name: Docker Compose PR Workflow on: push: branches: - '*' create: branches: - '*' jobs: sonarqube: name: SonarQube Scanning & Status runs-on: ubuntu-latest steps: - name: Checking out uses: actions/checkout@v4 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v4.0.0 env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: SonarQube Quality Gate Check id: quality-gate uses: SonarSource/sonarqube-quality-gate-action@v1.1.0 env: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }} SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # - name: Comment on Pull Request with Quality Gate Status # id: comment-pr # uses: prasiman/gocurl@v1 # with: # method: POST # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/issues/${{ github.event.pull_request.number }}/reviews" # headers: > # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} # body: | # { # "body": "SonarQube Quality Gate Status: ${{ steps.quality-gate.outputs.quality-gate-status }}" # } docker-compose-dry-run: name: Dry Run Docker Compose runs-on: ubuntu-latest needs: quality-gate if: ${{ steps.quality-gate.outputs.quality-gate-status }} == 'PASSED' steps: - name: Checking out uses: actions/checkout@v4 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - name: Generate ephemeral env run: | echo "${{ secrets.RINOA_DOCKER_ENV }}" > ./.env - name: Validate Docker Compose Configuration id: docker-lint run: | docker compose config --no-interpolate --quiet --dry-run EXIT_CODE=$? if [ $? -ne 0 ]; then echo "Docker Compose configuration validation failed." exit 1 else echo "Docker Compose configuration is valid." fi echo "::set-output name=exit_code::$EXIT_CODE" # - name: Docker Compose Lint # uses: sjafferali/docker-compose-lint-action@v0.1.2 # with: # compose-file: './docker-compose.yml' # manual-approval: # name: Manual Approval # needs: docker-compose-test # if: always() # runs-on: self-hosted # steps: # - name: Approval Required # run: | # echo "Manual approval step reached. Please approve to proceed." # exit 1 deploy-changes: name: Merge and Deploy Changes runs-on: ubuntu-latest needs: docker-lint if: steps.docker-lint.outputs.exit_code == 0 steps: - name: Checkout Code uses: actions/checkout@v4 - name: Install & Setup Tea CLI run: | curl -sSL https://dl.gitea.com/tea/main/tea-main-linux-amd64 -o /usr/local/bin/tea chmod +x /usr/local/bin/tea tea login add --name gitea-rinoa --url "${{ secrets.RINOA_GITEA_SERVER }}" --user gitea-sonarqube-bot --token "${{ secrets.BOT_GITEA_TOKEN }}" - name: Merge PR with Tea CLI run: | tea pr m "${{ gitea.event.pull_request.number }}" # - name: Merge Pull Request # uses: prasiman/gocurl@v1 # with: # method: POST # url: "https://${{ secrets.RINOA_GITEA_SERVER }}/api/v1/repos/${{ github.event.repository.owner.login }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }}/merge" # headers: > # Authorization: token ${{ secrets.BOT_GITEA_TOKEN }} - name: Deploy Docker Compose Changes uses: astappiev/docker-compose-remote-action@master with: ssh_host: 192.168.1.254 ssh_user: gitea-deploy ssh_private_key: ${{ secrets.DEPLOY_PRIVATE_SSH_KEY }} ssh_host_public_key: ${{ secrets.DEPLOY_PUBLIC_SSH_KEY }} docker_env: $ {{ secrets.RINOA_DOCKER_ENV }} docker_args: -d --remove-orphans --build --dry-run # uses: alex-ac/github-action-ssh-docker-compose@master # with: # ssh_host: ${{ secrets.DOCKER_HOST }} # ssh_user: ${{ secrets.DOCKER_USER }} # ssh_key: ${{ secrets.DOCKER_SSH_KEY }} # compose_file_path: /path/to/docker-compose.yml # docker_compose_command: "up -d --remove-orphans"