free-games-claimer/.forgejo/workflows/build.yml

name: build-and-push

on:
  push:
    branches:
      - main

jobs:
  lint:
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: Install dependencies
        run: npm ci
      - name: Run ESLint
        run: npm run lint

  sonar:
    needs: lint
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: SonarQube Scan
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
        run: |
          HOST_URL=${SONAR_HOST_URL:-https://sonata.cyber77.de}
          PROJECT_KEY="${SONAR_PROJECT_KEY}"
          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
          fi
          PROJECT_KEY=${PROJECT_KEY:-free-games-claimer}
          docker run --rm \
            -e SONAR_HOST_URL="$HOST_URL" \
            -e SONAR_TOKEN="$SONAR_TOKEN" \
            -v "$PWD:/usr/src" \
            -w /usr/src \
            sonarsource/sonar-scanner-cli \
            sonar-scanner \
              -Dsonar.host.url="$HOST_URL" \
              -Dsonar.token="$SONAR_TOKEN" \
              -Dsonar.projectKey="${PROJECT_KEY:-free-games-claimer}" \
              -Dsonar.sources=. \
              -Dsonar.scm.provider=git \
              -Dsonar.projectBaseDir=/usr/src

  docker:
    needs: [lint, sonar]
    runs-on: self-hosted
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Checkout
        uses: actions/checkout@v4

      - name: Login to registry
        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin

      - name: Build image
        run: |
          docker buildx build --load \
            -t "${{ secrets.REGISTRY_IMAGE }}:latest" .

      - name: Push image
        run: |
          docker push "${{ secrets.REGISTRY_IMAGE }}:latest"