136 lines
4.6 KiB
YAML
136 lines
4.6 KiB
YAML
name: build-and-push
|
|
#
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- dev
|
|
|
|
env:
|
|
IMAGE_TAG: ${{ github.ref == 'refs/heads/dev' && 'dev' || 'latest' }}
|
|
REPO_URL: https://git.sky-net.it
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: self-hosted
|
|
container:
|
|
image: node:20-alpine
|
|
steps:
|
|
- name: Manual Git Checkout
|
|
run: |
|
|
apk add --no-cache git
|
|
git init
|
|
git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git
|
|
git fetch --depth 1 origin ${{ github.ref }}
|
|
git checkout FETCH_HEAD
|
|
|
|
- name: Install dependencies
|
|
run: npm install
|
|
|
|
- name: Run ESLint
|
|
run: npm run lint
|
|
|
|
sonar:
|
|
needs: lint
|
|
runs-on: self-hosted
|
|
container:
|
|
image: node:20-alpine
|
|
steps:
|
|
- name: Manual Git Checkout and Prepare
|
|
run: |
|
|
apk add --no-cache git curl bash
|
|
git init
|
|
git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git
|
|
git fetch --depth 1 origin ${{ github.ref }}
|
|
git checkout FETCH_HEAD
|
|
|
|
- name: Install Java and Sonar Scanner
|
|
run: |
|
|
apk add --no-cache nodejs npm curl openjdk17-jre unzip
|
|
curl -sSLo /tmp/sonar-scanner-cli.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-6.2.1.4610.zip
|
|
unzip -q /tmp/sonar-scanner-cli.zip -d /opt
|
|
rm /tmp/sonar-scanner-cli.zip
|
|
ls -la /opt/
|
|
ln -sf /opt/sonar-scanner-6.2.1.4610/bin/sonar-scanner /usr/local/bin/sonar-scanner
|
|
which sonar-scanner
|
|
|
|
- name: SonarQube Scan
|
|
env:
|
|
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
|
|
run: |
|
|
WORKDIR=${GITHUB_WORKSPACE:-$PWD}
|
|
HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
|
|
BRANCH_NAME=${GITHUB_REF#refs/heads/}
|
|
PROJECT_KEY=${SONAR_PROJECT_KEY:-}
|
|
if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
|
|
PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
|
|
fi
|
|
if [ -z "$PROJECT_KEY" ]; then
|
|
echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
|
|
exit 1
|
|
fi
|
|
echo "Sonar project key: $PROJECT_KEY"
|
|
echo "Listing workspace:"
|
|
ls -la
|
|
echo "Sample files:"
|
|
find . -maxdepth 2 -type f | head -n 20
|
|
echo "Running local sonar-scanner..."
|
|
echo "SonarQube URL: $HOST_URL"
|
|
sonar-scanner \
|
|
-Dsonar.host.url="$HOST_URL" \
|
|
-Dsonar.token="$SONAR_TOKEN" \
|
|
-Dsonar.projectKey="$PROJECT_KEY" \
|
|
-Dsonar.sources=. \
|
|
-Dsonar.scm.disabled=true \
|
|
-Dsonar.projectBaseDir="$WORKDIR" \
|
|
-Dsonar.branch.name="$BRANCH_NAME" 2>/dev/null || \
|
|
sonar-scanner \
|
|
-Dsonar.host.url="$HOST_URL" \
|
|
-Dsonar.token="$SONAR_TOKEN" \
|
|
-Dsonar.projectKey="$PROJECT_KEY" \
|
|
-Dsonar.sources=. \
|
|
-Dsonar.scm.disabled=true \
|
|
-Dsonar.projectBaseDir="$WORKDIR"
|
|
|
|
docker:
|
|
needs: [lint, sonar]
|
|
runs-on: self-hosted
|
|
container:
|
|
image: node:20-alpine
|
|
steps:
|
|
- name: Network Debugging
|
|
run: |
|
|
apk add --no-cache iputils bind-tools
|
|
cat /etc/resolv.conf
|
|
cat /etc/hosts
|
|
ping -c 4 127.0.0.1
|
|
getent hosts 127.0.0.1
|
|
|
|
- name: Manual Git Checkout
|
|
run: |
|
|
apk add --no-cache git
|
|
git init
|
|
git remote add origin ${{ env.REPO_URL }}/${{ github.repository }}.git
|
|
git fetch --depth 1 origin ${{ github.ref }}
|
|
git checkout FETCH_HEAD
|
|
|
|
- name: Set up Docker Buildx
|
|
run: |
|
|
apk add --no-cache docker-cli docker-cli-compose curl
|
|
mkdir -p ~/.docker/cli-plugins
|
|
curl -SL https://github.com/docker/buildx/releases/download/v0.14.1/buildx-v0.14.1.linux-amd64 -o ~/.docker/cli-plugins/docker-buildx
|
|
chmod +x ~/.docker/cli-plugins/docker-buildx
|
|
|
|
- name: Login to registry
|
|
run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
|
|
|
|
- name: Build image
|
|
run: |
|
|
docker buildx build --load \
|
|
-t "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}" .
|
|
|
|
- name: Push image
|
|
run: |
|
|
docker push "${{ secrets.REGISTRY_IMAGE }}:${{ env.IMAGE_TAG }}"
|