Compare commits

..

1 Commits

20 changed files with 49 additions and 372 deletions

View File

@@ -43,7 +43,7 @@ jobs:
REPO: ${{ gitea.repository }}
- name: Check out repository
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
ref: ${{ inputs.release }}

View File

@@ -1,67 +0,0 @@
name: Get Changelog
on:
workflow_call:
outputs:
release_name:
description: "Name of the created release"
value: ${{ jobs.get_next_release.outputs.release_name }}
changelog:
description: "Release changelog"
value: ${{ jobs.get_next_release.outputs.clean_changelog }}
jobs:
get_next_release:
name: Get Next Release
runs-on: ubuntu-latest
outputs:
release_name: ${{ steps.get_next_version.outputs.tag }}
# changelog: ${{ steps.get_next_version.outputs.changelog }}
clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
steps:
- name: Check out repository
uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Changes since last tag
id: changes
run: |
rm -f .changes
git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
cat .changes
- name: Check for changes
run: |
if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
echo "changes=false"
echo "changes=false" >> "$GITEA_OUTPUT"
else
echo "changes=true"
echo "changes=true" >> "$GITEA_OUTPUT"
fi
- name: Cancel if no changes
if: steps.changes.outputs.changes == 'false'
run: exit 1
- name: Set server URL
id: set_srvurl
run: |
SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
- name: Get next version
uses: TriPSs/conventional-changelog-action@v6
id: get_next_version
with:
git-url: ${{ steps.set_srvurl.outputs.srvurl }}
github-token: ${{ gitea.token }}
preset: "conventionalcommits"
# preset: "angular" # This is the default
skip-commit: true
release-count: 1
output-file: false
create-summary: true
skip-on-empty: true
skip-version-file: true
skip-tag: true

View File

@@ -12,11 +12,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
@@ -24,7 +24,7 @@ jobs:
no-fail: true
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -20,11 +20,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
@@ -32,7 +32,7 @@ jobs:
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
@@ -66,7 +66,7 @@ jobs:
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -20,12 +20,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
@@ -57,7 +57,7 @@ jobs:
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -19,12 +19,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.3.0
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
@@ -32,7 +32,7 @@ jobs:
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
@@ -63,7 +63,7 @@ jobs:
run: uv cache prune --ci
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -17,11 +17,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
@@ -29,7 +29,7 @@ jobs:
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
@@ -58,7 +58,7 @@ jobs:
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -17,12 +17,12 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ inputs.python-version }}"
@@ -51,7 +51,7 @@ jobs:
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

View File

@@ -1,24 +0,0 @@
name: Create Gitea Release Pre-Existing Tag
on:
workflow_call:
inputs:
tag:
required: true
body:
required: false
secrets:
ACTIONS_TOKEN:
required: true
jobs:
create_release:
name: Create Release
runs-on: ubuntu-latest
steps:
- name: Create release
uses: https://git.tainton.uk/actions/create-release-action@v1.1.0
with:
release_name: ${{ inputs.tag }}
tag: ${{ inputs.tag }}
body: ${{ inputs.body }}
token: ${{ secrets.ACTIONS_TOKEN }}

View File

@@ -19,7 +19,7 @@ jobs:
clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
steps:
- name: Check out repository
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
@@ -72,7 +72,7 @@ jobs:
needs: get_next_release
steps:
- name: Check out repository
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0

View File

@@ -1,96 +0,0 @@
name: Docker Compose Deploy Stack
on:
workflow_call:
secrets:
DEPLOY_HOST:
required: true
type: string
DEPLOY_USERNAME:
required: true
type: string
DEPLOY_SSHKEY:
required: true
type: string
DEPLOY_PORT:
required: true
type: string
PUSHOVER_USER_TOKEN:
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: "[ON RUNNER] Notify Build Start"
uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
env:
PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
with:
message: "Deploying stack ${{ gitea.repository }}"
title: 'Stack Deployment Started'
url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
url_title: 'View Logs'
- name: "[ON RUNNER] Checkout the repo"
uses: actions/checkout@v5
- name: "[ON RUNNER] Set project variables"
run: |
projectname="${{ gitea.event.repository.name }}"
echo "project_name=$projectname" >> $GITEA_ENV
echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
- name: "[ON RUNNER] Create env file"
run: |
rm -f ".env"
touch ".env"
echo "$ALLVARS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
echo "$ALLSECRETS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
env:
ALLVARS: ${{ toJSON(vars) }}
ALLSECRETS: ${{ toJSON(secrets) }}
- name: "[ON HOST] Make directory if not exists"
uses: appleboy/ssh-action@v1.2.2
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
key: ${{ secrets.DEPLOY_SSHKEY }}
port: ${{ secrets.DEPLOY_PORT }}
script: |
mkdir -p ${{ env.project_folder }}
- name: "[ON HOST] SCP files to host"
uses: appleboy/scp-action@v1.0.0
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
port: ${{ secrets.DEPLOY_PORT }}
key: ${{ secrets.DEPLOY_SSHKEY }}
source: "./compose.yaml,./.env"
target: "${{ env.project_folder }}/"
- name: "[ON HOST] Deploy Stack"
uses: appleboy/ssh-action@v1.2.2
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
key: ${{ secrets.DEPLOY_SSHKEY }}
port: ${{ secrets.DEPLOY_PORT }}
script: |
cd ${{ env.project_folder }}
docker compose --env-file .env up --detach
- name: "[ON RUNNER] Notify Build End"
uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
env:
PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
with:
message: "Deployed stack ${{ gitea.repository }}"
title: 'Stack Deployment ${{ job.status }}'
url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
url_title: 'View Logs'

View File

@@ -1,65 +0,0 @@
name: Docker Compose Remove Stack
on:
workflow_call:
secrets:
DEPLOY_HOST:
required: true
type: string
DEPLOY_USERNAME:
required: true
type: string
DEPLOY_SSHKEY:
required: true
type: string
DEPLOY_PORT:
required: true
type: string
PUSHOVER_USER_TOKEN:
required: true
type: string
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: "[ON RUNNER] Notify Build Start"
uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
env:
PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
with:
message: "Removing stack ${{ gitea.repository }}"
title: 'Stack Removal Started'
url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
url_title: 'View Logs'
- name: "[ON RUNNER] Set project variables"
run: |
projectname="${{ gitea.event.repository.name }}"
echo "project_name=$projectname" >> $GITEA_ENV
echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
- name: "[ON HOST] Remove Stack"
uses: appleboy/ssh-action@v1.2.2
with:
host: ${{ secrets.DEPLOY_HOST }}
username: ${{ secrets.DEPLOY_USERNAME }}
key: ${{ secrets.DEPLOY_SSHKEY }}
port: ${{ secrets.DEPLOY_PORT }}
script: |
cd ${{ env.project_folder }}
docker compose --env-file .env down
cd ..
rm -rf ${{ env.project_folder }}
- name: "[ON RUNNER] Notify Build End"
uses: https://git.tainton.uk/actions/pushover-action@v1.1.4
env:
PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
with:
message: "Removed stack ${{ gitea.repository }}"
title: 'Stack Removal ${{ job.status }}'
url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
url_title: 'View Logs'

View File

@@ -1,71 +0,0 @@
name: Release w/ Tag
on:
workflow_call:
outputs:
tag_name:
description: "Tag name"
value: ${{ jobs.get_next_release.outputs.release_name }}
changelog:
description: "Changelog"
value: ${{ jobs.get_next_release.outputs.clean_changelog }}
jobs:
get_next_release:
name: Get Next Release
runs-on: ubuntu-latest
outputs:
release_name: ${{ steps.get_next_version.outputs.tag }}
# changelog: ${{ steps.get_next_version.outputs.changelog }}
clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
steps:
- name: Check out repository
uses: actions/checkout@v5.0.0
with:
fetch-depth: 0
- name: Changes since last tag
id: changes
run: |
rm -f .changes
git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
cat .changes
- name: Check for changes
run: |
if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
echo "changes=false"
echo "changes=false" >> "$GITEA_OUTPUT"
else
echo "changes=true"
echo "changes=true" >> "$GITEA_OUTPUT"
fi
- name: Cancel if no changes
if: steps.changes.outputs.changes == 'false'
run: exit 1
- name: Set server URL
id: set_srvurl
run: |
SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
- name: Get next version
uses: TriPSs/conventional-changelog-action@v6
id: get_next_version
with:
git-url: ${{ steps.set_srvurl.outputs.srvurl }}
github-token: ${{ gitea.token }}
preset: "conventionalcommits"
# preset: "angular" # This is the default
skip-commit: true
release-count: 1
output-file: false
create-summary: true
skip-on-empty: true
skip-version-file: true
skip-tag: false
- name: Cancel if no changelog
if: steps.get_next_version.outputs.skipped == 'true'
run: exit 1

View File

@@ -24,7 +24,7 @@ jobs:
success: ${{ steps.set_flag.outputs.success }}
steps:
- name: Check out the repo
uses: actions/checkout@v5
uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
@@ -59,7 +59,7 @@ jobs:
ghcr.io/${{ github.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v3
uses: actions/attest-build-provenance@v2
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}

View File

@@ -12,17 +12,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -34,7 +34,7 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif

View File

@@ -22,17 +22,17 @@ jobs:
PYTHON_VERSION=${{ inputs.python-version }}
echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ steps.python-version.outputs.value }}"
- name: Setup Poetry
@@ -49,7 +49,7 @@ jobs:
poetry run coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -61,6 +61,6 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif

View File

@@ -22,11 +22,11 @@ jobs:
PYTHON_VERSION=${{ inputs.python-version }}
echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ steps.python-version.outputs.value }}"
- name: Setup Poetry
@@ -41,7 +41,7 @@ jobs:
poetry run coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -53,6 +53,6 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif

View File

@@ -22,17 +22,17 @@ jobs:
PYTHON_VERSION=${{ inputs.python-version }}
echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.3.0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ steps.python-version.outputs.value }}"
- name: Update Pip
@@ -50,7 +50,7 @@ jobs:
coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -62,6 +62,6 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif

View File

@@ -22,11 +22,11 @@ jobs:
PYTHON_VERSION=${{ inputs.python-version }}
echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
- name: Check out repository code
uses: actions/checkout@v5.0.0
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v6
uses: actions/setup-python@v5
with:
python-version: "${{ steps.python-version.outputs.value }}"
- name: Update Pip
@@ -44,7 +44,7 @@ jobs:
coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v6.0.0
uses: SonarSource/sonarqube-scan-action@v5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -56,6 +56,6 @@ jobs:
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v4
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif

View File

@@ -17,7 +17,7 @@ jobs:
release_name: ${{ steps.tag_version.outputs.new_tag }}
success: ${{ steps.set_flag.outputs.success }}
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v4
with:
fetch-depth: 0