From 36e486b708f244aa7827e5aaf89f20e4ac281449 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 12 Jan 2025 18:23:24 +0000 Subject: [PATCH] Gitea 1.23.1 2 --- .gitea/workflows/ci-docker.yml | 8 +- .../ci-python-poetry-with-docker.yml | 22 ++---- .gitea/workflows/ci-python-poetry.yml | 22 ++---- .gitea/workflows/ci-python-uv-with-docker.yml | 75 +++++++++++++++++++ .gitea/workflows/ci-python-with-docker.yml | 20 ++--- .gitea/workflows/ci-python.yml | 20 ++--- 6 files changed, 109 insertions(+), 58 deletions(-) create mode 100644 .gitea/workflows/ci-python-uv-with-docker.yml diff --git a/.gitea/workflows/ci-docker.yml b/.gitea/workflows/ci-docker.yml index f9d28d3..ec3e9ad 100644 --- a/.gitea/workflows/ci-docker.yml +++ b/.gitea/workflows/ci-docker.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository code - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 @@ -29,9 +29,9 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + args: test --all-projects diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 1e1042f..6c93531 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -19,14 +19,8 @@ jobs: ci: runs-on: ubuntu-latest steps: - - name: Set python-version - id: python-version - run: | - PYTHON_VERSION=${{ inputs.python-version }} - echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITEA_OUTPUT - - name: Check out repository code - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 @@ -40,17 +34,17 @@ jobs: - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "${{ steps.python-version.outputs.value }}" + python-version: "${{ inputs.python-version }}" - name: Setup Poetry uses: abatilo/actions-poetry@v4 - + - name: Setup virtual environment run: | poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local - - - uses: actions/cache@v3 + + - uses: actions/cache@v4 name: Define cache for dependencies with: path: ./.venv @@ -77,9 +71,9 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + args: test --all-projects diff --git a/.gitea/workflows/ci-python-poetry.yml b/.gitea/workflows/ci-python-poetry.yml index b19d284..4416b24 100644 --- a/.gitea/workflows/ci-python-poetry.yml +++ b/.gitea/workflows/ci-python-poetry.yml @@ -19,31 +19,25 @@ jobs: ci: runs-on: ubuntu-latest steps: - - name: Set python-version - id: python-version - run: | - PYTHON_VERSION=${{ inputs.python-version }} - echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITEA_OUTPUT - - name: Check out repository code - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "${{ steps.python-version.outputs.value }}" + python-version: "${{ inputs.python-version }}" - name: Setup Poetry uses: abatilo/actions-poetry@v4 - + - name: Setup virtual environment run: | poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local - - - uses: actions/cache@v3 + + - uses: actions/cache@v4 name: Define cache for dependencies with: path: ./.venv @@ -68,9 +62,9 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + args: test --all-projects diff --git a/.gitea/workflows/ci-python-uv-with-docker.yml b/.gitea/workflows/ci-python-uv-with-docker.yml new file mode 100644 index 0000000..2caf50f --- /dev/null +++ b/.gitea/workflows/ci-python-uv-with-docker.yml @@ -0,0 +1,75 @@ +name: Python w/ UV + Docker CI +on: + workflow_call: + inputs: + python-version: + type: string + default: "3.11" + description: "Version of Python to use for testing environment" + secrets: + SONAR_TOKEN: + required: true + SNYK_TOKEN: + required: true + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 + + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: sonarqube + no-fail: true + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "${{ vars.PYTHON_VERSION }}" + + - name: uv cache + uses: actions/cache@v4 + with: + path: /tmp/.uv-cache + key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + restore-keys: | + uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + uv-${{ runner.os }} + + - name: Install dependencies + run: uv sync + + - name: Lint + run: | + uv run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ + cat lintreport.txt + + - name: Unit Test + run: | + uv run coverage run -m pytest -v --junitxml=testresults.xml + uv run coverage xml + sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + - name: Minimize uv cache + run: uv cache prune --ci + + - name: SonarQube Cloud Scan + uses: SonarSource/sonarqube-scan-action@v4.2.1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: Snyk Vulnerability Scan + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: snyk + args: test --all-projects diff --git a/.gitea/workflows/ci-python-with-docker.yml b/.gitea/workflows/ci-python-with-docker.yml index be33c1c..adf96eb 100644 --- a/.gitea/workflows/ci-python-with-docker.yml +++ b/.gitea/workflows/ci-python-with-docker.yml @@ -16,14 +16,8 @@ jobs: ci: runs-on: ubuntu-latest steps: - - name: Set python-version - id: python-version - run: | - PYTHON_VERSION=${{ inputs.python-version }} - echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITEA_OUTPUT - - name: Check out repository code - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 @@ -37,12 +31,12 @@ jobs: - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "${{ steps.python-version.outputs.value }}" + python-version: "${{ inputs.python-version }}" - name: Update Pip run: pip install -U pip - - - uses: actions/cache@v3 + + - uses: actions/cache@v4 name: Define cache for dependencies with: path: . @@ -69,9 +63,9 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + args: test --all-projects diff --git a/.gitea/workflows/ci-python.yml b/.gitea/workflows/ci-python.yml index 2eb09b9..bc40a8f 100644 --- a/.gitea/workflows/ci-python.yml +++ b/.gitea/workflows/ci-python.yml @@ -16,26 +16,20 @@ jobs: ci: runs-on: ubuntu-latest steps: - - name: Set python-version - id: python-version - run: | - PYTHON_VERSION=${{ inputs.python-version }} - echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITEA_OUTPUT - - name: Check out repository code - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "${{ steps.python-version.outputs.value }}" + python-version: "${{ inputs.python-version }}" - name: Update Pip run: pip install -U pip - - - uses: actions/cache@v3 + + - uses: actions/cache@v4 name: Define cache for dependencies with: path: . @@ -62,9 +56,9 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + args: test --all-projects