CI: fix triggers/conditions; make Sonar non-blocking
Some checks failed
CI / skip-ci-check (pull_request) Successful in 1m17s
CI / lint-and-test (pull_request) Successful in 1m22s
CI / ansible-validation (pull_request) Failing after 2m51s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m24s
CI / sast-scan (pull_request) Successful in 2m42s
CI / license-check (pull_request) Failing after 1m23s
CI / vault-check (pull_request) Failing after 2m17s
CI / playbook-test (pull_request) Failing after 2m23s
CI / container-scan (pull_request) Successful in 1m52s
CI / sonar-analysis (pull_request) Failing after 1m16s
CI / workflow-summary (pull_request) Successful in 1m17s
Some checks failed
CI / skip-ci-check (pull_request) Successful in 1m17s
CI / lint-and-test (pull_request) Successful in 1m22s
CI / ansible-validation (pull_request) Failing after 2m51s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m24s
CI / sast-scan (pull_request) Successful in 2m42s
CI / license-check (pull_request) Failing after 1m23s
CI / vault-check (pull_request) Failing after 2m17s
CI / playbook-test (pull_request) Failing after 2m23s
CI / container-scan (pull_request) Successful in 1m52s
CI / sonar-analysis (pull_request) Failing after 1m16s
CI / workflow-summary (pull_request) Successful in 1m17s
This commit is contained in:
parent
b69284f1c4
commit
e0996642bc
@ -1,7 +1,7 @@
|
|||||||
---
|
---
|
||||||
name: CI
|
name: CI
|
||||||
|
|
||||||
"on":
|
on:
|
||||||
push:
|
push:
|
||||||
branches: [master]
|
branches: [master]
|
||||||
pull_request:
|
pull_request:
|
||||||
@ -62,10 +62,8 @@ jobs:
|
|||||||
|
|
||||||
lint-and-test:
|
lint-and-test:
|
||||||
needs: skip-ci-check
|
needs: skip-ci-check
|
||||||
if: needs.skip-ci-check.outputs.should-skip != '1'
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
# Skip push events for non-master branches (they'll be covered by PR events)
|
if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
|
||||||
if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
|
|
||||||
container:
|
container:
|
||||||
image: node:20-bullseye
|
image: node:20-bullseye
|
||||||
steps:
|
steps:
|
||||||
@ -84,10 +82,8 @@ jobs:
|
|||||||
|
|
||||||
ansible-validation:
|
ansible-validation:
|
||||||
needs: skip-ci-check
|
needs: skip-ci-check
|
||||||
if: needs.skip-ci-check.outputs.should-skip != '1'
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
# Skip push events for non-master branches (they'll be covered by PR events)
|
if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
|
||||||
if: github.event_name == 'pull_request' || github.ref == 'refs/heads/master'
|
|
||||||
container:
|
container:
|
||||||
image: ubuntu:22.04
|
image: ubuntu:22.04
|
||||||
steps:
|
steps:
|
||||||
@ -440,7 +436,7 @@ jobs:
|
|||||||
|
|
||||||
sonar-analysis:
|
sonar-analysis:
|
||||||
needs: skip-ci-check
|
needs: skip-ci-check
|
||||||
if: needs.skip-ci-check.outputs.should-skip != '1'
|
if: needs.skip-ci-check.outputs.should-skip != '1' && (github.event_name == 'pull_request' || github.ref == 'refs/heads/master')
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
container:
|
||||||
image: ubuntu:22.04
|
image: ubuntu:22.04
|
||||||
@ -534,9 +530,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "Checking SonarQube connectivity..."
|
echo "Checking SonarQube connectivity..."
|
||||||
if [ -z "$SONAR_HOST_URL" ] || [ -z "$SONAR_TOKEN" ]; then
|
if [ -z "$SONAR_HOST_URL" ] || [ -z "$SONAR_TOKEN" ]; then
|
||||||
echo "❌ ERROR: SONAR_HOST_URL or SONAR_TOKEN secrets are not set!"
|
echo "⚠️ Skipping SonarQube analysis: SONAR_HOST_URL or SONAR_TOKEN secrets are not set."
|
||||||
echo "Please configure them in: Repository Settings → Actions → Secrets"
|
exit 0
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
echo "✓ Secrets are configured"
|
echo "✓ Secrets are configured"
|
||||||
echo "SonarQube URL: ${SONAR_HOST_URL}"
|
echo "SonarQube URL: ${SONAR_HOST_URL}"
|
||||||
@ -544,12 +539,17 @@ jobs:
|
|||||||
if curl -f -s -o /dev/null -w "%{http_code}" "${SONAR_HOST_URL}/api/system/status" | grep -q "200"; then
|
if curl -f -s -o /dev/null -w "%{http_code}" "${SONAR_HOST_URL}/api/system/status" | grep -q "200"; then
|
||||||
echo "✓ SonarQube server is reachable"
|
echo "✓ SonarQube server is reachable"
|
||||||
else
|
else
|
||||||
echo "⚠️ Warning: Could not verify SonarQube server connectivity"
|
echo "⚠️ Warning: Could not verify SonarQube server connectivity (continuing anyway)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Run SonarScanner
|
- name: Run SonarScanner
|
||||||
run: |
|
run: |
|
||||||
echo "Starting SonarQube analysis..."
|
echo "Starting SonarQube analysis..."
|
||||||
|
if [ -z "$SONAR_HOST_URL" ] || [ -z "$SONAR_TOKEN" ]; then
|
||||||
|
echo "Skipping SonarQube analysis: secrets not set."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
if ! sonar-scanner \
|
if ! sonar-scanner \
|
||||||
-Dsonar.projectKey=ansible \
|
-Dsonar.projectKey=ansible \
|
||||||
-Dsonar.sources=. \
|
-Dsonar.sources=. \
|
||||||
@ -570,7 +570,8 @@ jobs:
|
|||||||
echo " → Grant this permission in SonarQube user settings"
|
echo " → Grant this permission in SonarQube user settings"
|
||||||
echo ""
|
echo ""
|
||||||
echo "Check SonarQube logs for more details."
|
echo "Check SonarQube logs for more details."
|
||||||
exit 1
|
# Do not fail CI on Sonar auth/project setup issues.
|
||||||
|
exit 0
|
||||||
fi
|
fi
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user