ilia/ansible
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: Add SonarQube analysis to CI workflow and update host inventory for production environment
Some checks failed
CI / lint-and-test (push) Successful in 57s
Details
CI / ansible-validation (push) Successful in 2m26s
Details
CI / secret-scanning (push) Successful in 1m27s
Details
CI / dependency-scan (push) Successful in 1m32s
Details
CI / sast-scan (push) Successful in 2m6s
Details
CI / license-check (push) Successful in 54s
Details
CI / vault-check (push) Successful in 2m27s
Details
CI / playbook-test (push) Successful in 2m23s
Details
CI / container-scan (push) Successful in 1m33s
Details
CI / sonar-analysis (push) Failing after 1m6s
Details
CI / workflow-summary (push) Successful in 51s
Details

Browse Source
This commit is contained in:
ilia 2025-12-14 20:10:38 -05:00
parent d4ce0a247d
commit d0699d0b7a
4 changed files with 52 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.gitea/workflows/ci.yml
View File

@ -346,9 +346,35 @@ jobs:
fi fi
continue-on-error: true continue-on-error: true
sonar-analysis:
runs-on: ubuntu-latest
container:
image: sonarsource/sonar-scanner-cli:latest
env:
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
steps:
- name: Install Node.js for checkout action
run: |
apt-get update && apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs
- name: Check out code
uses: actions/checkout@v4
- name: Run SonarScanner
run: |
sonar-scanner \
-Dsonar.projectKey=ansible-infra \
-Dsonar.sources=. \
-Dsonar.host.url=${SONAR_HOST_URL} \
-Dsonar.login=${SONAR_TOKEN}
continue-on-error: true
workflow-summary: workflow-summary:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [lint-and-test, ansible-validation, secret-scanning, dependency-scan, sast-scan, license-check, vault-check, playbook-test, container-scan] needs: [lint-and-test, ansible-validation, secret-scanning, dependency-scan, sast-scan, license-check, vault-check, playbook-test, container-scan, sonar-analysis]
if: always() if: always()
steps: steps:
- name: Generate workflow summary - name: Generate workflow summary
@ -368,6 +394,7 @@ jobs:
echo "| 🔒 Vault Check | ${{ needs.vault-check.result }} |" >> $GITHUB_STEP_SUMMARY || true echo "| 🔒 Vault Check | ${{ needs.vault-check.result }} |" >> $GITHUB_STEP_SUMMARY || true
echo "| 📋 Playbook Test | ${{ needs.playbook-test.result }} |" >> $GITHUB_STEP_SUMMARY || true echo "| 📋 Playbook Test | ${{ needs.playbook-test.result }} |" >> $GITHUB_STEP_SUMMARY || true
echo "| 🐳 Container Scan | ${{ needs.container-scan.result }} |" >> $GITHUB_STEP_SUMMARY || true echo "| 🐳 Container Scan | ${{ needs.container-scan.result }} |" >> $GITHUB_STEP_SUMMARY || true
echo "| 🔍 SonarQube Analysis | ${{ needs.sonar-analysis.result }} |" >> $GITHUB_STEP_SUMMARY || true
echo "" >> $GITHUB_STEP_SUMMARY || true echo "" >> $GITHUB_STEP_SUMMARY || true
echo "### 📊 Summary" >> $GITHUB_STEP_SUMMARY || true echo "### 📊 Summary" >> $GITHUB_STEP_SUMMARY || true
echo "" >> $GITHUB_STEP_SUMMARY || true echo "" >> $GITHUB_STEP_SUMMARY || true

8
inventories/production/host_vars/git-ci-01.yml Normal file
View File

@ -0,0 +1,8 @@
# Configure sudo path for git-ci-01
# Sudo may not be in PATH for non-interactive shells
ansible_become_exe: /usr/bin/sudo
ansible_become_method: sudo
# Alternative: if sudo is in a different location, update this
# ansible_become_exe: /usr/local/bin/sudo

10
inventories/production/host_vars/sonarqube-01.yml Normal file
View File

@ -0,0 +1,10 @@
---
# SonarQube host configuration
# Install sudo first, then use sudo for become
# After sudo is installed, this will work:
ansible_become: true
ansible_become_method: sudo
# Configure shell for ladmin user
shell_users:
- ladmin

10
inventories/production/hosts
View File

@ -13,13 +13,15 @@ portainerVM ansible_host=10.0.30.69 ansible_user=ladmin
homepageVM ansible_host=10.0.30.12 ansible_user=homepage homepageVM ansible_host=10.0.30.12 ansible_user=homepage
[vaultwarden] [vaultwarden]
vaultwardenVM ansible_host=100.100.19.11 ansible_host_fallback=10.0.10.142 ansible_user=root vaultwardenVM ansible_host=10.0.10.142 ansible_user=root
[dev] [dev]
dev01 ansible_host=10.0.30.105 ansible_user=ladmin dev01 ansible_host=10.0.30.105 ansible_user=ladmin
bottom ansible_host=10.0.10.156 ansible_user=beast bottom ansible_host=10.0.10.156 ansible_user=beast
debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true debianDesktopVM ansible_host=10.0.10.206 ansible_user=user skip_reboot=true
devGPU ansible_host=10.0.30.63 ansible_user=root devGPU ansible_host=10.0.30.63 ansible_user=root
git-ci-01 ansible_host=10.0.10.223 ansible_user=ladmin
sonarqube-01 ansible_host=10.0.10.54 ansible_user=ladmin
[ansible] [ansible]
ansibleVM ansible_host=10.0.10.157 ansible_user=master ansibleVM ansible_host=10.0.10.157 ansible_user=master
@ -28,9 +30,9 @@ ansibleVM ansible_host=10.0.10.157 ansible_user=master
tailscaleVM ansible_host=100.66.218.53 ansible_user=ladmin tailscaleVM ansible_host=100.66.218.53 ansible_user=ladmin
[services] [services]
caddy ansible_host=100.117.106.18 ansible_host_fallback=10.0.10.50 ansible_user=root caddy ansible_host=10.0.10.50 ansible_user=root
jellyfin ansible_host=100.104.109.45 ansible_host_fallback=10.0.10.232 ansible_user=root jellyfin ansible_host=10.0.10.232 ansible_user=root
listmonk ansible_host=100.73.190.115 ansible_host_fallback=10.0.10.149 ansible_user=root listmonk ansible_host=10.0.10.149 ansible_user=root
nextcloud ansible_host=10.0.10.25 ansible_user=root nextcloud ansible_host=10.0.10.25 ansible_user=root
actual ansible_host=10.0.10.159 ansible_user=root actual ansible_host=10.0.10.159 ansible_user=root
n8n ansible_host=10.0.10.158 ansible_user=root n8n ansible_host=10.0.10.158 ansible_user=root