From 7d8abbd94fd36dad2f9e4522e0fac2b3812aca8d Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 28 Nov 2024 05:26:53 -0500 Subject: [PATCH 01/44] Minor version bump for custom sonar-gitea-pr-bot action. --- .gitea/workflows/build.yaml | 150 +++++++++++++++++++++++------------- 1 file changed, 95 insertions(+), 55 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 7ede2d1a..aea1a56a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -8,7 +8,7 @@ on: name: SonarQube Scan jobs: sonarqube: - name: SonarQube Trigger + name: SonarQube Scanning & Status runs-on: ubuntu-latest steps: - name: Checking out @@ -18,60 +18,100 @@ jobs: fetch-depth: 0 - name: SonarQube Scan - uses: kitabisa/sonarqube-action@v1.2.0 + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # - name: Fetch SonarQube Project Status + # id: fetch-status + # uses: prasiman/gocurl@v1 + # with: + # method: GET + # url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status + # basic-auth-token: ${{ secrets.SONARQUBE_TOKEN }} + # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' + # log-response: true + + # - name: Comment on PR with SonarQube Status + # uses: prasiman/gocurl@v1 + # with: + # method: "POST" + # url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews + # headers: | + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # Content-Type: application/json + # body: + # | + # { + # "body": "string", + # "comments": [ + # { + # "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", + # "new_position": 0, + # "old_position": 0, + # "path": "string" + # } + # ], + # "commit_id": "${{ gitea.pull_request.head.sha }}", + # "event": "COMMENT" + # } + + - name: Run SonarQube and Gitea Action + uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.1 with: - host: ${{ secrets.SONARQUBE_HOST }} - login: ${{ secrets.SONARQUBE_TOKEN }} + sonar_server_url: ${{ secrets.SONARQUBE_HOST }} + sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} + gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} + gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} + project_key: $ {{ gitea.repository.name }} + pull_request_id: ${{ github.event.pull_request.number }} + + # - name: SonarQube Pull Request Comment + # if: always() + # uses: campos-pay/sonarqube-pr-comment@v0.1.5 + # with: + # sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + # sonar_host_url: ${{ secrets.SONARQUBE_HOST }} + # sonar_projectkey: ${{ gitea.event.repository.name }} + # github-token: ${{ secrets.BOT_GITEA_TOKEN }} + # repo_name: ${{ gitea.repository }} + # pr_number: ${{ gitea.event.pull_request.number }} + # github_api_base_url: "https://git.trez.wtf/api/v1" - - name: Fetch SonarQube Project Status - id: fetch-status - uses: cytopia/gocurl@v3 - with: - method: GET - url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status - headers: | - Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }} - query: projectKey=${{ gitea.repository.name }} + # status-check: + # name: Validate SonarQube Bot Status + # needs: setup-sonarqube + # runs-on: self-hosted + # steps: + # - name: Fetch PR Status + # uses: prasiman/gocurl@v1 + # with: + # method: GET + # url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status + # headers: | + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # run: | + # echo "Validating SonarQube bot status..." + # echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 + # echo "SonarQube bot status validation successful." - - name: Comment on PR with SonarQube Status - uses: cytopia/gocurl@v3 - with: - method: POST - url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments - headers: | - Authorization: token ${{ secrets.RINOA_GITEA_TOKEN }} - Content-Type: application/json - body: | - { - "body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})" - } - - status-check: - name: Validate SonarQube Bot Status - needs: setup-sonarqube - runs-on: self-hosted - steps: - - name: Fetch PR Status - uses: cytopia/gocurl@v3 - with: - method: GET - url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status - headers: "Authorization: token ${{ secrets.GITEA_TOKEN }}"" - run: | - echo "Validating SonarQube bot status..." - echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 - echo "SonarQube bot status validation successful." - - dry-run: - name: Dry Run Docker Compose - runs-on: self-hosted - needs: status-check - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Validate Docker Compose - run: | - echo "Validating Docker Compose configuration..." - docker compose config -f rinoa-docker-compose.yml - echo "Docker Compose validation successful." + # dry-run: + # name: Dry Run Docker Compose + # runs-on: self-hosted + # needs: status-check + # steps: + # - name: Checkout Code + # uses: actions/checkout@v4 + # - name: Validate Docker Compose + # run: | + # echo "Validating Docker Compose configuration..." + # docker compose config -f rinoa-docker-compose.yml + # echo "Docker Compose validation successful." From 4b64af353178cb4bf434c9226051e308447784a9 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 28 Nov 2024 05:45:57 -0500 Subject: [PATCH 02/44] Re-adding sonar-project.properties. --- sonar-project.properties | 1 + 1 file changed, 1 insertion(+) create mode 100644 sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..1127bc77 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1 @@ +sonar.projectKey=rinoa-docker From c9f0071be138a49e01ec52702f6a8fdcc62ca6d4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 29 Nov 2024 17:54:31 -0500 Subject: [PATCH 03/44] Another minor version bot for custom action. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index aea1a56a..22da628b 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -65,7 +65,7 @@ jobs: # } - name: Run SonarQube and Gitea Action - uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.1 + uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.2 with: sonar_server_url: ${{ secrets.SONARQUBE_HOST }} sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} From e31effead8c298d5791f9c37002f932e1d74e98a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 29 Nov 2024 18:09:34 -0500 Subject: [PATCH 04/44] Tweak on L74. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 22da628b..ca2b4ff6 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -71,7 +71,7 @@ jobs: sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} - project_key: $ {{ gitea.repository.name }} + project_key: rinoa-docker pull_request_id: ${{ github.event.pull_request.number }} # - name: SonarQube Pull Request Comment From 1106f044a01b383a6581b2596760d07fbc5d613c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 12:00:11 -0500 Subject: [PATCH 05/44] Removed SonarQube scan action (custom Gitea action already covers the scan.) --- .gitea/workflows/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index ca2b4ff6..5b501ec9 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -17,11 +17,11 @@ jobs: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # uses: SonarSource/sonarqube-scan-action@v4.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: SonarQube Quality Gate Check id: quality-gate @@ -72,7 +72,7 @@ jobs: gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} project_key: rinoa-docker - pull_request_id: ${{ github.event.pull_request.number }} + pull_request_id: ${{ gitea.event.pull_request.number }} # - name: SonarQube Pull Request Comment # if: always() From b8095be1f94fca9e5f8a2ab1eef01f1c99be4443 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 12:04:42 -0500 Subject: [PATCH 06/44] Changing order of scan and quality gate check. --- .gitea/workflows/build.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 5b501ec9..e6274cf8 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -23,13 +23,6 @@ jobs: # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: SonarQube Quality Gate Check - id: quality-gate - uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - # - name: Fetch SonarQube Project Status # id: fetch-status # uses: prasiman/gocurl@v1 @@ -73,7 +66,14 @@ jobs: gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} project_key: rinoa-docker pull_request_id: ${{ gitea.event.pull_request.number }} - + + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Pull Request Comment # if: always() # uses: campos-pay/sonarqube-pr-comment@v0.1.5 From 10c7e5923c3e70769ad606da9b98552624a8dafb Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 12:48:27 -0500 Subject: [PATCH 07/44] L67 modification in build. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index e6274cf8..73c0eeba 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -64,7 +64,7 @@ jobs: sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} - project_key: rinoa-docker + project_key: ${{ gitea.repository.name }} pull_request_id: ${{ gitea.event.pull_request.number }} - name: SonarQube Quality Gate Check From 7b32c944e3ed7dde61dfe977f8bd8968289e176b Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 15:40:12 -0500 Subject: [PATCH 08/44] Switching back to gocurl for PR comment. --- .gitea/workflows/build.yaml | 87 ++++++++++++++++++------------------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 73c0eeba..eb732e06 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -17,45 +17,18 @@ jobs: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - # - name: SonarQube Scan - # uses: SonarSource/sonarqube-scan-action@v4.0.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - # - name: Fetch SonarQube Project Status - # id: fetch-status - # uses: prasiman/gocurl@v1 - # with: - # method: GET - # url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status - # basic-auth-token: ${{ secrets.SONARQUBE_TOKEN }} - # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' - # log-response: true - - # - name: Comment on PR with SonarQube Status - # uses: prasiman/gocurl@v1 - # with: - # method: "POST" - # url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews - # headers: | - # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - # Content-Type: application/json - # body: - # | - # { - # "body": "string", - # "comments": [ - # { - # "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", - # "new_position": 0, - # "old_position": 0, - # "path": "string" - # } - # ], - # "commit_id": "${{ gitea.pull_request.head.sha }}", - # "event": "COMMENT" - # } + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: Run SonarQube and Gitea Action uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.2 @@ -67,12 +40,38 @@ jobs: project_key: ${{ gitea.repository.name }} pull_request_id: ${{ gitea.event.pull_request.number }} - - name: SonarQube Quality Gate Check - id: quality-gate - uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: Fetch SonarQube Project Status + # id: fetch-status + # uses: prasiman/gocurl@v1 + # with: + # method: GET + # url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status + # basic-auth-token: ${{ secrets.SONARQUBE_TOKEN }} + # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' + # log-response: true + + - name: Comment on PR with SonarQube Status + uses: prasiman/gocurl@v1 + with: + method: POST + url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews + headers: | + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + Content-Type: application/json + body: > + { + "body": "SonarQube Quality Gate Status", + "comments": [ + { + "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", + "new_position": 0, + "old_position": 0 + } + ], + "commit_id": "${{ gitea.pull_request.head.sha }}", + "event": "COMMENT" + } + # - name: SonarQube Pull Request Comment # if: always() From be480cd55598be25ce9b08fd4c9192f72e414c4a Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 16:05:13 -0500 Subject: [PATCH 09/44] Commented out custom action. --- .gitea/workflows/build.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index eb732e06..30b41cbf 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -30,15 +30,15 @@ jobs: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Run SonarQube and Gitea Action - uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.2 - with: - sonar_server_url: ${{ secrets.SONARQUBE_HOST }} - sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} - gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} - gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} - project_key: ${{ gitea.repository.name }} - pull_request_id: ${{ gitea.event.pull_request.number }} + # - name: Run SonarQube and Gitea Action + # uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.2 + # with: + # sonar_server_url: ${{ secrets.SONARQUBE_HOST }} + # sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} + # gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} + # gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} + # project_key: ${{ gitea.repository.name }} + # pull_request_id: ${{ gitea.event.pull_request.number }} # - name: Fetch SonarQube Project Status # id: fetch-status From fc86de92105de4673191720ec9e4fc346307c237 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 19:06:55 -0500 Subject: [PATCH 10/44] Taking out PR comment for now to focus on testing and deployment. --- .gitea/workflows/build.yaml | 59 ++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 33 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 30b41cbf..24c3656f 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -50,27 +50,27 @@ jobs: # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' # log-response: true - - name: Comment on PR with SonarQube Status - uses: prasiman/gocurl@v1 - with: - method: POST - url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews - headers: | - Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - Content-Type: application/json - body: > - { - "body": "SonarQube Quality Gate Status", - "comments": [ - { - "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", - "new_position": 0, - "old_position": 0 - } - ], - "commit_id": "${{ gitea.pull_request.head.sha }}", - "event": "COMMENT" - } + # - name: Comment on PR with SonarQube Status + # uses: prasiman/gocurl@v1 + # with: + # method: POST + # url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews + # headers: | + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # Content-Type: application/json + # body: > + # { + # "body": "SonarQube Quality Gate Status", + # "comments": [ + # { + # "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", + # "new_position": 0, + # "old_position": 0 + # } + # ], + # "commit_id": "${{ gitea.pull_request.head.sha }}", + # "event": "COMMENT" + # } # - name: SonarQube Pull Request Comment @@ -102,15 +102,8 @@ jobs: # echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 # echo "SonarQube bot status validation successful." - # dry-run: - # name: Dry Run Docker Compose - # runs-on: self-hosted - # needs: status-check - # steps: - # - name: Checkout Code - # uses: actions/checkout@v4 - # - name: Validate Docker Compose - # run: | - # echo "Validating Docker Compose configuration..." - # docker compose config -f rinoa-docker-compose.yml - # echo "Docker Compose validation successful." + dry-run: + - name: Tests + uses: cloudposse/github-action-docker-compose-test-run@main + with: + file: rinoa-docker-compose.yml \ No newline at end of file From d196b4a32dcb2e88f9b25d67f5ca705730fa6aef Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sat, 30 Nov 2024 19:41:26 -0500 Subject: [PATCH 11/44] Taking out PR comment step for now; adding Docker Compose dry-run. --- .gitea/workflows/build.yaml | 78 +------------------ ...a-docker-compose.yml => docker-compose.yml | 0 2 files changed, 4 insertions(+), 74 deletions(-) rename rinoa-docker-compose.yml => docker-compose.yml (100%) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 24c3656f..071e856b 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -29,81 +29,11 @@ jobs: env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - # - name: Run SonarQube and Gitea Action - # uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.2 - # with: - # sonar_server_url: ${{ secrets.SONARQUBE_HOST }} - # sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} - # gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} - # gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} - # project_key: ${{ gitea.repository.name }} - # pull_request_id: ${{ gitea.event.pull_request.number }} - - # - name: Fetch SonarQube Project Status - # id: fetch-status - # uses: prasiman/gocurl@v1 - # with: - # method: GET - # url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status - # basic-auth-token: ${{ secrets.SONARQUBE_TOKEN }} - # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' - # log-response: true - - # - name: Comment on PR with SonarQube Status - # uses: prasiman/gocurl@v1 - # with: - # method: POST - # url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews - # headers: | - # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - # Content-Type: application/json - # body: > - # { - # "body": "SonarQube Quality Gate Status", - # "comments": [ - # { - # "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", - # "new_position": 0, - # "old_position": 0 - # } - # ], - # "commit_id": "${{ gitea.pull_request.head.sha }}", - # "event": "COMMENT" - # } - - - # - name: SonarQube Pull Request Comment - # if: always() - # uses: campos-pay/sonarqube-pr-comment@v0.1.5 - # with: - # sonar_token: ${{ secrets.SONARQUBE_TOKEN }} - # sonar_host_url: ${{ secrets.SONARQUBE_HOST }} - # sonar_projectkey: ${{ gitea.event.repository.name }} - # github-token: ${{ secrets.BOT_GITEA_TOKEN }} - # repo_name: ${{ gitea.repository }} - # pr_number: ${{ gitea.event.pull_request.number }} - # github_api_base_url: "https://git.trez.wtf/api/v1" - - # status-check: - # name: Validate SonarQube Bot Status - # needs: setup-sonarqube - # runs-on: self-hosted - # steps: - # - name: Fetch PR Status - # uses: prasiman/gocurl@v1 - # with: - # method: GET - # url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status - # headers: | - # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - # run: | - # echo "Validating SonarQube bot status..." - # echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 - # echo "SonarQube bot status validation successful." - + dry-run: + runs-on: self-hosted + steps: - name: Tests uses: cloudposse/github-action-docker-compose-test-run@main with: - file: rinoa-docker-compose.yml \ No newline at end of file + file: docker-compose.yml \ No newline at end of file diff --git a/rinoa-docker-compose.yml b/docker-compose.yml similarity index 100% rename from rinoa-docker-compose.yml rename to docker-compose.yml From 025f376e0066a99c17bcdbbeb61fb928cc6145fc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 1 Dec 2024 22:21:14 -0500 Subject: [PATCH 12/44] API endpoint tweaks; using gocurl to comment on PR. --- .gitea/workflows/build.yaml | 122 ++++++++++++++++++++++++++---------- 1 file changed, 90 insertions(+), 32 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 071e856b..382d863a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -1,39 +1,97 @@ +name: Docker Compose PR Check and Deploy + on: - push: + pull_request: + types: [opened, synchronize, reopened] branches: - main - pull_request: - types: [opened, synchronize, reopened] -name: SonarQube Scan jobs: - sonarqube: - name: SonarQube Scanning & Status - runs-on: ubuntu-latest - steps: - - name: Checking out - uses: actions/checkout@v4 - with: - # Disabling shallow clone is recommended for improving relevancy of reporting - fetch-depth: 0 - - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - - name: SonarQube Quality Gate Check - id: quality-gate - uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - dry-run: + setup-sonarqube: + name: Setup SonarQube Project and Analyze runs-on: self-hosted steps: - - name: Tests - uses: cloudposse/github-action-docker-compose-test-run@main - with: - file: docker-compose.yml \ No newline at end of file + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Configure Git Credentials + run: | + git config --global url."https://${{ secrets.GITEA_TOKEN }}@${{ secrets.GITEA_SERVER }}".insteadOf "https://${{ secrets.GITEA_SERVER }}" + + - name: Run SonarQube Analysis + uses: sonarsource/sonarqube-scan-action@v1.0.0 + with: + host: ${{ secrets.SONARQUBE_URL }} + login: ${{ secrets.SONARQUBE_TOKEN }} + projectKey: ${{ github.event.repository.name }} + projectName: ${{ github.event.repository.name }} + + - name: Check SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-check@v1.1.0 + with: + host: ${{ secrets.SONARQUBE_URL }} + login: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Comment on Pull Request with Quality Gate Status + id: comment-pr + uses: prasiman/gocurl@v0.5.0 + with: + method: POST + url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + headers: > + Authorization: token ${{ secrets.GITEA_TOKEN }} + body: | + { + "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + } + + docker-compose-test: + name: Dry Run Docker Compose + needs: setup-sonarqube + if: needs.setup-sonarqube.outputs.quality-gate == 'true' + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Validate Docker Compose Configuration + uses: alexesdev/docker-compose-tests-run@v1 + with: + compose_file: docker-compose.yml + + manual-approval: + name: Manual Approval + needs: docker-compose-test + if: always() + runs-on: self-hosted + steps: + - name: Approval Required + run: | + echo "Manual approval step reached. Please approve to proceed." + exit 1 + + deploy-changes: + name: Merge and Deploy Changes + needs: manual-approval + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Merge Pull Request + uses: prasiman/gocurl@v0.5.0 + with: + method: POST + url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" + headers: > + Authorization: token ${{ secrets.GITEA_TOKEN }} + + - name: Deploy Docker Compose Changes + uses: alexesdev/ssh-docker-compose@v1.0.0 + with: + ssh_host: ${{ secrets.DOCKER_HOST }} + ssh_user: ${{ secrets.DOCKER_USER }} + ssh_key: ${{ secrets.DOCKER_SSH_KEY }} + compose_file_path: /path/to/docker-compose.yml + docker_compose_command: "up -d --remove-orphans" From 14a04222299f0e7d48a11621cb7bbe1baf2fedc5 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 1 Dec 2024 22:27:19 -0500 Subject: [PATCH 13/44] Removed git credential config step. --- .gitea/workflows/build.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 382d863a..da33ff7a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -14,10 +14,6 @@ jobs: - name: Checkout Code uses: actions/checkout@v3 - - name: Configure Git Credentials - run: | - git config --global url."https://${{ secrets.GITEA_TOKEN }}@${{ secrets.GITEA_SERVER }}".insteadOf "https://${{ secrets.GITEA_SERVER }}" - - name: Run SonarQube Analysis uses: sonarsource/sonarqube-scan-action@v1.0.0 with: From 889610101ee2e0e1acfb6c2ebce6692aea1a7bc1 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 1 Dec 2024 22:36:50 -0500 Subject: [PATCH 14/44] Corrected secrets refs. --- .gitea/workflows/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index da33ff7a..4ce2e2d9 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -17,7 +17,7 @@ jobs: - name: Run SonarQube Analysis uses: sonarsource/sonarqube-scan-action@v1.0.0 with: - host: ${{ secrets.SONARQUBE_URL }} + host: ${{ secrets.SONARQUBE_HOST }} login: ${{ secrets.SONARQUBE_TOKEN }} projectKey: ${{ github.event.repository.name }} projectName: ${{ github.event.repository.name }} @@ -26,7 +26,7 @@ jobs: id: quality-gate uses: sonarsource/sonarqube-quality-gate-check@v1.1.0 with: - host: ${{ secrets.SONARQUBE_URL }} + host: ${{ secrets.SONARQUBE_HOST }} login: ${{ secrets.SONARQUBE_TOKEN }} - name: Comment on Pull Request with Quality Gate Status @@ -34,9 +34,9 @@ jobs: uses: prasiman/gocurl@v0.5.0 with: method: POST - url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" headers: > - Authorization: token ${{ secrets.GITEA_TOKEN }} + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} body: | { "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" @@ -79,9 +79,9 @@ jobs: uses: prasiman/gocurl@v0.5.0 with: method: POST - url: "https://${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" + url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" headers: > - Authorization: token ${{ secrets.GITEA_TOKEN }} + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - name: Deploy Docker Compose Changes uses: alexesdev/ssh-docker-compose@v1.0.0 From 79ef696e3da407751ed9f2c38faccf2428459043 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 1 Dec 2024 23:08:18 -0500 Subject: [PATCH 15/44] Re-inserting old steps. --- .gitea/workflows/build.yaml | 85 ++++++++++++++++++------------------- 1 file changed, 41 insertions(+), 44 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 4ce2e2d9..d7a4c12a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -1,60 +1,57 @@ -name: Docker Compose PR Check and Deploy - on: - pull_request: - types: [opened, synchronize, reopened] + push: branches: - main + pull_request: + types: [opened, synchronize, reopened] +name: SonarQube Scan jobs: - setup-sonarqube: - name: Setup SonarQube Project and Analyze - runs-on: self-hosted + sonarqube: + name: SonarQube Scanning & Status + runs-on: ubuntu-latest steps: - - name: Checkout Code - uses: actions/checkout@v3 + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 - - name: Run SonarQube Analysis - uses: sonarsource/sonarqube-scan-action@v1.0.0 - with: - host: ${{ secrets.SONARQUBE_HOST }} - login: ${{ secrets.SONARQUBE_TOKEN }} - projectKey: ${{ github.event.repository.name }} - projectName: ${{ github.event.repository.name }} + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Check SonarQube Quality Gate - id: quality-gate - uses: sonarsource/sonarqube-quality-gate-check@v1.1.0 - with: - host: ${{ secrets.SONARQUBE_HOST }} - login: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Comment on Pull Request with Quality Gate Status - id: comment-pr - uses: prasiman/gocurl@v0.5.0 - with: - method: POST - url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" - headers: > - Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - body: | - { - "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" - } + - name: Comment on Pull Request with Quality Gate Status + id: comment-pr + uses: prasiman/gocurl@v0.5.0 + with: + method: POST + url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + headers: > + Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + body: | + { + "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + } - docker-compose-test: + docker-compose-dry-run: name: Dry Run Docker Compose - needs: setup-sonarqube - if: needs.setup-sonarqube.outputs.quality-gate == 'true' runs-on: self-hosted + if: needs.sonarqube.outputs.quality-gate == 'true' steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Validate Docker Compose Configuration - uses: alexesdev/docker-compose-tests-run@v1 - with: - compose_file: docker-compose.yml + - name: Docker Compose Lint + uses: sjafferali/docker-compose-lint-action@v0.1.2 + with: + compose-file: './docker-compose.yml' manual-approval: name: Manual Approval From f1dc7cc4a02493b7daa94a05fe2eb16af3d8c911 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Sun, 1 Dec 2024 23:20:37 -0500 Subject: [PATCH 16/44] Some further adjustments... --- .gitea/workflows/build.yaml | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index d7a4c12a..d04d7c93 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -32,7 +32,7 @@ jobs: - name: Comment on Pull Request with Quality Gate Status id: comment-pr - uses: prasiman/gocurl@v0.5.0 + uses: prasiman/gocurl@v1 with: method: POST url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" @@ -70,21 +70,29 @@ jobs: runs-on: self-hosted steps: - name: Checkout Code - uses: actions/checkout@v3 - + uses: actions/checkout@v4 - name: Merge Pull Request - uses: prasiman/gocurl@v0.5.0 + uses: prasiman/gocurl@v1 with: method: POST url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" headers: > Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - - name: Deploy Docker Compose Changes - uses: alexesdev/ssh-docker-compose@v1.0.0 - with: - ssh_host: ${{ secrets.DOCKER_HOST }} - ssh_user: ${{ secrets.DOCKER_USER }} - ssh_key: ${{ secrets.DOCKER_SSH_KEY }} - compose_file_path: /path/to/docker-compose.yml - docker_compose_command: "up -d --remove-orphans" + # - name: Deploy Docker Compose Changes + # - uses: astappiev/docker-compose-remote-action@master + # name: Docker-Compose Remote Deployment + # with: + # ssh_host: example.com + # ssh_user: ${{ secrets.DEPLOY_USERNAME }} + # ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + # ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_KEY }} + # docker_compose_prefix: myapp + + # uses: alex-ac/github-action-ssh-docker-compose@master + # with: + # ssh_host: ${{ secrets.DOCKER_HOST }} + # ssh_user: ${{ secrets.DOCKER_USER }} + # ssh_key: ${{ secrets.DOCKER_SSH_KEY }} + # compose_file_path: /path/to/docker-compose.yml + # docker_compose_command: "up -d --remove-orphans" From 007d6eceada8577a51cf338306f933f0c44e5df8 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 08:54:28 -0500 Subject: [PATCH 17/44] Testing pipeline up to dry run. --- .gitea/workflows/build.yaml | 48 ++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index d04d7c93..887f54c5 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -53,31 +53,31 @@ jobs: with: compose-file: './docker-compose.yml' - manual-approval: - name: Manual Approval - needs: docker-compose-test - if: always() - runs-on: self-hosted - steps: - - name: Approval Required - run: | - echo "Manual approval step reached. Please approve to proceed." - exit 1 + # manual-approval: + # name: Manual Approval + # needs: docker-compose-test + # if: always() + # runs-on: self-hosted + # steps: + # - name: Approval Required + # run: | + # echo "Manual approval step reached. Please approve to proceed." + # exit 1 - deploy-changes: - name: Merge and Deploy Changes - needs: manual-approval - runs-on: self-hosted - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - name: Merge Pull Request - uses: prasiman/gocurl@v1 - with: - method: POST - url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" - headers: > - Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # deploy-changes: + # name: Merge and Deploy Changes + # needs: manual-approval + # runs-on: self-hosted + # steps: + # - name: Checkout Code + # uses: actions/checkout@v4 + # - name: Merge Pull Request + # uses: prasiman/gocurl@v1 + # with: + # method: POST + # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" + # headers: > + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} # - name: Deploy Docker Compose Changes # - uses: astappiev/docker-compose-remote-action@master From 121f1ee423dc7a2f0c92f76983928814404183c8 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 08:59:28 -0500 Subject: [PATCH 18/44] Commenting out PR comment step. --- .gitea/workflows/build.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 887f54c5..872df894 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -30,18 +30,18 @@ jobs: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Comment on Pull Request with Quality Gate Status - id: comment-pr - uses: prasiman/gocurl@v1 - with: - method: POST - url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" - headers: > - Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - body: | - { - "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" - } + # - name: Comment on Pull Request with Quality Gate Status + # id: comment-pr + # uses: prasiman/gocurl@v1 + # with: + # method: POST + # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" + # headers: > + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # body: | + # { + # "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + # } docker-compose-dry-run: name: Dry Run Docker Compose From 18b6dfb2a5b96a1afae7804ea359b7d4f1f2c7a9 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:14:37 -0500 Subject: [PATCH 19/44] Correcting conditional on L49. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 872df894..e2c4af9e 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -46,7 +46,7 @@ jobs: docker-compose-dry-run: name: Dry Run Docker Compose runs-on: self-hosted - if: needs.sonarqube.outputs.quality-gate == 'true' + if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' steps: - name: Docker Compose Lint uses: sjafferali/docker-compose-lint-action@v0.1.2 From 3270673de670c4e7e82385193962b2071ed3953c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:24:15 -0500 Subject: [PATCH 20/44] Updated SonarQube properties. --- sonar-project.properties | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/sonar-project.properties b/sonar-project.properties index 1127bc77..51b46d41 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1 +1,14 @@ sonar.projectKey=rinoa-docker + +# Source directories to analyze +sonar.sources=. + +# Include only YAML and Docker-related files +sonar.inclusions=**/*.yaml,**/*.yml,**/Dockerfile,**/*.docker + +# Language-specific configuration (if required) +sonar.lang.patterns=generic=**/*.yaml,**/*.yml,**/Dockerfile,**/*.docker + +# Optional: Enable specific quality profiles for clean code practices +sonar.qualitygate.wait=true +sonar.qualitygate=Clean Code \ No newline at end of file From 2f004a3915615a5f70edc3a3338645e5a6d9d615 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:33:35 -0500 Subject: [PATCH 21/44] Added checkout for dry run. --- .gitea/workflows/build.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index e2c4af9e..238034a6 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -46,8 +46,15 @@ jobs: docker-compose-dry-run: name: Dry Run Docker Compose runs-on: self-hosted - if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' + needs: quality-gate + if: needs.steps.quality-gate.outputs.quality-gate-status == 'PASSED' steps: + - name: Checking out + uses: actions/checkout@v4 + with: + # Disabling shallow clone is recommended for improving relevancy of reporting + fetch-depth: 0 + - name: Docker Compose Lint uses: sjafferali/docker-compose-lint-action@v0.1.2 with: From 5b9447eccb6f8ee63664667007c4f0f3cb8b74a5 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:44:23 -0500 Subject: [PATCH 22/44] Changing conditional logic for dry run along with runs-on. --- .gitea/workflows/build.yaml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 238034a6..b43cf691 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -45,9 +45,9 @@ jobs: docker-compose-dry-run: name: Dry Run Docker Compose - runs-on: self-hosted + runs-on: ubuntu-latest needs: quality-gate - if: needs.steps.quality-gate.outputs.quality-gate-status == 'PASSED' + if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 @@ -55,10 +55,20 @@ jobs: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - - name: Docker Compose Lint - uses: sjafferali/docker-compose-lint-action@v0.1.2 - with: - compose-file: './docker-compose.yml' + - name: Validate Docker Compose Configuration + run: | + docker compose config + if [ $? -ne 0 ]; then + echo "Docker Compose configuration validation failed." + exit 1 + else + echo "Docker Compose configuration is valid." + fi + + # - name: Docker Compose Lint + # uses: sjafferali/docker-compose-lint-action@v0.1.2 + # with: + # compose-file: './docker-compose.yml' # manual-approval: # name: Manual Approval From bab6521cda7e7ec6592e4086cd96968e15f93bdc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:47:54 -0500 Subject: [PATCH 23/44] Correcting conditional on L50. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index b43cf691..98766342 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate - if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' + if: needs.steps.quality-gate.outputs.quality-gate-status == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 From 359d4d8dd9ac2e345bec8bb36e91a1869945ffaf Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 09:52:40 -0500 Subject: [PATCH 24/44] Tweaking conditional yet again (L50). --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 98766342..c03f0366 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate - if: needs.steps.quality-gate.outputs.quality-gate-status == 'PASSED' + if: steps.sonarqube.quality-gate.outputs.quality-gate-status == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 From 0793644c8884d9d95925ba4c1a6341fa2fa1410c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 10:44:06 -0500 Subject: [PATCH 25/44] Tweaking conditional yet again (L50). --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index c03f0366..b43cf691 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate - if: steps.sonarqube.quality-gate.outputs.quality-gate-status == 'PASSED' + if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 From 7b6190f01e59b738def36a9399b8ab7c5b99d98e Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 10:53:58 -0500 Subject: [PATCH 26/44] Tweaking conditional yet again, again (L50). --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index b43cf691..3c11d254 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -47,7 +47,7 @@ jobs: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate - if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' + if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 From ec5e7797a8d749e01584d8efd3e05981d614df8b Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 13:47:03 -0500 Subject: [PATCH 27/44] Added logic for generating .env in pipeline and for linting. --- .gitea/workflows/build.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 3c11d254..c525c79d 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -48,22 +48,28 @@ jobs: runs-on: ubuntu-latest needs: quality-gate if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' - steps: + steps: - name: Checking out uses: actions/checkout@v4 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 + - name: Generate ephemeral env + run: echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env + - name: Validate Docker Compose Configuration + id: docker-lint run: | - docker compose config + docker compose config --no-interpolate --dry-run + EXIT_CODE=$? if [ $? -ne 0 ]; then echo "Docker Compose configuration validation failed." exit 1 else echo "Docker Compose configuration is valid." fi + echo "::set-output name=exit_code::$EXIT_CODE" # - name: Docker Compose Lint # uses: sjafferali/docker-compose-lint-action@v0.1.2 @@ -88,6 +94,7 @@ jobs: # steps: # - name: Checkout Code # uses: actions/checkout@v4 + # - name: Merge Pull Request # uses: prasiman/gocurl@v1 # with: From 6071e622ffc041f2f47e0ff9caf17a10fb4f831f Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 13:51:53 -0500 Subject: [PATCH 28/44] Multi-line run for ephemeral env. --- .gitea/workflows/build.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index c525c79d..4bbbe9b4 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -56,7 +56,8 @@ jobs: fetch-depth: 0 - name: Generate ephemeral env - run: echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env + run: | + echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env - name: Validate Docker Compose Configuration id: docker-lint @@ -94,7 +95,7 @@ jobs: # steps: # - name: Checkout Code # uses: actions/checkout@v4 - + # - name: Merge Pull Request # uses: prasiman/gocurl@v1 # with: From ea9c9fc0af974323acadae25c5ecc993b182f0f3 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 16:13:10 -0500 Subject: [PATCH 29/44] Updated service scrutiny. --- docker-compose.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b11662f7..2616d208 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4522,23 +4522,23 @@ services: container_name: scrutiny devices: - permissions: rwm - source: /dev/sda - target: /dev/sda + source: "/dev/sda" + target: "/dev/sda" - permissions: rwm - source: /dev/sdb - target: /dev/sdb + source: "/dev/sdb" + target: "/dev/sdb" - permissions: rwm - source: /dev/sdd - target: /dev/sdd + source: "/dev/sdd" + target: "/dev/sdd" - permissions: rwm - source: /dev/sde - target: /dev/sde + source: "/dev/sde" + target: "/dev/sde" - permissions: rwm - source: /dev/sdc - target: /dev/sdc + source: "/dev/sdc" + target: "/dev/sdc" - permissions: rwm - source: /dev/sdf - target: /dev/sdf + source: "/dev/sdf" + target: "/dev/sdf" image: ghcr.io/analogj/scrutiny:master-omnibus labels: - homepage.group=Infrastructure/App Performance Monitoring From 19d4ebc099a9d146c4f38d9b55e4ae9ccfacf5c9 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 16:17:24 -0500 Subject: [PATCH 30/44] Quotations for values under scrutiny.services --- docker-compose.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2616d208..18f6164e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4521,22 +4521,22 @@ services: - SYS_RAWIO container_name: scrutiny devices: - - permissions: rwm + - permissions: "rwm" source: "/dev/sda" target: "/dev/sda" - - permissions: rwm + - permissions: "rwm" source: "/dev/sdb" target: "/dev/sdb" - - permissions: rwm + - permissions: "rwm" source: "/dev/sdd" target: "/dev/sdd" - - permissions: rwm + - permissions: "rwm" source: "/dev/sde" target: "/dev/sde" - - permissions: rwm + - permissions: "rwm" source: "/dev/sdc" target: "/dev/sdc" - - permissions: rwm + - permissions: "rwm" source: "/dev/sdf" target: "/dev/sdf" image: ghcr.io/analogj/scrutiny:master-omnibus From 216ce90a448461625f3515f955d18407003fba8c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 16:25:35 -0500 Subject: [PATCH 31/44] Change in syntax for services.scrutiny.devices --- docker-compose.yml | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 18f6164e..172cf4f7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4521,24 +4521,12 @@ services: - SYS_RAWIO container_name: scrutiny devices: - - permissions: "rwm" - source: "/dev/sda" - target: "/dev/sda" - - permissions: "rwm" - source: "/dev/sdb" - target: "/dev/sdb" - - permissions: "rwm" - source: "/dev/sdd" - target: "/dev/sdd" - - permissions: "rwm" - source: "/dev/sde" - target: "/dev/sde" - - permissions: "rwm" - source: "/dev/sdc" - target: "/dev/sdc" - - permissions: "rwm" - source: "/dev/sdf" - target: "/dev/sdf" + - "/dev/sda:/dev/sda:rwm" + - "/dev/sdb:/dev/sdb:rwm" + - "/dev/sdc:/dev/sdc:rwm" + - "/dev/sdd:/dev/sdd:rwm" + - "/dev/sde:/dev/sde:rwm" + - "/dev/sdf:/dev/sdf:rwm" image: ghcr.io/analogj/scrutiny:master-omnibus labels: - homepage.group=Infrastructure/App Performance Monitoring From fe86d858921076f38f0a22143e3ad265e6348ac6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 16:44:10 -0500 Subject: [PATCH 32/44] Updated sonar-project properties and quiet option for Docker compose config validation. --- .gitea/workflows/build.yaml | 2 +- sonar-project.properties | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 4bbbe9b4..4a06432b 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -62,7 +62,7 @@ jobs: - name: Validate Docker Compose Configuration id: docker-lint run: | - docker compose config --no-interpolate --dry-run + docker compose config --no-interpolate --quiet --dry-run EXIT_CODE=$? if [ $? -ne 0 ]; then echo "Docker Compose configuration validation failed." diff --git a/sonar-project.properties b/sonar-project.properties index 51b46d41..fe13978b 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,12 +3,16 @@ sonar.projectKey=rinoa-docker # Source directories to analyze sonar.sources=. -# Include only YAML and Docker-related files -sonar.inclusions=**/*.yaml,**/*.yml,**/Dockerfile,**/*.docker +# Include only the docker-compose.yml file for IaC analysis +sonar.inclusions=docker-compose.yml -# Language-specific configuration (if required) -sonar.lang.patterns=generic=**/*.yaml,**/*.yml,**/Dockerfile,**/*.docker +# Disable all other sensors explicitly +sonar.iac.enabled=true +sonar.iac.exclusions=**/*.* # Exclude everything not explicitly included +sonar.exclusions=**/*.* -# Optional: Enable specific quality profiles for clean code practices -sonar.qualitygate.wait=true -sonar.qualitygate=Clean Code \ No newline at end of file +# Explicitly include IaC file types (if required for broader IaC scanning) +sonar.iac.inclusions=**/*.yml,**/*.yaml,**/docker-compose.yml + +# Optional: Wait for quality gate in pipelines +sonar.qualitygate.wait=true \ No newline at end of file From 146f109fb5c3c48f89ceff44e635cff2fff15cde Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 17:39:12 -0500 Subject: [PATCH 33/44] Extending pipeline to deployment steps (with dry-run flag - fingers crossed). --- .gitea/workflows/build.yaml | 43 +++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 4a06432b..c8f2be68 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -88,13 +88,24 @@ jobs: # echo "Manual approval step reached. Please approve to proceed." # exit 1 - # deploy-changes: - # name: Merge and Deploy Changes - # needs: manual-approval - # runs-on: self-hosted - # steps: - # - name: Checkout Code - # uses: actions/checkout@v4 + deploy-changes: + name: Merge and Deploy Changes + needs: manual-approval + runs-on: self-hosted + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Install Tea CLI + run: | + curl -sSL https://dl.gitea.io/tea/0.9.1/tea-0.9.1-linux-amd64 > /usr/local/bin/tea + chmod +x /usr/local/bin/tea + + - name: Merge PR with Tea CLI + run: | + tea pr merge --login git-sonarqube-bot --token ${{ secrets.BOT_GITEA_TOKEN }} \ + --repo ${{ gitea.event.repository.owner.login }}/${{ github.event.repository.name }} \ + --number ${{ gitea.event.pull_request.number }} # - name: Merge Pull Request # uses: prasiman/gocurl@v1 @@ -104,15 +115,15 @@ jobs: # headers: > # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - # - name: Deploy Docker Compose Changes - # - uses: astappiev/docker-compose-remote-action@master - # name: Docker-Compose Remote Deployment - # with: - # ssh_host: example.com - # ssh_user: ${{ secrets.DEPLOY_USERNAME }} - # ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_KEY }} - # ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_KEY }} - # docker_compose_prefix: myapp + - name: Deploy Docker Compose Changes + uses: astappiev/docker-compose-remote-action@master + with: + ssh_host: 192.168.1.254 + ssh_user: gitea-deploy + ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} + ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} + docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} + docker_args: -d --remove-orphans --build --dry-run # uses: alex-ac/github-action-ssh-docker-compose@master # with: From 3b6ec47bd72cebce5c1cdb0587b3f3ae661b62ac Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 17:44:09 -0500 Subject: [PATCH 34/44] Deploy tweaks - seriously, I've been at this way too long over Thanksgiving. --- .gitea/workflows/build.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index c8f2be68..5b75497c 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -90,8 +90,7 @@ jobs: deploy-changes: name: Merge and Deploy Changes - needs: manual-approval - runs-on: self-hosted + runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v4 From aad8eb67895c32483475dba35e5279212cdfa7c3 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 17:52:50 -0500 Subject: [PATCH 35/44] Fixing conditionals... --- .gitea/workflows/build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 5b75497c..fe6811c4 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -91,6 +91,8 @@ jobs: deploy-changes: name: Merge and Deploy Changes runs-on: ubuntu-latest + needs: docker-lint + if: steps.docker-lint.outputs.exit_code == 0 steps: - name: Checkout Code uses: actions/checkout@v4 From 7c95a535270f36a8d9940030b719e69dbd7106ac Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 17:59:57 -0500 Subject: [PATCH 36/44] Fixing tea pr merge step. --- .gitea/workflows/build.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index fe6811c4..3cf673de 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -104,9 +104,7 @@ jobs: - name: Merge PR with Tea CLI run: | - tea pr merge --login git-sonarqube-bot --token ${{ secrets.BOT_GITEA_TOKEN }} \ - --repo ${{ gitea.event.repository.owner.login }}/${{ github.event.repository.name }} \ - --number ${{ gitea.event.pull_request.number }} + tea pr m --token ${{ secrets.BOT_GITEA_TOKEN }} ${{ gitea.event.pull_request.number }} # - name: Merge Pull Request # uses: prasiman/gocurl@v1 From 847982b65a0061e73761e8d323412a47e1444ce6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 18:14:56 -0500 Subject: [PATCH 37/44] Quotes around secrets in merge step. --- .gitea/workflows/build.yaml | 2 +- sonar-project.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 3cf673de..fb53066f 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -104,7 +104,7 @@ jobs: - name: Merge PR with Tea CLI run: | - tea pr m --token ${{ secrets.BOT_GITEA_TOKEN }} ${{ gitea.event.pull_request.number }} + tea pr m --token "${{ secrets.BOT_GITEA_TOKEN }}" "${{ gitea.event.pull_request.number }}" # - name: Merge Pull Request # uses: prasiman/gocurl@v1 diff --git a/sonar-project.properties b/sonar-project.properties index fe13978b..c672cb47 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -8,11 +8,11 @@ sonar.inclusions=docker-compose.yml # Disable all other sensors explicitly sonar.iac.enabled=true +sonar.iac.inclusions=**/*.yml,**/*.yaml,**/docker-compose.yml sonar.iac.exclusions=**/*.* # Exclude everything not explicitly included sonar.exclusions=**/*.* # Explicitly include IaC file types (if required for broader IaC scanning) -sonar.iac.inclusions=**/*.yml,**/*.yaml,**/docker-compose.yml # Optional: Wait for quality gate in pipelines sonar.qualitygate.wait=true \ No newline at end of file From f1f4718f9228a06eae8da9153b643f6160ec7495 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 18:24:12 -0500 Subject: [PATCH 38/44] Seriously... I'm going to end up creating my own actions at some point. --- .gitea/workflows/build.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index fb53066f..8d47e8f8 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -97,14 +97,15 @@ jobs: - name: Checkout Code uses: actions/checkout@v4 - - name: Install Tea CLI + - name: Install & Setup Tea CLI run: | curl -sSL https://dl.gitea.io/tea/0.9.1/tea-0.9.1-linux-amd64 > /usr/local/bin/tea chmod +x /usr/local/bin/tea + tea login add --name gitea-rinoa --url $ {{ secrets.RINOA_GITEA_SERVER }} --user gitea-sonarqube-bot --token $ {{ secrets.BOT_GITEA_TOKEN }} - name: Merge PR with Tea CLI run: | - tea pr m --token "${{ secrets.BOT_GITEA_TOKEN }}" "${{ gitea.event.pull_request.number }}" + tea pr m ${{ gitea.event.pull_request.number }} # - name: Merge Pull Request # uses: prasiman/gocurl@v1 From 3e2eac46085b597cd31772c2177e42e124cf0301 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 18:34:09 -0500 Subject: [PATCH 39/44] Okay... this might be it. Maybe. --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 8d47e8f8..e2d75628 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -99,7 +99,7 @@ jobs: - name: Install & Setup Tea CLI run: | - curl -sSL https://dl.gitea.io/tea/0.9.1/tea-0.9.1-linux-amd64 > /usr/local/bin/tea + curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea tea login add --name gitea-rinoa --url $ {{ secrets.RINOA_GITEA_SERVER }} --user gitea-sonarqube-bot --token $ {{ secrets.BOT_GITEA_TOKEN }} From 0f830d8707804592b5bf339f279855a6c9703674 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 18:38:10 -0500 Subject: [PATCH 40/44] .... Waiting for dinner at this point.... --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index e2d75628..490a6ad9 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -101,7 +101,7 @@ jobs: run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea - tea login add --name gitea-rinoa --url $ {{ secrets.RINOA_GITEA_SERVER }} --user gitea-sonarqube-bot --token $ {{ secrets.BOT_GITEA_TOKEN }} + tea login add --name gitea-rinoa --url $ {{ secrets.RINOA_GITEA_SERVER }} --user gitea-sonarqube-bot --token "$ {{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: | From ad5e4b76a219e2f4635f0d6759bd0c066909fff2 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 18:56:49 -0500 Subject: [PATCH 41/44] ... Feel like I'm running out of ish to say... --- .gitea/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 490a6ad9..a0014188 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -101,11 +101,11 @@ jobs: run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea - tea login add --name gitea-rinoa --url $ {{ secrets.RINOA_GITEA_SERVER }} --user gitea-sonarqube-bot --token "$ {{ secrets.BOT_GITEA_TOKEN }}" + tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}"" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: | - tea pr m ${{ gitea.event.pull_request.number }} + tea pr m "${{ gitea.event.pull_request.number }}"" # - name: Merge Pull Request # uses: prasiman/gocurl@v1 From 183e3130eea71178313d20a0985656a94adc01cc Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 19:00:47 -0500 Subject: [PATCH 42/44] Holy crap, I might actually have this figured out... --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index a0014188..66289abf 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -105,7 +105,7 @@ jobs: - name: Merge PR with Tea CLI run: | - tea pr m "${{ gitea.event.pull_request.number }}"" + tea pr m "${{ gitea.event.pull_request.number }}" # - name: Merge Pull Request # uses: prasiman/gocurl@v1 From 27cc1c05042549224bea448a90baa0510a418b68 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 19:04:29 -0500 Subject: [PATCH 43/44] Goddamn frelling quotation marks and a small screen... --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 66289abf..b7572372 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -101,7 +101,7 @@ jobs: run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea - tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}"" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}" + tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: | From da7d673560a4dbb5f9ec7cbe46e7ca6eb788c5b4 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 2 Dec 2024 19:11:00 -0500 Subject: [PATCH 44/44] Inching towards the end, I can feel it... --- .gitea/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index b7572372..c80308e6 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -101,7 +101,7 @@ jobs: run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea - tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}" + tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: |