ci: ci for deployement of SILL and add workflow to update the project from upstream every day

JeromeBu · github-actions[bot] · commit fb866c7ae5e0 · 2025-09-07T07:07:52.000Z
ci: ci for deployement of SILL, add workflow to update from upstream every day + update README
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -40,94 +40,92 @@ jobs:
     runs-on: ubuntu-latest
     needs: validations
     outputs:
-      from_version: ${{ steps.step1.outputs.from_version }}
-      to_version: ${{ steps.step1.outputs.to_version }}
-      is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
+      is_upgraded_in_preprod: ${{ steps.check_version.outputs.is_upgraded_in_preprod }}
+      is_upgraded_version: ${{ steps.check_version.outputs.is_upgraded_version }}
+      to_version: ${{ steps.check_version.outputs.to_version }}
+      from_version: ${{ steps.check_version.outputs.from_version }}
     steps:
-      - uses: garronej/ts-ci@v2.1.5
-        id: step1
-        with:
-          action_name: is_package_json_version_upgraded
-      - run: |
-          echo "from_version=${{ steps.step1.outputs.from_version }}"
-          echo "to_version=${{ steps.step1.outputs.to_version }}"
-          echo "is_upgraded_version=${{ steps.step1.outputs.is_upgraded_version }}"
+      - uses: actions/checkout@v4
+      - name: Check version upgrade
+        id: check_version
+        run: |
+          # Get current version from package.json
+          CURRENT_VERSION=$(jq -r '.version' package.json)
+          echo "Version in package.json: $CURRENT_VERSION"
 
-  create_tag:
-    name: Create version tag
+          # Get deployed version from preprod API
+          PRE_PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill-preprod/api/getApiVersion" | jq -r '.result.data.json')
+          PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill/api/getApiVersion" | jq -r '.result.data.json')
+          echo "Deployed version in preprod: $PRE_PROD_DEPLOYED_VERSION"
+          echo "Deployed version in prod: $PROD_DEPLOYED_VERSION"
+          
+          # Simple comparison: check if versions are different
+          if [ "$CURRENT_VERSION" != "$PRE_PROD_DEPLOYED_VERSION" ]; then
+            IS_UPGRADED_IN_PRE_PROD="true"
+            IS_UPGRADED="true"
+            echo "✅ Version different from preprod ($PRE_PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION"
+          elif [ "$CURRENT_VERSION" != "$PROD_DEPLOYED_VERSION" ]; then
+            IS_UPGRADED="true"
+            echo "✅ Version different from prod ($PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION"
+          else
+            IS_UPGRADED="false"
+            echo "ℹ️ Version unchanged: $CURRENT_VERSION"
+          fi
+          
+          echo "Is version upgraded: $IS_UPGRADED"
+          
+          # Set outputs
+          echo "is_upgraded_version=$IS_UPGRADED" >> $GITHUB_OUTPUT
+          echo "is_upgraded_in_preprod=$IS_UPGRADED_IN_PRE_PROD" >> $GITHUB_OUTPUT
+          echo "to_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "from_version=$PRE_PROD_DEPLOYED_VERSION" >> $GITHUB_OUTPUT
+
+  trigger_pre_production_deploy:
+    name: "Trigger pre-production deploy"
     runs-on: ubuntu-latest
+    concurrency:
+      group: deploy-to-pre-production
+      cancel-in-progress: true
     needs:
       - check_if_version_upgraded
-    if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
+    if: needs.check_if_version_upgraded.outputs.is_upgraded_in_preprod == 'true'
     env:
       TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Create tag
+      - run: echo "Triggering pre-production deploy"
+      - name: Set up SSH, update repo and restart docker-compose
         run: |
-          git config --local user.email "actions@github.com"
-          git config --local user.name "GitHub Actions"
-          git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}"
-          git push --tags
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
+          ssh -o StrictHostKeyChecking=no web@code.gouv.fr "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-preprod.sh v${{ env.TO_VERSION }}'"
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
 
-  create_github_release:
-    name: "Create release notes"
-    runs-on: ubuntu-latest
-    needs:
-      - check_if_version_upgraded
-      - create_tag
-    if: |
-      needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push'
-    env:
-      RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}
-    steps:
-      - name: "Generate release on github"
-        uses: softprops/action-gh-release@v2
-        with:
-          name: Release ${{ env.RELEASE_TAG }}
-          prerelease: false
-          tag_name: ${{ env.RELEASE_TAG }}
-          generate_release_notes: true
-          token: ${{ secrets.GITHUB_TOKEN }}
 
-  docker:
-    name: Build and push Docker images
+  trigger_production_deploy:
+    name: "Trigger production deploy"
     runs-on: ubuntu-latest
+    environment: production
+    concurrency:
+      group: deploy-to-production
+      cancel-in-progress: true
     needs:
+      - trigger_pre_production_deploy
       - check_if_version_upgraded
-    if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
+    if: always() && needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && (needs.trigger_pre_production_deploy.result == 'success' || needs.trigger_pre_production_deploy.result == 'skipped')
+    env:
+      TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
     steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Computing Docker image tags
-        id: step1
-        env:
-          TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
+      - run: echo "Triggering production deploy"
+      - name: Set up SSH, update repo and restart docker-compose
         run: |
-          OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest
-          OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}')
-          echo ::set-output name=docker_api_tags::$OUT_API
-
-          OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest
-          OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}')
-          echo ::set-output name=docker_web_tags::$OUT_WEB
-
-      - uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          file: ./Dockerfile.api
-          tags: ${{ steps.step1.outputs.docker_api_tags }}
-      - uses: docker/build-push-action@v5
-        with:
-          push: true
-          context: .
-          file: ./Dockerfile.web
-          tags: ${{ steps.step1.outputs.docker_web_tags }}
+          mkdir -p ~/.ssh
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
+          ssh -o StrictHostKeyChecking=no web@code.gouv.fr "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'"
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
 
diff --git a/.github/workflows/sync-upstream.yaml b/.github/workflows/sync-upstream.yaml
@@ -0,0 +1,35 @@
+name: Sync upstream
+
+on:
+  schedule:
+    - cron: '0 7 * * *' # every day at 7 AM UTC
+  workflow_dispatch:
+
+jobs:
+  sync:
+    name: Sync repository with upstream repository
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout fork
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.PAT_FOR_UPSTREAM_SYNC }}
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Add upstream remote
+        run: |
+          git remote add upstream https://github.com/codegouvfr/catalogi.git
+          git fetch upstream
+
+      - name: Sync with upstream/main
+        run: |
+          git checkout main
+          git rebase upstream/main
+
+      - name: Push to origin
+        run: git push origin main --force-with-lease --no-verify
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ Documentation is available [here](https://codegouvfr.github.io/catalogi/)
 
 ## Code organization
 
-This monorepo is made of several directories:
+Mais quels logiciels libres utiliser et pourquoi ? Quand plusieurs logiciels libres remplissent la même fonction, lequel privilégier ? Quelle version minimale est acceptable ?
 
 - `api/`: Application API (also includes jobs, that can be run periodically)
 - `web/`: Web frontend
@@ -28,18 +28,14 @@ This monorepo is made of several directories:
 
 ## Governance and contributions
 
-[![img](https://img.shields.io/badge/code.gouv.fr-contributif-blue.svg)](https://code.gouv.fr/documentation/#quels-degres-douverture-pour-les-codes-sources)
+# Historique
 
-See [GOVERNANCE](GOVERNANCE.md) and [CONTRIBUTING](CONTRIBUTING.md).
-
-## Discuss with us
-
-You are welcome to join the [Catalogi Matrix channel](https://matrix.to/#/#catalogi:matrix.org).
+Le SILL était à l'origine une liste sous format PDF qui était mise à jour tous les ans par les groupes MIM (Mutualisation InterMinistérielle).
 
 ## License
 
-2021-2025 Direction interministérielle du numérique, mission logiciels libres.
+Cette liste servaient aux DSI des ministères à faire les mises à jour nécessaires et à découvrir des logiciels libres utilisés par d'autres ministères.
 
-The code in this repository is published under [licence MIT](LICENSES/MIT.txt).
+En 2019, le SILL a été publié sous forme d'une application web à l'adresse https://sill.etalab.gouv.fr, qui redirigeait vers https://sill.code.gouv.fr depuis février 2023 jusqu'à présent, et désormais sur https://code.gouv.fr/sill. La page de visualisation était générée à partir de fichiers `csv` maintenus manuellement sur un dépôt public.
 
 The documentation is published under [licence Ouverte 2.0](LICENSES/Etalab-2.0.md) and [CC-BY-4.0](LICENSES/CC-BY-4.0.txt).
