125 lines
4.3 KiB
YAML
125 lines
4.3 KiB
YAML
name: Pull request check
|
||
on:
|
||
workflow_call:
|
||
inputs:
|
||
notification_enabled:
|
||
description: "Включение оповещений о разворачивании, требуется иметь url для оповещений в vault"
|
||
default: false
|
||
required: false
|
||
type: boolean
|
||
notification_channel:
|
||
description: "Канал для оповещений о результатах деплоя"
|
||
default: internal_projects_notifications
|
||
required: false
|
||
type: string
|
||
vault_secrets_base_path:
|
||
description: 'Базовый путь для секретов проекта в vault'
|
||
required: false
|
||
type: string
|
||
gradle_check_command:
|
||
description: 'Команда для исполнения в gradle'
|
||
default: 'test'
|
||
required: false
|
||
type: string
|
||
sonar_enabled:
|
||
default: false
|
||
required: false
|
||
type: boolean
|
||
secrets:
|
||
VAULT_ROLE_ID:
|
||
required: true
|
||
VAULT_SECRET_ID:
|
||
required: true
|
||
|
||
jobs:
|
||
check:
|
||
name: check and test
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: https://github.com/actions/checkout@v3
|
||
- uses: https://github.com/actions/setup-java@v3
|
||
with:
|
||
distribution: 'temurin'
|
||
java-version: 17
|
||
check-latest: "false"
|
||
- uses: https://github.com/gradle/gradle-build-action@v2
|
||
with:
|
||
cache-read-only: ${{ gitea.ref != 'refs/heads/master' && gitea.ref != 'refs/heads/develop' }}
|
||
|
||
- name: run gradle check
|
||
run: ./gradlew ${{ inputs.gradle_check_command }} -i -s
|
||
|
||
- id: import-secrets
|
||
if: ${{ inputs.sonar_enabled }}
|
||
uses: https://github.com/hashicorp/vault-action@v2
|
||
with:
|
||
url: https://vault.wilix.dev
|
||
method: approle
|
||
roleId: ${{ secrets.VAULT_ROLE_ID }}
|
||
secretId: ${{ secrets.VAULT_SECRET_ID }}
|
||
secrets: |
|
||
${{ inputs.vault_secrets_base_path }} sonarqube_token | SONAR_TOKEN ;
|
||
|
||
- name: Cache sonar modules
|
||
id: cache-sonar
|
||
uses: actions/cache@v3
|
||
env:
|
||
cache-name: cache-sonar-modules
|
||
with:
|
||
path: /opt/hostedtoolcache/.sonar/
|
||
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
|
||
restore-keys: |
|
||
${{ runner.os }}-build-${{ env.cache-name }}-
|
||
${{ runner.os }}-build-
|
||
${{ runner.os }}-
|
||
|
||
- name: run gradle sonar scan
|
||
if: ${{ inputs.sonar_enabled }}
|
||
env:
|
||
SONAR_USER_HOME: "/opt/hostedtoolcache/.sonar"
|
||
run: ./gradlew sonar -i -s
|
||
|
||
- name: dockerfile lint check
|
||
uses: https://github.com/hadolint/hadolint-action@v3.1.0
|
||
with:
|
||
dockerfile: Dockerfile
|
||
|
||
- name: Get notification url
|
||
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
|
||
uses: https://github.com/hashicorp/vault-action@v2
|
||
with:
|
||
url: https://vault.wilix.dev
|
||
method: approle
|
||
roleId: ${{ secrets.VAULT_ROLE_ID }}
|
||
secretId: ${{ secrets.VAULT_SECRET_ID }}
|
||
secrets: |
|
||
dev/wilix/main/ci notification_url | MATTERMOST_WEBHOOK_URL ;
|
||
|
||
- name: prepare failed notification body
|
||
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
|
||
uses: https://github.com/finnp/create-file-action@master
|
||
env:
|
||
FILE_NAME: "mattermost.json"
|
||
FILE_DATA: |
|
||
{
|
||
"channel": "${{ inputs.notification_channel }}",
|
||
"attachments": [
|
||
{
|
||
"fallback": "Проверка упала ${{ gitea.repository }}",
|
||
"text": "@${{ gitea.actor }} упала тестовая сборка",
|
||
"color": "#FF0000",
|
||
"fields": [
|
||
{
|
||
"short": true,
|
||
"title": "Сборка",
|
||
"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
|
||
- name: loop fail notification
|
||
if: ${{ inputs.notification_enabled && job.status == 'failure' }}
|
||
uses: https://github.com/mattermost/action-mattermost-notify@master
|