diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 2adca133..a2988fcc 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -1,96 +1,87 @@ +name: Docker Compose PR Workflow + on: push: branches: - '*' - pull_request: - types: [opened, synchronize, reopened] - branches: - - main + create: + branches: + - '*' -name: Docker Scan, Lint, & Deploy via Compose jobs: - sonarqube: - name: SonarQube Scanning & Quality Gate + create-pr-and-validate: + name: Create PR and Validate Docker Compose runs-on: ubuntu-latest steps: - - name: Checking out - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: SonarQube Scan - id: sonarqube-scan - uses: SonarSource/sonarqube-scan-action@v4.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: SonarQube Quality Gate Check - id: quality-gate - uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - docker-compose-dry-run: - name: Dry Run Docker Compose - runs-on: ubuntu-latest - needs: quality-gate - if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' - steps: - - name: Checking out - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Generate ephemeral env - run: | - echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env - - name: Validate Docker Compose Configuration - id: docker-lint - run: | - docker compose config --no-interpolate --quiet --dry-run - EXIT_CODE=$? - if [ $? -ne 0 ]; then - echo "Docker Compose configuration validation failed." - exit 1 - else - echo "Docker Compose configuration is valid." - fi - echo "::set-output name=exit_code::$EXIT_CODE" - - name: Merge PR in Gitea - needs: docker-lint - if: steps.docker-lint.outputs.exit_code == 0 - uses: prasiman/gocurl@v1 - if: ${{ github.event.pull_request.merged == false }} # Only merge if PR is not already merged - with: - method: "POST" - url: "${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" - headers: > - Authorization: token "${{ secrets.BOT_GITEA_TOKEN }} - Content-Type: application/json - body: | - { - "Do": "merge" - } - - deploy-changes: - name: Merge and Deploy Changes - runs-on: ubuntu-latest - needs: docker-lint - if: steps.docker-lint.outputs.exit_code == 0 - steps: - - name: Checkout Code + - name: Checkout Repository uses: actions/checkout@v4 - - name: Git Merge & Push - uses: morbalint/git-merge-action@v1.1.0 + - name: Check if Pull Request Exists + id: check-pr + uses: prasiman/gocurl@v1.2.0 with: - target: 'main' - source: ${{ gitea.event.pull_request.head.ref }} - dry-run: true - - name: Deploy Docker Compose Changes - uses: 5eqn/docker-compose-remote-action@v0.0.7 + url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/pulls?state=open&head=${{ github.repository_owner }}:${{ github.ref_name }} + method: GET + headers: | + Authorization: token ${{ secrets.GITEA_API_TOKEN }} + outputs: + response: ${{ steps.check-pr.outputs.response }} + - name: Create Pull Request + if: env.PR_EXISTS != 'true' + uses: arifer612/Gitea-PR-action@v1.2.0 + with: + url: ${{ secrets.RINOA_GITEA_SERVER }} + token: ${{ secrets.BOT_GITEA_TOKEN }} + - name: Run SonarQube Analysis + uses: sonarsource/sonarqube-scan-action@v2.0.0 + with: + SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} + sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + extra_args: | + -Dsonar.projectKey=${{ github.repository }} + -Dsonar.sources=. + -Dsonar.inclusions=docker-compose.yml + -Dsonar.language=yaml,docker + - name: Check SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-check-action@v2.0.0 + with: + SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} + sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Validate Docker Compose Configuration + if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' + id: docker-lint + run: | + echo "${{ secrets.DOCKER_ENV }}" > .env + docker compose config --no-interpolate --quiet --dry-run + continue-on-error: true + + - name: Merge Pull Request + if: steps.docker-lint.outcome == 'success' + uses: prasiman/gocurl@v1.2.0 + with: + url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge + method: POST + headers: | + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + Content-Type: application/json + body: | + { + "Do": "merge" + } + + deploy-main: + name: Deploy to Remote Host + needs: create-pr-and-validate + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: SSH to Remote Host and Deploy Docker Compose + uses: keatonLiu/docker-compose-remote-action@v1.2 with: - ssh_host: 192.168.1.254 ssh_user: gitea-deploy + ssh_host: 192.168.1.254 ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} - ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} - docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} - docker_args: -d --remove-orphans --build --dry-run + ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} + compose_file_path: docker-compose.yml + args: "-d --remove-orphans --build --dry-run" diff --git a/.gitea/workflow/docker-compose-pr-workflow.yml b/.gitea/workflow/docker-compose-pr-workflow.yml new file mode 100644 index 00000000..8530c652 --- /dev/null +++ b/.gitea/workflow/docker-compose-pr-workflow.yml @@ -0,0 +1,86 @@ +name: Docker Compose PR Workflow + +on: + push: + branches: + - '*' + create: + branches: + - '*' + +jobs: + create-pr-and-validate: + name: Create PR and Validate Docker Compose + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + - name: Check if Pull Request Exists + id: check-pr + uses: prasiman/gocurl@v1.2.0 + with: + url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/pulls?state=open&head=${{ github.repository_owner }}:${{ github.ref_name }} + method: GET + headers: | + Authorization: token ${{ secrets.GITEA_API_TOKEN }} + outputs: + response: ${{ steps.check-pr.outputs.response }} + - name: Create Pull Request + if: env.PR_EXISTS != 'true' + uses: arifer612/Gitea-PR-action@v1.2.0 + with: + url: ${{ secrets.RINOA_GITEA_SERVER }} + token: ${{ secrets.BOT_GITEA_TOKEN }} + - name: Run SonarQube Analysis + uses: sonarsource/sonarqube-scan-action@v2.0.0 + with: + SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} + sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + extra_args: | + -Dsonar.projectKey=${{ github.repository }} + -Dsonar.sources=. + -Dsonar.inclusions=docker-compose.yml + -Dsonar.language=yaml,docker + - name: Check SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-check-action@v2.0.0 + with: + SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} + sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Validate Docker Compose Configuration + if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' + id: docker-lint + run: | + echo "${{ secrets.DOCKER_ENV }}" > .env + docker compose config --no-interpolate --quiet --dry-run + + - name: Merge Pull Request + if: steps.docker-lint.outcome == 'success' + uses: prasiman/gocurl@v1.2.0 + with: + url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge + method: POST + headers: | + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + Content-Type: application/json + body: | + { + "Do": "merge" + } + + deploy-main: + name: Deploy to Remote Host + needs: create-pr-and-validate + if: github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - name: SSH to Remote Host and Deploy Docker Compose + uses: keatonLiu/docker-compose-remote-action@v1.2 + with: + ssh_user: gitea-deploy + ssh_host: 192.168.1.254 + ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} + ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} + compose_file_path: docker-compose.yml + args: "-d --remove-orphans --build --dry-run"