Fix: Add SonarQube analysis to CI workflow and update host inventory for production environment
Some checks failed
CI / lint-and-test (push) Successful in 57s
CI / ansible-validation (push) Successful in 2m26s
CI / secret-scanning (push) Successful in 1m27s
CI / dependency-scan (push) Successful in 1m32s
CI / sast-scan (push) Successful in 2m6s
CI / license-check (push) Successful in 54s
CI / vault-check (push) Successful in 2m27s
CI / playbook-test (push) Successful in 2m23s
CI / container-scan (push) Successful in 1m33s
CI / sonar-analysis (push) Failing after 1m6s
CI / workflow-summary (push) Successful in 51s
Some checks failed
CI / lint-and-test (push) Successful in 57s
CI / ansible-validation (push) Successful in 2m26s
CI / secret-scanning (push) Successful in 1m27s
CI / dependency-scan (push) Successful in 1m32s
CI / sast-scan (push) Successful in 2m6s
CI / license-check (push) Successful in 54s
CI / vault-check (push) Successful in 2m27s
CI / playbook-test (push) Successful in 2m23s
CI / container-scan (push) Successful in 1m33s
CI / sonar-analysis (push) Failing after 1m6s
CI / workflow-summary (push) Successful in 51s
This commit is contained in:
ilia
parent
d4ce0a247d
commit
d0699d0b7a
@ -346,9 +346,35 @@ jobs:
|
||||
fi
|
||||
continue-on-error: true
|
||||
|
||||
sonar-analysis:
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: sonarsource/sonar-scanner-cli:latest
|
||||
env:
|
||||
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
steps:
|
||||
- name: Install Node.js for checkout action
|
||||
run: |
|
||||
apt-get update && apt-get install -y curl
|
||||
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
|
||||
apt-get install -y nodejs
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Run SonarScanner
|
||||
run: |
|
||||
sonar-scanner \
|
||||
-Dsonar.projectKey=ansible-infra \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.host.url=${SONAR_HOST_URL} \
|
||||
-Dsonar.login=${SONAR_TOKEN}
|
||||
continue-on-error: true
|
||||
|
||||
workflow-summary:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [lint-and-test, ansible-validation, secret-scanning, dependency-scan, sast-scan, license-check, vault-check, playbook-test, container-scan]
|
||||
needs: [lint-and-test, ansible-validation, secret-scanning, dependency-scan, sast-scan, license-check, vault-check, playbook-test, container-scan, sonar-analysis]
|
||||
if: always()
|
||||
steps:
|
||||
- name: Generate workflow summary
|
||||
@ -368,6 +394,7 @@ jobs:
|
||||
echo "| 🔒 Vault Check | ${{ needs.vault-check.result }} |" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "| 📋 Playbook Test | ${{ needs.playbook-test.result }} |" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "| 🐳 Container Scan | ${{ needs.container-scan.result }} |" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "| 🔍 SonarQube Analysis | ${{ needs.sonar-analysis.result }} |" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "### 📊 Summary" >> $GITHUB_STEP_SUMMARY || true
|
||||
echo "" >> $GITHUB_STEP_SUMMARY || true
|
||||
|
||||
8
inventories/production/host_vars/git-ci-01.yml
Normal file
8
inventories/production/host_vars/git-ci-01.yml
Normal file
@ -0,0 +1,8 @@
|
||||
# Configure sudo path for git-ci-01
|
||||
# Sudo may not be in PATH for non-interactive shells
|
||||
ansible_become_exe: /usr/bin/sudo
|
||||
ansible_become_method: sudo
|
||||
|
||||
# Alternative: if sudo is in a different location, update this
|
||||
# ansible_become_exe: /usr/local/bin/sudo
|
||||
|
||||
10
inventories/production/host_vars/sonarqube-01.yml
Normal file
10
inventories/production/host_vars/sonarqube-01.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
# SonarQube host configuration
|
||||
# Install sudo first, then use sudo for become
|
||||
# After sudo is installed, this will work:
|
||||
ansible_become: true
|
||||
ansible_become_method: sudo
|
||||
# Configure shell for ladmin user
|
||||
shell_users:
|
||||
- ladmin
|
||||
|
||||
@ -13,13 +13,15 @@ portainerVM ansible_host=10.0.30.69 ansible_user=ladmin
|
||||
homepageVM ansible_host=10.0.30.12 ansible_user=homepage
|
||||
|
||||
[vaultwarden]
|
||||
vaultwardenVM ansible_host=100.100.19.11 ansible_host_fallback=10.0.10.142 ansible_user=root
|
||||
vaultwardenVM ansible_host=10.0.10.142 ansible_user=root
|
||||
|
||||
[dev]
|
||||
dev01 ansible_host=10.0.30.105 ansible_user=ladmin
|
||||
bottom ansible_host=10.0.10.156 ansible_user=beast
|
||||
debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true
|
||||
devGPU ansible_host=10.0.30.63 ansible_user=root
|
||||
git-ci-01 ansible_host=10.0.10.223 ansible_user=ladmin
|
||||
sonarqube-01 ansible_host=10.0.10.54 ansible_user=ladmin
|
||||
|
||||
[ansible]
|
||||
ansibleVM ansible_host=10.0.10.157 ansible_user=master
|
||||
@ -28,9 +30,9 @@ ansibleVM ansible_host=10.0.10.157 ansible_user=master
|
||||
tailscaleVM ansible_host=100.66.218.53 ansible_user=ladmin
|
||||
|
||||
[services]
|
||||
caddy ansible_host=100.117.106.18 ansible_host_fallback=10.0.10.50 ansible_user=root
|
||||
jellyfin ansible_host=100.104.109.45 ansible_host_fallback=10.0.10.232 ansible_user=root
|
||||
listmonk ansible_host=100.73.190.115 ansible_host_fallback=10.0.10.149 ansible_user=root
|
||||
caddy ansible_host=10.0.10.50 ansible_user=root
|
||||
jellyfin ansible_host=10.0.10.232 ansible_user=root
|
||||
listmonk ansible_host=10.0.10.149 ansible_user=root
|
||||
nextcloud ansible_host=10.0.10.25 ansible_user=root
|
||||
actual ansible_host=10.0.10.159 ansible_user=root
|
||||
n8n ansible_host=10.0.10.158 ansible_user=root
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user