a280eb29a4
✨ feat(dons): Ajoute la fonctionnalité de dons avec Stripe et reçus PDF.
Ajoute une page de dons avec formulaire, intégration Stripe, webhooks,
génération de reçus PDF et envoi de mails de confirmation. Ajoute aussi
gestion des erreurs 404/500.
```
218 lines
8.8 KiB
YAML
218 lines
8.8 KiB
YAML
# Fichier: install_php_83_symfony_pgsql.yml
|
|
|
|
- name: Deploy application
|
|
hosts: webservers
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
db_name: "e-cosplay"
|
|
db_user: "e-cosplay"
|
|
db_password: "e-cosplay"
|
|
redis_password: "e-cosplay"
|
|
redis_port: "20502"
|
|
tasks:
|
|
- name: Installer le support ACL pour corriger les permissions de 'become_user'
|
|
ansible.builtin.apt:
|
|
name: acl
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation des dépendances pour le module Ansible PostgreSQL
|
|
ansible.builtin.apt:
|
|
name: python3-psycopg2
|
|
state: present
|
|
update_cache: true
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances
|
|
ansible.builtin.apt:
|
|
name:
|
|
- php8.3
|
|
- php8.3-fpm
|
|
- php8.3-cli
|
|
- php8.3-common
|
|
- php8.3-mysql
|
|
- php8.3-pgsql
|
|
- php8.3-xml
|
|
- php8.3-mbstring
|
|
- php8.3-zip
|
|
- php8.3-intl
|
|
- php8.3-gd
|
|
- php8.3-curl
|
|
- php8.3-pdo
|
|
- php8.3-opcache
|
|
- php8.3-bcmath
|
|
- php8.3-redis
|
|
- php8.3-imagick
|
|
- ffmpeg
|
|
state: present
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Démarrage et activation du service PHP 8.3 FPM
|
|
ansible.builtin.systemd:
|
|
name: php8.3-fpm
|
|
state: started
|
|
enabled: yes
|
|
when: ansible_os_family == "Debian"
|
|
- name: Créer le fichier .env.local avec les secrets de production
|
|
ansible.builtin.copy:
|
|
content: |
|
|
APP_ENV=prod
|
|
VITE_LOAD=1
|
|
PATH_URL=https://www.e-cosplay.fr
|
|
DATABASE_URL="postgresql://{{ db_user }}:{{ db_password }}@127.0.0.1:5432/{{ db_name }}?serverVersion=16&charset=utf8"
|
|
REDIS_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
REDIS_URL="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}"
|
|
MESSENGER_TRANSPORT_DSN="redis://{{ redis_password }}@127.0.0.1:{{ redis_port }}/messages"
|
|
APP_SECRET=939bbc67038c2e2d1232d86fc605bf2f
|
|
REAL_MAIL=1
|
|
VAULT_ADDR=http://127.0.0.1:8200
|
|
VAULT_TOKEN=hvs.QLpUdiptXtSPo5Qf7i2nn2Xz
|
|
APP_DEBUG=true
|
|
STRIPE_PK=pk_live_51SUA1rP4ub49xK2ThoRH8efqGYNi1hrcWMzrqmDtJpMv12cmTzLa8ncJLUKLbOQNZTkm1jgptLfwt4hxEGqkVsHB00AK3ieZNl
|
|
STRIPE_SK=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
|
|
STRIPE_WEBHOOKS_SIGN=whsec_wNHtgjypqbfP7erAqifCOzZvW8kW9oB7
|
|
MAILER_DSN=ses+smtp://AKIAWTT2T22CWBRBBDYN:BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP@default?region=eu-west-3
|
|
dest: "{{ path }}/.env.local"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
# --- Initial creation of essential directories with correct ownership ---
|
|
# These directories should exist before composer runs, but composer might create subdirs.
|
|
- name: Ensure app/var and public/media directories exist with correct owner/group
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot # Assuming 'bot' is your deployment user
|
|
group: www-data
|
|
mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute
|
|
state: directory
|
|
recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions
|
|
loop:
|
|
- "{{ path }}/var"
|
|
- "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later
|
|
- "{{ path }}/public/media" # For uploads
|
|
- "{{ path }}/public/storage"
|
|
|
|
- name: Exécuter 'composer install' dans le répertoire de l'application
|
|
ansible.builtin.command: composer install --no-dev --optimize-autoloader
|
|
become: false # Run as the connection user (e.g., 'bot')
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
# --- POST-COMPOSER PERMISSION FIXES ---
|
|
# This is crucial because composer creates var/cache as the `become: false` user
|
|
- name: Set correct permissions for Symfony cache and logs directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0775' # rwx for owner and group, rx for others
|
|
state: directory
|
|
recurse: yes # Apply to all contents
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
# For web-writable directories created by the app itself (e.g., uploads), you might set ACLs
|
|
# or chown to www-data and then your user gets access via group membership.
|
|
|
|
# Alternative for cache/log permissions using ACLs (more robust for mixed ownership)
|
|
# This requires 'acl' package installed (which you already do).
|
|
# Use this if 'bot' needs to own, but www-data needs to write.
|
|
- name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs)
|
|
ansible.builtin.acl:
|
|
path: "{{ item }}"
|
|
entity: www-data
|
|
etype: group
|
|
permissions: rwx
|
|
state: present
|
|
recursive: yes
|
|
default: yes # Apply default ACLs for new files/dirs within
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
when: ansible_os_family == "Debian" # ACLs are Linux-specific
|
|
|
|
- name: Exécuter bun install dans le répertoire de l application
|
|
ansible.builtin.command: bun install
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Exécuter bun build dans le répertoire de l application
|
|
ansible.builtin.command: bun run build
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Supervisor config
|
|
ansible.builtin.template:
|
|
src: supervisor.j2
|
|
dest: "/etc/supervisor/conf.d/e-cosplay.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reread Supervisor configuration
|
|
ansible.builtin.command: supervisorctl reread
|
|
changed_when: true # Always mark as changed, as output is not always useful for idempotency
|
|
|
|
- name: Update Supervisor (add/remove updated programs)
|
|
ansible.builtin.command: supervisorctl update
|
|
changed_when: true
|
|
|
|
- name: Purger la base de données Redis
|
|
ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Generate Caddy site configuration
|
|
ansible.builtin.template:
|
|
src: caddy.j2
|
|
dest: "/etc/caddy/sites/e-cosplay.conf"
|
|
mode: '0644'
|
|
|
|
- name: Reload Caddy to apply new configuration
|
|
ansible.builtin.systemd:
|
|
name: caddy
|
|
state: reloaded
|
|
enabled: yes
|
|
- name: Exécuter doctrine:migration:migrate dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
- name: Exécuter cache:clear dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console cache:clear
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
when: ansible_os_family == "Debian"
|
|
- name: docker compose down data
|
|
ansible.builtin.command: docker compose -f umami-docker.yaml down
|
|
args:
|
|
chdir: "{{ path }}"
|
|
- name: docker compose up data
|
|
ansible.builtin.command: docker compose -f umami-docker.yaml up -d
|
|
args:
|
|
chdir: "{{ path }}"
|
|
- name: Exécuter liip:imagine:cache:remove dans le répertoire de l application
|
|
ansible.builtin.command: php bin/console liip:imagine:cache:remove
|
|
become: false
|
|
args:
|
|
chdir: "{{ path }}"
|
|
- name: Set correct permissions for Symfony cache and logs directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: bot
|
|
group: www-data
|
|
mode: '0777' # rwx for owner and group, rx for others
|
|
state: directory
|
|
recurse: yes # Apply to all contents
|
|
loop:
|
|
- "{{ path }}/var/cache"
|
|
- "{{ path }}/var/log"
|
|
- "{{ path }}/public/media"
|
|
- "{{ path }}/public/storage"
|