → `ciBuildImage` = `<registry>/citygame-ci:latest`.
+
+Configurer la connexion registry sur l’exécuteur Docker pour le job **Docker Publish** ([doc](https://docs.onedev.io/tutorials/cicd/build-docker-image)).
+
+---
+
 ## License
 
 MIT

apps/frontend/vite.config.ts

@@ -34,6 +34,10 @@ export default defineConfig({
     environment: 'jsdom',
     setupFiles: ['./src/test-setup.ts'],
     include: ['src/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
+    reporters: ['default', 'junit'],
+    outputFile: {
+      junit: path.resolve(__dirname, '../../reports/apps/frontend/junit.xml'),
+    },
     coverage: {
       reportsDirectory: '../../coverage/apps/frontend',
       provider: 'v8',

ci/Dockerfile

@@ -0,0 +1,17 @@
+# Toolchain CI CityGame — Java 21 (Maven) + Node 20 + pnpm
+# Build : docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+# Puis définir la propriété OneDev ciBuildImage sur cette image.
+FROM maven:3.9-eclipse-temurin-21
+
+RUN apt-get update -qq \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates \
+  && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs \
+  && corepack enable \
+  && corepack prepare pnpm@10.33.2 --activate \
+  && apt-get purge -y curl \
+  && apt-get autoremove -y -qq \
+  && rm -rf /var/lib/apt/lists/*
+
+ENV CI=true
+WORKDIR /workspace

ci/setup-toolchain.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# Fallback si la propriété ciBuildImage pointe encore vers maven:3.9-eclipse-temurin-21
+set -euo pipefail
+
+if command -v pnpm >/dev/null 2>&1; then
+  exit 0
+fi
+
+echo ">>> Installing Node 20 + pnpm (use image citygame-ci for faster CI)..."
+apt-get update -qq
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates
+curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs
+corepack enable
+corepack prepare pnpm@10.33.2 --activate
+apt-get purge -y curl
+apt-get autoremove -y -qq
+rm -rf /var/lib/apt/lists/*