Running SQ scan and Docker dry run in same job.
This commit is contained in:
@@ -11,7 +11,6 @@ jobs:
|
|||||||
name: Check and Create PR
|
name: Check and Create PR
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
outputs:
|
outputs:
|
||||||
pr_created: ${{ steps.cc-pr.outputs.pr_created }}
|
|
||||||
pr_number: ${{ steps.cc-pr.outputs.pr_index }}
|
pr_number: ${{ steps.cc-pr.outputs.pr_index }}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout Code
|
- name: Checkout Code
|
||||||
@@ -53,10 +52,14 @@ jobs:
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sonarqube-analysis:
|
sonarqube-analysis-dry-run:
|
||||||
name: SonarQube Analysis
|
name: SonarQube Analysis
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: check-and-create-pr
|
needs: check-and-create-pr
|
||||||
|
outputs:
|
||||||
|
qg_status_status: ${{ steps.quality-gate.outputs.quality-gate-status }}
|
||||||
|
qg_results: ${{ steps.quality-gate-check.outputs.quality-gate-result }}
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout Code
|
- name: Checkout Code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
@@ -82,60 +85,6 @@ jobs:
|
|||||||
sonar-host-url: ${{ secrets.SONARQUBE_HOST }}
|
sonar-host-url: ${{ secrets.SONARQUBE_HOST }}
|
||||||
sonar-token: ${{ secrets.SONARQUBE_TOKEN }}
|
sonar-token: ${{ secrets.SONARQUBE_TOKEN }}
|
||||||
|
|
||||||
- name: JSON clean-up for proccessing...
|
|
||||||
id: json-cleanup
|
|
||||||
run: |
|
|
||||||
echo "Cleaning up quality gate response..."
|
|
||||||
echo '${{ steps.quality-gate-check.outputs.quality-gate-result }}' > qg_input.txt
|
|
||||||
sed -E 's/([a-zA-Z0-9_]+):/\\"\1\\":/g; s/:([^",{}\[\]]+)/:"\1"/g' qg_input.txt > qg_raw.json
|
|
||||||
jq -c '.' qg_raw.json > qg_fixed_json.json
|
|
||||||
projstatus=$(jq -r '.projectStatus.status' qg_fixed_json.json)
|
|
||||||
caycStatus=$(jq -r '.projectStatus.caycStatus' qg_fixed_json.json)
|
|
||||||
conditions=$(jq -c '.projectStatus.conditions' qg_fixed_json.json)
|
|
||||||
echo "projstatus=${projstatus}" >> $GITHUB_OUTPUT
|
|
||||||
echo "caycStatus=${caycStatus}" >> $GITHUB_OUTPUT
|
|
||||||
echo "conditions=${conditions}" >> $GITHUB_OUTPUT
|
|
||||||
|
|
||||||
- name: Convert JSON to Markdown Table
|
|
||||||
id: convert-json-to-md
|
|
||||||
uses: buildingcash/json-to-markdown-table-action@v1.1.0
|
|
||||||
with:
|
|
||||||
json: "${{ steps.json-cleanup.outputs.conditions }}"
|
|
||||||
|
|
||||||
- name: Post SonarQube Results as Comment
|
|
||||||
env:
|
|
||||||
PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }}
|
|
||||||
SQ_RESULTS: ${{ steps.convert-json-to-md.outputs.table }}
|
|
||||||
QG_STATUS: ${{ steps.quality-gate.outputs.quality-gate-status }}
|
|
||||||
RINOA_GITEA_URL: ${{ vars.RINOA_GITEA_URL }}
|
|
||||||
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
||||||
BOT_GITEA_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
|
|
||||||
run: |
|
|
||||||
formatted_results=$(echo "${SQ_RESULTS}" | sed 's/\\n/\
|
|
||||||
/g')
|
|
||||||
payload=$(jq -n \
|
|
||||||
--arg body "SonarQube analysis results:
|
|
||||||
<br>
|
|
||||||
${{ env.SQ_RESULTS }}" \
|
|
||||||
'{ body: $body }')
|
|
||||||
|
|
||||||
response=$(curl -s -o response.json -w "%{http_code}" \
|
|
||||||
-X POST \
|
|
||||||
-H "Accept: application/json" \
|
|
||||||
-H "Authorization: token ${BOT_GITEA_TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "$payload" \
|
|
||||||
"${RINOA_GITEA_URL}/api/v1/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}/reviews")
|
|
||||||
|
|
||||||
# Job 3: Merge PR if Quality Gate passes
|
|
||||||
dry-run-merge-pr:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: [check-and-create-pr, sonarqube-analysis]
|
|
||||||
if: needs.sonarqube-analysis.outputs.quality_gate_status == 'PASSED'
|
|
||||||
steps:
|
|
||||||
- name: Checkout Code
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Docker Compose Dry Run
|
- name: Docker Compose Dry Run
|
||||||
uses: s3i7h/spin-up-docker-compose-action@v1.2
|
uses: s3i7h/spin-up-docker-compose-action@v1.2
|
||||||
with:
|
with:
|
||||||
@@ -144,20 +93,75 @@ jobs:
|
|||||||
pull-opts: --dry-run
|
pull-opts: --dry-run
|
||||||
up: true
|
up: true
|
||||||
up-opts: -d --dry-run
|
up-opts: -d --dry-run
|
||||||
|
# Job 3: Merge PR if Quality Gate passes
|
||||||
|
# dry-run-merge-pr:
|
||||||
|
# runs-on: ubuntu-latest
|
||||||
|
# needs: [check-and-create-pr, sonarqube-analysis]
|
||||||
|
# if: needs.sonarqube-analysis.outputs.quality_gate_status == 'PASSED'
|
||||||
|
# steps:
|
||||||
|
# - name: Checkout Code
|
||||||
|
# uses: actions/checkout@v4
|
||||||
|
|
||||||
- name: Merge PR in Gitea
|
# - name: JSON clean-up for Custom Quality Gate Check...
|
||||||
uses: prasiman/gocurl@v1
|
# id: json-cleanup
|
||||||
with:
|
# run: |
|
||||||
url: "${{ secrets.GITEA_INSTANCE_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ needs.check-and-create-pr.outputs.pr_index }}"
|
# echo "Cleaning up quality gate response..."
|
||||||
method: "POST"
|
# echo '${{ steps.quality-gate-check.outputs.quality-gate-result }}' > qg_input.txt
|
||||||
headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}", "Content-Type": "application/json" }'
|
# sed -E 's/([a-zA-Z0-9_]+):/\\"\1\\":/g; s/:([^",{}\[\]]+)/:"\1"/g' qg_input.txt > qg_raw.json
|
||||||
params: >-
|
# jq -c '.' qg_raw.json > qg_fixed_json.json
|
||||||
{
|
# echo "qgfixedjson=$(cat qg_fixed_json.json)" >> $GITHUB_OUTPUT
|
||||||
"Do": "merge",
|
# echo "JSON cleanup complete.
|
||||||
"delete_branch_after_merge": true,
|
# projstatus=$(jq -r '.projectStatus.status' qg_fixed_json.json)
|
||||||
"force_merge": true,
|
# caycStatus=$(jq -r '.projectStatus.caycStatus' qg_fixed_json.json)
|
||||||
"merge_when_checks_succeed": true
|
# conditions=$(jq -c '.projectStatus.conditions' qg_fixed_json.json)
|
||||||
}
|
# echo "projstatus=${projstatus}" >> $GITHUB_OUTPUT
|
||||||
|
# echo "caycStatus=${caycStatus}" >> $GITHUB_OUTPUT
|
||||||
|
# echo "conditions=${conditions}" >> $GITHUB_OUTPUT
|
||||||
|
# - name: Post SonarQube Results as Comment
|
||||||
|
# env:
|
||||||
|
# PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }}
|
||||||
|
# SQ_RESULTS: ${{ steps.convert-json-to-md.outputs.table }}
|
||||||
|
# QG_STATUS: ${{ steps.quality-gate.outputs.quality-gate-status }}
|
||||||
|
# RINOA_GITEA_URL: ${{ vars.RINOA_GITEA_URL }}
|
||||||
|
# GITHUB_REPOSITORY: ${{ github.repository }}
|
||||||
|
# BOT_GITEA_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
|
||||||
|
# run: |
|
||||||
|
# formatted_results=$(echo "${SQ_RESULTS}" | sed 's/\\n/\
|
||||||
|
# /g')
|
||||||
|
# payload=$(jq -n \
|
||||||
|
# --arg body "SonarQube analysis results:
|
||||||
|
# <br>
|
||||||
|
# ${{ env.SQ_RESULTS }}" \
|
||||||
|
# '{ body: $body }')
|
||||||
|
|
||||||
|
# response=$(curl -s -o response.json -w "%{http_code}" \
|
||||||
|
# -X POST \
|
||||||
|
# -H "Accept: application/json" \
|
||||||
|
# -H "Authorization: token ${BOT_GITEA_TOKEN}" \
|
||||||
|
# -H "Content-Type: application/json" \
|
||||||
|
# -d "$payload" \
|
||||||
|
# "${RINOA_GITEA_URL}/api/v1/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}/reviews")
|
||||||
|
|
||||||
- name: Confirm Merge
|
# - name: Convert JSON to Markdown Table
|
||||||
run: echo "PR has been successfully merged into main."
|
# id: convert-json-to-md
|
||||||
|
# uses: buildingcash/json-to-markdown-table-action@v1.1.0
|
||||||
|
# with:
|
||||||
|
# json: "${{ steps.json-cleanup.outputs.conditions }}"
|
||||||
|
|
||||||
|
|
||||||
|
# - name: Merge PR in Gitea
|
||||||
|
# uses: prasiman/gocurl@v1
|
||||||
|
# with:
|
||||||
|
# url: "${{ secrets.GITEA_INSTANCE_URL }}/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ needs.check-and-create-pr.outputs.pr_index }}"
|
||||||
|
# method: "POST"
|
||||||
|
# headers: '{ "Authorization": "token ${{ secrets.GITEA_API_TOKEN }}", "Content-Type": "application/json" }'
|
||||||
|
# params: >-
|
||||||
|
# {
|
||||||
|
# "Do": "merge",
|
||||||
|
# "delete_branch_after_merge": true,
|
||||||
|
# "force_merge": true,
|
||||||
|
# "merge_when_checks_succeed": true
|
||||||
|
# }
|
||||||
|
|
||||||
|
# - name: Confirm Merge
|
||||||
|
# run: echo "PR has been successfully merged into main."
|
||||||
|
|||||||
Reference in New Issue
Block a user