Reverting back to an earlier iteration of the build (from 183e3130ee).

This commit is contained in:
2024-12-06 14:37:52 -05:00
parent 8412137ae8
commit 22eba6b7b8
+118 -71
View File
@@ -3,87 +3,134 @@ name: Docker Compose PR Workflow
on: on:
push: push:
branches: branches:
- '*' - main
create: pull_request:
branches: types: [opened, synchronize, reopened]
- '*'
name: SonarQube Scan
jobs: jobs:
create-pr-and-validate: sonarqube:
name: Create PR and Validate Docker Compose name: SonarQube Scanning & Status
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout Repository - name: Checking out
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: URL check with:
run: | # Disabling shallow clone is recommended for improving relevancy of reporting
echo "${{ secrets.RINOA_GITEA_SERVER }}" fetch-depth: 0
- name: Gitea List Pull Requests
id: gitea-check-pr
uses: vicamo/gitea-list-pull-requests@v1.0.1
with:
token: "${{ secrets.BOT_GITEA_TOKEN }}"
server_url: "${{ secrets.RINOA_GITEA_SERVER }}"
state: 'all'
# - name: Set PR_EXISTS environment variable
# run: echo "PR_EXISTS=${{ steps.gitea-check-pr.outputs.exists }}" >> $GITHUB_ENV
# - name: Create Pull Request
# if: env.PR_EXISTS != 'true'
# uses: arifer612/Gitea-PR-action@v1.2.0
# with:
# url: ${{ secrets.RINOA_GITEA_SERVER }}
# token: ${{ secrets.BOT_GITEA_TOKEN }}
# # - name: Run SonarQube Analysis
# uses: SonarSource/sonarqube-scan-action@v4.1.0
# with:
# SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
# sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
# extra_args: |
# -Dsonar.projectKey=${{ github.repository }}
# -Dsonar.sources=.
# -Dsonar.inclusions=docker-compose.yml
# -Dsonar.language=yaml,docker
# - name: Check SonarQube Quality Gate
# id: quality-gate
# uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
# with:
# SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
# sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
# - name: Validate Docker Compose Configuration - name: SonarQube Scan
# if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' uses: SonarSource/sonarqube-scan-action@v4.0.0
# id: docker-lint env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
- name: SonarQube Quality Gate Check
id: quality-gate
uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# - name: Comment on Pull Request with Quality Gate Status
# id: comment-pr
# uses: prasiman/gocurl@v1
# with:
# method: POST
# url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews"
# headers: >
# Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
# body: |
# {
# "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}"
# }
docker-compose-dry-run:
name: Dry Run Docker Compose
runs-on: ubuntu-latest
needs: quality-gate
if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED'
steps:
- name: Checking out
uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: Generate ephemeral env
run: |
echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env
- name: Validate Docker Compose Configuration
id: docker-lint
run: |
docker compose config --no-interpolate --quiet --dry-run
EXIT_CODE=$?
if [ $? -ne 0 ]; then
echo "Docker Compose configuration validation failed."
exit 1
else
echo "Docker Compose configuration is valid."
fi
echo "::set-output name=exit_code::$EXIT_CODE"
# - name: Docker Compose Lint
# uses: sjafferali/docker-compose-lint-action@v0.1.2
# with:
# compose-file: './docker-compose.yml'
# manual-approval:
# name: Manual Approval
# needs: docker-compose-test
# if: always()
# runs-on: self-hosted
# steps:
# - name: Approval Required
# run: | # run: |
# echo "${{ secrets.DOCKER_ENV }}" > .env # echo "Manual approval step reached. Please approve to proceed."
# docker compose config --no-interpolate --quiet --dry-run # exit 1
deploy-changes:
name: Merge and Deploy Changes
runs-on: ubuntu-latest
needs: docker-lint
if: steps.docker-lint.outputs.exit_code == 0
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Install & Setup Tea CLI
run: |
curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
chmod +x /usr/local/bin/tea
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}"" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}"
- name: Merge PR with Tea CLI
run: |
tea pr m "${{ gitea.event.pull_request.number }}"
# - name: Merge Pull Request # - name: Merge Pull Request
# if: steps.docker-lint.outcome == 'success'
# uses: prasiman/gocurl@v1 # uses: prasiman/gocurl@v1
# with: # with:
# url: "${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge"
# method: POST # method: POST
# headers: | # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge"
# headers: >
# Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
# Content-Type: application/json
# body: |
# {
# "Do": "merge"
# }
# deploy-main: - name: Deploy Docker Compose Changes
# name: Deploy to Remote Host uses: astappiev/docker-compose-remote-action@master
# needs: create-pr-and-validate with:
# if: github.ref == 'refs/heads/main' ssh_host: 192.168.1.254
# runs-on: ubuntu-latest ssh_user: gitea-deploy
# steps: ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }}
# - name: SSH to Remote Host and Deploy Docker Compose ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }}
# uses: keatonLiu/docker-compose-remote-action@v1.2 docker_env: $ {{ secrets.RINOA_DOCKER_ENV }}
# with: docker_args: -d --remove-orphans --build --dry-run
# ssh_user: gitea-deploy
# ssh_host: 192.168.1.254 # uses: alex-ac/github-action-ssh-docker-compose@master
# ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} # with:
# ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} # ssh_host: ${{ secrets.DOCKER_HOST }}
# compose_file_path: docker-compose.yml # ssh_user: ${{ secrets.DOCKER_USER }}
# args: "-d --remove-orphans --build --dry-run" # ssh_key: ${{ secrets.DOCKER_SSH_KEY }}
# compose_file_path: /path/to/docker-compose.yml
# docker_compose_command: "up -d --remove-orphans"