Skip to content

chore(sonar): try another sonar report #75

chore(sonar): try another sonar report

chore(sonar): try another sonar report #75

Workflow file for this run

---
name: CI + CD
on:
push:
branches:
- "**"
env:
DEV_PORT: 50505
STAGING_PORT: 50506
PROD_PORT: 50507
jobs:
credentials-check:
name: "[PR] GitGuardian scan"
if: false # or in another case, there will be "Error: Server is not responding as expected."
runs-on: kiryuxa-1
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # fetch all history so multiple commits can be scanned
- name: GitGuardian scan
uses: GitGuardian/ggshield-action@v1
env:
GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
client-linter:
name: "[CLIENT] Linter"
runs-on: kiryuxa-1
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Run linter
run: ./tools/scripts/client/runLinter.sh
client-static-analyzer:
name: "[CLIENT] Static Analyzer"
runs-on: kiryuxa-2
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Install dependencies
run: cd ./client && npm install
- name: Run Static Analyzer
run: ./tools/scripts/client/runStaticAnalyzer.sh
server-linter:
name: "[SERVER] Linter"
runs-on: kiryuxa-2
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Checkout Code
uses: actions/checkout@v4
- name: Run linter
run: ./tools/scripts/server/runLinter.sh
server-static-analyzer:
name: "[SERVER] Static Analyzer"
runs-on: kiryuxa-2
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Checkout Code
uses: actions/checkout@v4
- name: Run static analyzer
run: ./tools/scripts/server/runStaticAnalyzer.sh
build:
name: "[SERVER] Run SonarQube"
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Set up JDK 17
uses: actions/setup-java@v1
with:
java-version: 17
- name: Cache SonarQube packages
uses: actions/cache@v1
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Gradle packages
uses: actions/cache@v1
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Build and analyze
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
run: (cd ./server && ./gradlew build sonar --info)
# - uses: phwt/sonarqube-quality-gate-action@v1
# id: quality-gate-check
# with:
# sonar-project-key: "bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1"
# sonar-host-url: ${{ secrets.SONAR_HOST_URL }}
# sonar-token: ${{ secrets.SONAR_TOKEN }}
# github-token: ${{ secrets.GH_TOKEN }}
# branch: main # Optional input
- name: Comment results and findings on Pull Request
uses: zxkane/sonar-quality-gate@master
if: always()
env:
DEBUG: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_URL: "https://api.github.com"
GIT_TOKEN: ${{ secrets.GH_TOKEN }}
SONAR_URL: http://88.201.171.120:9000
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1
with:
login: ${{ secrets.SONAR_TOKEN }}
skipScanner: true
# test:
# runs-on: ubuntu-22.04
# steps:
# sonar-report:
# name: "[SERVER] Sonar Report"
# runs-on: ubuntu-22.04
# steps:
# - name: Checkout
# uses: actions/[email protected]
# with:
# fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
# - name: Set up Sonar Quality Gate
# uses: dieuhd/sonar-quality-gate@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
# GIT_URL: "https://api.github.com"
# GIT_TOKEN: ${{ secrets.GH_TOKEN }}
# SONAR_URL: ${{ secrets.SONAR_HOST_URL }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# SONAR_PROJECT_KEY: "bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1"
# with:
# login: ${{ secrets.SONAR_TOKEN }}
# url: ${{ secrets.SONAR_HOST_URL }}
# projectKey: "bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1"
server-unit-tests:
name: "[SERVER] Unit Tests"
runs-on: kiryuxa-3
permissions:
contents: read
issues: read
checks: write
pull-requests: write
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Checkout Code
uses: actions/checkout@v4
- name: Run Unit Tests
env:
MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
run: ./tools/scripts/server/runUnitTests.sh
# - name: Publish Unit Test Results
# if: always()
# uses: EnricoMi/[email protected]
# with:
# files: ./**/**/build/test-results/**/*.xml
# report_individual_runs: true
- name: Gather reports
uses: actions/upload-artifact@v2
if: always()
with:
name: reports
path: ./**/**/build/reports
deploy-dev:
name: "[SERVER] Deploy to Dev"
needs:
- credentials-check
- client-linter
- client-static-analyzer
- server-linter
- server-static-analyzer
- server-unit-tests
runs-on: ubuntu-22.04
environment:
name: dev
url: http://dev.muse.kiryuxa.com
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Check out the repo
uses: actions/checkout@v4
- name: Log in to Docker Hub
run: docker login -u myshx -p ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build Server Docker Image
run: >
./tools/scripts/server/buildJar.sh
docker build . -t "myshx/muse-server:dev-${{ github.sha }}" -f ./server/Dockerfile
- name: Push Server Docker Image
run: docker push "myshx/muse-server:dev-${{ github.sha }}"
- name: Run server at home lab
uses: appleboy/ssh-action@master
env:
GIT_COMMIT_SHA: ${{ github.sha }}
DEV_PORT: ${{ env.DEV_PORT }}
with:
debug: true
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
port: ${{ secrets.SERVER_PORT }}
envs: GIT_COMMIT_SHA, DEV_PORT
script: >
echo "one"
export GIT_COMMIT_SHA=$GIT_COMMIT_SHA
echo "two"
export DEV_PORT=$DEV_PORT
echo "three"
dev_container_ids=$(docker inspect --format='{{.Config.Image}} {{.Id}}' $(docker ps -aq) | grep -E 'myshx/muse-server:dev-\b[0-9a-f]{40}\b' | awk '{print $2}')
echo "four"
dev_image_ids=$(docker inspect --format='{{.Config.Image}} {{.Image}}' $(docker ps -aq) | grep -E 'myshx/muse-server:dev-\b[0-9a-f]{40}\b' | awk '{print $2}')
echo "five"
for container_id in $dev_container_ids; do
docker stop "$container_id"
done
echo "seven"
for container_id in $dev_container_ids; do
docker rm "$container_id"
done
echo "eight"
for image_id in $dev_image_ids; do
docker rmi -f "$image_id";
done
echo "nine"
docker run -d -p $DEV_PORT:8080 "myshx/muse-server:dev-$GIT_COMMIT_SHA"
echo "ten"
deploy-staging:
name: "[SERVER] Deploy to Staging"
if: github.event.ref == 'refs/heads/main'
needs:
- credentials-check
- client-linter
- client-static-analyzer
- server-linter
- server-static-analyzer
- server-unit-tests
runs-on: ubuntu-22.04
environment:
name: staging
url: http://staging.muse.kiryuxa.com
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Check out the repo
uses: actions/checkout@v4
- name: Log in to Docker Hub
run: docker login -u myshx -p ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build Server Docker Image
run: >
./tools/scripts/server/buildJar.sh
docker build . -t "myshx/muse-server:staging-${{ github.sha }}" -f ./server/Dockerfile
- name: Push Server Docker Image
run: docker push "myshx/muse-server:staging-${{ github.sha }}"
- name: Run server at home lab
uses: appleboy/ssh-action@master
env:
GIT_COMMIT_SHA: ${{ github.sha }}
STAGING_PORT: ${{ env.STAGING_PORT }}
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
port: ${{ secrets.SERVER_PORT }}
envs: GIT_COMMIT_SHA, STAGING_PORT
script: >
export GIT_COMMIT_SHA=$GIT_COMMIT_SHA
export STAGING_PORT=$STAGING_PORT
staging_container_ids=$(docker inspect --format='{{.Config.Image}} {{.Id}}' $(docker ps -aq) | grep -E 'myshx/muse-server:staging-\b[0-9a-f]{40}\b' | awk '{print $2}')
staging_image_ids=$(docker inspect --format='{{.Config.Image}} {{.Image}}' $(docker ps -aq) | grep -E 'myshx/muse-server:staging-\b[0-9a-f]{40}\b' | awk '{print $2}')
for container_id in $staging_container_ids; do
docker stop "$container_id"
done
for container_id in $staging_container_ids; do
docker rm "$container_id"
done
for image_id in $staging_image_ids; do
docker rmi -f "$image_id";
done
docker run -d -p $STAGING_PORT:8080 "myshx/muse-server:staging-$GIT_COMMIT_SHA"
deploy-prod:
name: "[SERVER] Deploy to Prod"
needs:
- deploy-staging
runs-on: ubuntu-22.04
environment:
name: prod
url: http://prod.muse.kiryuxa.com
steps:
- name: Set up JDK 21 (Temurin)
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "21.0"
- name: Check out the repo
uses: actions/checkout@v4
- name: Log in to Docker Hub
run: docker login -u myshx -p ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build Server Docker Image
run: >
./tools/scripts/server/buildJar.sh
docker build . -t "myshx/muse-server:prod-${{ github.sha }}" -f ./server/Dockerfile
- name: Push Server Docker Image
run: docker push "myshx/muse-server:prod-${{ github.sha }}"
- name: Run server at home lab
uses: appleboy/ssh-action@master
env:
GIT_COMMIT_SHA: ${{ github.sha }}
PROD_PORT: ${{ env.PROD_PORT }}
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USERNAME }}
password: ${{ secrets.SERVER_PASSWORD }}
port: ${{ secrets.SERVER_PORT }}
envs: GIT_COMMIT_SHA, PROD_PORT
script: >
export GIT_COMMIT_SHA=$GIT_COMMIT_SHA
export PROD_PORT=$PROD_PORT
prod_container_ids=$(docker inspect --format='{{.Config.Image}} {{.Id}}' $(docker ps -aq) | grep -E 'myshx/muse-server:prod-\b[0-9a-f]{40}\b' | awk '{print $2}')
prod_image_ids=$(docker inspect --format='{{.Config.Image}} {{.Image}}' $(docker ps -aq) | grep -E 'myshx/muse-server:prod-\b[0-9a-f]{40}\b' | awk '{print $2}')
for container_id in $prod_container_ids; do
docker stop "$container_id"
done
for container_id in $prod_container_ids; do
docker rm "$container_id"
done
for image_id in $prod_image_ids; do
docker rmi -f "$image_id";
done
docker run -d -p $PROD_PORT:8080 "myshx/muse-server:prod-$GIT_COMMIT_SHA"