diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b113191..17c93c9 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -7,7 +7,69 @@ on: pull_request: jobs: + # Check if CI should be skipped based on branch name or commit message + skip-ci-check: + runs-on: ubuntu-latest + outputs: + should-skip: ${{ steps.check.outputs.skip }} + steps: + - name: Check out code (for commit message) + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Check if CI should be skipped + id: check + run: | + # Centralized skip patterns - add more here as needed + SKIP_PATTERNS="skip-ci,no-ci,skip ci,[skip ci],[ci skip]" + + # Get branch name (works for both push and PR) + # For PRs, GITHUB_HEAD_REF contains the branch name + BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" + + # Get commit message (works for both push and PR) + # Try multiple sources for commit message + COMMIT_MSG="${GITHUB_EVENT_HEAD_COMMIT_MESSAGE:-}" + if [ -z "$COMMIT_MSG" ]; then + # For PRs, try pull request head commit + COMMIT_MSG="${GITHUB_EVENT_PULL_REQUEST_HEAD_COMMIT_MESSAGE:-}" + fi + if [ -z "$COMMIT_MSG" ]; then + # Fallback: try to get from git log (requires checkout) + COMMIT_MSG=$(git log -1 --pretty=%B 2>/dev/null || echo "") + fi + + SKIP=0 + + # Check branch name (case-insensitive) + for pattern in $(echo $SKIP_PATTERNS | tr ',' ' '); do + if echo "$BRANCH_NAME" | grep -qi "$pattern"; then + echo "Skipping CI: branch name contains '$pattern'" + SKIP=1 + break + fi + done + + # Check commit message (case-insensitive) + if [ $SKIP -eq 0 ] && [ -n "$COMMIT_MSG" ]; then + for pattern in $(echo $SKIP_PATTERNS | tr ',' ' '); do + if echo "$COMMIT_MSG" | grep -qi "$pattern"; then + echo "Skipping CI: commit message contains '$pattern'" + SKIP=1 + break + fi + done + fi + + echo "skip=$SKIP" >> $GITHUB_OUTPUT + echo "Branch: $BRANCH_NAME" + echo "Commit: ${COMMIT_MSG:0:50}..." + echo "Skip CI: $SKIP" + lint-and-test: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: node:20-bullseye @@ -26,6 +88,8 @@ jobs: continue-on-error: true ansible-validation: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: ubuntu:22.04 @@ -60,6 +124,8 @@ jobs: continue-on-error: true secret-scanning: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: zricethezav/gitleaks:latest @@ -78,6 +144,8 @@ jobs: continue-on-error: true dependency-scan: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: aquasec/trivy:latest @@ -93,6 +161,8 @@ jobs: run: trivy fs --scanners vuln,secret --exit-code 0 . sast-scan: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: ubuntu:22.04 @@ -116,6 +186,8 @@ jobs: continue-on-error: true license-check: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: node:20-bullseye @@ -136,6 +208,8 @@ jobs: continue-on-error: true vault-check: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: ubuntu:22.04 @@ -182,6 +256,8 @@ jobs: echo "All vault files are properly encrypted!" playbook-test: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: ubuntu:22.04 @@ -224,6 +300,8 @@ jobs: continue-on-error: true container-scan: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: ubuntu:22.04 @@ -273,6 +351,8 @@ jobs: continue-on-error: true sonar-analysis: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' runs-on: ubuntu-latest container: image: sonarsource/sonar-scanner-cli:latest diff --git a/inventories/production/hosts b/inventories/production/hosts index eebc7a8..b5ae8bd 100644 --- a/inventories/production/hosts +++ b/inventories/production/hosts @@ -7,23 +7,13 @@ # `playbooks/app/site.yml` (it uses `add_host` based on `app_projects`). # You generally do NOT need to add project hosts here. -[gitea] -giteaVM ansible_host=10.0.30.169 ansible_user=root - -[portainer] -portainerVM ansible_host=10.0.30.69 ansible_user=ladmin - -[homepage] -homepageVM ansible_host=10.0.30.12 ansible_user=homepage - -[vaultwarden] -vaultwardenVM ansible_host=10.0.10.142 ansible_user=ladmin - [dev] dev01 ansible_host=10.0.30.105 ansible_user=ladmin bottom ansible_host=10.0.10.156 ansible_user=beast debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true devGPU ansible_host=10.0.30.63 ansible_user=root + +[qa] git-ci-01 ansible_host=10.0.10.223 ansible_user=ladmin sonarqube-01 ansible_host=10.0.10.54 ansible_user=ladmin @@ -38,8 +28,14 @@ caddy ansible_host=10.0.10.50 ansible_user=root jellyfin ansible_host=10.0.10.232 ansible_user=root listmonk ansible_host=10.0.10.149 ansible_user=root nextcloud ansible_host=10.0.10.25 ansible_user=root -actual ansible_host=10.0.10.159 ansible_user=root +actual ansible_host=10.0.10.158 ansible_user=root +vikanjans ansible_host=10.0.10.159 ansible_user=root n8n ansible_host=10.0.10.158 ansible_user=root +giteaVM ansible_host=10.0.30.169 ansible_user=root +portainerVM ansible_host=10.0.30.69 ansible_user=ladmin +homepageVM ansible_host=10.0.30.12 ansible_user=homepage +vaultwardenVM ansible_host=10.0.10.142 ansible_user=ladmin +qBittorrent ansible_host=10.0.10.91 ansible_user=root port=8080 [desktop] desktop-beast ansible_host=100.117.34.106 ansible_user=beast