From a168cd1d884b6f3074e6269a3192838db79ad4cd Mon Sep 17 00:00:00 2001
From: tuanvu <tuan-minh.vu@univ-rennes1.fr>
Date: Mon, 16 Feb 2026 14:37:23 +0100
Subject: [PATCH] add gitlab-ci

---
 .gitlab-ci.yml           | 95 ++++++++++++++++++++++++++++++++++++++++
 ansible/files/nginx.conf | 14 ++++++
 2 files changed, 109 insertions(+)
 create mode 100644 .gitlab-ci.yml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..7ac8916
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,95 @@
+stages:
+  - check
+  - build
+  - package
+  - deploy
+
+variables:
+  DOCKER_REGISTRY: "docker.io"
+  DOCKER_USERNAME: "$DOCKERHUB_USER"  # c'est dans gitlab Setting -> CI -> Variable
+  DOCKER_PASSWORD: "$DOCKERHUB_TOKEN"  # IDEM mais j'ai caché mon token
+  IMAGE_BACKEND: "docker.io/benarbause/doodleback-with-quarkus:latest"
+  IMAGE_FRONTEND: "docker.io/vuminh224/doodle-frontend:latest"
+  APP_REPO: "https://github.com/barais/doodlestudent.git"
+  SUBMODULE_PATH: "doodlestudent"
+
+check_app_update:
+  stage: check
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache git
+  script:
+    # Récupère le dernier commit distant
+    - LATEST_REMOTE=$(git ls-remote $APP_REPO HEAD | awk '{print $1}')
+    # Récupère le commit actuel du submodule
+    - CURRENT_SUBMODULE=$(git rev-parse HEAD:$SUBMODULE_PATH || echo "none")
+    # Compare
+    - |
+      if [ "$LATEST_REMOTE" != "$CURRENT_SUBMODULE" ]; then
+        echo "NEW_COMMIT=true" >> variables.env
+      else
+        echo "NEW_COMMIT=false" >> variables.env
+      fi
+  artifacts:
+    reports:
+      dotenv: variables.env
+
+# Build Frontend (Angular)
+build_frontend:
+  stage: build
+  image: node:18
+  dependencies:
+    - check_app_update
+  rules:
+    - if: '$NEW_COMMIT == "true"'
+  script:
+    - cd doodlestudent/front
+    - npm ci
+    - npm run build --prod
+  artifacts:
+    paths:
+      - doodlestudent/front/dist/
+
+
+# Build & Push Docker frontend
+build_docker_frontend:
+  stage: package
+  image: docker:latest
+  services:
+    - docker:dind
+  dependencies:
+    - build_frontend
+  rules:
+    - if: '$NEW_COMMIT == "true"'
+  script:
+    - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+    - docker build -t "$IMAGE_FRONTEND" doodlestudent/front
+    - docker push "$IMAGE_FRONTEND"
+    - docker logout
+
+# Deploy to Production
+deploy_production:
+  stage: deploy
+  image: alpine:latest
+  dependencies:
+    - build_docker_frontend
+  rules:
+    - if: '$NEW_COMMIT == "true"'
+  before_script:
+    - apk add --no-cache openssh-client docker-cli
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - ssh-keyscan -H "$DEPLOY_SERVER" >> ~/.ssh/known_hosts 2>/dev/null || true
+  script:
+    - |
+      ssh "$DEPLOY_USER@$DEPLOY_SERVER" << 'EOF'
+      cd /app
+      docker compose pull
+      docker compose up -d
+      EOF
+    #environment:
+    #name: production
+    #url: http://127.0.0.1
+  when: manual
diff --git a/ansible/files/nginx.conf b/ansible/files/nginx.conf
index b7010ce..b2cdeae 100644
--- a/ansible/files/nginx.conf
+++ b/ansible/files/nginx.conf
@@ -15,6 +15,20 @@ server {
         root /var/www/certbot;  # Root directory for Certbot challenges
     }
 
+    ##########################
+    # Grafana
+    ##########################
+    location /grafana/ {
+        proxy_pass http://grafana:3000/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
     ##########################
     # API
     ##########################