Trez/rinoa-docker
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions 1 Activity

Updated workflow for Sonarqube (excluding bot).

Browse Source
This commit is contained in:
trez.one
2024-11-26 22:06:44 -05:00
parent b46c60098f
commit 998e1c9cd2
3 changed files with 185 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/analyze.yaml
+46
View File
@@ -0,0 +1,46 @@
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened]
name: SonarQube Scan
jobs:
sonarqube:
name: SonarQube Trigger
runs-on: ubuntu-latest
steps:
- name: Checking out
uses: actions/checkout@v4
with:
# Disabling shallow clone is recommended for improving relevancy of reporting
fetch-depth: 0
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.2.0
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
- name: Fetch SonarQube Project Status
id: fetch-status
uses: cytopia/gocurl@v3
with:
method: GET
url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status
headers: Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }}
query: projectKey=${{ gitea.repository.name }}
- name: Comment on PR with SonarQube Status
uses: cytopia/gocurl@v3
with:
method: POST
url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments
headers: |
Authorization: token ${{ secrets.GITEA_TOKEN }}
Content-Type: application/json
body: |
{
"body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})"
}
.gitea/workflows/deploy.yaml
-128
View File
@@ -1,128 +0,0 @@
name: Docker Compose PR Check and Deploy
on:
pull_request:
types: [synchronize, opened, reopened]
branches:
- main
jobs:
setup-sonarqube:
name: Setup SonarQube Project and Analyze
runs-on: self-hosted
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Log Current Directory
run: |
echo "Current directory contents:"
ls -la
echo "Working in directory: $(pwd)"
- name: SonarQube Scan
uses: kitabisa/sonarqube-action@v1.2.0
with:
host: ${{ secrets.SONARQUBE_HOST }}
login: ${{ secrets.SONARQUBE_TOKEN }}
# - name: Run SonarQube Analysis
# env:
# SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# SONAR_URL: ${{ secrets.SONARQUBE_URL }}
# run: |
# echo "Starting SonarQube analysis..."
# sonar-scanner \
# -Dsonar.projectKey=${{ gitea.repository.name }} \
# -Dsonar.sources=. \
# -Dsonar.language=docker \
# -Dsonar.host.url=$SONAR_URL \
# -Dsonar.login=$SONAR_TOKEN \
# -X
# echo "SonarQube analysis completed."
- name: Comment on PR with SonarQube Status
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
SONAR_URL: ${{ secrets.SONARQUBE_URL }}
GITEA_SERVER: ${{ secrets.GITEA_SERVER }}
run: |
echo "Fetching SonarQube project status..."
STATUS=$(curl -s -u "$SONAR_TOKEN:" "$SONAR_URL/api/qualitygates/project_status?projectKey=${{ gitea.repository.name }}" | jq -r '.projectStatus.status')
echo "SonarQube quality gate status: $STATUS"
COMMENT="SonarQube Analysis: $STATUS\n[View in SonarQube]($SONAR_URL/dashboard?id=${{ gitea.repository.name }})"
echo "Adding comment to PR: $COMMENT"
curl -X POST -H "Authorization: token $GITEA_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"body\": \"$COMMENT\"}" \
"$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments"
status-check:
name: Validate SonarQube Bot Status
needs: setup-sonarqube
runs-on: self-hosted
steps:
- name: Fetch PR Status
run: |
echo "Validating SonarQube bot status..."
curl -s \
-H "Authorization: token $GITEA_TOKEN" \
"$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status" \
| jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1
echo "SonarQube bot status validation successful."
dry-run:
name: Dry Run Docker Compose
runs-on: self-hosted
needs: status-check
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Validate Docker Compose
run: |
echo "Validating Docker Compose configuration..."
docker compose config -f docker-compose.yml
echo "Docker Compose validation successful."
manual-approval:
name: Manual Approval
runs-on: self-hosted
needs: dry-run
steps:
- name: Approval Required
run: |
echo "Manual approval step reached. Please approve to proceed."
exit 1
merge-and-deploy:
name: Merge and Deploy
runs-on: self-hosted
needs: manual-approval
steps:
- name: Merge Pull Request
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
echo "Merging pull request into main..."
RESPONSE=$(curl -X POST \
-H "Authorization: token $GITEA_TOKEN" \
"$GITEA_SERVER/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge")
echo "Merge response: $RESPONSE"
- name: Deploy Docker Compose Changes
run: |
echo "Deploying Docker Compose changes to host..."
ssh $DOCKER_USER@$DOCKER_HOST "
echo 'Pulling new images...'
cd /path/to/docker/compose/files &&
docker compose pull
echo 'Applying changes...'
docker compose up -d --remove-orphans
"
env:
DOCKER_HOST: ${{ secrets.DOCKER_HOST }}
DOCKER_USER: ${{ secrets.DOCKER_USER }}
SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }}
SSH_AUTH_SOCK: /run/ssh-agent.sock
cpt-gen-pipeline.yaml
+139
View File
@@ -0,0 +1,139 @@
name: Docker Compose PR Check and Deploy
on:
pull_request:
types: [synchronize, opened, reopened]
branches:
- main
jobs:
setup-sonarqube:
name: Setup SonarQube Project and Analyze
runs-on: self-hosted
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Log Current Directory
run: |
echo "Current directory contents:"
ls -la
echo "Working in directory: $(pwd)"
- name: Create SonarQube Project (if not exists)
uses: cytopia/gocurl@v3
with:
method: POST
url: ${{ secrets.SONARQUBE_URL }}/api/projects/create
headers: |
Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }}
Content-Type: application/json
query: |
project=${{ gitea.repository.name }}
name=${{ gitea.repository.name }}
continue-on-error: true # Ignore error if project already exists
- name: Run SonarQube Analysis
env:
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
SONAR_URL: ${{ secrets.SONARQUBE_URL }}
run: |
echo "Starting SonarQube analysis..."
sonar-scanner \
-Dsonar.projectKey=${{ gitea.repository.name }} \
-Dsonar.sources=. \
-Dsonar.language=docker \
-Dsonar.host.url=$SONAR_URL \
-Dsonar.login=$SONAR_TOKEN \
-X
echo "SonarQube analysis completed."
- name: Fetch SonarQube Project Status
id: fetch-status
uses: cytopia/gocurl@v3
with:
method: GET
url: ${{ secrets.SONARQUBE_URL }}/api/qualitygates/project_status
headers: Authorization: Basic ${{ secrets.SONARQUBE_TOKEN }}
query: projectKey=${{ gitea.repository.name }}
- name: Comment on PR with SonarQube Status
uses: cytopia/gocurl@v3
with:
method: POST
url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/issues/${{ gitea.pull_request.id }}/comments
headers: |
Authorization: token ${{ secrets.GITEA_TOKEN }}
Content-Type: application/json
body: |
{
"body": "SonarQube Analysis: ${{ steps.fetch-status.outputs.body | fromJson | get('projectStatus.status') }}\n[View in SonarQube](${{ secrets.SONARQUBE_URL }}/dashboard?id=${{ gitea.repository.name }})"
}
status-check:
name: Validate SonarQube Bot Status
needs: setup-sonarqube
runs-on: self-hosted
steps:
- name: Fetch PR Status
uses: cytopia/gocurl@v3
with:
method: GET
url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/status
headers: Authorization: token ${{ secrets.GITEA_TOKEN }}
run: |
echo "Validating SonarQube bot status..."
echo ${{ steps.fetch-status.outputs.body }} | jq -e '.statuses[] | select(.creator.login == "gitea-sonarqube-bot" and .status == "success")' || exit 1
echo "SonarQube bot status validation successful."
dry-run:
name: Dry Run Docker Compose
runs-on: self-hosted
needs: status-check
steps:
- name: Checkout Code
uses: actions/checkout@v3
- name: Validate Docker Compose
run: |
echo "Validating Docker Compose configuration..."
docker compose config -f docker-compose.yml
echo "Docker Compose validation successful."
manual-approval:
name: Manual Approval
runs-on: self-hosted
needs: dry-run
steps:
- name: Approval Required
run: |
echo "Manual approval step reached. Please approve to proceed."
exit 1
merge-and-deploy:
name: Merge and Deploy
runs-on: self-hosted
needs: manual-approval
steps:
- name: Merge Pull Request
uses: cytopia/gocurl@v3
with:
method: POST
url: ${{ secrets.GITEA_SERVER }}/api/v1/repos/${{ gitea.repository.owner.login }}/${{ gitea.repository.name }}/pulls/${{ gitea.pull_request.id }}/merge
headers: Authorization: token ${{ secrets.GITEA_TOKEN }}
- name: Deploy Docker Compose Changes
run: |
echo "Deploying Docker Compose changes to host..."
ssh $DOCKER_USER@$DOCKER_HOST "
echo 'Pulling new images...'
cd /path/to/docker/compose/files &&
docker compose pull
echo 'Applying changes...'
docker compose up -d --remove-orphans
"
env:
DOCKER_HOST: ${{ secrets.DOCKER_HOST }}
DOCKER_USER: ${{ secrets.DOCKER_USER }}
SSH_KEY: ${{ secrets.DOCKER_SSH_KEY }}
SSH_AUTH_SOCK: /run/ssh-agent.sock