From e0996642bc1e9eaa4b3c68270490c9696429abe5 Mon Sep 17 00:00:00 2001
From: ilia <idobkin@gmail.com>
Date: Thu, 1 Jan 2026 13:03:47 -0500
Subject: [PATCH] CI: fix triggers/conditions; make Sonar non-blocking

---
 .gitea/workflows/ci.yml | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index eb323a7..cd95abf 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -1,7 +1,7 @@
 ---
 name: CI
 
-"on":
+on:
   push:
     branches: [master]
   pull_request:
@@ -62,10 +62,8 @@ jobs:
 
   lint-and-test:
     needs: skip-ci-check
-    if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
-    # Skip push events for non-master branches (they'll be covered by PR events)
-    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+    if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
     container:
       image: node:20-bullseye
     steps:
@@ -84,10 +82,8 @@ jobs:
 
   ansible-validation:
     needs: skip-ci-check
-    if: needs.skip-ci-check.outputs.should-skip != '1'
     runs-on: ubuntu-latest
-    # Skip push events for non-master branches (they'll be covered by PR events)
-    if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
+    if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
     container:
       image: ubuntu:22.04
     steps:
@@ -440,7 +436,7 @@ jobs:
 
   sonar-analysis:
     needs: skip-ci-check
-    if: needs.skip-ci-check.outputs.should-skip != '1'
+    if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
     runs-on: ubuntu-latest
     container:
       image: ubuntu:22.04
@@ -534,9 +530,8 @@ jobs:
         run: |
           echo "Checking SonarQube connectivity..."
           if [ -z "$SONAR_HOST_URL" ] || [ -z "$SONAR_TOKEN" ]; then
-            echo "❌ ERROR: SONAR_HOST_URL or SONAR_TOKEN secrets are not set!"
-            echo "Please configure them in: Repository Settings → Actions → Secrets"
-            exit 1
+            echo "⚠️ Skipping SonarQube analysis: SONAR_HOST_URL or SONAR_TOKEN secrets are not set."
+            exit 0
           fi
           echo "✓ Secrets are configured"
           echo "SonarQube URL: ${SONAR_HOST_URL}"
@@ -544,12 +539,17 @@ jobs:
           if curl -f -s -o /dev/null -w "%{http_code}" "${SONAR_HOST_URL}/api/system/status" | grep -q "200"; then
             echo "✓ SonarQube server is reachable"
           else
-            echo "⚠️ Warning: Could not verify SonarQube server connectivity"
+            echo "⚠️ Warning: Could not verify SonarQube server connectivity (continuing anyway)"
           fi
 
       - name: Run SonarScanner
         run: |
           echo "Starting SonarQube analysis..."
+          if [ -z "$SONAR_HOST_URL" ] || [ -z "$SONAR_TOKEN" ]; then
+            echo "Skipping SonarQube analysis: secrets not set."
+            exit 0
+          fi
+
           if ! sonar-scanner \
             -Dsonar.projectKey=ansible \
             -Dsonar.sources=. \
@@ -570,7 +570,8 @@ jobs:
             echo "     → Grant this permission in SonarQube user settings"
             echo ""
             echo "Check SonarQube logs for more details."
-            exit 1
+            # Do not fail CI on Sonar auth/project setup issues.
+            exit 0
           fi
         continue-on-error: true