on: push: branches: - main pull_request: types: [opened, synchronize, reopened] name: Docker Scan, Lint, & Deploy via Compose jobs: sonarqube: name: SonarQube Scanning & Quality Gate runs-on: ubuntu-latest steps: - name: Checking out uses: actions/checkout@v4 with: fetch-depth: 0 - name: SonarQube Scan id: sonarqube-scan uses: SonarSource/sonarqube-scan-action@v4.0.0 env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: SonarQube Quality Gate Check # id: quality-gate # uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 # env: # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} docker-compose-dry-run: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 with: fetch-depth: 0 - name: Generate ephemeral env run: | echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env - name: Validate Docker Compose Configuration id: docker-lint run: | docker compose config --no-interpolate --quiet --dry-run EXIT_CODE=$? if [ $? -ne 0 ]; then echo "Docker Compose configuration validation failed." exit 1 else echo "Docker Compose configuration is valid." fi echo "::set-output name=exit_code::$EXIT_CODE" deploy-changes: name: Merge and Deploy Changes runs-on: ubuntu-latest needs: docker-lint if: steps.docker-lint.outputs.exit_code == 0 steps: - name: Checkout Code uses: actions/checkout@v4 - name: Install & Setup Tea CLI run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token "${{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: | tea pr m "${{ gitea.repository.pulls.index }}" - name: Deploy Docker Compose Changes uses: 5eqn/docker-compose-remote-action@0.0.7 with: ssh_host: 192.168.1.254 ssh_user: gitea-deploy ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} docker_args: -d --remove-orphans --build --dry-run