actions/.gitea/workflows/java-pull-request-check-tem...

112 lines
3.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Pull request check
on:
workflow_call:
inputs:
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
gradle_check_command:
description: 'Команда для исполнения в gradle'
default: 'test'
required: false
type: string
sonar_enabled:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
jobs:
check:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- uses: https://github.com/actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
check-latest: "false"
- uses: https://github.com/gradle/gradle-build-action@v2
with:
cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }}
- name: run gradle check
run: ./gradlew ${{ inputs.gradle_check_command }} -i -s
- id: import-secrets
if: ${{ inputs.sonar_enabled }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ;
- name: run gradle sonar scan
if: ${{ inputs.sonar_enabled }}
env:
SONAR_USER_HOME: "/opt/hostedtoolcache/.sonar"
run: ./gradlew sonar -i -s
- name: dockerfile lint check
uses: https://github.com/hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Get notification url
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
dev/wilix/main/ci notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@master