name: Pull request check on: workflow_call: inputs: notification_enabled: description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault" default: false required: false type: boolean notification_channel: description: "Канал для оповещений о результатах деплоя" default: internal_projects_notifications required: false type: string vault_secrets_base_path: description: 'Базовый путь для секретов проекта в vault' required: false type: string gradle_check_command: description: 'Команда для исполнения в gradle' default: 'test' required: false type: string sonar_enabled: default: false required: false type: boolean secrets: VAULT_ROLE_ID: required: true VAULT_SECRET_ID: required: true jobs: check: name: check and test runs-on: ubuntu-latest steps: - uses: https://github.com/actions/checkout@v3 - uses: https://github.com/actions/setup-java@v3 with: distribution: 'temurin' java-version: 17 check-latest: "false" - uses: https://github.com/gradle/gradle-build-action@v2 with: cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }} - name: run gradle check run: ./gradlew ${{ inputs.gradle_check_command }} -i -s - id: import-secrets if: ${{ inputs.sonar_enabled }} uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | ${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ; - name: Cache sonar modules id: cache-sonar uses: actions/cache@v3 env: cache-name: cache-sonar-modules with: path: /opt/hostedtoolcache/.sonar/ key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }} restore-keys: | ${{ runner.os }}-build-${{ env.cache-name }}- ${{ runner.os }}-build- ${{ runner.os }}- - name: run gradle sonar scan if: ${{ inputs.sonar_enabled }} env: SONAR_USER_HOME: "/opt/hostedtoolcache/.sonar" run: ./gradlew sonar -i -s - name: dockerfile lint check uses: https://github.com/hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile - name: Get notification url if: ${{ inputs.notification_enabled && job.status == 'failure' }} uses: https://github.com/hashicorp/vault-action@v2 with: url: https://vault.wilix.dev method: approle roleId: ${{ secrets.VAULT_ROLE_ID }} secretId: ${{ secrets.VAULT_SECRET_ID }} secrets: | dev/wilix/main/ci notification_url | MATTERMOST_WEBHOOK_URL ; - name: prepare failed notification body if: ${{ inputs.notification_enabled && job.status == 'failure' }} uses: https://github.com/finnp/create-file-action@master env: FILE_NAME: "mattermost.json" FILE_DATA: | { "channel": "${{ inputs.notification_channel }}", "attachments": [ { "fallback": "Проверка упала ${{ gitea.repository }}", "text": "@${{ gitea.actor }} упала тестовая сборка", "color": "#FF0000", "fields": [ { "short": true, "title": "Сборка", "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" } ] } ] } - name: loop fail notification if: ${{ inputs.notification_enabled && job.status == 'failure' }} uses: https://github.com/mattermost/action-mattermost-notify@master