Skip to content

sonar qubecicd

sonar qubecicd #4

Workflow file for this run

name: CI and CD
on:
push:
branches: [main]
pull_request:
jobs:
# ==============
# CI task
# ==============
quality-check:
name: Quality Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Cache SonarQube packages
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Build and analyze
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: ./gradlew build sonar --info
# If you wish to fail your job when the Quality Gate is red, uncomment the
# following lines. This would typically be used to fail a deployment.
- uses: sonarsource/sonarqube-quality-gate-action@master
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build-and-push-docker-image:
name: Build Docker image and push to repositories
runs-on: ubuntu-latest
needs: quality-check
steps:
- uses: actions/checkout@v4
- name: Setup SHA
run: echo "GITHUB_SHA=${GITHUB_SHA}" >> $GITHUB_ENV
- name: Integration test inside Docker-compose cleanup
run: docker-compose -f docker-compose.test.yml down
- name: Integration test inside Docker-compose
run: docker-compose -f docker-compose.test.yml up --build --abort-on-container-exit --exit-code-from it_test
- name: Build the Docker image
run: docker build . --file Dockerfile.multi --tag ghcr.io/aorjoa/devops-java-example:${{ env.GITHUB_SHA }}
- name: Login ghcr.io
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
logout: true
- name: Push to GitHub Container Registry
uses: docker/build-push-action@v2
with:
context: .
tags: |
ghcr.io/aorjoa/devops-java-example:${{ env.GITHUB_SHA }}
# build on feature branches, push only on main branch
push: ${{ github.ref == 'refs/heads/main' }}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
# ==============
# CD task
# ==============
# gitops-versioning:
# runs-on: ubuntu-latest
# needs: build-and-push-docker-image
# steps:
# - name: checkout
# uses: actions/checkout@v4
# with:
# repository: aorjoa/devops-argocd
# persist-credentials: false
# fetch-depth: 0
# - name: change image tag
# run: |
# git --version
# git config user.name "aorjoa"
# git config user.email "[email protected]"
# sed -i -E "s/ghcr.io\/aorjoa-training\/devops-go-example.*$/ghcr.io\/aorjoa-training\/devops-go-example:${GITHUB_SHA}/" kube-gitops/deployment.yml
# git add kube-gitops/deployment.yml
# git commit -m "🤖 change docker image version to ${GITHUB_SHA}"
# - name: push changes
# uses: ad-m/github-push-action@master
# with:
# github_token: ${{ secrets.PAT }}
# repository: aorjoa-training/devops-argocd
# branch: main