From 92bd1d7d2f1b91e97363070d661f0cbe6198a466 Mon Sep 17 00:00:00 2001 From: Stanislav Melnichuk Date: Tue, 30 May 2023 19:40:19 +0300 Subject: [PATCH] First version of java project pr check workflow. --- .../java-pull-request-check-template.yml | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 .gitea/workflows/java-pull-request-check-template.yml diff --git a/.gitea/workflows/java-pull-request-check-template.yml b/.gitea/workflows/java-pull-request-check-template.yml new file mode 100644 index 0000000..3796e36 --- /dev/null +++ b/.gitea/workflows/java-pull-request-check-template.yml @@ -0,0 +1,104 @@ +name: Pull request check +on: + workflow_call: + inputs: + notification_enabled: + description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault" + default: false + required: false + type: boolean + notification_channel: + description: "Канал для оповещений о результатах деплоя" + default: internal_projects_notifications + required: false + type: string + vault_secrets_base_path: + description: 'Базовый путь для секретов проекта в vault' + required: false + type: string + sonar_enabled: + default: false + required: false + type: boolean + secrets: + VAULT_ROLE_ID: + required: true + VAULT_SECRET_ID: + required: true + +jobs: + lint: + name: check and test + runs-on: ubuntu-latest + steps: + - uses: https://github.com/actions/checkout@v3 + - uses: https://github.com/actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: 17 + check-latest: "false" + - uses: https://github.com/gradle/gradle-build-action@v2 + with: + cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }} + + - name: run gradle check + run: ./gradlew test -i -s + + - id: import-secrets + if: ${{ inputs.sonar_enabled }} + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + ${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ; + + - name: run gradle sonar scan + if: ${{ inputs.sonar_enabled }} + run: ./gradlew sonar -i -s + + - name: dockerfile lint check + uses: https://github.com/hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + + - name: Get notification url + if: ${{ inputs.notification_enabled && job.status == 'failure' }} + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + ${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ; + + - name: prepare failed notification body + if: ${{ inputs.notification_enabled && job.status == 'failure' }} + uses: https://github.com/finnp/create-file-action@master + env: + FILE_NAME: "mattermost.json" + FILE_DATA: | + { + "channel": "${{ inputs.notification_channel }}", + "attachments": [ + { + "fallback": "Проверка упала ${{ gitea.repository }}", + "text": "@${{ gitea.actor }} упала тестовая сборка", + "color": "#FF0000", + "fields": [ + { + "short": true, + "title": "Сборка", + "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" + } + ] + } + ] + } + + - name: loop fail notification + if: ${{ inputs.notification_enabled && job.status == 'failure' }} + uses: https://github.com/mattermost/action-mattermost-notify@master