diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 071e856b..382d863a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -1,39 +1,97 @@ +name: Docker Compose PR Check and Deploy + on: - push: + pull_request: + types: [opened, synchronize, reopened] branches: - main - pull_request: - types: [opened, synchronize, reopened] -name: SonarQube Scan jobs: - sonarqube: - name: SonarQube Scanning & Status - runs-on: ubuntu-latest - steps: - - name: Checking out - uses: actions/checkout@v4 - with: - # Disabling shallow clone is recommended for improving relevancy of reporting - fetch-depth: 0 - - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - - name: SonarQube Quality Gate Check - id: quality-gate - uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - dry-run: + setup-sonarqube: + name: Setup SonarQube Project and Analyze runs-on: self-hosted steps: - - name: Tests - uses: cloudposse/github-action-docker-compose-test-run@main - with: - file: docker-compose.yml \ No newline at end of file + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Configure Git Credentials + run: | + git config --global url."https://${{ secrets.GITEA_TOKEN }}@${{ secrets.GITEA_SERVER }}".insteadOf "https://${{ secrets.GITEA_SERVER }}" + + - name: Run SonarQube Analysis + uses: sonarsource/sonarqube-scan-action@v1.0.0 + with: + host: ${{ secrets.SONARQUBE_URL }} + login: ${{ secrets.SONARQUBE_TOKEN }} + projectKey: ${{ github.event.repository.name }} + projectName: ${{ github.event.repository.name }} + + - name: Check SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-check@v1.1.0 + with: + host: ${{ secrets.SONARQUBE_URL }} + login: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Comment on Pull Request with Quality Gate Status + id: comment-pr + uses: prasiman/gocurl@v0.5.0 + with: + method: POST + url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + headers: > + Authorization: token ${{ secrets.GITEA_TOKEN }} + body: | + { + "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + } + + docker-compose-test: + name: Dry Run Docker Compose + needs: setup-sonarqube + if: needs.setup-sonarqube.outputs.quality-gate == 'true' + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Validate Docker Compose Configuration + uses: alexesdev/docker-compose-tests-run@v1 + with: + compose_file: docker-compose.yml + + manual-approval: + name: Manual Approval + needs: docker-compose-test + if: always() + runs-on: self-hosted + steps: + - name: Approval Required + run: | + echo "Manual approval step reached. Please approve to proceed." + exit 1 + + deploy-changes: + name: Merge and Deploy Changes + needs: manual-approval + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Merge Pull Request + uses: prasiman/gocurl@v0.5.0 + with: + method: POST + url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" + headers: > + Authorization: token ${{ secrets.GITEA_TOKEN }} + + - name: Deploy Docker Compose Changes + uses: alexesdev/ssh-docker-compose@v1.0.0 + with: + ssh_host: ${{ secrets.DOCKER_HOST }} + ssh_user: ${{ secrets.DOCKER_USER }} + ssh_key: ${{ secrets.DOCKER_SSH_KEY }} + compose_file_path: /path/to/docker-compose.yml + docker_compose_command: "up -d --remove-orphans"