diff --git a/.gitea/workflows/branch-sonarscan-pr-merge.yml b/.gitea/workflows/branch-sonarscan-pr-merge.yml new file mode 100644 index 00000000..dc98bf34 --- /dev/null +++ b/.gitea/workflows/branch-sonarscan-pr-merge.yml @@ -0,0 +1,103 @@ +name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow + +on: + push: + branches-ignore: + - main + create: + branches: + - '**' + +jobs: + # Job 1: Check if PR exists and create one if the branch is new + check-and-create-pr: + runs-on: ubuntu-latest + outputs: + pr_created: ${{ steps.check-pr.outputs.pr_created }} + pr_index: ${{ steps.create-pr.outputs.pr_index }} + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + # Step 1: Check for an existing PR + - name: Check if PR Exists + id: check-pr + uses: prasiman/gocurl@v1 + with: + url: ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/${{ github.base_ref }}/${{ github.ref_name }} + method: "GET" + headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}" }' + log-response: true + + - name: Evaluate Existing PR Status + id: eval-pr + run: | + echo "Checking if PR already exists..." + if [ "${{ steps.check-pr.outputs.response }}" = "[]" ]; then + echo "pr_exists=false" >> $GITHUB_ENV + echo "No existing PR found for branch." + else + echo "pr_exists=true" >> $GITHUB_ENV + echo "PR already exists. Continuing..." + fi + + # Step 2: Create PR if none exists + - name: Create PR in Gitea + if: env.pr_exists == 'false' + id: create-pr + uses: arifer612/Gitea-PR-action@v1.2.0 + with: + url: ${{ vars.RINOA_GITEA_URL }} + token: ${{ secrets.GITEA_API_TOKEN }}" + + # Job 2: Run SonarQube Analysis + sonarqube-analysis: + runs-on: ubuntu-latest + needs: check-and-create-pr + outputs: + quality_gate_status: ${{ steps.quality-gate.outputs.quality-gate-status }} + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + # Step 1: Run SonarQube Scan + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@v4.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # Step 2: SonarQube Quality Gate Check + - name: SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-action@v1 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Log Quality Gate Result + run: | + echo "Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" + + # Job 3: Merge PR if Quality Gate passes + merge-pr: + runs-on: ubuntu-latest + needs: [check-and-create-pr, sonarqube-analysis] + if: needs.sonarqube-analysis.outputs.quality_gate_status == 'PASSED' + steps: + - name: Merge PR in Gitea + uses: prasiman/gocurl@v1 + with: + url: "${{ secrets.GITEA_INSTANCE_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ needs.check-and-create-pr.outputs.pr_index }}" + method: "POST" + headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}", "Content-Type": "application/json" }' + params: >- + { + "Do": "merge", + "delete_branch_after_merge": true, + "force_merge": true, + "merge_when_checks_succeed": true + } + + - name: Confirm Merge + run: echo "PR has been successfully merged into main." diff --git a/.gitea/workflows/docker-compose-pr-workflow.yml b/.gitea/workflows/docker-compose-pr-workflow.yml deleted file mode 100644 index db504a44..00000000 --- a/.gitea/workflows/docker-compose-pr-workflow.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: Docker Compose PR Workflow - -on: - push: - branches: - - '*' - create: - branches: - - '*' - -jobs: - create-pr-and-validate: - name: Create PR and Validate Docker Compose - runs-on: ubuntu-latest - steps: - - name: Checkout Repository - uses: actions/checkout@v4 - - name: List PRs - id: listprs - uses: prasiman/gocurl@v1 - with: - url: ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls - params: '{ "state": "open" }' - method: "GET" - headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}" }' - log-response: true - - name: Var test - run: | - echo ${{ steps.listprs.outputs.response }} - # - name: Parse Response - # uses: yakubique/json-utils@v1.8 - # with: - # input: ${{ steps.listprs.outputs.response }} - # action: "get" - # key: "data" - # - name: Create Pull Request - # if: - # uses: arifer612/Gitea-PR-action@v1.2.0 - # with: - # url: ${{ secrets.RINOA_GITEA_SERVER }} - # token: ${{ secrets.BOT_GITEA_TOKEN }} - - # - name: Run SonarQube Analysis - # uses: sonarsource/sonarqube-scan-action@v4.1.0 - # with: - # SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} - # sonar_token: ${{ secrets.SONARQUBE_TOKEN }} - - # - name: Check SonarQube Quality Gate - # id: quality-gate - # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - # with: - # SONARQUBE_HOST: ${{ secrets.SONARQUBE_HOST }} - # sonar_token: ${{ secrets.SONARQUBE_TOKEN }} - - # - name: Validate Docker Compose Configuration - # if: steps.quality-gate.outputs.quality-gate-status == 'PASSED' - # id: docker-lint - # run: | - # echo "${{ secrets.DOCKER_ENV }}" > .env - # docker compose config --no-interpolate --quiet --dry-run - - # - name: Merge Pull Request - # if: steps.docker-lint.outcome == 'success' - # uses: prasiman/gocurl@v1 - # with: - # url: ${{ secrets.GITEA_API_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge - # method: "POST" - # log-response: true - # headers: | - # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - # Content-Type: application/json - # body: | - # { - # "Do": "merge" - # } - - # deploy-main: - # name: Deploy to Remote Host - # needs: create-pr-and-validate - # if: github.ref == 'refs/heads/main' - # runs-on: ubuntu-latest - # steps: - # - name: SSH to Remote Host and Deploy Docker Compose - # uses: keatonLiu/docker-compose-remote-action@v1.2 - # with: - # ssh_user: gitea-deploy - # ssh_host: 192.168.1.254 - # ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} - # ssh_host_public_key: $ ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} - # compose_file_path: docker-compose.yml - # args: "-d --remove-orphans --build --dry-run"