feat : add Docker prodcution deployment
Some checks failed
Auto Tag Develop / tag (push) Has been cancelled
Some checks failed
Auto Tag Develop / tag (push) Has been cancelled
This commit is contained in:
Matthieu
61
.claude/skills/ticket-executor/LEARNINGS.md
Normal file
61
.claude/skills/ticket-executor/LEARNINGS.md
Normal file
@@ -0,0 +1,61 @@
|
||||
# Ticket Executor - Learnings
|
||||
|
||||
## Session 2026-03-17 (26 tickets)
|
||||
|
||||
### T-001 — Secrets .env
|
||||
- **Pattern**: Replace secrets with `change_me_in_env_local` placeholder, move real values to `.env.local`
|
||||
- **Gotcha**: `.env.local` must contain ALL overridden secrets
|
||||
|
||||
### T-002 — Security API Gitea
|
||||
- **Pattern**: Ajouter `security: "is_granted('ROLE_USER')"` sur les opérations ApiResource
|
||||
- **Learning**: Vérifier d'abord les ressources déjà sécurisées pour ne pas dupliquer
|
||||
|
||||
### T-003 — SVG Upload
|
||||
- **Pattern**: Double protection - bloquer à l'upload (retirer du MIME allowlist) + defense-in-depth (Content-Disposition: attachment au download)
|
||||
- **Learning**: Toujours vérifier upload ET download controllers
|
||||
|
||||
### T-004 — MCP create-task / Repos numérotation
|
||||
- **Gotcha critique**: PostgreSQL n'autorise PAS `FOR UPDATE` avec des fonctions d'agrégation (`MAX`)
|
||||
- **Fix**: Utiliser `pg_advisory_xact_lock()` au lieu de `FOR UPDATE` pour les queries avec agrégation
|
||||
- **Pattern**: Offset les lock keys (+1000000) pour éviter collisions entre Task et ClientTicket
|
||||
|
||||
### T-005 — Filter ROLE_CLIENT projects
|
||||
- **Pattern**: Créer une Doctrine Extension (`QueryCollectionExtensionInterface` + `QueryItemExtensionInterface`) pour filtrer par relation
|
||||
- **Learning**: Symfony autoconfigure enregistre l'extension automatiquement
|
||||
|
||||
### T-006 — Block client doc upload
|
||||
- **Pattern**: Vérifier le rôle dans le Processor AVANT de résoudre l'IRI de la tâche
|
||||
- **Learning**: Le portail client envoie un `clientTicket` IRI (pas de `task` IRI), donc le check sur `taskIri` non-vide suffit
|
||||
|
||||
### T-007 — MCP role checks
|
||||
- **Pattern**: Injecter `Security` dans chaque Tool, vérifier au début de `__invoke()`
|
||||
- **Learning**: 22 tools à modifier - bien séparer ROLE_ADMIN (users/clients) vs ROLE_USER (le reste)
|
||||
|
||||
### T-009 — Password hashing
|
||||
- **Pattern**: Champ `plainPassword` non-persisté, writable uniquement, hashé dans le Processor
|
||||
- **Learning**: Modifier aussi le frontend (DTO + composant) quand on renomme un champ API
|
||||
|
||||
### T-010 — Rate limiting
|
||||
- **Gotcha**: `login_throttling` nécessite `symfony/rate-limiter` installé, pas juste dans composer.json
|
||||
- **Learning**: Toujours vérifier que les packages sont installés, pas juste déclarés
|
||||
|
||||
### T-012 — Harmoniser repos numérotation
|
||||
- **Pattern**: Aligner les contrats (retourner le max, pas le next) et mettre le +1 côté appelant
|
||||
- **Learning**: Vérifier TOUS les appelants d'une méthode renommée
|
||||
|
||||
### T-015 — useAvatarService
|
||||
- **Learning**: Quand on migre vers `useApi()`, ajouter la détection FormData pour ne pas écraser le Content-Type multipart
|
||||
|
||||
### T-020 — i18n
|
||||
- **Pattern**: Ajouter `useI18n()` dans le setup script avant de pouvoir utiliser `t()` dans le JS
|
||||
- **Learning**: Les templates peuvent utiliser `$t()` directement sans import
|
||||
|
||||
### T-022 — Retirer twig-bundle
|
||||
- **Pattern**: Retirer de composer.json + bundles.php + supprimer config YAML + templates
|
||||
- **Learning**: API Platform ne requiert PAS twig, c'est juste suggéré pour Swagger UI
|
||||
|
||||
## Meta-learnings
|
||||
- **Parallélisation**: Les tickets touchant des fichiers indépendants peuvent tourner en parallèle sans problème
|
||||
- **MCP status**: Toujours mettre "En cours" AVANT de commencer, "Terminé" APRÈS validation
|
||||
- **PostgreSQL gotchas**: Tester les queries SQL avec agrégation + locking sur PostgreSQL, pas MySQL
|
||||
- **Agents**: Les agents simples (1-3 fichiers) terminent en ~30s, les complexes (22 fichiers) en ~8min
|
||||
78
.claude/skills/ticket-executor/SKILL.md
Normal file
78
.claude/skills/ticket-executor/SKILL.md
Normal file
@@ -0,0 +1,78 @@
|
||||
---
|
||||
name: ticket-executor
|
||||
description: Execute Lesstime project tickets systematically - updates MCP statuses, follows project conventions, and logs learnings for self-improvement
|
||||
---
|
||||
|
||||
# Ticket Executor Skill
|
||||
|
||||
## Purpose
|
||||
Execute Lesstime project tickets end-to-end: read the ticket, implement the fix, update MCP status, and log learnings.
|
||||
|
||||
## Workflow
|
||||
|
||||
### 1. Receive Ticket
|
||||
- Get ticket ID, title, description, tags (Backend/Frontend), priority, and current status
|
||||
- Understand the scope from the title and description
|
||||
|
||||
### 2. Set Status to "En cours" (ID: 2)
|
||||
- Use MCP `update-task` with `statusId: 2` before starting work
|
||||
- MCP endpoint: `http://project.malio-dev.fr/_mcp`
|
||||
- Auth: `Bearer 7e8b410a5b79b5c0432951dcee3a3a81e0731e86d9f70d8784ec079a2b759c64`
|
||||
|
||||
### 3. Analyze & Implement
|
||||
Based on tag:
|
||||
- **Backend**: Check `src/Entity/`, `src/State/`, `src/Controller/`, `src/Security/`, `config/`
|
||||
- **Frontend**: Check `frontend/components/`, `frontend/composables/`, `frontend/pages/`, `frontend/services/`
|
||||
|
||||
Conventions to follow:
|
||||
- PHP: `declare(strict_types=1)`, Symfony + PSR-12, API Platform patterns
|
||||
- Frontend: TypeScript strict, `useApi()` composable, 4 spaces indent
|
||||
- See CLAUDE.md for full conventions
|
||||
|
||||
### 4. Verify
|
||||
- For Backend: `make php-cs-fixer-allow-risky` if PHP changed
|
||||
- For Frontend: check TypeScript types, no `any`
|
||||
- Read modified files to confirm correctness
|
||||
|
||||
### 5. Set Status to "Terminé" (ID: 5)
|
||||
- Use MCP `update-task` with `statusId: 5` after successful implementation
|
||||
|
||||
### 6. Log Learnings
|
||||
Append to `.claude/skills/ticket-executor/LEARNINGS.md`:
|
||||
- What worked well
|
||||
- Patterns discovered
|
||||
- Gotchas encountered
|
||||
- Time-saving shortcuts found
|
||||
|
||||
## MCP Session Management
|
||||
The MCP HTTP transport requires a session. To call tools:
|
||||
```bash
|
||||
# Initialize session (get Mcp-Session-Id from response header)
|
||||
curl -si -X POST http://project.malio-dev.fr/_mcp \
|
||||
-H "Authorization: Bearer <token>" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"claude","version":"1.0"}}}'
|
||||
|
||||
# Call tool (use Mcp-Session-Id from init response)
|
||||
curl -s -X POST http://project.malio-dev.fr/_mcp \
|
||||
-H "Authorization: Bearer <token>" \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "Mcp-Session-Id: <session-id>" \
|
||||
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"update-task","arguments":{"id":<taskId>,"statusId":<statusId>}}}'
|
||||
```
|
||||
|
||||
## Status IDs
|
||||
- 1 = A faire
|
||||
- 2 = En cours
|
||||
- 3 = Bloqué
|
||||
- 4 = En attente de validation
|
||||
- 5 = Terminé
|
||||
|
||||
## Learnings Integration
|
||||
Before each ticket, read `LEARNINGS.md` to apply previous insights.
|
||||
After each ticket, append new learnings. This creates a feedback loop that improves execution quality over time.
|
||||
|
||||
## Parallel Execution Rules
|
||||
- Independent tickets (no shared files) can run in parallel via worktree agents
|
||||
- Tickets modifying the same files must run sequentially
|
||||
- Always verify no merge conflicts after parallel execution
|
||||
Reference in New Issue
Block a user