actions/.gitea/workflows/java-pull-request-check-tem...

123 lines
4.3 KiB
YAML
Raw Normal View History

name: Pull request check
on:
workflow_call:
inputs:
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
gradle_check_command:
description: 'Команда для исполнения в gradle'
default: 'test'
required: false
type: string
sonar_enabled:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
jobs:
2023-06-07 16:12:36 +00:00
check:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- uses: https://github.com/actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
check-latest: "false"
- uses: https://github.com/gradle/gradle-build-action@v2
with:
cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }}
- name: run gradle check
run: ./gradlew ${{ inputs.gradle_check_command }} -i -s
- id: import-secrets
if: ${{ inputs.sonar_enabled }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ;
2023-06-09 09:55:17 +00:00
- name: Cache sonar modules
id: cache-sonar
uses: actions/cache@v3
env:
cache-name: cache-sonar-modules
with:
path: /opt/hostedtoolcache/.sonar/
2023-06-09 10:04:06 +00:00
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/build.gradle','**/settings.gradle') }}
2023-06-09 09:55:17 +00:00
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: run gradle sonar scan
if: ${{ inputs.sonar_enabled }}
run: ./gradlew sonar -i -s
- name: dockerfile lint check
uses: https://github.com/hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Get notification url
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
2023-06-06 12:15:15 +00:00
dev/wilix/main/ci notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@master