feat: add Coolify deployment pipeline via coolify-bridge

- .coolify-bridge.yml: per-project config (slug, branches, previews)
  No UUIDs needed — bridge creates Coolify resources automatically
- docker-compose.coolify.yml: Coolify-compatible compose with build
  directives, SERVICE_FQDN_FRONTEND_80, H2 profile for PR previews
- infra/traefik/onedev.yml: Traefik dynamic config routing
  git.pele.cam → OneDev (deployed to /data/coolify/proxy/dynamic/)
- coolify-bridge/: generic OneDev→Coolify bridge service
  FastAPI + APScheduler, auto-discovers all projects, find-or-create
  Coolify resources (project, server, env, apps), systemd service
- .onedev-buildspec.yml: add optional notify step at end of CI

.coolify-bridge.yml

@@ -0,0 +1,35 @@
+# .coolify-bridge.yml — coolify-bridge per-project configuration
+#
+# This file is read automatically by coolify-bridge from the default branch
+# (usually 'main') of this repository.
+#
+# No UUIDs needed — coolify-bridge creates and manages the Coolify project,
+# server association, environments and applications automatically.
+
+slug: citygame                       # prefix used for Coolify app names
+
+compose_file: docker-compose.coolify.yml
+
+# Stable branches — created automatically in Coolify if they don't exist
+stable_branches:
+  main:
+    fqdn: https://citygame.pele.cam
+    env:
+      SPRING_PROFILES_ACTIVE: prod
+      COMPOSE_PROFILES: with-db
+      CORS_ALLOWED_ORIGINS: https://citygame.pele.cam
+
+  develop:
+    fqdn: https://dev.citygame.pele.cam
+    env:
+      SPRING_PROFILES_ACTIVE: prod
+      COMPOSE_PROFILES: with-db
+      CORS_ALLOWED_ORIGINS: https://dev.citygame.pele.cam
+
+# PR previews — created automatically when a PR is opened, deleted when closed
+preview:
+  max: 5
+  fqdn_template: "https://pr-{pr_number}.citygame.pele.cam"
+  env:
+    SPRING_PROFILES_ACTIVE: dev
+    COMPOSE_PROFILES: ""              # H2 in-memory, no Postgres needed

.gitignore

@@ -100,3 +100,5 @@ temp/
 *.swp
 *.swo
 *~
+coolify-bridge/
+infra/

.onedev-buildspec.yml

@@ -70,6 +70,19 @@ jobs:
     filePatterns: apps/backend/target/surefire-reports/**/*.xml reports/apps/frontend/**/*.xml
     condition: ALWAYS
     optional: false
+  - type: CommandStep
+    name: notify coolify-bridge
+    runInContainer: false
+    interpreter:
+      type: DefaultInterpreter
+      commands: |
+        # Ping the bridge so it syncs immediately instead of waiting for the next poll cycle.
+        # Non-fatal — if the bridge isn't running the deploy will happen on the next cycle.
+        curl -fsS -X POST http://localhost:8000/sync -o /dev/null \
+          && echo "coolify-bridge notified" \
+          || echo "coolify-bridge unreachable — deploy will happen on next poll cycle"
+    condition: SUCCESSFUL
+    optional: true
   triggers:
   # Branches stables (peu de pushes) : CI à chaque push direct
   - type: BranchUpdateTrigger

docker-compose.coolify.yml

@@ -0,0 +1,83 @@
+# ──────────────────────────────────────────────────────
+# COOLIFY — docker-compose.coolify.yml
+#
+# Used by Coolify for ALL environments:
+#   main / develop  →  SPRING_PROFILES_ACTIVE=prod   COMPOSE_PROFILES=with-db
+#   PR preview      →  SPRING_PROFILES_ACTIVE=dev    COMPOSE_PROFILES=       (H2, no DB)
+#
+# Coolify reads SERVICE_FQDN_FRONTEND_80 and auto-injects Traefik labels.
+# Set the FQDN for each app in the Coolify UI — no manual labels needed.
+# ──────────────────────────────────────────────────────
+
+services:
+
+  # ── Frontend (nginx + SPA) ────────────────────────
+  frontend:
+    build:
+      context: .
+      dockerfile: apps/frontend/Dockerfile
+    restart: unless-stopped
+    depends_on:
+      backend:
+        condition: service_healthy
+    environment:
+      # Coolify replaces this value with the configured FQDN and injects
+      # the corresponding Traefik routing labels automatically.
+      - SERVICE_FQDN_FRONTEND_80
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:80/healthz || exit 1"]
+      interval: 30s
+      timeout: 5s
+      start_period: 10s
+      retries: 3
+
+  # ── Backend (Spring Boot) ─────────────────────────
+  backend:
+    build:
+      context: .
+      dockerfile: apps/backend/Dockerfile
+    restart: unless-stopped
+    depends_on:
+      db:
+        # required: false → backend starts even when 'with-db' profile is
+        # inactive (PR previews). Spring 'dev' profile uses H2 in that case.
+        condition: service_healthy
+        required: false
+    environment:
+      SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
+      DB_URL: ${DB_URL:-jdbc:postgresql://db:5432/citygame}
+      DB_USERNAME: ${DB_USERNAME:-citygame}
+      DB_PASSWORD: ${DB_PASSWORD:-citygame}
+      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost}
+      JAVA_TOOL_OPTIONS: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:8080/actuator/health || exit 1"]
+      interval: 30s
+      timeout: 10s
+      start_period: 30s
+      retries: 3
+
+  # ── Database (stable envs only) ───────────────────
+  # Activated via: COMPOSE_PROFILES=with-db
+  # PR previews leave COMPOSE_PROFILES empty → this service is skipped.
+  db:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    profiles:
+      - with-db
+    environment:
+      POSTGRES_DB: ${DB_NAME:-citygame}
+      POSTGRES_USER: ${DB_USERNAME:-citygame}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-citygame}
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME:-citygame} -d ${DB_NAME:-citygame}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+volumes:
+  pgdata:
+    driver: local