Fixing main branch.
This commit is contained in:
@@ -0,0 +1,134 @@
|
|||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
pull_request:
|
||||||
|
types: [opened, synchronize, reopened]
|
||||||
|
|
||||||
|
name: SonarQube Scan
|
||||||
|
jobs:
|
||||||
|
sonarqube:
|
||||||
|
name: SonarQube Scanning & Status
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checking out
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
# Disabling shallow clone is recommended for improving relevancy of reporting
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: SonarQube Scan
|
||||||
|
uses: SonarSource/sonarqube-scan-action@v4.0.0
|
||||||
|
env:
|
||||||
|
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
|
||||||
|
- name: SonarQube Quality Gate Check
|
||||||
|
id: quality-gate
|
||||||
|
uses: SonarSource/sonarqube-quality-gate-action@v1.1.0
|
||||||
|
env:
|
||||||
|
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
|
||||||
|
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
|
||||||
|
# - name: Comment on Pull Request with Quality Gate Status
|
||||||
|
# id: comment-pr
|
||||||
|
# uses: prasiman/gocurl@v1
|
||||||
|
# with:
|
||||||
|
# method: POST
|
||||||
|
# url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews"
|
||||||
|
# headers: >
|
||||||
|
# Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
# body: |
|
||||||
|
# {
|
||||||
|
# "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}"
|
||||||
|
# }
|
||||||
|
|
||||||
|
docker-compose-dry-run:
|
||||||
|
name: Dry Run Docker Compose
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: quality-gate
|
||||||
|
if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED'
|
||||||
|
steps:
|
||||||
|
- name: Checking out
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
# Disabling shallow clone is recommended for improving relevancy of reporting
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Generate ephemeral env
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env
|
||||||
|
|
||||||
|
- name: Validate Docker Compose Configuration
|
||||||
|
id: docker-lint
|
||||||
|
run: |
|
||||||
|
docker compose config --no-interpolate --quiet --dry-run
|
||||||
|
EXIT_CODE=$?
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "Docker Compose configuration validation failed."
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "Docker Compose configuration is valid."
|
||||||
|
fi
|
||||||
|
echo "::set-output name=exit_code::$EXIT_CODE"
|
||||||
|
|
||||||
|
# - name: Docker Compose Lint
|
||||||
|
# uses: sjafferali/docker-compose-lint-action@v0.1.2
|
||||||
|
# with:
|
||||||
|
# compose-file: './docker-compose.yml'
|
||||||
|
|
||||||
|
# manual-approval:
|
||||||
|
# name: Manual Approval
|
||||||
|
# needs: docker-compose-test
|
||||||
|
# if: always()
|
||||||
|
# runs-on: self-hosted
|
||||||
|
# steps:
|
||||||
|
# - name: Approval Required
|
||||||
|
# run: |
|
||||||
|
# echo "Manual approval step reached. Please approve to proceed."
|
||||||
|
# exit 1
|
||||||
|
|
||||||
|
deploy-changes:
|
||||||
|
name: Merge and Deploy Changes
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
needs: docker-lint
|
||||||
|
if: steps.docker-lint.outputs.exit_code == 0
|
||||||
|
steps:
|
||||||
|
- name: Checkout Code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Install & Setup Tea CLI
|
||||||
|
run: |
|
||||||
|
curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea
|
||||||
|
chmod +x /usr/local/bin/tea
|
||||||
|
tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}"
|
||||||
|
|
||||||
|
- name: Merge PR with Tea CLI
|
||||||
|
run: |
|
||||||
|
tea pr m "${{ gitea.event.pull_request.number }}"
|
||||||
|
|
||||||
|
# - name: Merge Pull Request
|
||||||
|
# uses: prasiman/gocurl@v1
|
||||||
|
# with:
|
||||||
|
# method: POST
|
||||||
|
# url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge"
|
||||||
|
# headers: >
|
||||||
|
# Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
|
||||||
|
- name: Deploy Docker Compose Changes
|
||||||
|
uses: astappiev/docker-compose-remote-action@master
|
||||||
|
with:
|
||||||
|
ssh_host: 192.168.1.254
|
||||||
|
ssh_user: gitea-deploy
|
||||||
|
ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }}
|
||||||
|
ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }}
|
||||||
|
docker_env: $ {{ secrets.RINOA_DOCKER_ENV }}
|
||||||
|
docker_args: -d --remove-orphans --build --dry-run
|
||||||
|
|
||||||
|
# uses: alex-ac/github-action-ssh-docker-compose@master
|
||||||
|
# with:
|
||||||
|
# ssh_host: ${{ secrets.DOCKER_HOST }}
|
||||||
|
# ssh_user: ${{ secrets.DOCKER_USER }}
|
||||||
|
# ssh_key: ${{ secrets.DOCKER_SSH_KEY }}
|
||||||
|
# compose_file_path: /path/to/docker-compose.yml
|
||||||
|
# docker_compose_command: "up -d --remove-orphans"
|
||||||
@@ -1458,7 +1458,10 @@ services:
|
|||||||
grafana-alloy:
|
grafana-alloy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
required: true
|
required: true
|
||||||
|
<<<<<<< HEAD
|
||||||
restart: true
|
restart: true
|
||||||
|
=======
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
environment:
|
environment:
|
||||||
GF_INSTALL_PLUGINS: grafana-piechart-panel
|
GF_INSTALL_PLUGINS: grafana-piechart-panel
|
||||||
TZ: America/New_York
|
TZ: America/New_York
|
||||||
@@ -1567,7 +1570,10 @@ services:
|
|||||||
grafana-alloy:
|
grafana-alloy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
required: true
|
required: true
|
||||||
|
<<<<<<< HEAD
|
||||||
restart: true
|
restart: true
|
||||||
|
=======
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
image: grafana/loki:latest
|
image: grafana/loki:latest
|
||||||
networks:
|
networks:
|
||||||
default: null
|
default: null
|
||||||
@@ -1592,7 +1598,10 @@ services:
|
|||||||
grafana-alloy:
|
grafana-alloy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
required: true
|
required: true
|
||||||
|
<<<<<<< HEAD
|
||||||
restart: true
|
restart: true
|
||||||
|
=======
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
image: grafana/mimir:latest
|
image: grafana/mimir:latest
|
||||||
labels:
|
labels:
|
||||||
- homepage.group=Infrastructure/App Performance Monitoring
|
- homepage.group=Infrastructure/App Performance Monitoring
|
||||||
@@ -1647,7 +1656,10 @@ services:
|
|||||||
grafana-alloy:
|
grafana-alloy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
required: true
|
required: true
|
||||||
|
<<<<<<< HEAD
|
||||||
restart: true
|
restart: true
|
||||||
|
=======
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
image: grafana/pyroscope:latest
|
image: grafana/pyroscope:latest
|
||||||
labels:
|
labels:
|
||||||
- homepage.group=Infrastructure/App Performance Monitoring
|
- homepage.group=Infrastructure/App Performance Monitoring
|
||||||
@@ -1677,7 +1689,10 @@ services:
|
|||||||
grafana-alloy:
|
grafana-alloy:
|
||||||
condition: service_started
|
condition: service_started
|
||||||
required: true
|
required: true
|
||||||
|
<<<<<<< HEAD
|
||||||
restart: true
|
restart: true
|
||||||
|
=======
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
image: grafana/tempo:latest
|
image: grafana/tempo:latest
|
||||||
networks:
|
networks:
|
||||||
default: null
|
default: null
|
||||||
@@ -4526,6 +4541,7 @@ services:
|
|||||||
- SYS_RAWIO
|
- SYS_RAWIO
|
||||||
container_name: scrutiny
|
container_name: scrutiny
|
||||||
devices:
|
devices:
|
||||||
|
<<<<<<< HEAD
|
||||||
- permissions: rwm
|
- permissions: rwm
|
||||||
source: /dev/sda
|
source: /dev/sda
|
||||||
target: /dev/sda
|
target: /dev/sda
|
||||||
@@ -4544,6 +4560,14 @@ services:
|
|||||||
- permissions: rwm
|
- permissions: rwm
|
||||||
source: /dev/sdf
|
source: /dev/sdf
|
||||||
target: /dev/sdf
|
target: /dev/sdf
|
||||||
|
=======
|
||||||
|
- "/dev/sda:/dev/sda:rwm"
|
||||||
|
- "/dev/sdb:/dev/sdb:rwm"
|
||||||
|
- "/dev/sdc:/dev/sdc:rwm"
|
||||||
|
- "/dev/sdd:/dev/sdd:rwm"
|
||||||
|
- "/dev/sde:/dev/sde:rwm"
|
||||||
|
- "/dev/sdf:/dev/sdf:rwm"
|
||||||
|
>>>>>>> sonarqube-gitea-docker-compose-deploy
|
||||||
image: ghcr.io/analogj/scrutiny:master-omnibus
|
image: ghcr.io/analogj/scrutiny:master-omnibus
|
||||||
labels:
|
labels:
|
||||||
- homepage.group=Infrastructure/App Performance Monitoring
|
- homepage.group=Infrastructure/App Performance Monitoring
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,18 @@
|
|||||||
|
sonar.projectKey=rinoa-docker
|
||||||
|
|
||||||
|
# Source directories to analyze
|
||||||
|
sonar.sources=.
|
||||||
|
|
||||||
|
# Include only the docker-compose.yml file for IaC analysis
|
||||||
|
sonar.inclusions=docker-compose.yml
|
||||||
|
|
||||||
|
# Disable all other sensors explicitly
|
||||||
|
sonar.iac.enabled=true
|
||||||
|
sonar.iac.inclusions=**/*.yml,**/*.yaml,**/docker-compose.yml
|
||||||
|
sonar.iac.exclusions=**/*.* # Exclude everything not explicitly included
|
||||||
|
sonar.exclusions=**/*.*
|
||||||
|
|
||||||
|
# Explicitly include IaC file types (if required for broader IaC scanning)
|
||||||
|
|
||||||
|
# Optional: Wait for quality gate in pipelines
|
||||||
|
sonar.qualitygate.wait=true
|
||||||
Reference in New Issue
Block a user