From ce54b49b6efcbf5eed2f82dae2b0b49c28bb853f Mon Sep 17 00:00:00 2001 From: Serreau Jovann Date: Thu, 29 Jan 2026 16:04:13 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat(command):=20Cr=C3=A9e=20une=20?= =?UTF-8?q?commande=20pour=20l'envoi=20automatis=C3=A9=20d'emails=20de=20s?= =?UTF-8?q?uivi.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 'Traitement des contrats en attente de signature' --- ansible/playbook.yml | 193 +++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 117 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 3503df7..89956ee 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -11,37 +11,37 @@ db_password: "ludikevent" redis_password: "ludikevent" redis_port: "20110" - # Assurez-vous que 'path' est définie dans votre inventaire ou comme extra-var - # Exemple: path: /var/www/mainframe/app + # path: /var/www/mainframe/app (à définir dans l'inventaire) tasks: - - name: Exécuter 'composer install' dans le répertoire de l'application - ansible.builtin.command: composer install --no-dev --optimize-autoloader - become: false # Run as the connection user (e.g., 'bot') - args: - chdir: "{{ path }}" - when: ansible_os_family == "Debian" - - name: Send a message to the Discord channel - community.general.discord: - webhook_id: "1419573620602044518" - webhook_token: "ikAdxWxsrrTqMTb5Gh_8ylcoJHlOnq7aJZvR5udoS_fCK56Jk3qpEnJHVKdD8fwuNJF3" - content: "Mise à jour du intranet ludikevent https://intranet.ludikevent.fr" + - name: Exécuter 'composer install' dans le répertoire de l'application + ansible.builtin.command: composer install --no-dev --optimize-autoloader + become: false + args: + chdir: "{{ path }}" + when: ansible_os_family == "Debian" - - name: Installer le support ACL pour corriger les permissions de 'become_user' + - name: Send a message to the Discord channel + community.general.discord: + webhook_id: "1419573620602044518" + webhook_token: "ikAdxWxsrrTqMTb5Gh_8ylcoJHlOnq7aJZvR5udoS_fCK56Jk3qpEnJHVKdD8fwuNJF3" + content: "Mise à jour du intranet ludikevent https://intranet.ludikevent.fr" + + - name: Installer le support ACL pour corriger les permissions ansible.builtin.apt: name: acl state: present update_cache: true when: ansible_os_family == "Debian" - - name: Installation des dépendances pour le module Ansible PostgreSQL + - name: Installation des dépendances PostgreSQL pour Ansible ansible.builtin.apt: name: python3-psycopg2 state: present update_cache: true when: ansible_os_family == "Debian" - - name: Installation de PHP 8.3 et PHP 8.3-FPM avec les dépendances + - name: Installation de PHP 8.4 et dépendances ansible.builtin.apt: name: - php8.4 @@ -65,14 +65,13 @@ state: present when: ansible_os_family == "Debian" - - name: Démarrage et activation du service PHP 8.3 FPM + - name: Démarrage de PHP 8.4-FPM ansible.builtin.systemd: name: php8.4-fpm state: started enabled: yes - when: ansible_os_family == "Debian" - - name: Créer le fichier .env.local avec les secrets de production + - name: Créer le fichier .env.local ansible.builtin.copy: content: | APP_ENV=prod @@ -93,48 +92,25 @@ DEFAULT_URI=https://reservation.ludikevent.fr INTRANET_LOCK=false dest: "{{ path }}/.env.local" - when: ansible_os_family == "Debian" - # --- Initial creation of essential directories with correct ownership --- - # These directories should exist before composer runs, but composer might create subdirs. - - name: Ensure app/var and public/media directories exist with correct owner/group - ansible.builtin.file: - path: "{{ item }}" - owner: bot # Assuming 'bot' is your deployment user - group: www-data - mode: '0775' # Allow 'bot' and 'www-data' to read/write/execute - state: directory - recurse: yes # Important to ensure subdirectories created by previous deploys also get permissions - loop: - - "{{ path }}/var" - - "{{ path }}/var/log" # Specific for log, though var/log might be created by composer later - - "{{ path }}/public/media" # For uploads - - "{{ path }}/public/images" # For uploads - - "{{ path }}/public/pdf" # For uploads - - "{{ path }}/public/seo" # For uploads - - "{{ path }}/public/tmp-sign" # For upload - - "{{ path }}/sauvegarde" - - # --- POST-COMPOSER PERMISSION FIXES --- - # This is crucial because composer creates var/cache as the `become: false` user - - name: Set correct permissions for Symfony cache and logs directories + - name: Configuration des dossiers de base ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data - mode: '0775' # rwx for owner and group, rx for others + mode: '0775' state: directory - recurse: yes # Apply to all contents loop: - - "{{ path }}/var/cache" + - "{{ path }}/var" - "{{ path }}/var/log" - # For web-writable directories created by the app itself (e.g., uploads), you might set ACLs - # or chown to www-data and then your user gets access via group membership. + - "{{ path }}/public/media" + - "{{ path }}/public/images" + - "{{ path }}/public/pdf" + - "{{ path }}/public/seo" + - "{{ path }}/public/tmp-sign" + - "{{ path }}/sauvegarde" - # Alternative for cache/log permissions using ACLs (more robust for mixed ownership) - # This requires 'acl' package installed (which you already do). - # Use this if 'bot' needs to own, but www-data needs to write. - - name: Set ACLs for Symfony cache and logs (recommended for web-writable dirs) + - name: ACL pour Symfony (www-data rwx) ansible.builtin.acl: path: "{{ item }}" entity: www-data @@ -142,25 +118,19 @@ permissions: rwx state: present recursive: yes - default: yes # Apply default ACLs for new files/dirs within + default: yes loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" - when: ansible_os_family == "Debian" # ACLs are Linux-specific - - name: Exécuter bun install dans le répertoire de l application - ansible.builtin.command: bun install + - name: Bun install & build + ansible.builtin.command: "{{ item }}" become: false args: chdir: "{{ path }}" - when: ansible_os_family == "Debian" - - - name: Exécuter bun build dans le répertoire de l application - ansible.builtin.command: bun run build - become: false - args: - chdir: "{{ path }}" - when: ansible_os_family == "Debian" + loop: + - "bun install" + - "bun run build" - name: Supervisor config ansible.builtin.template: @@ -168,41 +138,39 @@ dest: "/etc/supervisor/conf.d/mainframe.conf" mode: '0644' - - name: Reread Supervisor configuration - ansible.builtin.command: supervisorctl reread - changed_when: true # Always mark as changed, as output is not always useful for idempotency + - name: Reload Supervisor + ansible.builtin.command: "{{ item }}" + loop: + - "supervisorctl reread" + - "supervisorctl update" - - name: Update Supervisor (add/remove updated programs) - ansible.builtin.command: supervisorctl update - changed_when: true - - - name: Purger la base de données Redis + - name: Purger Redis ansible.builtin.command: "redis-cli -p {{ redis_port }} -a {{ redis_password }} FLUSHALL" - when: ansible_os_family == "Debian" - - name: Generate Caddy site configuration + - name: Caddy config ansible.builtin.template: src: caddy.j2 dest: "/etc/caddy/sites/ludikevent.conf" mode: '0644' - - name: Reload Caddy to apply new configuration + - name: Reload Caddy ansible.builtin.systemd: name: caddy state: reloaded - enabled: yes - - name: Exécuter doctrine:migration:migrate dans le répertoire de l application - ansible.builtin.command: php bin/console doctrine:migrations:migrate --no-interaction + + - name: Symfony Tasks (Migrations, Cache, Warmup) + ansible.builtin.command: "php bin/console {{ item }} --no-interaction" become: false args: chdir: "{{ path }}" - when: ansible_os_family == "Debian" - - name: Exécuter cache:clear dans le répertoire de l application - ansible.builtin.command: php bin/console cache:clear - become: false - args: - chdir: "{{ path }}" - when: ansible_os_family == "Debian" + loop: + - "doctrine:migrations:migrate" + - "cache:clear" + - "liip:imagine:cache:remove" + - "app:images:warmup" + - "pwa:compile" + - "app:sitemap" + - name: S'assurer que le fichier update.json a les bonnes permissions ansible.builtin.file: path: "{{ path }}/var/update.json" @@ -211,71 +179,62 @@ mode: '0664' state: file ignore_errors: yes - - name: Exécuter liip:imagine:cache:remove dans le répertoire de l application - ansible.builtin.command: php bin/console liip:imagine:cache:remove - become: false - args: - chdir: "{{ path }}" - - name: Exécuter app:images:warmup dans le répertoire de l application - ansible.builtin.command: php bin/console app:images:warmup - become: false - args: - chdir: "{{ path }}" - when: ansible_os_family == "Debian" # Added a when condition here, often missed - - name: Exécuter pwa:compile dans le répertoire de l application - ansible.builtin.command: php -d memory_limit=-1 bin/console pwa:compile - become: false - args: - chdir: "{{ path }}" - - name: Exécuter pwa:compile dans le répertoire de l application - ansible.builtin.command: php bin/console app:sitemap - become: false - args: - chdir: "{{ path }}" + + # --- CRON TASKS --- + - name: "Cron Task - Unsigned Contracts (Relance & Annulation)" + ansible.builtin.cron: + name: "Intranet Ludikevent - Unsigned Contracts Expired" + minute: "0" + hour: "12" + job: "php {{ path }}/bin/console app:un-signed:expired" + user: root + state: present + - name: "Cron Task Search" ansible.builtin.cron: name: "Intranet Ludikevent - Search" minute: "*/5" job: "php {{ path }}/bin/console app:search" user: root - - name: "Cron Task Search" + + - name: "Cron Task Stripe" ansible.builtin.cron: name: "Intranet Ludikevent - Stripe" minute: "0" hour: "1" job: "php {{ path }}/bin/console app:stripe:sync" user: root - - name: "Cron Task Search" + + - name: "Cron Task Backup" ansible.builtin.cron: name: "Intranet Ludikevent - Backup" minute: "0" hour: "*/6" job: "php {{ path }}/bin/console app:backup" user: "root" - state: present - - name: "Cron Task - Clean Data (Performance & Tracking)" + + - name: "Cron Task - Clean Data" ansible.builtin.cron: name: "Intranet Ludikevent - Clean Data" minute: "0" hour: "20" job: "php {{ path }}/bin/console app:clean" user: "root" - state: present - - name: Set correct permissions for Symfony cache and logs directories + + - name: Final Permissions Fix (0777 pour les dossiers d'upload) ansible.builtin.file: path: "{{ item }}" owner: bot group: www-data - mode: '0777' # rwx for owner and group, rx for others + mode: '0777' state: directory - recurse: yes # Apply to all contents + recurse: yes loop: - "{{ path }}/var/cache" - "{{ path }}/var/log" - "{{ path }}/public/media" - "{{ path }}/sauvegarde" - - "{{ path }}/public/images" # For uploads + - "{{ path }}/public/images" - "{{ path }}/public/pdf" - "{{ path }}/public/seo" - - "{{ path }}/public/tmp-sign" # For uploads - + - "{{ path }}/public/tmp-sign"