Add CI skip check for branch name and commit message

- Introduce a new job in the CI workflow to determine if CI should be skipped based on specific patterns in the branch name or commit message. - Update existing jobs to depend on the skip check, ensuring that CI processes are only executed when necessary. - Enhance the overall efficiency of the CI pipeline by preventing unnecessary runs for certain commits.
2025-12-28 23:05:46 -05:00 · 2025-12-28 23:05:46 -05:00 · 38e1f9e86a
commit 38e1f9e86a
parent 9b647515ee
2 changed files with 89 additions and 13 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -8,7 +8,69 @@ on:
    types: [opened, synchronize, reopened]

 jobs:
+  # Check if CI should be skipped based on branch name or commit message
+  skip-ci-check:
+    runs-on: ubuntu-latest
+    outputs:
+      should-skip: ${{ steps.check.outputs.skip }}
+    steps:
+      - name: Check out code (for commit message)
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      
+      - name: Check if CI should be skipped
+        id: check
+        run: |
+          # Centralized skip patterns - add more here as needed
+          SKIP_PATTERNS="skip-ci,no-ci,skip ci,[skip ci],[ci skip]"
+          
+          # Get branch name (works for both push and PR)
+          # For PRs, GITHUB_HEAD_REF contains the branch name
+          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          
+          # Get commit message (works for both push and PR)
+          # Try multiple sources for commit message
+          COMMIT_MSG="${GITHUB_EVENT_HEAD_COMMIT_MESSAGE:-}"
+          if [ -z "$COMMIT_MSG" ]; then
+            # For PRs, try pull request head commit
+            COMMIT_MSG="${GITHUB_EVENT_PULL_REQUEST_HEAD_COMMIT_MESSAGE:-}"
+          fi
+          if [ -z "$COMMIT_MSG" ]; then
+            # Fallback: try to get from git log (requires checkout)
+            COMMIT_MSG=$(git log -1 --pretty=%B 2>/dev/null || echo "")
+          fi
+          
+          SKIP=0
+          
+          # Check branch name (case-insensitive)
+          for pattern in $(echo $SKIP_PATTERNS | tr ',' ' '); do
+            if echo "$BRANCH_NAME" | grep -qi "$pattern"; then
+              echo "Skipping CI: branch name contains '$pattern'"
+              SKIP=1
+              break
+            fi
+          done
+          
+          # Check commit message (case-insensitive)
+          if [ $SKIP -eq 0 ] && [ -n "$COMMIT_MSG" ]; then
+            for pattern in $(echo $SKIP_PATTERNS | tr ',' ' '); do
+              if echo "$COMMIT_MSG" | grep -qi "$pattern"; then
+                echo "Skipping CI: commit message contains '$pattern'"
+                SKIP=1
+                break
+              fi
+            done
+          fi
+          
+          echo "skip=$SKIP" >> $GITHUB_OUTPUT
+          echo "Branch: $BRANCH_NAME"
+          echo "Commit: ${COMMIT_MSG:0:50}..."
+          echo "Skip CI: $SKIP"
+
  lint-and-test:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    # Skip push events for non-master branches (they'll be covered by PR events)
    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
@ -29,6 +91,8 @@ jobs:
        continue-on-error: true

  ansible-validation:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    # Skip push events for non-master branches (they'll be covered by PR events)
    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
@ -65,6 +129,8 @@ jobs:
        continue-on-error: true

  secret-scanning:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: zricethezav/gitleaks:latest
@ -83,6 +149,8 @@ jobs:
        continue-on-error: true

  dependency-scan:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: aquasec/trivy:latest
@ -98,6 +166,8 @@ jobs:
        run: trivy fs --scanners vuln,secret --exit-code 0 .

  sast-scan:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: ubuntu:22.04
@ -121,6 +191,8 @@ jobs:
        continue-on-error: true

  license-check:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: node:20-bullseye
@ -141,6 +213,8 @@ jobs:
        continue-on-error: true

  vault-check:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: ubuntu:22.04
@ -187,6 +261,8 @@ jobs:
          echo "All vault files are properly encrypted!"

  playbook-test:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: ubuntu:22.04
@ -232,6 +308,8 @@ jobs:
        continue-on-error: true

  container-scan:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: ubuntu:22.04
@ -302,6 +380,8 @@ jobs:
        continue-on-error: true

  sonar-analysis:
+    needs: skip-ci-check
+    if: needs.skip-ci-check.outputs.should-skip != '1'
    runs-on: ubuntu-latest
    container:
      image: ubuntu:22.04
--- a/inventories/production/hosts
+++ b/inventories/production/hosts
@ -7,23 +7,13 @@
 # `playbooks/app/site.yml` (it uses `add_host` based on `app_projects`).
 # You generally do NOT need to add project hosts here.

-[gitea]
-giteaVM ansible_host=10.0.30.169 ansible_user=root
-
-[portainer]
-portainerVM ansible_host=10.0.30.69 ansible_user=ladmin
-
-[homepage]
-homepageVM ansible_host=10.0.30.12 ansible_user=homepage
-
-[vaultwarden]
-vaultwardenVM ansible_host=10.0.10.142 ansible_user=ladmin
-
 [dev]
 dev01 ansible_host=10.0.30.105 ansible_user=ladmin
 bottom ansible_host=10.0.10.156 ansible_user=beast
 debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true
 devGPU ansible_host=10.0.30.63 ansible_user=root
+
+[qa]
 git-ci-01 ansible_host=10.0.10.223 ansible_user=ladmin
 sonarqube-01 ansible_host=10.0.10.54 ansible_user=ladmin
 dev02 ansible_host=10.0.10.100 ansible_user=ladmin
@ -40,8 +30,14 @@ caddy ansible_host=10.0.10.50 ansible_user=root
 jellyfin ansible_host=10.0.10.232 ansible_user=root
 listmonk ansible_host=10.0.10.149 ansible_user=root
 nextcloud ansible_host=10.0.10.25 ansible_user=root
-actual ansible_host=10.0.10.159 ansible_user=root
+actual ansible_host=10.0.10.158 ansible_user=root
+vikanjans ansible_host=10.0.10.159 ansible_user=root
 n8n ansible_host=10.0.10.158 ansible_user=root
+giteaVM ansible_host=10.0.30.169 ansible_user=root
+portainerVM ansible_host=10.0.30.69 ansible_user=ladmin
+homepageVM ansible_host=10.0.30.12 ansible_user=homepage
+vaultwardenVM ansible_host=10.0.10.142 ansible_user=ladmin
+qBittorrent ansible_host=10.0.10.91 ansible_user=root port=8080

 [desktop]
 desktop-beast ansible_host=100.117.34.106 ansible_user=beast