refactor(ci): update image registry variables and rename sonarqube stage to quality

Author: subrotokumar

.gitlab-ci.yml

@@ -8,8 +8,8 @@ variables:
   GO_VERSION: "1.25.6"
 
   # Image tags
-  BACKEND_IMAGE: "${CI_REGISTRY_IMAGE}/backend"
-  TRANSCODER_IMAGE: "${CI_REGISTRY_IMAGE}/transcoder"
+  BACKEND_IMAGE: "${IMAGE_REGISTRY}/backend"
+  TRANSCODER_IMAGE: "${IMAGE_REGISTRY}/transcoder"
 
   # Security scanning
   TRIVY_VERSION: "0.48.0"
@@ -31,7 +31,7 @@ variables:
 stages:
   - lint
   - test
-  - sonarqube
+  - quality
   - build
   - container-scan
   - publish
@@ -127,8 +127,8 @@ test:unit:
     - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
     - if: '$CI_COMMIT_TAG'
 
-sonarqube:check:
-  stage: sonarqube
+quality:sonarqube:
+  stage: quality
   image: 
     name: sonarsource/sonar-scanner-cli:latest
     entrypoint: [""]
@@ -138,8 +138,12 @@ sonarqube:check:
       - .sonar/cache
   script:
     - sonar-scanner
-  dependencies:
-    - test:unit
+  artifacts:
+    paths:
+      - .scannerwork/report-task.txt
+    expire_in: 1 hour
+  needs:
+  - test:unit
   allow_failure: true
   rules:
     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
@@ -149,76 +153,36 @@ sonarqube:check:
     variables:
       - $SONAR_TOKEN
 
-sonarcloud:quality-gate:
-  stage: sonarqube
-  image:
-    name: sonarsource/sonar-scanner-cli:latest
-    entrypoint: [""]
-
-  script:
-    # - apt install --no-cache curl jq
-    - |
-      TASK_URL=$(grep ceTaskUrl .scannerwork/report-task.txt | cut -d'=' -f2-)
-      echo "CE Task URL: $TASK_URL"
-
-      # Poll analysis status
-      for i in $(seq 1 30); do
-        RESPONSE=$(curl -s -u "${SONAR_TOKEN}:" "$TASK_URL")
-        STATUS=$(echo "$RESPONSE" | jq -r '.task.status')
-        echo "Analysis status: $STATUS"
-
-        if [ "$STATUS" = "SUCCESS" ]; then
-          ANALYSIS_ID=$(echo "$RESPONSE" | jq -r '.task.analysisId')
-
-          QG_STATUS=$(curl -s \
-            -u "${SONAR_TOKEN}:" \
-            "https://sonarcloud.io/api/qualitygates/project_status?analysisId=${ANALYSIS_ID}" \
-            | jq -r '.projectStatus.status')
-
-          echo "Quality Gate status: $QG_STATUS"
-
-          if [ "$QG_STATUS" != "OK" ]; then
-            echo "❌ Quality Gate FAILED"
-            exit 1
-          fi
-
-          echo "✅ Quality Gate PASSED"
-          exit 0
-        fi
-
-        sleep 5
-      done
-
-      echo "❌ Timeout waiting for Quality Gate"
-      exit 1
-
-  needs:
-    - sonarqube:check
-
-  rules:
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
-    - if: '$CI_COMMIT_TAG'
-  timeout: 30s
-  allow_failure: false
-
-# ==================== BUILD STAGE ====================
-
 .build_template: &build_template
   stage: build
-  image: docker:24-dind
-  services:
-    - docker:24-dind
+  # image: docker:24
+  # services:
+  #   - docker:24-dind
+  # variables:
+  #   DOCKER_HOST: tcp://docker:2375
+  #   DOCKER_TLS_CERTDIR: ""
   before_script:
-    - echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
+    - unset DOCKER_HOST
+    - unset DOCKER_TLS_CERTDIR
+    - docker pull public.ecr.aws/aws-cli/aws-cli
+    - |
+      docker run --rm \
+      -e AWS_ACCESS_KEY_ID \
+      -e AWS_SECRET_ACCESS_KEY \
+      -e AWS_DEFAULT_REGION \
+      public.ecr.aws/aws-cli/aws-cli \
+      ecr get-login-password --region $AWS_DEFAULT_REGION \
+      | docker login --username AWS --password-stdin ${IMAGE_REGISTRY}
 
 build:backend:
   <<: *build_template
   script:
     - |
       # Set image tags
       export IMAGE_TAG=${CI_COMMIT_SHORT_SHA}
-      export IMAGE_VERSIONED=${BACKEND_IMAGE}:${IMAGE_TAG}
+      export IMAGE_VERSIONED=${IMAGE_REGISTRY}/backend:${IMAGE_TAG}
       
+      echo $IMAGE_VERSIONED
       # Build image
       docker build \
         --file docker/backend.dockerfile \
@@ -312,8 +276,8 @@ build:transcoder:
 container_scanning:backend:
   stage: container-scan
   image: docker:24
-  services:
-    - docker:24-dind
+  # services:
+  #   - docker:24-dind
   variables:
     IMAGE: ${BACKEND_IMAGE}:${CI_COMMIT_SHORT_SHA}
     DOCKER_HOST: tcp://docker:2376

taskfile.yaml

@@ -86,71 +86,6 @@ tasks:
       - sops -d -i .env
       - sops -d -i example.env
 
-  tf:plan:
-    silent: true
-    desc: "Generate Terraform/OpenTofu plan for the environment"
-    dir: terraform/environments
-    cmds: [tofu plan]
-
-  tf:apply:
-    silent: true
-    var:
-      approve: false
-    dir: terraform/environments
-    desc: "Apply Terraform/OpenTofu plan to the environment"
-    cmds: 
-      - tofu apply
-  
-  tf:apply:auto:
-    silent: true
-    dir: terraform/environments
-    desc: "Apply Terraform/OpenTofu plan (auto approve)"
-    cmds:
-      - tofu apply --auto-approve
-  
-  tf:unlock:
-    silent: true
-    dir: terraform/environments
-    var:
-      ID: 
-    desc: "Apply Terraform/OpenTofu plan (auto approve)"
-    cmds:
-      - tofu force-unlock {{.ID}}
-
-  tf:destroy:
-    silent: true
-    dir: terraform/environments
-    desc: "Destroy Terraform/OpenTofu managed infrastructure"
-    cmds: [tofu destroy]
-
-  tf:validate:
-    silent: true
-    dir: terraform/environments
-    desc: "Validate Terraform/OpenTofu configuration"
-    cmds: [tofu validate]
-
-  tf:output:
-    silent: true
-    dir: terraform/environments
-    desc: "Initialize Terraform/OpenTofu with remote backend"
-    cmds: [tofu output]
-  
-  tf:init:
-    silent: true
-    dir: terraform/environments
-    desc: "Initialize Terraform/OpenTofu with remote backend"
-    cmds: 
-    - |
-      tofu init \
-      -backend-config="address=https://gitlab.com/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$TF_STATE_NAME" \
-      -backend-config="lock_address=https://gitlab.com/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$TF_STATE_NAME/lock" \
-      -backend-config="unlock_address=https://gitlab.com/api/v4/projects/$GITLAB_PROJECT_ID/terraform/state/$TF_STATE_NAME/lock" \
-      -backend-config="username=$GITLAB_USERNAME" \
-      -backend-config="password=$GITLAB_ACCESS_TOKEN" \
-      -backend-config="lock_method=POST" \
-      -backend-config="unlock_method=DELETE" \
-      -backend-config="retry_wait_min=5"
-        
   swagger:init:
     desc: Generate Swagger documation of Gen Service
     cmds:
@@ -162,15 +97,6 @@ tasks:
         -g ../main.go \
         -o ./backend/swagger
 
-  work:sync:
-    cmds: 
-      - cd libs/core && go mod tidy
-      - cd libs/idp && go mod tidy
-      - cd libs/queue && go mod tidy
-      - cd libs/storage && go mod tidy
-      - cd backend && go mod tidy
-      - cd consumer && go mod tidy
-
   sonar:
     var:
       SONAR_ORG: ${SONAR_ORG}
@@ -195,12 +121,14 @@ tasks:
         -Dsonar.links.scm=${CI_REPOSITORY_URL} \
         -Dsonar.branch.name=${CI_COMMIT_REF_NAME}
   
-  helm:template:
-    silent: true
-    dir: k8s
-    cmds: [helm template playstack ./helm] 
-  
   gcl:
     silent: true
     cmds:
-      - gitlab-ci-local --list | fzf | awk '{print $1}' | xargs gitlab-ci-local 
+      - |
+        gitlab-ci-local --list | fzf | awk '{print $1}' | xargs gitlab-ci-local \
+          --variable SONAR_TOKEN=$SONAR_TOKEN \
+          --variable AWS_DEFAULT_REGION=$AWS_REGION \ 
+          --variable AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ 
+          --variable AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \ 
+          --variable AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID \
+          --variable IMAGE_REGISTRY=$IMAGE_REGISTRY