gitea-workflows/.gitea/workflows/nextjs-nginx-conf.yaml

name: Generate Nginx Config
run-name: 🔧 Generate Nginx config for ${{ vars.VAR_APP_NAME }}

on:
  workflow_call:
    inputs:
      VAR_APP_NAME:
        required: true
        type: string
      NEXTJS_PORT:
        required: true
        type: string
      WEBSITE_URL:
        required: true
        type: string
      ADMIN_EMAIL:
        required: true
        type: string
  workflow_dispatch:

jobs:
  generate-config:
    runs-on: ubuntu-latest

    env:
      APP_NAME: ${{ inputs.VAR_APP_NAME || vars.VAR_APP_NAME }}
      NEXTJS_PORT: ${{ inputs.NEXTJS_PORT || vars.NEXTJS_PORT }}
      WEBSITE_URL: ${{ inputs.WEBSITE_URL || vars.WEBSITE_URL }}
      ADMIN_EMAIL: ${{ inputs.ADMIN_EMAIL || vars.ADMIN_EMAIL }}

    steps:
      - name: 📥 Checkout devops
        uses: actions/checkout@v3
        with:
          repository: public/gitea-workflows
          ref: main
          fetch-depth: 1

      - name: 📋 Vérification des variables
        run: |
          ERRORS=0

          check_var() {
            local name=$1
            local value=$2
            if [ -z "$value" ]; then
              echo "❌ $name est manquant — à définir dans : Repo → Settings → Actions → Variables"
              ERRORS=$((ERRORS + 1))
            else
              echo "✅ $name = $value"
            fi
          }

          check_var "VAR_APP_NAME" "${{ env.APP_NAME }}"
          check_var "NEXTJS_PORT"  "${{ env.NEXTJS_PORT }}"
          check_var "WEBSITE_URL"  "${{ env.WEBSITE_URL }}"
          check_var "ADMIN_EMAIL"  "${{ env.ADMIN_EMAIL }}"

          if [ "$ERRORS" -gt 0 ]; then
            echo ""
            echo "💡 $ERRORS variable(s) manquante(s). Consulter : Repo → Settings → Actions → Variables"
            exit 1
          fi

      - name: 🔧 Génération du fichier de configuration
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CONFIG_FILENAME="${DOMAIN}.conf"
          LOCAL_TEMP="/tmp/$CONFIG_FILENAME"
          cp .gitea/templates/nginx-nextjs-site.conf.template "$LOCAL_TEMP"
          sed -i "s/{{DOMAIN}}/$DOMAIN/g" "$LOCAL_TEMP"
          sed -i "s/{{PORT}}/${{ env.NEXTJS_PORT }}/g" "$LOCAL_TEMP"
          cat "$LOCAL_TEMP"

      - name: 🛠️ Déploiement page maintenance
        run: |
          sudo mkdir -p /var/www/errors
          sudo cp .gitea/templates/maintenance.html /var/www/errors/maintenance.html
          sudo chmod 644 /var/www/errors/maintenance.html

      - name: 🔒 Certificat SSL (certbot --standalone si absent)
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CERT_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

          # Installer certbot si absent
          if ! command -v certbot &>/dev/null; then
            echo "📦 Installation de certbot..."
            sudo apt-get update -qq
            sudo apt-get install -y -qq certbot
          fi

          if [ -f "$CERT_PATH" ]; then
            echo "✅ Certificat existant trouvé — aucune action requise"
          else
            echo "🔐 Certificat absent — obtention via certbot --standalone"
            # Arrêt de nginx pour libérer le port 80 (standalone en a besoin)
            sudo systemctl stop nginx || true
            sudo certbot certonly \
              --standalone \
              --non-interactive \
              --agree-tos \
              --email "${{ env.ADMIN_EMAIL }}" \
              -d "$DOMAIN"
            echo "✅ Certificat obtenu pour $DOMAIN"
          fi

      - name: 🚀 Installation NGINX
        run: |
          DOMAIN=$(echo "${{ env.WEBSITE_URL }}" | sed -E 's#^https?://##' | sed -E 's#/.*$##')
          CONFIG_FILENAME="${DOMAIN}.conf"
          LOCAL_TEMP="/tmp/$CONFIG_FILENAME"
          TARGET_AVAILABLE="/etc/nginx/sites-available/$CONFIG_FILENAME"
          TARGET_ENABLED="/etc/nginx/sites-enabled/$CONFIG_FILENAME"
          sudo mv "$LOCAL_TEMP" "$TARGET_AVAILABLE"
          if [ ! -f "$TARGET_ENABLED" ]; then sudo ln -s "$TARGET_AVAILABLE" "$TARGET_ENABLED"; fi
          sudo nginx -t
          if sudo systemctl is-active --quiet nginx; then
            sudo systemctl reload nginx
          else
            sudo systemctl start nginx
          fi