diff --git a/.gitea/workflows/pr-cloudflare-docker-deploy.yml b/.gitea/workflows/pr-cloudflare-docker-deploy.yml index 8954738c..d7da3203 100644 --- a/.gitea/workflows/pr-cloudflare-docker-deploy.yml +++ b/.gitea/workflows/pr-cloudflare-docker-deploy.yml @@ -5,7 +5,6 @@ on: - main paths: - '**.yml' - jobs: check-and-create-pr: name: Check and Create PR diff --git a/ansible/app-configs/gitea-sonarqube-bot_config.yaml.j2 b/ansible/app-configs/gitea-sonarqube-bot_config.yaml.j2 deleted file mode 100644 index 90b9fb69..00000000 --- a/ansible/app-configs/gitea-sonarqube-bot_config.yaml.j2 +++ /dev/null @@ -1,81 +0,0 @@ -{% set vault_addr = 'https://vault.trez.wtf' %} -{% set secrets_path = 'rinoa-docker/env' %} - -# Gitea related configuration. Necessary for adding/updating comments on repository pull requests -gitea: - # Endpoint of your Gitea instance. Must be expandable by '/api/v1' to form the API base path as shown in Swagger UI. - url: https://git.trez.wtf - - # Created access token for the user that shall be used as bot account. - # User needs "Read project" permissions with access to "Pull Requests" - token: - value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}" - # # or path to file containing the plain text secret - # file: /path/to/gitea/token - - # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the - # request will be ignored. - # The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header - # exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated. - webhook: - secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_WEBHOOK_SECRET'] }}" - # # or path to file containing the plain text secret - # secretFile: /path/to/gitea/webhook/secret - - # Pull Request status check settings. - statusCheck: - # Configure the label/name of the PR status check. - name: "gitea-sonarqube-bot" - -# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook. -sonarqube: - # Endpoint of your SonarQube instance. Must be expandable by '/api' to form the API base path. - url: https://sqube.trez.wtf - - # Created access token for the user that shall be used as bot account. - # User needs "Browse on project" permissions - token: - value: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_TOKEN'] }}" - # # or path to file containing the plain text secret - # file: /path/to/sonarqube/token - - # If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the - # request will be ignored. - # The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret. - # If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be - # validated. - webhook: - secret: "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_SQUBE_WEBHOOK_SECRET'] }}" - # # or path to file containing the plain text secret - # secretFile: /path/to/sonarqube/webhook/secret - - # Some useful metrics depend on the edition in use. There are various ones like code_smells, vulnerabilities, bugs, etc. - # By default, the bot will extract "bugs,vulnerabilities,code_smells" - # Setting this option you can extend that default list by your own metrics. - # additionalMetrics: [] - # - "new_security_hotspots" - -# List of project mappings to take care of. Webhooks for other projects will be ignored. -# At least one must be configured. Otherwise, all webhooks (no matter which source) because the bot cannot map on its own. -projects: - - sonarqube: - key: rinoa-docker - # A repository specification contains the owner name and the repository name itself. The owner can be the name of a - # real account or an organization in which the repository is located. - gitea: - owner: Trez.One - name: rinoa-docker - -# Define pull request names from SonarScanner analysis. Default pattern matches the Jenkins Gitea plugin schema. -namingPattern: - # Regular expression that MUST HAVE exactly ONE GROUP that matches the integer part of the PR. - # That integer part is identical to the pull request ID in Gitea. - regex: "^.*$" - - # Valid Go format string. It MUST have one integer placeholder which will be replaced by the pull request ID. - # See: https://pkg.go.dev/fmt#hdr-Printing - template: "%s" - - # Example for integer-only names - # # regex: "^(\\d+)$" - # # template: "%d"