diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index 7ede2d1a..aea1a56a 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -8,7 +8,7 @@ on: name: SonarQube Scan jobs: sonarqube: - name: SonarQube Trigger + name: SonarQube Scanning & Status runs-on: ubuntu-latest steps: - name: Checking out @@ -18,60 +18,100 @@ jobs: fetch-depth: 0 - name: SonarQube Scan - uses: kitabisa/sonarqube-action@v1.2.0 + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # - name: Fetch SonarQube Project Status + # id: fetch-status + # uses: prasiman/gocurl@v1 + # with: + # method: GET + # url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status + # basic-auth-token: ${{ secrets.SONARQUBE_TOKEN }} + # params: '{{ "projectKey", "${{ gitea.repository.name }}" }}' + # log-response: true + + # - name: Comment on PR with SonarQube Status + # uses: prasiman/gocurl@v1 + # with: + # method: "POST" + # url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/reviews + # headers: | + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # Content-Type: application/json + # body: + # | + # { + # "body": "string", + # "comments": [ + # { + # "body": "${{ steps.quality-gate.outputs.quality-gate-status }}", + # "new_position": 0, + # "old_position": 0, + # "path": "string" + # } + # ], + # "commit_id": "${{ gitea.pull_request.head.sha }}", + # "event": "COMMENT" + # } + + - name: Run SonarQube and Gitea Action + uses: https://git.trez.wtf/Trez.One/sonar-gitea-pr-bot@v1.0.1 with: - host: ${{ secrets.SONARQUBE_HOST }} - login: ${{ secrets.SONARQUBE_TOKEN }} + sonar_server_url: ${{ secrets.SONARQUBE_HOST }} + sonar_auth_token: ${{ secrets.SONARQUBE_TOKEN }} + gitea_server_url: ${{ secrets.RINOA_GITEA_SERVER }} + gitea_token: ${{ secrets.BOT_GITEA_TOKEN }} + project_key: $ {{ gitea.repository.name }} + pull_request_id: ${{ github.event.pull_request.number }} + + # - name: SonarQube Pull Request Comment + # if: always() + # uses: campos-pay/sonarqube-pr-comment@v0.1.5 + # with: + # sonar_token: ${{ secrets.SONARQUBE_TOKEN }} + # sonar_host_url: ${{ secrets.SONARQUBE_HOST }} + # sonar_projectkey: ${{ gitea.event.repository.name }} + # github-token: ${{ secrets.BOT_GITEA_TOKEN }} + # repo_name: ${{ gitea.repository }} + # pr_number: ${{ gitea.event.pull_request.number }} + # github_api_base_url: "https://git.trez.wtf/api/v1" - - name: Fetch SonarQube Project Status - id: fetch-status - uses: cytopia/gocurl@v3 - with: - method: GET - url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status - headers: | - Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }} - query: projectKey=${{ gitea.repository.name }} + # status-check: + # name: Validate SonarQube Bot Status + # needs: setup-sonarqube + # runs-on: self-hosted + # steps: + # - name: Fetch PR Status + # uses: prasiman/gocurl@v1 + # with: + # method: GET + # url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status + # headers: | + # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} + # run: | + # echo "Validating SonarQube bot status..." + # echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 + # echo "SonarQube bot status validation successful." - - name: Comment on PR with SonarQube Status - uses: cytopia/gocurl@v3 - with: - method: POST - url: ${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments - headers: | - Authorization: token ${{ secrets.RINOA_GITEA_TOKEN }} - Content-Type: application/json - body: | - { - "body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})" - } - - status-check: - name: Validate SonarQube Bot Status - needs: setup-sonarqube - runs-on: self-hosted - steps: - - name: Fetch PR Status - uses: cytopia/gocurl@v3 - with: - method: GET - url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status - headers: "Authorization: token ${{ secrets.GITEA_TOKEN }}"" - run: | - echo "Validating SonarQube bot status..." - echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1 - echo "SonarQube bot status validation successful." - - dry-run: - name: Dry Run Docker Compose - runs-on: self-hosted - needs: status-check - steps: - - name: Checkout Code - uses: actions/checkout@v3 - - - name: Validate Docker Compose - run: | - echo "Validating Docker Compose configuration..." - docker compose config -f rinoa-docker-compose.yml - echo "Docker Compose validation successful." + # dry-run: + # name: Dry Run Docker Compose + # runs-on: self-hosted + # needs: status-check + # steps: + # - name: Checkout Code + # uses: actions/checkout@v4 + # - name: Validate Docker Compose + # run: | + # echo "Validating Docker Compose configuration..." + # docker compose config -f rinoa-docker-compose.yml + # echo "Docker Compose validation successful."