From 10884596e9830136b5117aa9e9f9d128748c2809 Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 18:31:59 -0500 Subject: [PATCH 1/6] Initial commit of CI/CD pipeline (alpha version). --- .gitea/workflows/deploy.yaml | 67 ++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .gitea/workflows/deploy.yaml diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml new file mode 100644 index 00000000..b0107c7c --- /dev/null +++ b/.gitea/workflows/deploy.yaml @@ -0,0 +1,67 @@ +name: Docker Compose PR Check and Deploy + +on: + pull_request: + types: [synchronize, opened, reopened] + branches: + - main + +jobs: + status-check: + name: Validate SonarQube Bot Status + runs-on: self-hosted + steps: + - name: Fetch PR Status + run: | + curl -s \ + -H "Authorization: token $GITEA_TOKEN" \ + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/{{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \ + | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 + + dry-run: + name: Dry Run Docker Compose + runs-on: self-hosted + needs: status-check + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Validate Docker Compose + run: | + docker compose config -f docker-compose.yml + working-directory: ./ + + manual-approval: + name: Manual Approval + runs-on: self-hosted + needs: dry-run + steps: + - name: Approval Required + run: | + echo "Awaiting manual approval..." + exit 1 + + merge-and-deploy: + name: Merge and Deploy + runs-on: self-hosted + needs: manual-approval + steps: + - name: Merge Pull Request + env: + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + run: | + curl -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/{{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge" + + - name: Deploy Docker Compose Changes + run: | + ssh $DOCKER_USER@$DOCKER_HOST " + cd /path/to/docker/compose/files && + docker compose pull && + docker compose up -d --remove-orphans + " + env: + DOCKER_HOST: ${{ secrets.DOCKER_HOST }} + DOCKER_USER: ${{ secrets.DOCKER_USER }} + SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} \ No newline at end of file From 88f33bd4c97874ac500d2da94d40483f11d582de Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 19:36:21 -0500 Subject: [PATCH 2/6] Updated deploy pipeline (substituting gitea-sonarqube-bot functionality). --- .gitea/workflows/deploy.yaml | 49 +++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index b0107c7c..44f9de5b 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -7,15 +7,58 @@ on: - main jobs: + setup-sonarqube: + name: Setup SonarQube Project and Analyze + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Create SonarQube Project (if not exists) + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + SONAR_URL: ${{ secrets.SONARQUBE_URL }} + run: | + curl -s -X POST -u "$SONAR_TOKEN:" \ + -H "Content-Type: application/json" \ + "$SONAR_URL/api/projects/create?project=${{ gitea.repository.name }}&name=${{ gitea.repository.name }}" || true + + - name: Run SonarQube Analysis + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + SONAR_URL: ${{ secrets.SONARQUBE_URL }} + run: | + sonar-scanner \ + -Dsonar.projectKey=${{ gitea.repository.name }} \ + -Dsonar.sources=. \ + -Dsonar.language=docker \ + -Dsonar.host.url=$SONAR_URL \ + -Dsonar.login=$SONAR_TOKEN + + - name: Comment on PR with SonarQube Status + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} + SONAR_URL: ${{ secrets.SONARQUBE_URL }} + GITEA_SERVER: ${{ secrets.GITEA_SERVER }} + run: | + STATUS=$(curl -s -u "$SONAR_TOKEN:" "$SONAR_URL/api/qualitygates/project_status?projectKey=${{ gitea.repository.name }}" | jq -r '.projectStatus.status') + COMMENT="SonarQube Analysis: $STATUS\n[View in SonarQube]($SONAR_URL/dashboard?id=${{ gitea.repository.name }})" + curl -X POST -H "Authorization: token $GITEA_TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\": \"$COMMENT\"}" \ + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments" + status-check: name: Validate SonarQube Bot Status + needs: setup-sonarqube runs-on: self-hosted steps: - name: Fetch PR Status run: | curl -s \ -H "Authorization: token $GITEA_TOKEN" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/{{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \ + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \ | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 dry-run: @@ -52,7 +95,7 @@ jobs: run: | curl -X POST \ -H "Authorization: token $GITEA_TOKEN" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/{{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge" + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge" - name: Deploy Docker Compose Changes run: | @@ -64,4 +107,4 @@ jobs: env: DOCKER_HOST: ${{ secrets.DOCKER_HOST }} DOCKER_USER: ${{ secrets.DOCKER_USER }} - SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} \ No newline at end of file + SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} From 1162ececa8590b53182215880e46665f4e379a72 Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 19:58:12 -0500 Subject: [PATCH 3/6] Verbose logging... --- .gitea/workflows/deploy.yaml | 39 ++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 44f9de5b..24a06e9e 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -14,26 +14,37 @@ jobs: - name: Checkout Code uses: actions/checkout@v3 + - name: Log Current Directory + run: | + echo "Current directory contents:" + ls -la + echo "Working in directory: $(pwd)" + - name: Create SonarQube Project (if not exists) env: SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} SONAR_URL: ${{ secrets.SONARQUBE_URL }} run: | - curl -s -X POST -u "$SONAR_TOKEN:" \ + echo "Attempting to create SonarQube project if it doesn't exist..." + RESPONSE=$(curl -s -X POST -u "$SONAR_TOKEN:" \ -H "Content-Type: application/json" \ - "$SONAR_URL/api/projects/create?project=${{ gitea.repository.name }}&name=${{ gitea.repository.name }}" || true + "$SONAR_URL/api/projects/create?project=${{ gitea.repository.name }}&name=${{ gitea.repository.name }}" || echo "Request failed") + echo "Response: $RESPONSE" - name: Run SonarQube Analysis env: SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} SONAR_URL: ${{ secrets.SONARQUBE_URL }} run: | + echo "Starting SonarQube analysis..." sonar-scanner \ -Dsonar.projectKey=${{ gitea.repository.name }} \ -Dsonar.sources=. \ -Dsonar.language=docker \ -Dsonar.host.url=$SONAR_URL \ - -Dsonar.login=$SONAR_TOKEN + -Dsonar.login=$SONAR_TOKEN \ + -X + echo "SonarQube analysis completed." - name: Comment on PR with SonarQube Status env: @@ -42,8 +53,11 @@ jobs: SONAR_URL: ${{ secrets.SONARQUBE_URL }} GITEA_SERVER: ${{ secrets.GITEA_SERVER }} run: | + echo "Fetching SonarQube project status..." STATUS=$(curl -s -u "$SONAR_TOKEN:" "$SONAR_URL/api/qualitygates/project_status?projectKey=${{ gitea.repository.name }}" | jq -r '.projectStatus.status') + echo "SonarQube quality gate status: $STATUS" COMMENT="SonarQube Analysis: $STATUS\n[View in SonarQube]($SONAR_URL/dashboard?id=${{ gitea.repository.name }})" + echo "Adding comment to PR: $COMMENT" curl -X POST -H "Authorization: token $GITEA_TOKEN" \ -H "Content-Type: application/json" \ -d "{\"body\": \"$COMMENT\"}" \ @@ -56,10 +70,12 @@ jobs: steps: - name: Fetch PR Status run: | + echo "Validating SonarQube bot status..." curl -s \ -H "Authorization: token $GITEA_TOKEN" \ "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \ | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 + echo "SonarQube bot status validation successful." dry-run: name: Dry Run Docker Compose @@ -71,8 +87,9 @@ jobs: - name: Validate Docker Compose run: | + echo "Validating Docker Compose configuration..." docker compose config -f docker-compose.yml - working-directory: ./ + echo "Docker Compose validation successful." manual-approval: name: Manual Approval @@ -81,7 +98,7 @@ jobs: steps: - name: Approval Required run: | - echo "Awaiting manual approval..." + echo "Manual approval step reached. Please approve to proceed." exit 1 merge-and-deploy: @@ -93,18 +110,24 @@ jobs: env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | - curl -X POST \ + echo "Merging pull request into main..." + RESPONSE=$(curl -X POST \ -H "Authorization: token $GITEA_TOKEN" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge" + "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge") + echo "Merge response: $RESPONSE" - name: Deploy Docker Compose Changes run: | + echo "Deploying Docker Compose changes to host..." ssh $DOCKER_USER@$DOCKER_HOST " + echo 'Pulling new images...' cd /path/to/docker/compose/files && - docker compose pull && + docker compose pull + echo 'Applying changes...' docker compose up -d --remove-orphans " env: DOCKER_HOST: ${{ secrets.DOCKER_HOST }} DOCKER_USER: ${{ secrets.DOCKER_USER }} SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} + SSH_AUTH_SOCK: /run/ssh-agent.sock From b46c60098f2981883e31322c2f82fc0e24a268c4 Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 20:10:09 -0500 Subject: [PATCH 4/6] Removing project creation step. --- .gitea/workflows/deploy.yaml | 43 ++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 24a06e9e..c572cb59 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -20,31 +20,26 @@ jobs: ls -la echo "Working in directory: $(pwd)" - - name: Create SonarQube Project (if not exists) - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SONAR_URL: ${{ secrets.SONARQUBE_URL }} - run: | - echo "Attempting to create SonarQube project if it doesn't exist..." - RESPONSE=$(curl -s -X POST -u "$SONAR_TOKEN:" \ - -H "Content-Type: application/json" \ - "$SONAR_URL/api/projects/create?project=${{ gitea.repository.name }}&name=${{ gitea.repository.name }}" || echo "Request failed") - echo "Response: $RESPONSE" + - name: SonarQube Scan + uses: kitabisa/sonarqube-action@v1.2.0 + with: + host: ${{ secrets.SONARQUBE_HOST }} + login: ${{ secrets.SONARQUBE_TOKEN }} - - name: Run SonarQube Analysis - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SONAR_URL: ${{ secrets.SONARQUBE_URL }} - run: | - echo "Starting SonarQube analysis..." - sonar-scanner \ - -Dsonar.projectKey=${{ gitea.repository.name }} \ - -Dsonar.sources=. \ - -Dsonar.language=docker \ - -Dsonar.host.url=$SONAR_URL \ - -Dsonar.login=$SONAR_TOKEN \ - -X - echo "SonarQube analysis completed." + # - name: Run SonarQube Analysis + # env: + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # SONAR_URL: ${{ secrets.SONARQUBE_URL }} + # run: | + # echo "Starting SonarQube analysis..." + # sonar-scanner \ + # -Dsonar.projectKey=${{ gitea.repository.name }} \ + # -Dsonar.sources=. \ + # -Dsonar.language=docker \ + # -Dsonar.host.url=$SONAR_URL \ + # -Dsonar.login=$SONAR_TOKEN \ + # -X + # echo "SonarQube analysis completed." - name: Comment on PR with SonarQube Status env: From 998e1c9cd20aa6caee0b218158f6d9cc1bae12aa Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 22:06:44 -0500 Subject: [PATCH 5/6] Updated workflow for Sonarqube (excluding bot). --- .gitea/workflows/analyze.yaml | 46 +++++++++++ .gitea/workflows/deploy.yaml | 128 ------------------------------- cpt-gen-pipeline.yaml | 139 ++++++++++++++++++++++++++++++++++ 3 files changed, 185 insertions(+), 128 deletions(-) create mode 100644 .gitea/workflows/analyze.yaml delete mode 100644 .gitea/workflows/deploy.yaml create mode 100644 cpt-gen-pipeline.yaml diff --git a/.gitea/workflows/analyze.yaml b/.gitea/workflows/analyze.yaml new file mode 100644 index 00000000..ca29bf23 --- /dev/null +++ b/.gitea/workflows/analyze.yaml @@ -0,0 +1,46 @@ +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + +name: SonarQube Scan +jobs: + sonarqube: + name: SonarQube Trigger + runs-on: ubuntu-latest + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + + - name: SonarQube Scan + uses: kitabisa/sonarqube-action@v1.2.0 + with: + host: ${{ secrets.SONARQUBE_HOST }} + login: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Fetch SonarQube Project Status + id: fetch-status + uses: cytopia/gocurl@v3 + with: + method: GET + url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status + headers: Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }} + query: projectKey=${{ gitea.repository.name }} + + - name: Comment on PR with SonarQube Status + uses: cytopia/gocurl@v3 + with: + method: POST + url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments + headers: | + Authorization: token ${{ secrets.GITEA_TOKEN }} + Content-Type: application/json + body: | + { + "body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})" + } diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml deleted file mode 100644 index c572cb59..00000000 --- a/.gitea/workflows/deploy.yaml +++ /dev/null @@ -1,128 +0,0 @@ -name: Docker Compose PR Check and Deploy - -on: - pull_request: - types: [synchronize, opened, reopened] - branches: - - main - -jobs: - setup-sonarqube: - name: Setup SonarQube Project and Analyze - runs-on: self-hosted - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Log Current Directory - run: | - echo "Current directory contents:" - ls -la - echo "Working in directory: $(pwd)" - - - name: SonarQube Scan - uses: kitabisa/sonarqube-action@v1.2.0 - with: - host: ${{ secrets.SONARQUBE_HOST }} - login: ${{ secrets.SONARQUBE_TOKEN }} - - # - name: Run SonarQube Analysis - # env: - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - # SONAR_URL: ${{ secrets.SONARQUBE_URL }} - # run: | - # echo "Starting SonarQube analysis..." - # sonar-scanner \ - # -Dsonar.projectKey=${{ gitea.repository.name }} \ - # -Dsonar.sources=. \ - # -Dsonar.language=docker \ - # -Dsonar.host.url=$SONAR_URL \ - # -Dsonar.login=$SONAR_TOKEN \ - # -X - # echo "SonarQube analysis completed." - - - name: Comment on PR with SonarQube Status - env: - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} - SONAR_URL: ${{ secrets.SONARQUBE_URL }} - GITEA_SERVER: ${{ secrets.GITEA_SERVER }} - run: | - echo "Fetching SonarQube project status..." - STATUS=$(curl -s -u "$SONAR_TOKEN:" "$SONAR_URL/api/qualitygates/project_status?projectKey=${{ gitea.repository.name }}" | jq -r '.projectStatus.status') - echo "SonarQube quality gate status: $STATUS" - COMMENT="SonarQube Analysis: $STATUS\n[View in SonarQube]($SONAR_URL/dashboard?id=${{ gitea.repository.name }})" - echo "Adding comment to PR: $COMMENT" - curl -X POST -H "Authorization: token $GITEA_TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"body\": \"$COMMENT\"}" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments" - - status-check: - name: Validate SonarQube Bot Status - needs: setup-sonarqube - runs-on: self-hosted - steps: - - name: Fetch PR Status - run: | - echo "Validating SonarQube bot status..." - curl -s \ - -H "Authorization: token $GITEA_TOKEN" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \ - | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 - echo "SonarQube bot status validation successful." - - dry-run: - name: Dry Run Docker Compose - runs-on: self-hosted - needs: status-check - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Validate Docker Compose - run: | - echo "Validating Docker Compose configuration..." - docker compose config -f docker-compose.yml - echo "Docker Compose validation successful." - - manual-approval: - name: Manual Approval - runs-on: self-hosted - needs: dry-run - steps: - - name: Approval Required - run: | - echo "Manual approval step reached. Please approve to proceed." - exit 1 - - merge-and-deploy: - name: Merge and Deploy - runs-on: self-hosted - needs: manual-approval - steps: - - name: Merge Pull Request - env: - GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} - run: | - echo "Merging pull request into main..." - RESPONSE=$(curl -X POST \ - -H "Authorization: token $GITEA_TOKEN" \ - "$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge") - echo "Merge response: $RESPONSE" - - - name: Deploy Docker Compose Changes - run: | - echo "Deploying Docker Compose changes to host..." - ssh $DOCKER_USER@$DOCKER_HOST " - echo 'Pulling new images...' - cd /path/to/docker/compose/files && - docker compose pull - echo 'Applying changes...' - docker compose up -d --remove-orphans - " - env: - DOCKER_HOST: ${{ secrets.DOCKER_HOST }} - DOCKER_USER: ${{ secrets.DOCKER_USER }} - SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} - SSH_AUTH_SOCK: /run/ssh-agent.sock diff --git a/cpt-gen-pipeline.yaml b/cpt-gen-pipeline.yaml new file mode 100644 index 00000000..d946271b --- /dev/null +++ b/cpt-gen-pipeline.yaml @@ -0,0 +1,139 @@ +name: Docker Compose PR Check and Deploy + +on: + pull_request: + types: [synchronize, opened, reopened] + branches: + - main + +jobs: + setup-sonarqube: + name: Setup SonarQube Project and Analyze + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Log Current Directory + run: | + echo "Current directory contents:" + ls -la + echo "Working in directory: $(pwd)" + + - name: Create SonarQube Project (if not exists) + uses: cytopia/gocurl@v3 + with: + method: POST + url: ${{ secrets.SONARQUBE_URL }}/api/projects/create + headers: | + Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }} + Content-Type: application/json + query: | + project=${{ gitea.repository.name }} + name=${{ gitea.repository.name }} + continue-on-error: true # Ignore error if project already exists + + - name: Run SonarQube Analysis + env: + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + SONAR_URL: ${{ secrets.SONARQUBE_URL }} + run: | + echo "Starting SonarQube analysis..." + sonar-scanner \ + -Dsonar.projectKey=${{ gitea.repository.name }} \ + -Dsonar.sources=. \ + -Dsonar.language=docker \ + -Dsonar.host.url=$SONAR_URL \ + -Dsonar.login=$SONAR_TOKEN \ + -X + echo "SonarQube analysis completed." + + - name: Fetch SonarQube Project Status + id: fetch-status + uses: cytopia/gocurl@v3 + with: + method: GET + url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status + headers: Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }} + query: projectKey=${{ gitea.repository.name }} + + - name: Comment on PR with SonarQube Status + uses: cytopia/gocurl@v3 + with: + method: POST + url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments + headers: | + Authorization: token ${{ secrets.GITEA_TOKEN }} + Content-Type: application/json + body: | + { + "body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})" + } + + status-check: + name: Validate SonarQube Bot Status + needs: setup-sonarqube + runs-on: self-hosted + steps: + - name: Fetch PR Status + uses: cytopia/gocurl@v3 + with: + method: GET + url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status + headers: Authorization: token ${{ secrets.GITEA_TOKEN }} + run: | + echo "Validating SonarQube bot status..." + echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 + echo "SonarQube bot status validation successful." + + dry-run: + name: Dry Run Docker Compose + runs-on: self-hosted + needs: status-check + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Validate Docker Compose + run: | + echo "Validating Docker Compose configuration..." + docker compose config -f docker-compose.yml + echo "Docker Compose validation successful." + + manual-approval: + name: Manual Approval + runs-on: self-hosted + needs: dry-run + steps: + - name: Approval Required + run: | + echo "Manual approval step reached. Please approve to proceed." + exit 1 + + merge-and-deploy: + name: Merge and Deploy + runs-on: self-hosted + needs: manual-approval + steps: + - name: Merge Pull Request + uses: cytopia/gocurl@v3 + with: + method: POST + url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge + headers: Authorization: token ${{ secrets.GITEA_TOKEN }} + + - name: Deploy Docker Compose Changes + run: | + echo "Deploying Docker Compose changes to host..." + ssh $DOCKER_USER@$DOCKER_HOST " + echo 'Pulling new images...' + cd /path/to/docker/compose/files && + docker compose pull + echo 'Applying changes...' + docker compose up -d --remove-orphans + " + env: + DOCKER_HOST: ${{ secrets.DOCKER_HOST }} + DOCKER_USER: ${{ secrets.DOCKER_USER }} + SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }} + SSH_AUTH_SOCK: /run/ssh-agent.sock From 5332b2e71066d57c5b5ddd604f6550263e908739 Mon Sep 17 00:00:00 2001 From: "trez.one" Date: Tue, 26 Nov 2024 22:09:31 -0500 Subject: [PATCH 6/6] Renamed pipeline file. --- .gitea/workflows/{analyze.yaml => build.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .gitea/workflows/{analyze.yaml => build.yaml} (100%) diff --git a/.gitea/workflows/analyze.yaml b/.gitea/workflows/build.yaml similarity index 100% rename from .gitea/workflows/analyze.yaml rename to .gitea/workflows/build.yaml