chore(central) : aligne la doc prod et l auto-tag

.gitea/workflows/auto-tag-develop.yml

@@ -0,0 +1,65 @@
+name: Auto Tag Develop
+
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  tag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.RELEASE_TOKEN }}
+          persist-credentials: true
+
+      - name: Create next tag from config/version.yaml
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Skip if current commit already has a vX.Y.Z tag
+          if git tag --points-at HEAD | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
+            echo "Tag already exists on this commit. Skipping."
+            exit 0
+          fi
+
+          changed_version=false
+          if git diff --name-only "${{ gitea.event.before }}" "${{ gitea.event.after }}" | grep -q '^config/version\.yaml$'; then
+            changed_version=true
+          fi
+
+          read_version() {
+            awk -F': *' '/app\.version:/{print $2}' config/version.yaml | tr -d '[:space:]' | tr -d "'\""
+          }
+
+          if $changed_version; then
+            version="$(read_version)"
+            if ! [[ "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+              echo "Invalid version in version.yaml: $version" >&2
+              exit 1
+            fi
+          else
+            last_tag="$(git tag -l 'v*' --sort=-v:refname | head -n1 || true)"
+            if [ -z "$last_tag" ]; then
+              version="0.1.0"
+            else
+              base="${last_tag#v}"
+              IFS='.' read -r major minor patch <<< "$base"
+              version="${major}.${minor}.$((patch + 1))"
+            fi
+
+            printf "parameters:\\n    app.version: '%s'\\n" "$version" > config/version.yaml
+            git config user.name "gitea-actions"
+            git config user.email "gitea-actions@local"
+            git add config/version.yaml
+            git commit -m "chore: bump version to v$version" || true
+            git push origin develop || true
+          fi
+
+          tag="v$version"
+          git tag "$tag"
+          git push origin "$tag"

.gitea/workflows/build-docker.yml

@@ -0,0 +1,30 @@
+name: Build & Push Docker Image
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to Gitea Registry
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login gitea.malio.fr -u "${{ gitea.repository_owner }}" --password-stdin
+
+      - name: Build Docker image
+        run: |
+          docker build \
+            -f infra/prod/Dockerfile \
+            -t gitea.malio.fr/malio-dev/central:${{ github.ref_name }} \
+            -t gitea.malio.fr/malio-dev/central:latest \
+            .
+
+      - name: Push Docker image
+        run: |
+          docker push gitea.malio.fr/malio-dev/central:${{ github.ref_name }}
+          docker push gitea.malio.fr/malio-dev/central:latest

CLAUDE.md

@@ -7,7 +7,7 @@ Application de gestion du SI Malio. Monorepo Symfony 8 (API Platform 4) + Nuxt 4
 - **Backend** : PHP 8.4, Symfony 8.0, API Platform 4, Doctrine ORM, PostgreSQL 16
 - **Frontend** : Nuxt 4 (SSR off / SPA), Vue 3, Pinia, Tailwind CSS, @malio/layer-ui, nuxt-toast, @nuxtjs/i18n, @nuxt/icon
 - **Auth** : JWT HTTP-only cookie (lexik/jwt-authentication-bundle), login à `/login_check`, cookie `BEARER`
-- **Docker** : PHP-FPM + Node 24, Nginx (port 8083), PostgreSQL (port 5436)
+- **Docker** : PHP-FPM + Node 24, Nginx (port 8084), PostgreSQL (port 5436)
 
 ## Structure
 

README.md

@@ -12,7 +12,7 @@ make fixtures
 
 ## Accès
 
-- Frontend : http://localhost:8083
-- API : http://localhost:8083/api
+- Frontend : http://localhost:8084
+- API : http://localhost:8084/api
 - Dev Nuxt (hot reload) : http://localhost:3003
 - Login : `admin` / `admin`

doc/deployment-docker.md

@@ -81,7 +81,7 @@ services:
     container_name: central-app
     env_file: .env
     ports:
-      - "8083:80"
+      - "8084:80"
     volumes:
       - ./config/jwt:/var/www/html/config/jwt:ro
       - ./uploads:/var/www/html/var/uploads
@@ -112,15 +112,15 @@ APP_SECRET=<generer avec: openssl rand -hex 32>
 
 DATABASE_URL="postgresql://malio:motdepasse@host.docker.internal:5432/central_prod?serverVersion=16&charset=utf8"
 
-DEFAULT_URI=https://central.malio-dev.fr
+DEFAULT_URI=http://central.malio-dev.fr
 APP_SHARE_DIR=var/share
 
-CORS_ALLOW_ORIGIN='^https?://central\.malio-dev\.fr$'
+CORS_ALLOW_ORIGIN='^http://central\.malio-dev\.fr$'
 
 JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
 JWT_PASSPHRASE=<generer avec: openssl rand -hex 32>
-JWT_COOKIE_SECURE=1
+JWT_COOKIE_SECURE=0
 JWT_TOKEN_TTL=86400
 JWT_COOKIE_TTL=86400
 
@@ -171,7 +171,7 @@ server {
     server_name central.malio-dev.fr;
 
     location / {
-        proxy_pass http://127.0.0.1:8083;
+        proxy_pass http://127.0.0.1:8084;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -212,7 +212,7 @@ cd /var/www/central
 
 ## Verification apres deploiement
 
-1. Ouvrir `https://central.malio-dev.fr`
+1. Ouvrir `http://central.malio-dev.fr`
 2. Se connecter avec un compte admin
 3. Verifier que la page Applications charge
 4. Activer la maintenance sur SIRH

docker-compose.yml

@@ -38,7 +38,7 @@ services:
     depends_on:
       - php
     ports:
-      - "8083:80"
+      - "8084:80"
     volumes:
       - ./:/var/www/html:ro
       - ./infra/dev/nginx.conf:/etc/nginx/conf.d/central.conf:ro

infra/prod/docker-compose.yml

@@ -4,7 +4,7 @@ services:
     container_name: central-app
     env_file: .env
     ports:
-      - "8083:80"
+      - "8084:80"
     volumes:
       - ./config/jwt:/var/www/html/config/jwt:ro
       - ./uploads:/var/www/html/var/uploads

infra/prod/nginx-proxy.conf

@@ -4,7 +4,7 @@ server {
     server_name central.malio-dev.fr;
 
     location / {
-        proxy_pass http://127.0.0.1:8083;
+        proxy_pass http://127.0.0.1:8084;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;