Define configuration structure
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
This commit is contained in:
parent
99cd1366f8
commit
84e9aa1152
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@
|
|||
.idea/
|
||||
node_modules/
|
||||
vendor/
|
||||
config/
|
||||
|
|
45
README.md
45
README.md
|
@ -6,6 +6,14 @@ this [won't be added in near future](https://github.com/SonarSource/sonarqube/pu
|
|||
_Gitea SonarQube PR Bot_ aims to fill the gap between working on pull requests and being notified on quality changes.
|
||||
Luckily, both endpoints have a proper REST API to communicate with each others.
|
||||
|
||||
## Table of Contents
|
||||
|
||||
- [Gitea SonarQube PR Bot](#gitea-sonarqube-pr-bot)
|
||||
- [Workflow](#workflow)
|
||||
- [Setup](#setup)
|
||||
- [Bot configuration](#bot-configuration)
|
||||
- [Contributing](#contributing)
|
||||
- [License](#license)
|
||||
|
||||
## Workflow
|
||||
|
||||
|
@ -26,38 +34,21 @@ Luckily, both endpoints have a proper REST API to communicate with each others.
|
|||
-> updates comment (/repos/{owner}/{repo}/issues/comments/{id})
|
||||
-> updates status check (either failing/success)
|
||||
|
||||
## Authentication
|
||||
## Setup
|
||||
|
||||
- Gitea
|
||||
- User with token to access the REST API
|
||||
- User needs "Read project" permissions with (??at least??) access to "Pull Requests"
|
||||
- SonarQube
|
||||
- User with token to access the REST API
|
||||
- User needs "Browse on project" permissions
|
||||
**SonarQube**
|
||||
- Create a user and grant permissions to "Browse on project" for the desired project
|
||||
- Create a token for this user that will be used by the bot.
|
||||
- Create a webhook pointing to `https://<bot-url>/sonarqube`. Consider securing it with a secret.
|
||||
|
||||
**Gitea**
|
||||
- Create a user and grant permissions to "Read project" for the desired projects including access to "Pull Requests"
|
||||
- Create a token for this user that will be used by the bot.
|
||||
- Create a project/organization/system webhook pointing to `https://<bot-url>/gitea`. Consider securing it with a secret.
|
||||
|
||||
## Bot configuration
|
||||
|
||||
- SonarQube
|
||||
- Base URL
|
||||
- Token
|
||||
- Webhook Secret
|
||||
- Gitea
|
||||
- Base URL
|
||||
- Token
|
||||
- Webhook Secret
|
||||
|
||||
|
||||
## SonarQube configuration
|
||||
|
||||
- Add user with necessary permissions
|
||||
- Create webhook pointing to the bot url (secure it with webhook secret)
|
||||
|
||||
|
||||
## Gitea configuration
|
||||
|
||||
- Add user with necessary permissions
|
||||
- Create webhook on a project/organization pointing to the bot url (secure it with webhook secret)
|
||||
See [config.example.yaml](config/config.example.yaml) for a full configuration specification and description.
|
||||
|
||||
## Contributing
|
||||
|
||||
|
|
53
config/config.example.yaml
Normal file
53
config/config.example.yaml
Normal file
|
@ -0,0 +1,53 @@
|
|||
# Gitea related configuration. Necessary for adding/updating comments on repository pull requests
|
||||
gitea:
|
||||
# API endpoint of your Gitea instance. Must be the API base path as shown in Swagger UI.
|
||||
url: https://try.gitea.io/api/v1
|
||||
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Read project" permissions with access to "Pull Requests"
|
||||
token: <...>
|
||||
|
||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
||||
# request will be ignored.
|
||||
# The bot looks for `X-Gitea-Signature` header containing the sha256 hmac hash of the plain text secret. If the header
|
||||
# exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be validated.
|
||||
webhookSecret: {}
|
||||
# # either plain text
|
||||
# value: <...>
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/gitea/webhook/secret
|
||||
|
||||
# List of repository the used Gitea account has access to and shall be handled by the bot. Other repository webhooks
|
||||
# will be ignored.
|
||||
# A repository specification contains the owner name and the repository name itself. The owner can be the name of a
|
||||
# real account or an organization in which the repository is located.
|
||||
repositories:
|
||||
- owner: justusbunsi
|
||||
name: example-repo
|
||||
- owner: my-organization
|
||||
name: example-repo
|
||||
|
||||
|
||||
# SonarQube related configuration. Necessary for requesting data from the API and processing the webhook.
|
||||
sonarqube:
|
||||
# API endpoint of your SonarQube instance.
|
||||
url: https://sonarcloud.io/api
|
||||
|
||||
# Created access token for the user that shall be used as bot account.
|
||||
# User needs "Browse on project" permissions
|
||||
token: <...>
|
||||
|
||||
# If the sent webhook has a signature header, the bot validates the request payload. If the value does not match, the
|
||||
# request will be ignored.
|
||||
# The bot looks for `X-Sonar-Webhook-HMAC-SHA256` header containing the sha256 hmac hash of the plain text secret.
|
||||
# If the header exists and no webhookSecret is defined here, the bot will ignore the request, because it cannot be
|
||||
# validated.
|
||||
webhookSecret: {}
|
||||
# # either plain text
|
||||
# value: <...>
|
||||
# # or path to file containing the plain text secret
|
||||
# file: /path/to/gitea/webhook/secret
|
||||
|
||||
projects:
|
||||
- project-1
|
||||
- project-2
|
Loading…
Reference in a new issue