name: Gitea Branch PR, SonarQube Analyze, and Merge Workflow on: push: branches-ignore: - main jobs: # Job 1: Check if PR exists and create one if the branch is new check-and-create-pr: name: Check and Create PR runs-on: ubuntu-latest outputs: pr_created: ${{ steps.cc-pr.outputs.pr_created }} pr_number: ${{ steps.cc-pr.outputs.pr_index }} steps: - name: Checkout Code uses: actions/checkout@v4 - name: PR Check/Create id: cc-pr run: | echo "Checking for existing PR..." pr_check=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls/main/${{ github.ref_name }} \ -X 'GET' \ -H 'Accept: application/json' \ -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \ -s | jq '{index: .number, state: .state}') pr_status=$(echo ${pr_check} | jq -r '.state') if [ "${pr_status}" == "open" ]; then echo "PR already exists. PR number: $(echo ${pr_check} | jq -r '.index')" echo "pr_created=false" >> "$GITHUB_OUTPUT" echo "pr_index=$(echo ${pr_check} | jq -r '.index')" >> "$GITHUB_OUTPUT" elif [ "${pr_status}" == "closed" ]; then echo "PR does not exist. Creating PR..." pr_response=$(curl ${{ vars.RINOA_GITEA_URL }}/api/v1/repos/${{ github.repository }}/pulls -s \ -X 'POST' \ -H 'Accept: application/json' \ -H 'Authorization: token ${{ secrets.BOT_GITEA_TOKEN }}' \ -H 'Content-Type: application/json' \ -d '{ "base": "main", "head": "'"${{ github.ref_name }}"'", "title": "Automated PR for branch '"${{ github.ref_name }}"'", "body": "This is an automated PR created for branch '"${{ github.ref_name }}"'." }') pr_index=$(echo ${pr_response} | jq -r '.number') echo "PR created. PR number: ${pr_index}" echo "pr_created=true" >> "$GITHUB_OUTPUT" echo "pr_index=${pr_index}" >> "$GITHUB_OUTPUT" else echo "Error checking for existing PR. Exiting..." exit 1 fi sonarqube-analysis: name: SonarQube Analysis runs-on: ubuntu-latest needs: check-and-create-pr outputs: qg_status: ${{ steps.quality-gate.outputs.quality-gate-status }} steps: - name: Checkout Code uses: actions/checkout@v4 - name: SonarQube Scan uses: sonarsource/sonarqube-scan-action@v4.1.0 env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: SonarQube Quality Gate id: quality-gate uses: sonarsource/sonarqube-quality-gate-action@v1.1.0 env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: Custom Quality Gate Check uses: DesarrolloORT/sonarqube-quality-gate-action@v1.0.1 id: quality-gate-check with: sonar-project-key: rinoa-docker sonar-host-url: ${{ secrets.SONARQUBE_HOST }} sonar-token: ${{ secrets.SONARQUBE_TOKEN }} - name: JSON clean-up for proccessing... id: json-cleanup run: | echo "Cleaning up quality gate response..." echo '${{ steps.quality-gate-check.outputs.quality-gate-result }}' > qg_input.txt sed -E 's/([a-zA-Z0-9_]+):/\\"\1\\":/g; s/:([^",{}\[\]]+)/:"\1"/g' qg_input.txt > qg_raw.json jq -c '.' qg_raw.json > qg_fixed_json.json projstatus=$(jq -r '.projectStatus.status' qg_fixed_json.json) caycStatus=$(jq -r '.projectStatus.caycStatus' qg_fixed_json.json) conditions=$(jq -c '.projectStatus.conditions' qg_fixed_json.json) echo "projstatus=${projstatus}" >> $GITHUB_OUTPUT echo "caycStatus=${caycStatus}" >> $GITHUB_OUTPUT echo "conditions=${conditions}" >> $GITHUB_OUTPUT - name: Convert JSON to Markdown Table id: convert-json-to-md uses: buildingcash/json-to-markdown-table-action@v1.1.0 with: json: "${{ steps.json-cleanup.outputs.conditions }}" - name: Post SonarQube Results as Comment env: PR_NUMBER: ${{ needs.check-and-create-pr.outputs.pr_number }} SQ_RESULTS: ${{ steps.convert-json-to-md.outputs.table }} QG_STATUS: ${{ steps.quality-gate.outputs.quality-gate-status }} RINOA_GITEA_URL: ${{ vars.RINOA_GITEA_URL }} GITHUB_REPOSITORY: ${{ github.repository }} BOT_GITEA_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }} run: | formatted_results=$(echo "${SQ_RESULTS}" | sed 's/\\n/\ /g') payload=$(jq -n \ --arg body "SonarQube analysis results:
${{ env.SQ_RESULTS }}" \ '{ body: $body }') response=$(curl -s -o response.json -w "%{http_code}" \ -X POST \ -H "Accept: application/json" \ -H "Authorization: token ${BOT_GITEA_TOKEN}" \ -H "Content-Type: application/json" \ -d "$payload" \ "${RINOA_GITEA_URL}/api/v1/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}/reviews") dry-run-merge-pr: runs-on: ubuntu-latest needs: sonarqube-analysis if: needs.sonarqube-analysis.outputs.qg_status == 'PASSED' steps: - name: Checkout Code uses: actions/checkout@v4 - name: Generate Ephemeral .env for Docker Compose Dry Run run: | echo "${{ secrets.RINOA_ENV }}" > .env - name: Docker Compose Dry Run uses: s3i7h/spin-up-docker-compose-action@v1.2 env: DOCKER_HOST: tcp://dockerproxy:2375 with: file: docker-compose.yml pull: true pull-opts: --dry-run up: true up-opts: -d --dry-run - name: Merge PR env: PR_INDEX: ${{ needs.check-and-create-pr.outputs.pr_number }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITEA_USER: "gitea-sonarqube-bot" GITEA_SERVER_URL: ${{ vars.RINOA_GITEA_URL }} GITEA_SERVER_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }} DOCKER_HOST: tcp://dockerproxy:2375 uses: Frozen-Tapestry/docker-run-action@v6 with: image: tgerczei/tea run: tea pr ls socket: ${DOCKER_HOST}