Merge pull request 'docker-deploy-workflow-v1' (#24) from docker-deploy-workflow-v1 into main
Reviewed-on: Trez.One/rinoa-docker#24
This commit is contained in:
+74
-83
@@ -1,96 +1,87 @@
|
|||||||
|
name: Docker Compose PR Workflow
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- '*'
|
- '*'
|
||||||
pull_request:
|
create:
|
||||||
types: [opened, synchronize, reopened]
|
branches:
|
||||||
branches:
|
- '*'
|
||||||
- main
|
|
||||||
|
|
||||||
name: Docker Scan, Lint, & Deploy via Compose
|
|
||||||
jobs:
|
jobs:
|
||||||
sonarqube:
|
create-pr-and-validate:
|
||||||
name: SonarQube Scanning & Quality Gate
|
name: Create PR and Validate Docker Compose
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checking out
|
- name: Checkout Repository
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
- name: SonarQube Scan
|
|
||||||
id: sonarqube-scan
|
|
||||||
uses: SonarSource/sonarqube-scan-action@v4.1.0
|
|
||||||
env:
|
|
||||||
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
|
||||||
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
|
||||||
- name: SonarQube Quality Gate Check
|
|
||||||
id: quality-gate
|
|
||||||
uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
|
|
||||||
env:
|
|
||||||
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
|
||||||
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
|
||||||
|
|
||||||
docker-compose-dry-run:
|
|
||||||
name: Dry Run Docker Compose
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: quality-gate
|
|
||||||
if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED'
|
|
||||||
steps:
|
|
||||||
- name: Checking out
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
- name: Generate ephemeral env
|
|
||||||
run: |
|
|
||||||
echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env
|
|
||||||
- name: Validate Docker Compose Configuration
|
|
||||||
id: docker-lint
|
|
||||||
run: |
|
|
||||||
docker compose config --no-interpolate --quiet --dry-run
|
|
||||||
EXIT_CODE=$?
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Docker Compose configuration validation failed."
|
|
||||||
exit 1
|
|
||||||
else
|
|
||||||
echo "Docker Compose configuration is valid."
|
|
||||||
fi
|
|
||||||
echo "::set-output name=exit_code::$EXIT_CODE"
|
|
||||||
- name: Merge PR in Gitea
|
|
||||||
needs: docker-lint
|
|
||||||
if: steps.docker-lint.outputs.exit_code == 0
|
|
||||||
uses: prasiman/gocurl@v1
|
|
||||||
if: ${{ github.event.pull_request.merged == false }} # Only merge if PR is not already merged
|
|
||||||
with:
|
|
||||||
method: "POST"
|
|
||||||
url: "${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge"
|
|
||||||
headers: >
|
|
||||||
Authorization: token "${{ secrets.BOT_GITEA_TOKEN }}
|
|
||||||
Content-Type: application/json
|
|
||||||
body: |
|
|
||||||
{
|
|
||||||
"Do": "merge"
|
|
||||||
}
|
|
||||||
|
|
||||||
deploy-changes:
|
|
||||||
name: Merge and Deploy Changes
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: docker-lint
|
|
||||||
if: steps.docker-lint.outputs.exit_code == 0
|
|
||||||
steps:
|
|
||||||
- name: Checkout Code
|
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Git Merge & Push
|
- name: Check if Pull Request Exists
|
||||||
uses: morbalint/git-merge-action@v1.1.0
|
id: check-pr
|
||||||
|
uses: prasiman/gocurl@v1.2.0
|
||||||
with:
|
with:
|
||||||
target: 'main'
|
url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/pulls?state=open&head=${{ github.repository_owner }}:${{ github.ref_name }}
|
||||||
source: ${{ gitea.event.pull_request.head.ref }}
|
method: GET
|
||||||
dry-run: true
|
headers: |
|
||||||
- name: Deploy Docker Compose Changes
|
Authorization: token ${{ secrets.GITEA_API_TOKEN }}
|
||||||
uses: 5eqn/docker-compose-remote-action@v0.0.7
|
outputs:
|
||||||
|
response: ${{ steps.check-pr.outputs.response }}
|
||||||
|
- name: Create Pull Request
|
||||||
|
if: env.PR_EXISTS != 'true'
|
||||||
|
uses: arifer612/Gitea-PR-action@v1.2.0
|
||||||
|
with:
|
||||||
|
url: ${{ secrets.RINOA_GITEA_SERVER }}
|
||||||
|
token: ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
- name: Run SonarQube Analysis
|
||||||
|
uses: sonarsource/sonarqube-scan-action@v2.0.0
|
||||||
|
with:
|
||||||
|
SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
extra_args: |
|
||||||
|
-Dsonar.projectKey=${{ github.repository }}
|
||||||
|
-Dsonar.sources=.
|
||||||
|
-Dsonar.inclusions=docker-compose.yml
|
||||||
|
-Dsonar.language=yaml,docker
|
||||||
|
- name: Check SonarQube Quality Gate
|
||||||
|
id: quality-gate
|
||||||
|
uses: sonarsource/sonarqube-quality-gate-check-action@v2.0.0
|
||||||
|
with:
|
||||||
|
SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
|
||||||
|
- name: Validate Docker Compose Configuration
|
||||||
|
if: steps.quality-gate.outputs.quality-gate-status == 'PASSED'
|
||||||
|
id: docker-lint
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.DOCKER_ENV }}" > .env
|
||||||
|
docker compose config --no-interpolate --quiet --dry-run
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
- name: Merge Pull Request
|
||||||
|
if: steps.docker-lint.outcome == 'success'
|
||||||
|
uses: prasiman/gocurl@v1.2.0
|
||||||
|
with:
|
||||||
|
url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge
|
||||||
|
method: POST
|
||||||
|
headers: |
|
||||||
|
Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
Content-Type: application/json
|
||||||
|
body: |
|
||||||
|
{
|
||||||
|
"Do": "merge"
|
||||||
|
}
|
||||||
|
|
||||||
|
deploy-main:
|
||||||
|
name: Deploy to Remote Host
|
||||||
|
needs: create-pr-and-validate
|
||||||
|
if: github.ref == 'refs/heads/main'
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: SSH to Remote Host and Deploy Docker Compose
|
||||||
|
uses: keatonLiu/docker-compose-remote-action@v1.2
|
||||||
with:
|
with:
|
||||||
ssh_host: 192.168.1.254
|
|
||||||
ssh_user: gitea-deploy
|
ssh_user: gitea-deploy
|
||||||
|
ssh_host: 192.168.1.254
|
||||||
ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }}
|
ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }}
|
||||||
ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }}
|
ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }}
|
||||||
docker_env: $ {{ secrets.RINOA_DOCKER_ENV }}
|
compose_file_path: docker-compose.yml
|
||||||
docker_args: -d --remove-orphans --build --dry-run
|
args: "-d --remove-orphans --build --dry-run"
|
||||||
|
|||||||
@@ -0,0 +1,86 @@
|
|||||||
|
name: Docker Compose PR Workflow
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
create:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
create-pr-and-validate:
|
||||||
|
name: Create PR and Validate Docker Compose
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout Repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Check if Pull Request Exists
|
||||||
|
id: check-pr
|
||||||
|
uses: prasiman/gocurl@v1.2.0
|
||||||
|
with:
|
||||||
|
url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/pulls?state=open&head=${{ github.repository_owner }}:${{ github.ref_name }}
|
||||||
|
method: GET
|
||||||
|
headers: |
|
||||||
|
Authorization: token ${{ secrets.GITEA_API_TOKEN }}
|
||||||
|
outputs:
|
||||||
|
response: ${{ steps.check-pr.outputs.response }}
|
||||||
|
- name: Create Pull Request
|
||||||
|
if: env.PR_EXISTS != 'true'
|
||||||
|
uses: arifer612/Gitea-PR-action@v1.2.0
|
||||||
|
with:
|
||||||
|
url: ${{ secrets.RINOA_GITEA_SERVER }}
|
||||||
|
token: ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
- name: Run SonarQube Analysis
|
||||||
|
uses: sonarsource/sonarqube-scan-action@v2.0.0
|
||||||
|
with:
|
||||||
|
SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
extra_args: |
|
||||||
|
-Dsonar.projectKey=${{ github.repository }}
|
||||||
|
-Dsonar.sources=.
|
||||||
|
-Dsonar.inclusions=docker-compose.yml
|
||||||
|
-Dsonar.language=yaml,docker
|
||||||
|
- name: Check SonarQube Quality Gate
|
||||||
|
id: quality-gate
|
||||||
|
uses: sonarsource/sonarqube-quality-gate-check-action@v2.0.0
|
||||||
|
with:
|
||||||
|
SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
sonar_token: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
|
||||||
|
- name: Validate Docker Compose Configuration
|
||||||
|
if: steps.quality-gate.outputs.quality-gate-status == 'PASSED'
|
||||||
|
id: docker-lint
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.DOCKER_ENV }}" > .env
|
||||||
|
docker compose config --no-interpolate --quiet --dry-run
|
||||||
|
|
||||||
|
- name: Merge Pull Request
|
||||||
|
if: steps.docker-lint.outcome == 'success'
|
||||||
|
uses: prasiman/gocurl@v1.2.0
|
||||||
|
with:
|
||||||
|
url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge
|
||||||
|
method: POST
|
||||||
|
headers: |
|
||||||
|
Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
Content-Type: application/json
|
||||||
|
body: |
|
||||||
|
{
|
||||||
|
"Do": "merge"
|
||||||
|
}
|
||||||
|
|
||||||
|
deploy-main:
|
||||||
|
name: Deploy to Remote Host
|
||||||
|
needs: create-pr-and-validate
|
||||||
|
if: github.ref == 'refs/heads/main'
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: SSH to Remote Host and Deploy Docker Compose
|
||||||
|
uses: keatonLiu/docker-compose-remote-action@v1.2
|
||||||
|
with:
|
||||||
|
ssh_user: gitea-deploy
|
||||||
|
ssh_host: 192.168.1.254
|
||||||
|
ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }}
|
||||||
|
ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }}
|
||||||
|
compose_file_path: docker-compose.yml
|
||||||
|
args: "-d --remove-orphans --build --dry-run"
|
||||||
Reference in New Issue
Block a user