Merge branch 'main' into add_cta_to_hero_bloc

Author: ThibaudDauce

.dockerignore

@@ -1,5 +1,4 @@
 /.nuxt
-/.output
 /node_modules
 
 .gitignore

.github/workflows/ci.yml

@@ -0,0 +1,347 @@
+name: CI
+
+on:
+  push:
+
+env:
+  CONTAINER_REGISTRY_URL: ${{ vars.CONTAINER_REGISTRY_URL }}
+  APP_NAME: ${{ vars.APP_NAME }}
+
+jobs:
+  # ============================================
+  # JOB 1: Build - generates artifacts once
+  # ============================================
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'pnpm'
+
+      - name: Install datagouv-components dependencies
+        working-directory: ./datagouv-components
+        run: pnpm install
+
+      - name: Build datagouv-components CSS
+        working-directory: ./datagouv-components
+        run: pnpm run css
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build application
+        run: NUXT_APP_COMMIT_ID=$(git rev-parse --short HEAD) pnpm run build
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-output
+          path: .output
+          retention-days: 1
+          if-no-files-found: error
+          include-hidden-files: true
+
+  # ============================================
+  # JOB 2: Quality - lint + typecheck (runs in parallel with build)
+  # ============================================
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          cache: 'pnpm'
+
+      - name: Install cdata dependencies
+        run: pnpm install
+
+      - name: Run lint
+        run: pnpm run lint
+
+      - name: Run typecheck
+        run: pnpm run typecheck
+
+      - name: Install datagouv-components dependencies
+        working-directory: ./datagouv-components
+        run: pnpm install
+
+      - name: Run datagouv-components typecheck
+        working-directory: ./datagouv-components
+        run: pnpm run typecheck
+
+      - name: Run datagouv-components lint
+        working-directory: ./datagouv-components
+        run: pnpm run lint
+
+  # ============================================
+  # JOB 3: E2E Tests (runs in parallel with quality)
+  # ============================================
+  e2e:
+    needs: build
+    timeout-minutes: 30
+    runs-on: ubuntu-latest
+    container:
+      image: mcr.microsoft.com/playwright:v1.57.0-noble
+      options: --user 1001
+
+    services:
+      mongodb:
+        image: mongo:6.0.4
+        ports:
+          - 27017:27017
+      redis:
+        image: redis
+        ports:
+          - 6379:6379
+
+    steps:
+      - name: Checkout cdata
+        uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-output
+          path: .output
+
+      - name: Checkout udata
+        uses: actions/checkout@v4
+        with:
+          repository: opendatateam/udata
+          path: udata
+          ref: main
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v6
+        with:
+          python-version: "3.11"
+          working-directory: udata
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "24"
+          cache: "pnpm"
+          cache-dependency-path: pnpm-lock.yaml
+
+      - name: Install Node.js dependencies for cdata
+        run: pnpm install
+
+      - name: Install Python dependencies for udata
+        working-directory: udata
+        run: |
+          uv sync --frozen
+
+      - name: Configure udata
+        working-directory: udata
+        run: |
+          cat << 'EOF' > udata.cfg
+          from udata.settings import Defaults
+
+          DEBUG = True
+          TESTING = True
+          SECRET_KEY = 'test-secret-key-for-ci'
+          SEND_MAIL = False
+          SERVER_NAME = 'localhost:7000'
+          CDATA_BASE_URL="http://localhost:3000"
+
+          CACHE_TYPE = 'null'
+          DEFAULT_LANGUAGE = 'fr'
+
+          SCHEMA_CATALOG_URL='https://schema.data.gouv.fr/schemas/schemas.json'
+
+          URLS_ALLOW_PRIVATE = True
+          URLS_ALLOW_LOCAL = True
+          URLS_ALLOWED_TLDS = Defaults.URLS_ALLOWED_TLDS | set(['local'])
+
+          PLUGINS = []
+          FS_ROOT = 'fs'
+
+          SESSION_COOKIE_SECURE = False
+
+          SECURITY_EMAIL_VALIDATOR_ARGS = {
+              "check_deliverability": False
+          }
+
+          MONGODB_HOST = 'mongodb://mongodb:27017/udata'
+          CELERY_BROKER_URL = 'redis://redis:6379'
+          CELERY_RESULT_BACKEND = 'redis://redis:6379'
+          EOF
+
+      - name: Initialize udata
+        working-directory: udata
+        run: |
+          # Create fs directory
+          mkdir -p fs
+
+          # Initialize udata
+          uv run udata init
+
+          uv run udata licenses
+          uv run udata spatial load
+          uv run udata import-fixtures
+
+          uv run udata user create --first-name "Admin" --last-name "User" --email "[email protected]" --password "@1337Password42" --admin
+          uv run udata user create --first-name "Normal" --last-name "User" --email "[email protected]" --password "@1337Password42"
+
+          uv run inv i18nc
+
+          # Start udata server in background
+          uv run inv serve --port=7000 > udata.log 2>&1 &
+
+          # Wait for udata to be ready
+          timeout 90 bash -c 'until curl -f http://localhost:7000/api/1/site/; do sleep 2; done'
+          echo "udata server is ready"
+
+      - name: Start cdata server
+        env:
+          NUXT_PUBLIC_API_BASE: http://localhost:7000
+          NUXT_PUBLIC_HOMEPAGE_HERO_IMAGES: "hero_15.png"
+        run: |
+          # Start cdata server in background using pre-built artifacts
+          PORT=3000 node .output/server/index.mjs > cdata.log 2>&1 &
+
+          # Wait for cdata to be ready
+          timeout 90 bash -c 'until curl -f http://localhost:3000; do sleep 2; done'
+          echo "cdata server is ready"
+
+      - name: Run E2E tests
+        env:
+          BASE_URL: http://localhost:3000
+          NUXT_PUBLIC_API_BASE: http://localhost:7000
+          CI: true
+        run: pnpm run test:e2e
+
+      - name: Kill udata server
+        if: always()
+        working-directory: udata
+        run: |
+          # Kill udata server to release the lock so that post setup-uv can prune the cache
+          pkill -f "uv run inv serve" || true
+
+      - name: Show server logs
+        if: always()
+        run: |
+          echo "=== UDATA SERVER LOGS ==="
+          cat udata/udata.log || echo "No udata logs found"
+          echo ""
+          echo "=== CDATA SERVER LOGS ==="
+          cat cdata.log || echo "No cdata logs found"
+
+      - name: Upload screenshots
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-screenshots
+          path: tests/**/*-snapshots
+          retention-days: 7
+
+      - name: Upload Playwright report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 7
+
+  # ============================================
+  # JOB 4: Docker - build & push Docker image (all branches, not PRs)
+  # ============================================
+  docker:
+    needs: [quality, e2e]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    outputs:
+      image-tag: ${{ steps.meta.outputs.tags }}
+      version: ${{ steps.version.outputs.short }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-output
+          path: .output
+
+      - name: Set version
+        id: version
+        run: |
+          echo "short=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
+          echo "long=$GITHUB_SHA" >> $GITHUB_OUTPUT
+
+      - name: Log in to GitLab Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.CONTAINER_REGISTRY_URL }}
+          username: oauth2
+          password: ${{ secrets.GITLAB_API_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.CONTAINER_REGISTRY_URL }}/${{ env.APP_NAME }}
+          tags: |
+            type=sha,format=short,prefix=
+            type=sha,format=long,prefix=
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  # ============================================
+  # JOB 5: Sentry - upload source maps (runs in parallel with publish)
+  # ============================================
+  sentry:
+    needs: [quality, e2e]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build-output
+          path: .output
+
+      - name: Set version
+        id: version
+        run: |
+          echo "short=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
+
+      - name: Create Sentry release
+        uses: getsentry/action-release@v3
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+          SENTRY_URL: ${{ secrets.SENTRY_URL }}
+        with:
+          sourcemaps: '.output/public/_nuxt'
+          url_prefix: '~/_nuxt'
+          environment: ${{ github.ref_name }}
+          version: ${{ steps.version.outputs.short }}
+          ignore_missing: true

.github/workflows/create-deploy-release.yml

@@ -1,11 +1,13 @@
 name: Create and deploy a new release
 run-name: create and deploy ${{ github.sha }}
 on:
-  push:
-    branches:
-      - main
+  workflow_run:
+    workflows: ["CI"]
+    types: [completed]
+    branches: [main]
 jobs:
   trigger-gitlab-pipeline:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
     env:
       # static variables and secrets to be defined