diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 8fe54a8..ce91ae9 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -1,5 +1,5 @@ name: build-and-push -# test + on: push: branches: @@ -36,57 +36,57 @@ jobs: container: image: node:20-alpine steps: - - name: Manual Git Checkout and Prepare - run: | - apk add --no-cache git curl bash - git init - git remote add origin ${{ env.REPO_URL }}/${{ GITEA_REPO }}.git - git fetch --depth 1 origin ${{ GITEA_REF }} - git checkout FETCH_HEAD + - name: Manual Git Checkout and Prepare + run: | + apk add --no-cache git curl bash + git init + git remote add origin ${{ env.REPO_URL }}/${{ GITEA_REPO }}.git + git fetch --depth 1 origin ${{ GITEA_REF }} + git checkout FETCH_HEAD - - name: Install Node.js and Sonar Scanner - run: | - apk add --no-cache nodejs npm curl - npm install -g sonarqube-scanner + - name: Install Node.js and Sonar Scanner + run: | + apk add --no-cache nodejs npm curl + npm install -g sonarqube-scanner - - name: SonarQube Scan - env: - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} - run: | - WORKDIR=${GITHUB_WORKSPACE:-$PWD} - HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set} - BRANCH_NAME=${GITEA_REF#refs/heads/} - PROJECT_KEY=${SONAR_PROJECT_KEY:-} - if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then - PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r') - fi - if [ -z "$PROJECT_KEY" ]; then - echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2 - exit 1 - fi - echo "Sonar project key: $PROJECT_KEY" - echo "Listing workspace:" - ls -la - echo "Sample files:" - find . -maxdepth 2 -type f | head -n 20 - echo "Running local sonar-scanner..." - set -- \ - -Dsonar.host.url="$HOST_URL" \ - -Dsonar.token="$SONAR_TOKEN" \ - -Dsonar.projectKey="$PROJECT_KEY" \ - -Dsonar.sources=. \ - -Dsonar.scm.disabled=true \ - -Dsonar.projectBaseDir="$WORKDIR" + - name: SonarQube Scan + env: + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} + run: | + WORKDIR=${GITHUB_WORKSPACE:-$PWD} + HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set} + BRANCH_NAME=${GITEA_REF#refs/heads/} + PROJECT_KEY=${SONAR_PROJECT_KEY:-} + if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then + PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r') + fi + if [ -z "$PROJECT_KEY" ]; then + echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2 + exit 1 + fi + echo "Sonar project key: $PROJECT_KEY" + echo "Listing workspace:" + ls -la + echo "Sample files:" + find . -maxdepth 2 -type f | head -n 20 + echo "Running local sonar-scanner..." + set -- \ + -Dsonar.host.url="$HOST_URL" \ + -Dsonar.token="$SONAR_TOKEN" \ + -Dsonar.projectKey="$PROJECT_KEY" \ + -Dsonar.sources=. \ + -Dsonar.scm.disabled=true \ + -Dsonar.projectBaseDir="$WORKDIR" - if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then - set -- "$@" -Dsonar.branch.name="$BRANCH_NAME" - else - echo "Branch analysis disabled (requires SonarQube Developer Edition)" - fi + if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then + set -- "$@" -Dsonar.branch.name="$BRANCH_NAME" + else + echo "Branch analysis disabled (requires SonarQube Developer Edition)" + fi - sonar-scanner "$@" + sonar-scanner "$@" docker: needs: [lint, sonar] @@ -124,6 +124,3 @@ jobs: - name: Push image run: | docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" - - -