geo/api/deploy-api.sh

#!/bin/bash

# Script de déploiement pour GEOSECTOR API
# Version: 3.0 (10 mai 2025)
# Auteur: Pierre (avec l'aide de Claude)

set -euo pipefail

# Configuration des serveurs
JUMP_USER="root"
JUMP_HOST="195.154.80.116"
JUMP_PORT="22"
JUMP_KEY="/home/pierre/.ssh/id_rsa_mbpi"

# Paramètres du container Incus
INCUS_PROJECT=default
INCUS_CONTAINER=dva-geo
CONTAINER_USER=root

# Paramètres de déploiement
FINAL_PATH="/var/www/geosector/api"
FINAL_OWNER="nginx"
FINAL_GROUP="nginx"
FINAL_OWNER_LOGS="nobody"

# Couleurs pour les messages
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[0;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

run_in_container() {
  echo "-> Running: $*"
  incus exec "${INCUS_CONTAINER}" -- "$@" || {
    echo "❌ Failed to run: $*"
    exit 1
  }
}

# Fonction pour afficher les messages d'étape
echo_step() {
    echo -e "${GREEN}==>${NC} $1"
}

# Fonction pour afficher les informations
echo_info() {
    echo -e "${BLUE}Info:${NC} $1"
}

# Fonction pour afficher les avertissements
echo_warning() {
    echo -e "${YELLOW}Warning:${NC} $1"
}

# Fonction pour afficher les erreurs
echo_error() {
    echo -e "${RED}Error:${NC} $1"
    exit 1
}

# Vérification de l'environnement
echo_step "Verifying environment..."

# Vérification des fichiers requis
if [ ! -f "src/Config/AppConfig.php" ]; then
    echo_error "Configuration file missing"
fi

if [ ! -f "composer.json" ] || [ ! -f "composer.lock" ]; then
    echo_error "Composer files missing"
fi

# Étape 0: Définir le nom de l'archive
ARCHIVE_NAME="api-deploy-$(date +%s).tar.gz"
TEMP_ARCHIVE="/tmp/${ARCHIVE_NAME}"
echo_info "Archive name will be: $ARCHIVE_NAME"

# Étape 1: Créer une archive du projet
echo_step "Creating project archive..."
tar --exclude='.git' \
    --exclude='.gitignore' \
    --exclude='.vscode' \
    --exclude='logs' \
    --exclude='*.template' \
    --exclude='*.sh' \
    --exclude='.env' \
    --exclude='*.log' \
    --exclude='.DS_Store' \
    --exclude='README.md' \
    --exclude="*.tar.gz" \
    --exclude='node_modules' \
    --exclude='vendor' \
    --exclude='*.swp' \
    --exclude='*.swo' \
    --exclude='*~' \
    --warning=no-file-changed \
    --no-xattrs \
    -czf "${TEMP_ARCHIVE}" . || echo_error "Failed to create archive"

# Vérifier la taille de l'archive
ARCHIVE_SIZE=$(du -h "${TEMP_ARCHIVE}" | cut -f1)

SSH_JUMP_CMD="ssh -i ${JUMP_KEY} -p ${JUMP_PORT} ${JUMP_USER}@${JUMP_HOST}"

# Étape 2: Copier l'archive vers le serveur de saut
echo_step "Copying archive to jump server..."
echo_info "Archive size: $ARCHIVE_SIZE"
scp -i "${JUMP_KEY}" -P "${JUMP_PORT}" "${TEMP_ARCHIVE}" "${JUMP_USER}@${JUMP_HOST}:/tmp/${ARCHIVE_NAME}" || echo_error "Failed to copy archive to jump server"

# Étape 3: Exécuter les commandes sur le serveur de saut pour déployer dans le container Incus
echo_step "Deploying to Incus container..."
$SSH_JUMP_CMD "
  set -euo pipefail

  echo '✅ Passage au projet Incus...'
  incus project switch ${INCUS_PROJECT} || exit 1

  echo '📦 Poussée de archive dans le conteneur...'
  incus file push /tmp/${ARCHIVE_NAME} ${INCUS_CONTAINER}/tmp/${ARCHIVE_NAME} || exit 1

  echo '📁 Préparation du dossier final...'
  incus exec ${INCUS_CONTAINER} -- mkdir -p ${FINAL_PATH} || exit 1
  incus exec ${INCUS_CONTAINER} -- rm -rf ${FINAL_PATH}/* || exit 1
  incus exec ${INCUS_CONTAINER} -- tar -xzf /tmp/${ARCHIVE_NAME} -C ${FINAL_PATH}/ || exit 1

  echo '🔧 Réglage des permissions...'
  incus exec ${INCUS_CONTAINER} -- mkdir -p ${FINAL_PATH}/logs || exit 1
  incus exec ${INCUS_CONTAINER} -- chown -R ${FINAL_OWNER}:${FINAL_GROUP} ${FINAL_PATH} || exit 1
  incus exec ${INCUS_CONTAINER} -- find ${FINAL_PATH} -type d -exec chmod 755 {} \; || exit 1
  incus exec ${INCUS_CONTAINER} -- find ${FINAL_PATH} -type f -exec chmod 644 {} \; || exit 1
  
  # Permissions spéciales pour le dossier logs (pour permettre à PHP-FPM de l'utilisateur nobody d'y écrire)
  incus exec ${INCUS_CONTAINER} -- chown -R ${FINAL_OWNER}:${FINAL_OWNER_LOGS} ${FINAL_PATH}/logs || exit 1
  incus exec ${INCUS_CONTAINER} -- chmod -R 775 ${FINAL_PATH}/logs || exit 1
  incus exec ${INCUS_CONTAINER} -- find ${FINAL_PATH}/logs -type f -exec chmod 664 {} \; || exit 1

  echo '📁 Création des dossiers uploads...'
  incus exec ${INCUS_CONTAINER} -- mkdir -p ${FINAL_PATH}/uploads || exit 1
  incus exec ${INCUS_CONTAINER} -- chown -R ${FINAL_OWNER}:${FINAL_OWNER_LOGS} ${FINAL_PATH}/uploads || exit 1
  incus exec ${INCUS_CONTAINER} -- chmod -R 775 ${FINAL_PATH}/uploads || exit 1
  incus exec ${INCUS_CONTAINER} -- find ${FINAL_PATH}/uploads -type f -exec chmod -R 664 {} \; || exit 1

  echo '📦 Mise à jour des dépendances Composer...'
  incus exec ${INCUS_CONTAINER} -- bash -c 'cd ${FINAL_PATH} && composer update --no-dev --optimize-autoloader' || {
    echo '⚠️ Composer non disponible ou échec, poursuite sans mise à jour des dépendances'
  }

  echo '🧹 Nettoyage...'
  incus exec ${INCUS_CONTAINER} -- rm -f /tmp/${ARCHIVE_NAME} || exit 1
  rm -f /tmp/${ARCHIVE_NAME} || exit 1
"

# Nettoyage local
rm -f "${TEMP_ARCHIVE}"

# Résumé final
echo_step "Deployment completed successfully."
echo_info "Your API has been updated on the container."
echo_info "Deployment completed at: $(date)"

# Journaliser le déploiement
echo "$(date '+%Y-%m-%d %H:%M:%S') - API deployed to ${JUMP_HOST}:${INCUS_CONTAINER}" >> ~/.geo_deploy_history