diff --git a/.gitea/workflows/branch-sonarscan-pr-merge.yml b/.gitea/workflows/branch-sonarscan-pr-merge.yml new file mode 100644 index 00000000..26fcf63c --- /dev/null +++ b/.gitea/workflows/branch-sonarscan-pr-merge.yml @@ -0,0 +1,137 @@ +name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow + +on: + push: + branches-ignore: + - main + create: + branches: + - '**' + +jobs: + # Job 1: Check if PR exists and create one if the branch is new + check-and-create-pr: + name: Check and Create PR + runs-on: ubuntu-latest + outputs: + pr_created: ${{ steps.check-pr.outputs.pr_created }} + pr_index: ${{ steps.create-pr.outputs.pr_index }} + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Check if PR Exists + id: check-pr + run: | + echo "Checking for existing PR..." + curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \ + -X 'GET' \ + -H 'Accept: application/json' \ + -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \ + -s | jq '{index: .number, state: .state}' > pr_status.json + echo "pr_status=$(jq -c . pr_status.json)" >> "$GITHUB_OUTPUT" + + - name: Create PR in Gitea + if: ${{ steps.check-pr.outputs.pr_status.state }} == 'closed' + id: create-pr + run: | + echo "Creating PR..." + curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls \ + -X 'POST' \ + -H 'Accept: application/json' \ + -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \ + -H 'Content-Type: application/json' \ + -d '{ + "title": "PR: ${{ github.ref_name }} -> main", + "body": "This is an automated PR created by Gitea Actions.", + "base": "main", + "head": "${{ github.ref_name }}" + }' -s | jq '{index: .number}' > pr_created.json + echo "pr_created=$(jq -c . pr_created.json)" >> "$GITHUB_OUTPUT" + + # Job 2: Run SonarQube Analysis + sonarqube-analysis: + name: SonarQube Analysis + runs-on: ubuntu-latest + needs: check-and-create-pr + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + # Step 1: Run SonarQube Scan + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@v4.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: SonarQube Quality Gate + id: quality-gate + uses: sonarsource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Custom Quality Gate Check + uses: DesarrolloORT/sonarqube-quality-gate-action@v1.0.1 + id: quality-gate-check + with: + sonar-project-key: rinoa-docker + sonar-host-url: ${{ secrets.SONARQUBE_HOST }} + sonar-token: ${{ secrets.SONARQUBE_TOKEN }} + + - name: JSON clean-up for proccessing... + id: json-cleanup + run: | + echo "Cleaning up quality gate response..." + echo '${{ steps.quality-gate-check.outputs.quality-gate-result }}' > qg_input.txt + sed -E 's/([a-zA-Z0-9_]+):/\\"\1\\":/g; s/:([^",{}\[\]]+)/:"\1"/g' qg_input.txt > qg_raw.json + jq -c '.' qg_raw.json > qg_fixed_json.json + cat qg_fixed_json.json + echo "qg_fixed_json=$(cat qg_fixed_json.json)" >> $GITHUB_ENV + + - name: Convert JSON report to markdown + id: convert-json-to-md + uses: parkerbxyz/json-to-markdown-table@v1.1.2 + with: + json: ${{ env.qg_fixed_json }} + + - name: Verify markdown output + run: | + echo ${{ steps.convert-json-to-md.outputs.table }} + + # Step 2: Post SonarQube results as comment (using curl commands and Gitea API) + # - name: Post SonarQube Results as Comment + # run: | + # curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/${{ github.pull_request.number }}/reviews \ + # -X POST \ + # -H 'Accept: application/json' \ + # -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \ + # -H 'Content-Type: application/json' \ + # -d '{ + # "body": "SonarQube analysis results:\n\n- Bugs: ${{ env.SONAR_BUGS }}\n- Vulnerabilities: ${{ env.SONAR_VULNERABILITIES }}\n- Code Smells: ${{ env.SONAR_CODE_SMELLS }}\n- Coverage: ${{ env.SONAR_COVERAGE }}%\n- Duplications: ${{ env.SONAR_DUPLICATIONS }}%\n- Quality Gate Status: ${{ env.SONAR_QUALITY_GATE_STATUS }}" + # }' + + # # Job 3: Merge PR if Quality Gate passes + # merge-pr: + # runs-on: ubuntu-latest + # needs: [check-and-create-pr, sonarqube-analysis] + # if: needs.sonarqube-analysis.outputs.quality_gate_status == 'PASSED' + # steps: + # - name: Merge PR in Gitea + # uses: prasiman/gocurl@v1 + # with: + # url: "${{ secrets.GITEA_INSTANCE_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ needs.check-and-create-pr.outputs.pr_index }}" + # method: "POST" + # headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}", "Content-Type": "application/json" }' + # params: >- + # { + # "Do": "merge", + # "delete_branch_after_merge": true, + # "force_merge": true, + # "merge_when_checks_succeed": true + # } + + # - name: Confirm Merge + # run: echo "PR has been successfully merged into main."