🔧 chore(ci): update build workflow configuration

- remove container setup from lint job - switch to manual Node.js installation - add detailed sonar-scanner setup and execution steps - introduce docker job with buildx setup and registry login
2026-01-08 12:58:17 +00:00 · 2026-01-08 12:58:17 +00:00 · 7b5e819528
commit 7b5e819528
parent c067ad71fe
1 changed files with 65 additions and 11 deletions
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -12,18 +12,11 @@ env:
 jobs:
  lint:
    runs-on: self-hosted
-    container:
-      image: node:20-alpine  # oder node:20-slim
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-
-
-
-
      - name: Install dependencies
        run: npm ci
-
      - name: Run ESLint
        run: npm run lint

@ -35,10 +28,12 @@ jobs:
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
+      - name: Install Node.js
+        run: |
+          apt-get update
+          apt-get install -y curl
+          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
+          apt-get install -y nodejs
      - name: Install Sonar Scanner (npm)
        run: npm install -g sonarqube-scanner
      - name: SonarQube Scan
@ -101,4 +96,63 @@ jobs:
      - name: Push image
        run: |
          docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"
+        run: |

+
+
+
+          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
+          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
+          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
+            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
+          fi
+          if [ -z "$PROJECT_KEY" ]; then
+            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
+            exit 1
+          fi
+          echo "Sonar project key: $PROJECT_KEY"
+          echo "Listing workspace:"
+          ls -la
+          echo "Sample files:"
+          find . -maxdepth 2 -type f | head -n 20
+          echo "Running local sonar-scanner..."
+          set -- \
+            -Dsonar.host.url="$HOST_URL" \
+            -Dsonar.token="$SONAR_TOKEN" \
+            -Dsonar.projectKey="$PROJECT_KEY" \
+            -Dsonar.sources=. \
+            -Dsonar.scm.disabled=true \
+            -Dsonar.projectBaseDir="$WORKDIR"
+
+          if [ "${SONAR_ENABLE_BRANCH:-}" = "true" ]; then
+            set -- "$@" -Dsonar.branch.name="$BRANCH_NAME"
+          else
+            echo "Branch analysis disabled (requires SonarQube Developer Edition)"
+          fi
+
+          sonar-scanner "$@"
+
+  docker:
+    needs: [lint, sonar]
+    runs-on: self-hosted
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to registry
+        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
+      - name: Build image
+        run: |
+
+          docker buildx build --load \
+            -t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" .
+
+
+      - name: Push image
+        run: |
+          docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"