ci: use dev branch and rename deploy step (#1)

- .coolify-bridge.yml: per-project config (slug, branches, previews)
  No UUIDs needed — bridge creates Coolify resources automatically
- docker-compose.coolify.yml: Coolify-compatible compose with build
  directives, SERVICE_FQDN_FRONTEND_80, H2 profile for PR previews
- infra/traefik/onedev.yml: Traefik dynamic config routing
  git.pele.cam → OneDev (deployed to /data/coolify/proxy/dynamic/)
- coolify-bridge/: generic OneDev→Coolify bridge service
  FastAPI + APScheduler, auto-discovers all projects, find-or-create
  Coolify resources (project, server, env, apps), systemd service
- .onedev-buildspec.yml: add optional notify step at end of CI

.coolify-bridge.yml

@@ -0,0 +1,35 @@
+# .coolify-bridge.yml — coolify-bridge per-project configuration
+#
+# This file is read automatically by coolify-bridge from the default branch
+# (usually 'main') of this repository.
+#
+# No UUIDs needed — coolify-bridge creates and manages the Coolify project,
+# server association, environments and applications automatically.
+
+slug: citygame                       # prefix used for Coolify app names
+
+compose_file: docker-compose.coolify.yml
+
+# Stable branches — created automatically in Coolify if they don't exist
+stable_branches:
+  main:
+    fqdn: https://citygame.pele.cam
+    env:
+      SPRING_PROFILES_ACTIVE: prod
+      COMPOSE_PROFILES: with-db
+      CORS_ALLOWED_ORIGINS: https://citygame.pele.cam
+
+  develop:
+    fqdn: https://dev.citygame.pele.cam
+    env:
+      SPRING_PROFILES_ACTIVE: prod
+      COMPOSE_PROFILES: with-db
+      CORS_ALLOWED_ORIGINS: https://dev.citygame.pele.cam
+
+# PR previews — created automatically when a PR is opened, deleted when closed
+preview:
+  max: 5
+  fqdn_template: "https://pr-{pr_number}.citygame.pele.cam"
+  env:
+    SPRING_PROFILES_ACTIVE: dev
+    COMPOSE_PROFILES: ""              # H2 in-memory, no Postgres needed

.dockerignore

@@ -0,0 +1,11 @@
+# Docker build context (workspace root) — keep images small and fast
+.git
+.nx
+node_modules
+.pnpm-store
+dist
+coverage
+apps/backend/target
+**/*.md
+.env
+.env.*

.gitignore

@@ -73,11 +73,14 @@ desktop.ini
 # Docker
 # ──────────────────────────────────────────
 .docker/
+.docker-oci/
 
 # ──────────────────────────────────────────
 # Tests & Coverage
 # ──────────────────────────────────────────
 coverage/
+reports/
+.m2/
 apps/backend/target/surefire-reports/
 
 # ──────────────────────────────────────────
@@ -97,3 +100,5 @@ temp/
 *.swp
 *.swo
 *~
+coolify-bridge/
+infra/

.onedev-buildspec.yml

@@ -0,0 +1,176 @@
+# OneDev CI/CD — CityGame monorepo
+# Docs: https://docs.onedev.io/category/cicd
+#
+# Image CI recommandée (propriété ciBuildImage) :
+#   docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+#   docker push <registry>/citygame-ci:latest
+# Puis Admin → Job Properties → ciBuildImage = <registry>/citygame-ci:latest
+#
+# Publication Docker (job Docker Publish) : configurer la connexion registry
+# sur l'exécuteur Docker OneDev (voir tutorial Build/Publish Docker Image).
+version: 47
+properties:
+- name: ciBuildImage
+  value: maven:3.9-eclipse-temurin-21
+  # Remplacer par votre image ci/Dockerfile publiée, ex. registry.example.com/citygame-ci:latest
+jobs:
+- name: Build and Test
+  steps:
+  - type: CheckoutStep
+    name: checkout
+    cloneCredential:
+      type: DefaultCredential
+    withLfs: false
+    withSubmodules: false
+    cloneDepth: 1
+    condition: SUCCESSFUL
+    optional: false
+  - type: SetupCacheStep
+    name: set up dependency caches
+    key: citygame-deps
+    checksumFiles: pnpm-lock.yaml apps/backend/pom.xml
+    paths:
+    - node_modules
+    - .pnpm-store
+    - .nx/cache
+    - .m2
+    uploadStrategy: UPLOAD_IF_NOT_EXACT_MATCH
+    condition: SUCCESSFUL
+    optional: false
+  - type: CommandStep
+    name: build and test
+    runInContainer: true
+    image: '@property:ciBuildImage@'
+    runAs: '0:0'
+    useTTY: false
+    interpreter:
+      type: DefaultInterpreter
+      commands: |
+        # OneDev exécute le script avec /bin/sh — lancer bash explicitement
+        bash -eo pipefail <<'EOS'
+        bash ci/setup-toolchain.sh
+
+        corepack enable
+        corepack prepare pnpm@@10.33.2 --activate
+
+        export CI=true
+        export HOME="$(pwd)"
+        mkdir -p .m2 reports/apps/frontend
+
+        pnpm install --frozen-lockfile
+
+        pnpm exec nx run-many -t build --parallel=2
+        pnpm exec nx run-many -t test --parallel=2
+        EOS
+    condition: SUCCESSFUL
+    optional: false
+  - type: PublishJUnitReportStep
+    name: publish test reports
+    reportName: Test Results
+    filePatterns: apps/backend/target/surefire-reports/**/*.xml reports/apps/frontend/**/*.xml
+    condition: ALWAYS
+    optional: false
+  - type: CommandStep
+    name: notify coolify-bridge
+    runInContainer: false
+    interpreter:
+      type: DefaultInterpreter
+      commands: |
+        # Ping the bridge so it syncs immediately instead of waiting for the next poll cycle.
+        # Non-fatal — if the bridge isn't running the deploy will happen on the next cycle.
+        curl -fsS -X POST http://localhost:8000/sync -o /dev/null \
+          && echo "coolify-bridge notified" \
+          || echo "coolify-bridge unreachable — deploy will happen on next poll cycle"
+    condition: SUCCESSFUL
+    optional: true
+  triggers:
+  # Branches stables (peu de pushes) : CI à chaque push direct
+  - type: BranchUpdateTrigger
+    branches: main master develop
+    userMatch: anyone
+  - type: PullRequestUpdateTrigger
+    branches: main master develop
+  retryCondition: never
+  timeout: 3600
+- name: Docker Build
+  steps:
+  - type: CheckoutStep
+    name: checkout
+    cloneCredential:
+      type: DefaultCredential
+    withLfs: false
+    withSubmodules: false
+    cloneDepth: 1
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: build frontend image
+    buildPath: .
+    dockerfile: apps/frontend/Dockerfile
+    output:
+      type: OCIOutput
+      destPath: .docker-oci/frontend
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: build backend image
+    buildPath: .
+    dockerfile: apps/backend/Dockerfile
+    output:
+      type: OCIOutput
+      destPath: .docker-oci/backend
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  jobDependencies:
+  - jobName: Build and Test
+    requireSuccessful: true
+  triggers:
+  - type: BranchUpdateTrigger
+    branches: main master develop
+    userMatch: anyone
+  - type: PullRequestUpdateTrigger
+    branches: main master develop
+  retryCondition: never
+  timeout: 7200
+- name: Docker Publish
+  steps:
+  - type: CheckoutStep
+    name: checkout
+    cloneCredential:
+      type: DefaultCredential
+    withLfs: false
+    withSubmodules: false
+    cloneDepth: 1
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish frontend image
+    buildPath: .
+    dockerfile: apps/frontend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-frontend:latest citygame-frontend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  - type: BuildImageStep
+    name: publish backend image
+    buildPath: .
+    dockerfile: apps/backend/Dockerfile
+    output:
+      type: RegistryOutput
+      tags: citygame-backend:latest citygame-backend:@build_version@
+    platforms: linux/amd64
+    condition: SUCCESSFUL
+    optional: false
+  jobDependencies:
+  - jobName: Docker Build
+    requireSuccessful: true
+  triggers:
+  - type: BranchUpdateTrigger
+    branches: main master
+    userMatch: anyone
+  retryCondition: never
+  timeout: 7200

.woodpecker.yml

@@ -0,0 +1,67 @@
+# Woodpecker CI — CityGame monorepo
+# https://woodpecker-ci.org/docs
+#
+# Image CI : ci/Dockerfile (Java 21 Maven + Node 20 + pnpm 10)
+# Rebuild & push when ci/Dockerfile changes:
+#   docker build -f ci/Dockerfile -t git.forge.pele.cam/forgeadmin/citygame-ci:latest .
+#   docker push git.forge.pele.cam/forgeadmin/citygame-ci:latest
+
+variables:
+  - &ci_image "git.forge.pele.cam/forgeadmin/citygame-ci:latest"
+
+when:
+  - event: [push, pull_request]
+    branch: [main, dev, feature/*]
+
+steps:
+  # ── Build & Test ──────────────────────────────────────────────
+  - name: build-and-test
+    image: *ci_image
+    pull: true
+    environment:
+      CI: "true"
+      HOME: /woodpecker/src
+    commands:
+      - export HOME=/woodpecker/src
+      - mkdir -p .m2 reports/apps/frontend
+      - pnpm install --frozen-lockfile
+      - pnpm exec nx run-many -t build --parallel=2
+      - pnpm exec nx run-many -t test --parallel=2
+    when:
+      - event: [push, pull_request]
+
+  # ── Notify Coolify (deploy webhook) — main only ───────────────
+  - name: deploy-main
+    image: curlimages/curl:latest
+    environment:
+      COOLIFY_WEBHOOK:
+        from_secret: COOLIFY_WEBHOOK_MAIN
+      COOLIFY_TOKEN:
+        from_secret: COOLIFY_TOKEN
+    commands:
+      - >
+        curl -fsSX GET "$COOLIFY_WEBHOOK"
+        -H "Authorization: Bearer $COOLIFY_TOKEN"
+        && echo "Coolify deploy triggered (main)"
+        || echo "WARNING: Coolify webhook failed"
+    when:
+      - event: push
+        branch: main
+
+  # ── Notify Coolify (deploy webhook) — dev only ──────────────
+  - name: deploy-dev
+    image: curlimages/curl:latest
+    environment:
+      COOLIFY_WEBHOOK:
+        from_secret: COOLIFY_WEBHOOK_DEV
+      COOLIFY_TOKEN:
+        from_secret: COOLIFY_TOKEN
+    commands:
+      - >
+        curl -fsSX GET "$COOLIFY_WEBHOOK"
+        -H "Authorization: Bearer $COOLIFY_TOKEN"
+        && echo "Coolify deploy triggered (dev)"
+        || echo "WARNING: Coolify webhook failed"
+    when:
+      - event: push
+        branch: dev

README.md

@@ -181,6 +181,31 @@ CORS_ALLOWED_ORIGINS=https://votredomaine.com
 
 ---
 
+## CI/CD (OneDev)
+
+Le fichier [`.onedev-buildspec.yml`](.onedev-buildspec.yml) définit trois jobs :
+
+| Job | Rôle |
+|-----|------|
+| **Build and Test** | `pnpm install`, build NX, tests, rapports JUnit |
+| **Docker Build** | Vérifie les Dockerfiles (export OCI local) |
+| **Docker Publish** | Push registry sur `main` / `master` uniquement |
+
+**Déclenchement :** push direct sur `main`, `master`, `develop` ; branches type `feature/*` ou `ci/*` uniquement via pull request (pas de doublon).
+
+**Image CI recommandée** (évite `apt-get` à chaque run) :
+
+```bash
+docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+docker push <registry>/citygame-ci:latest
+```
+
+Dans OneDev : **Project → Settings → Build → Job Properties** → `ciBuildImage` = `<registry>/citygame-ci:latest`.
+
+Configurer la connexion registry sur l’exécuteur Docker pour le job **Docker Publish** ([doc](https://docs.onedev.io/tutorials/cicd/build-docker-image)).
+
+---
+
 ## License
 
 MIT

apps/frontend/vite.config.ts

@@ -34,6 +34,10 @@ export default defineConfig({
     environment: 'jsdom',
     setupFiles: ['./src/test-setup.ts'],
     include: ['src/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}'],
+    reporters: ['default', 'junit'],
+    outputFile: {
+      junit: path.resolve(__dirname, '../../reports/apps/frontend/junit.xml'),
+    },
     coverage: {
       reportsDirectory: '../../coverage/apps/frontend',
       provider: 'v8',

ci/Dockerfile

@@ -0,0 +1,17 @@
+# Toolchain CI CityGame — Java 21 (Maven) + Node 20 + pnpm
+# Build : docker build -f ci/Dockerfile -t <registry>/citygame-ci:latest .
+# Puis définir la propriété OneDev ciBuildImage sur cette image.
+FROM maven:3.9-eclipse-temurin-21
+
+RUN apt-get update -qq \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates \
+  && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs \
+  && corepack enable \
+  && corepack prepare pnpm@10.33.2 --activate \
+  && apt-get purge -y curl \
+  && apt-get autoremove -y -qq \
+  && rm -rf /var/lib/apt/lists/*
+
+ENV CI=true
+WORKDIR /workspace

ci/setup-toolchain.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# Fallback si la propriété ciBuildImage pointe encore vers maven:3.9-eclipse-temurin-21
+set -euo pipefail
+
+if command -v pnpm >/dev/null 2>&1; then
+  exit 0
+fi
+
+echo ">>> Installing Node 20 + pnpm (use image citygame-ci for faster CI)..."
+apt-get update -qq
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends curl ca-certificates
+curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends nodejs
+corepack enable
+corepack prepare pnpm@10.33.2 --activate
+apt-get purge -y curl
+apt-get autoremove -y -qq
+rm -rf /var/lib/apt/lists/*

docker-compose.coolify.yml

@@ -0,0 +1,96 @@
+# ──────────────────────────────────────────────────────
+# COOLIFY — docker-compose.coolify.yml
+#
+# Used by Coolify for ALL environments:
+#   main / develop  →  SPRING_PROFILES_ACTIVE=prod   COMPOSE_PROFILES=with-db
+#   PR preview      →  SPRING_PROFILES_ACTIVE=dev    COMPOSE_PROFILES=       (H2, no DB)
+#
+# Coolify proxy=NONE → we manually expose through the forge's Traefik
+# (network: proxy, certresolver: letsencrypt).
+# ──────────────────────────────────────────────────────
+
+services:
+
+  # ── Frontend (nginx + SPA) ────────────────────────
+  frontend:
+    build:
+      context: .
+      dockerfile: apps/frontend/Dockerfile
+    restart: unless-stopped
+    depends_on:
+      backend:
+        condition: service_healthy
+    networks:
+      - default
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.citygame.rule=Host(`citygame.pele.cam`)"
+      - "traefik.http.routers.citygame.entrypoints=websecure"
+      - "traefik.http.routers.citygame.tls=true"
+      - "traefik.http.routers.citygame.tls.certresolver=ovh"
+      - "traefik.http.services.citygame.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxy"
+    environment:
+      - SERVICE_FQDN_FRONTEND_80
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:80/healthz || exit 1"]
+      interval: 30s
+      timeout: 5s
+      start_period: 10s
+      retries: 3
+
+  # ── Backend (Spring Boot) ─────────────────────────
+  backend:
+    build:
+      context: .
+      dockerfile: apps/backend/Dockerfile
+    restart: unless-stopped
+    depends_on:
+      db:
+        # required: false → backend starts even when 'with-db' profile is
+        # inactive (PR previews). Spring 'dev' profile uses H2 in that case.
+        condition: service_healthy
+        required: false
+    environment:
+      SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-dev}
+      DB_URL: ${DB_URL:-jdbc:postgresql://db:5432/citygame}
+      DB_USERNAME: ${DB_USERNAME:-citygame}
+      DB_PASSWORD: ${DB_PASSWORD:-citygame}
+      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-http://localhost}
+      JAVA_TOOL_OPTIONS: "-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:8080/actuator/health || exit 1"]
+      interval: 30s
+      timeout: 10s
+      start_period: 30s
+      retries: 3
+
+  # ── Database (stable envs only) ───────────────────
+  # Activated via: COMPOSE_PROFILES=with-db
+  # PR previews leave COMPOSE_PROFILES empty → this service is skipped.
+  db:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    profiles:
+      - with-db
+    environment:
+      POSTGRES_DB: ${DB_NAME:-citygame}
+      POSTGRES_USER: ${DB_USERNAME:-citygame}
+      POSTGRES_PASSWORD: ${DB_PASSWORD:-citygame}
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME:-citygame} -d ${DB_NAME:-citygame}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+volumes:
+  pgdata:
+    driver: local
+
+networks:
+  proxy:
+    external: true