From 97b5b45289e0a8c0e9c65fcb0d3e7bc0258b040c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Mon, 20 Jan 2025 08:29:14 -0500 Subject: [PATCH] File naming fix. --- .../gitea_gitea-sonarqube-bot_config.yaml.j2 | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 ansible/app-configs/gitea_gitea-sonarqube-bot_config.yaml.j2 diff --git a/ansible/app-configs/gitea_gitea-sonarqube-bot_config.yaml.j2 b/ansible/app-configs/gitea_gitea-sonarqube-bot_config.yaml.j2 new file mode 100644 index 00000000..90b9fb69 --- /dev/null +++ b/ansible/app-configs/gitea_gitea-sonarqube-bot_config.yaml.j2 @@ -0,0 +1,81 @@ +{% set vault_addr = 'https://vault.trez.wtf' %} +{% set secrets_path = 'rinoa-docker/env' %} + +# Gitea related configuration. Necessary for adding/updating comments on repository pull requests +gitea: + # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. + url: https://git.trez.wtf + + # Created access token for the user that shall be used as bot account. + # User needs "Read project" permissions with access to "Pull Requests" + token: + value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}" + # # or path to file containing the plain text secret + # file: /path/to/gitea/token + + # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the + # request will be ignored. + # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header + # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. + webhook: + secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}" + # # or path to file containing the plain text secret + # secretFile: /path/to/gitea/webhook/secret + + # Pull Request status check settings. + statusCheck: + # Configure the label/name of the PR status check. + name: "gitea-sonarqube-bot" + +# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook. +sonarqube: + # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. + url: https://sqube.trez.wtf + + # Created access token for the user that shall be used as bot account. + # User needs "Browse on project" permissions + token: + value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}" + # # or path to file containing the plain text secret + # file: /path/to/sonarqube/token + + # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the + # request will be ignored. + # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret. + # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be + # validated. + webhook: + secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}" + # # or path to file containing the plain text secret + # secretFile: /path/to/sonarqube/webhook/secret + + # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc. + # By default, the bot will extract "bugs,vulnerabilities,code_smells" + # Setting this option you can extend that default list by your own metrics. + # additionalMetrics: [] + # - "new_security_hotspots" + +# List of project mappings to take care of. Webhooks for other projects will be ignored. +# At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own. +projects: + - sonarqube: + key: rinoa-docker + # A repository specification contains the owner name and the repository name itself. The owner can be the name of a + # real account or an organization in which the repository is located. + gitea: + owner: Trez.One + name: rinoa-docker + +# Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema. +namingPattern: + # Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. + # That integer part is identical to the pull request ID in Gitea. + regex: "^.*$" + + # Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. + # See: https://pkg.go.dev/fmt#hdr-Printing + template: "%s" + + # Example for integer-only names + # # regex: "^(\\d+)$" + # # template: "%d"