name: Pull request check on: workflow_call: inputs: notification_enabled: description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault" default: false required: false type: boolean custom_notification_hook_enabled: description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)" default: false required: false type: boolean notification_channel: description: "Канал для оповещений о результатах деплоя" default: internal_projects_notifications required: false type: string vault_secrets_base_path: description: 'Базовый путь для секретов проекта в vault' required: false type: string gradle_check_command: description: 'Команда для исполнения в gradle' default: 'test' required: false type: string sonar_enabled: default: false required: false type: boolean secrets: VAULT_ROLE_ID: required: true VAULT_SECRET_ID: required: true env: vault_main_base_path: dev/wilix/main/data/ci jobs: check: name: check and test runs-on: ubuntu-latest steps: - uses: https://github.com/actions/checkout@v3 - uses: https://github.com/actions/setup-java@v3 with: distribution: 'temurin' java-version: 21 check-latest: "false" - uses: https://github.com/gradle/gradle-build-action@v2 with: cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }} - name: run gradle check run: ./gradlew ${{ inputs.gradle_check_command }} - id: import-secrets if: ${{ inputs.sonar_enabled }} uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ; - name: calc sonar cache key if: ${{ inputs.sonar_enabled }} run: echo "SONAR_SETTINGS_HASH=$(sha1sum ${{ github.workspace }}/build.gradle)" >> "$GITHUB_ENV" - id: cache-sonar if: ${{ inputs.sonar_enabled }} uses: https://github.com/actions/cache@v3 with: path: ~/.sonar/cache key: cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }} restore-keys: | cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }} cache-sonar-modules- - name: run gradle sonar scan if: ${{ inputs.sonar_enabled }} run: ./gradlew sonar - name: dockerfile lint check uses: https://github.com/hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile - name: Get general notification url if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }} uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ; - name: Get custom notification url if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }} uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ inputs.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ; - name: prepare failed notification body if: ${{ inputs.notification_enabled && job.status == 'failure' }} uses: https://github.com/finnp/create-file-action@master env: FILE_NAME: "mattermost.json" FILE_DATA: | { "channel": "${{ inputs.notification_channel }}", "attachments": [ { "fallback": "Проверка упала ${{ gitea.repository }}", "text": "@${{ gitea.actor }} упала тестовая сборка", "color": "#FF0000", "fields": [ { "short": true, "title": "Сборка", "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" } ] } ] } - name: loop fail notification if: ${{ inputs.notification_enabled && job.status == 'failure' }} uses: https://github.com/mattermost/action-mattermost-notify@1.1.0