actions/.gitea/workflows/java-pull-request-check-template.yml

name: Pull request check
on:
  workflow_call:
    inputs:
      notification_enabled:
        description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
        default: false
        required: false
        type: boolean
      custom_notification_hook_enabled:
        description: "Использовать ли кастомный url хук для оповещений (должен лежать в vault секрете проекта)"
        default: false
        required: false
        type: boolean
      notification_channel:
        description: "Канал для оповещений о результатах деплоя"
        default: internal_projects_notifications
        required: false
        type: string
      vault_secrets_base_path:
        description: 'Базовый путь для секретов проекта в vault'
        required: false
        type: string
      gradle_check_command:
        description: 'Команда для исполнения в gradle'
        default: 'test'
        required: false
        type: string
      sonar_enabled:
        default: false
        required: false
        type: boolean
    secrets:
      VAULT_ROLE_ID:
        required: true
      VAULT_SECRET_ID:
        required: true

env:
  vault_main_base_path: dev/wilix/main/data/ci

jobs:
  check:
    name: check and test
    runs-on: ubuntu-latest
    steps:
      - uses: https://github.com/actions/checkout@v3
      - uses: https://github.com/actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: 17
          check-latest: "false"
      - uses: https://github.com/gradle/gradle-build-action@v2
        with:
          cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }}

      - name: run gradle check
        run: ./gradlew ${{ inputs.gradle_check_command }}

      - id: import-secrets
        if: ${{ inputs.sonar_enabled }}
        uses: https://github.com/hashicorp/vault-action@v2
        with:
          url: https://vault.wilix.dev
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            ${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ;            

      - name: calc sonar cache key
        if: ${{ inputs.sonar_enabled }}
        run: echo "SONAR_SETTINGS_HASH=$(sha1sum ${{ github.workspace }}/build.gradle)" >> "$GITHUB_ENV"
      - id: cache-sonar
        if: ${{ inputs.sonar_enabled }}
        uses: https://github.com/actions/cache@v3
        with:
          path: ~/.sonar/cache
          key: cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }}
          restore-keys: |
            cache-sonar-modules-${{ env.SONAR_SETTINGS_HASH }}
            cache-sonar-modules-            

      - name: run gradle sonar scan
        if: ${{ inputs.sonar_enabled }}
        run: ./gradlew sonar

      - name: dockerfile lint check
        uses: https://github.com/hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile

      - name: Get general notification url
        if: ${{ inputs.notification_enabled && ! inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
        uses: https://github.com/hashicorp/vault-action@v2
        with:
          url: https://vault.wilix.dev
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            ${{ env.vault_main_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;            

      - name: Get custom notification url
        if: ${{ inputs.notification_enabled && inputs.custom_notification_hook_enabled && (job.status == 'success' || job.status == 'failure') }}
        uses: https://github.com/hashicorp/vault-action@v2
        with:
          url: https://vault.wilix.dev
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            ${{ env.vault_secrets_base_path }} notification_url | MATTERMOST_WEBHOOK_URL ;            

      - name: prepare failed notification body
        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
        uses: https://github.com/finnp/create-file-action@master
        env:
          FILE_NAME: "mattermost.json"
          FILE_DATA: |
            {
              "channel": "${{ inputs.notification_channel }}",
              "attachments": [
                {
                  "fallback": "Проверка упала ${{ gitea.repository }}",
                  "text": "@${{ gitea.actor }} упала тестовая сборка",
                  "color": "#FF0000",
                  "fields": [
                    {
                      "short": true,
                      "title": "Сборка",
                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
                    }
                  ]
                }
              ]
            }            

      - name: loop fail notification
        if: ${{ inputs.notification_enabled && job.status == 'failure' }}
        uses: https://github.com/mattermost/action-mattermost-notify@master