actions/.gitea/workflows/java-pull-request-check-tem...

142 lines
5.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Pull request check
on:
workflow_call:
inputs:
notification_enabled:
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
default: false
required: false
type: boolean
custom_notification_hook_enabled:
description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
default: false
required: false
type: boolean
notification_channel:
description: "Канал для оповещений о результатах деплоя"
default: internal_projects_notifications
required: false
type: string
vault_secrets_base_path:
description: 'Базовый путь для секретов проекта в vault'
required: false
type: string
gradle_check_command:
description: 'Команда для исполнения в gradle'
default: 'test'
required: false
type: string
sonar_enabled:
default: false
required: false
type: boolean
secrets:
VAULT_ROLE_ID:
required: true
VAULT_SECRET_ID:
required: true
env:
vault_main_base_path: dev/wilix/main/data/ci
jobs:
check:
name: check and test
runs-on: ubuntu-latest
steps:
- uses: https://github.com/actions/checkout@v3
- uses: https://github.com/actions/setup-java@v3
with:
distribution: 'temurin'
java-version: 17
check-latest: "false"
- uses: https://github.com/gradle/gradle-build-action@v2
with:
cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }}
- name: run gradle check
run: ./gradlew ${{ inputs.gradle_check_command }}
- id: import-secrets
if: ${{ inputs.sonar_enabled }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ;
- name: calc sonar cache key
if: ${{ inputs.sonar_enabled }}
run: echo "SONAR_SETTINGS_HASH=$(sha1sum ${{ github.workspace }}/build.gradle)" >> "$GITHUB_ENV"
- id: cache-sonar
if: ${{ inputs.sonar_enabled }}
uses: https://github.com/actions/cache@v3
with:
path: ~/.sonar/cache
key: cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }}
restore-keys: |
cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }}
cache-sonar-modules-
- name: run gradle sonar scan
if: ${{ inputs.sonar_enabled }}
run: ./gradlew sonar
- name: dockerfile lint check
uses: https://github.com/hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
- name: Get general notification url
if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: Get custom notification url
if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
uses: https://github.com/hashicorp/vault-action@v2
with:
url: https://vault.wilix.dev
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
${{ env.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;
- name: prepare failed notification body
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/finnp/create-file-action@master
env:
FILE_NAME: "mattermost.json"
FILE_DATA: |
{
"channel": "${{ inputs.notification_channel }}",
"attachments": [
{
"fallback": "Проверка упала ${{ gitea.repository }}",
"text": "@${{ gitea.actor }} упала тестовая сборка",
"color": "#FF0000",
"fields": [
{
"short": true,
"title": "Сборка",
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
}
]
}
]
}
- name: loop fail notification
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
uses: https://github.com/mattermost/action-mattermost-notify@master