name: build-and-push on: push: branches: - main - dev env: IMAGE_TAG: ${{ github.ref == 'refs/heads/dev' && 'dev' || 'latest' }} REPO_URL: https://git.sky-net.it jobs: lint: runs-on: self-hosted container: image: node:20-alpine steps: - name: Manual Git Checkout run: | apk add --no-cache git git init git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git git fetch --depth 1 origin ${{ github.ref }} git checkout FETCH_HEAD - name: Install dependencies run: npm install - name: Run ESLint run: npm run lint sonar: needs: lint runs-on: self-hosted container: image: node:20-alpine steps: - name: Manual Git Checkout and Prepare run: | apk add --no-cache git curl bash git init git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git git fetch --depth 1 origin ${{ github.ref }} git checkout FETCH_HEAD - name: Install Java and Sonar Scanner run: | apk add --no-cache nodejs npm curl openjdk17-jre curl -sSLo /tmp/sonar-scanner-cli.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip unzip -q /tmp/sonar-scanner-cli.zip -d /opt rm /tmp/sonar-scanner-cli.zip ln -sf /opt/sonar-scanner-6.2.1.4610-linux-x64/bin/sonar-scanner /usr/local/bin/sonar-scanner - name: SonarQube Scan env: SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }} run: | WORKDIR=${GITHUB_WORKSPACE:-$PWD} HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set} BRANCH_NAME=${GITHUB_REF#refs/heads/} PROJECT_KEY=${SONAR_PROJECT_KEY:-} if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r') fi if [ -z "$PROJECT_KEY" ]; then echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2 exit 1 fi echo "Sonar project key: $PROJECT_KEY" echo "Listing workspace:" ls -la echo "Sample files:" find . -maxdepth 2 -type f | head -n 20 echo "Running local sonar-scanner..." sonar-scanner \ -Dsonar.host.url="$HOST_URL" \ -Dsonar.token="$SONAR_TOKEN" \ -Dsonar.projectKey="$PROJECT_KEY" \ -Dsonar.sources=. \ -Dsonar.scm.disabled=true \ -Dsonar.projectBaseDir="$WORKDIR" \ -Dsonar.branch.name="$BRANCH_NAME" 2>/dev/null || \ sonar-scanner \ -Dsonar.host.url="$HOST_URL" \ -Dsonar.token="$SONAR_TOKEN" \ -Dsonar.projectKey="$PROJECT_KEY" \ -Dsonar.sources=. \ -Dsonar.scm.disabled=true \ -Dsonar.projectBaseDir="$WORKDIR" docker: needs: [lint, sonar] runs-on: self-hosted container: image: node:20-alpine steps: - name: Network Debugging run: | apk add --no-cache iputils bind-tools cat /etc/resolv.conf cat /etc/hosts ping -c 4 server getent hosts server - name: Manual Git Checkout run: | git init git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git git fetch --depth 1 origin ${{ github.ref }} git checkout FETCH_HEAD - name: Set up Docker Buildx run: | apk add --no-cache docker-cli docker-cli-compose - name: Login to registry run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin - name: Build image run: | docker buildx build --load \ -t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" . - name: Push image run: | docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"