From 439eecd623a8edb671342557a0ffd9ab96016975 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Wed, 4 Dec 2024 16:01:26 -0500 Subject: [PATCH 01/12] Take number I lost count at building out a workflow... --- .gitea/workflow/build.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 .gitea/workflow/build.yaml diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml new file mode 100644 index 00000000..e69de29b From f9d39eafc3b63bd5eb41d5eacf02d5fba64a3da2 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Thu, 5 Dec 2024 19:36:58 -0500 Subject: [PATCH 02/12] Replacing PR merge step... --- .gitea/workflow/build.yaml | 96 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index e69de29b..1a4a21f1 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -0,0 +1,96 @@ +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + +name: Docker Scan, Lint, & Deploy via Compose +jobs: + sonarqube: + name: SonarQube Scanning & Quality Gate + runs-on: ubuntu-latest + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: SonarQube Scan + id: sonarqube-scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + # - name: SonarQube Quality Gate Check + # id: quality-gate + # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + docker-compose-dry-run: + name: Dry Run Docker Compose + runs-on: ubuntu-latest + needs: quality-gate + if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' + steps: + - name: Checking out + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Generate ephemeral env + run: | + echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env + + - name: Validate Docker Compose Configuration + id: docker-lint + run: | + docker compose config --no-interpolate --quiet --dry-run + EXIT_CODE=$? + if [ $? -ne 0 ]; then + echo "Docker Compose configuration validation failed." + exit 1 + else + echo "Docker Compose configuration is valid." + fi + echo "::set-output name=exit_code::$EXIT_CODE" + + deploy-changes: + name: Merge and Deploy Changes + runs-on: ubuntu-latest + needs: docker-lint + if: steps.docker-lint.outputs.exit_code == 0 + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + # - name: Install & Setup Tea CLI + # run: | + # curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea + # chmod +x /usr/local/bin/tea + # tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}" + + # - name: Merge PR with Tea CLI + # run: | + # echo "${{ gitea.event.pull_request.number }}" + # tea pr m --repo "${{ gitea.repository.name }}" --message "Automatically merged by GitHub Actions" --output table "${{ gitea.event.pull_request.number }}" + + - name: Merge PR + uses: uses: AlexRogalskiy/github-action-git-operation@V2.0.1 + with: + mode: 'merge-fast-forward' + sourceBranch: $ {{ gitea.event.pull_request.head.ref }} + targetBranch: 'main' + + - name: Deploy Docker Compose Changes + uses: 5eqn/docker-compose-remote-action@v0.0.7 + with: + ssh_host: 192.168.1.254 + ssh_user: gitea-deploy + ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} + ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} + docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} + docker_args: -d --remove-orphans --build --dry-run From 14d30522903ebe934ba2aa46d8cd8c4c423c911e Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 09:17:13 -0500 Subject: [PATCH 03/12] Rebasing docker-compose from main. --- docker-compose.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f384941c..04806c67 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3122,7 +3122,6 @@ services: - homepage.icon=mattermost.svg - homepage.description=Team collaboration and technical workflows (Slack alternative) - swag=enable - - swag_server_custom_directive=client_max_body_size 0; - swag_proto=http - swag_port=8065 - swag_url=mm.${MY_TLD} @@ -4851,7 +4850,7 @@ services: - VALIDATION=dns - CROWDSEC_API_KEY=${CROWDSEC_API_KEY} - CROWDSEC_LAPI_URL=http://crowdsec:8080 - - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec|linuxserver/mods:swag-auto-uptime-kuma + - DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-auto-reload|linuxserver/mods:swag-auto-proxy|linuxserver/mods:swag-dashboard|linuxserver/mods:swag-maxmind|linuxserver/mods:universal-stdout-logs|ghcr.io/linuxserver/mods:swag-crowdsec #|linuxserver/mods:swag-auto-uptime-kuma - PROPAGATION=30 - UPTIME_KUMA_PASSWORD=${UPTIME_KUMA_PASSWORD} - UPTIME_KUMA_URL=http://uptimekuma:3001 From 4f374c4ed01fcb39631d5b608a1b9d119afccacf Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 09:53:51 -0500 Subject: [PATCH 04/12] Attempting to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 1a4a21f1..4a1694a3 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - - name: SonarQube Scan - id: sonarqube-scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # id: sonarqube-scan + # uses: SonarSource/sonarqube-scan-action@v4.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From e9e7dd799288d91f88516f177938bd012f18dc03 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:00:28 -0500 Subject: [PATCH 05/12] Attempting to trigger gitea-sonarqube-bot again.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 4a1694a3..1a4a21f1 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - # - name: SonarQube Scan - # id: sonarqube-scan - # uses: SonarSource/sonarqube-scan-action@v4.0.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Scan + id: sonarqube-scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From bdfcdc5f53fec56ec27fc0e66b19ea07eefdbb2c Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:17:51 -0500 Subject: [PATCH 06/12] Attempt #3 to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 1a4a21f1..4a1694a3 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - - name: SonarQube Scan - id: sonarqube-scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # id: sonarqube-scan + # uses: SonarSource/sonarqube-scan-action@v4.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From c08611fcd670f2dfcd1b804237d874c3d16b0c89 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:20:54 -0500 Subject: [PATCH 07/12] Attempt #4 to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 4a1694a3..1a4a21f1 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - # - name: SonarQube Scan - # id: sonarqube-scan - # uses: SonarSource/sonarqube-scan-action@v4.0.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Scan + id: sonarqube-scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From a52f3bfe3f8aaaea47abd0d8225ccaa8c5c703ac Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:21:30 -0500 Subject: [PATCH 08/12] Attempt #5 to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 1a4a21f1..4a1694a3 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - - name: SonarQube Scan - id: sonarqube-scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # id: sonarqube-scan + # uses: SonarSource/sonarqube-scan-action@v4.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From dd7716c4a05228311163f33834418887ededcefb Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:23:07 -0500 Subject: [PATCH 09/12] Attempt #6 to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 4a1694a3..1a4a21f1 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - # - name: SonarQube Scan - # id: sonarqube-scan - # uses: SonarSource/sonarqube-scan-action@v4.0.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Scan + id: sonarqube-scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From 0b527b944ae90c7cbe3a4390ad80dfeaf10cfce2 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 10:25:34 -0500 Subject: [PATCH 10/12] Attempt #7 to trigger gitea-sonarqube-bot.... --- .gitea/workflow/build.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 1a4a21f1..4a1694a3 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,12 +16,12 @@ jobs: with: fetch-depth: 0 - - name: SonarQube Scan - id: sonarqube-scan - uses: SonarSource/sonarqube-scan-action@v4.0.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # id: sonarqube-scan + # uses: SonarSource/sonarqube-scan-action@v4.0.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate From 30956efa740c1c488b25353e976103a771342598 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 11:17:10 -0500 Subject: [PATCH 11/12] Attempt #7 to trigger gitea-sonarqube-bot; updated merge PR step. --- .gitea/workflow/build.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 4a1694a3..7d8bed34 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -78,12 +78,12 @@ jobs: # echo "${{ gitea.event.pull_request.number }}" # tea pr m --repo "${{ gitea.repository.name }}" --message "Automatically merged by GitHub Actions" --output table "${{ gitea.event.pull_request.number }}" - - name: Merge PR - uses: uses: AlexRogalskiy/github-action-git-operation@V2.0.1 + - name: Git Merge & Push + uses: morbalint/git-merge-action@v1.1.0 with: - mode: 'merge-fast-forward' - sourceBranch: $ {{ gitea.event.pull_request.head.ref }} - targetBranch: 'main' + target: 'main' + source: ${{ gitea.event.pull_request.head.ref }} + dry-run: true - name: Deploy Docker Compose Changes uses: 5eqn/docker-compose-remote-action@v0.0.7 From ca8e5b755f128fe4132f0fa67a6012776c07c7e6 Mon Sep 17 00:00:00 2001 From: "Trez.One" Date: Fri, 6 Dec 2024 11:18:33 -0500 Subject: [PATCH 12/12] Manual Sonar scan (non-sqbot). --- .gitea/workflow/build.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.gitea/workflow/build.yaml b/.gitea/workflow/build.yaml index 7d8bed34..06894ef1 100644 --- a/.gitea/workflow/build.yaml +++ b/.gitea/workflow/build.yaml @@ -16,19 +16,19 @@ jobs: with: fetch-depth: 0 - # - name: SonarQube Scan - # id: sonarqube-scan - # uses: SonarSource/sonarqube-scan-action@v4.0.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Scan + id: sonarqube-scan + uses: SonarSource/sonarqube-scan-action@v4.0.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - # - name: SonarQube Quality Gate Check - # id: quality-gate - # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + - name: SonarQube Quality Gate Check + id: quality-gate + uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} docker-compose-dry-run: name: Dry Run Docker Compose