Update .gitea/workflows/release-with-tag.yaml

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v5.1.0` -> `v5.2.0` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v5.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.2.0)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.1.0...v5.2.0)

#### What's Changed

-   SQSCANGHA-90 remove mend dead conf by [@&#8203;pierre-guillot-gh](https://github.com/pierre-guillot-gh) in https://github.com/SonarSource/sonarqube-scan-action/pull/184
-   SQSCANGHA-89 Attempt to fix command injection by [@&#8203;henryju](https://github.com/henryju) in https://github.com/SonarSource/sonarqube-scan-action/pull/186
-   SQSCANGHA-93 Fix madhead/semver-utils' version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/187
-   SQSCANGHA-94 Update version update logic by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/188
-   SQSCANGHA-92 Validate scanner version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/189

**Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4wLjkiLCJ1cGRhdGVkSW5WZXIiOiI0MC4wLjkiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvZGVwZW5kZW5jaWVzIl19-->

Reviewed-on: #26
Reviewed-by: Luke Tainton <luke@tainton.uk>
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>

.gitea/workflows/changelog.yaml

@@ -0,0 +1,67 @@
+name: Get Changelog
+on:
+  workflow_call:
+    outputs:
+      release_name:
+        description: "Name of the created release"
+        value: ${{ jobs.get_next_release.outputs.release_name }}
+      changelog:
+        description: "Release changelog"
+        value: ${{ jobs.get_next_release.outputs.clean_changelog }}
+
+jobs:
+  get_next_release:
+    name: Get Next Release
+    runs-on: ubuntu-latest
+    outputs:
+      release_name: ${{ steps.get_next_version.outputs.tag }}
+    #   changelog: ${{ steps.get_next_version.outputs.changelog }}
+      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Changes since last tag
+        id: changes
+        run: |
+          rm -f .changes
+          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
+          cat .changes
+
+      - name: Check for changes
+        run: |
+          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
+            echo "changes=false"
+            echo "changes=false" >> "$GITEA_OUTPUT"
+          else
+            echo "changes=true"
+            echo "changes=true" >> "$GITEA_OUTPUT"
+          fi
+
+      - name: Cancel if no changes
+        if: steps.changes.outputs.changes == 'false'
+        run: exit 1
+
+      - name: Set server URL
+        id: set_srvurl
+        run: |
+          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
+          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
+
+      - name: Get next version
+        uses: TriPSs/conventional-changelog-action@v6
+        id: get_next_version
+        with:
+          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
+          github-token: ${{ gitea.token }}
+          preset: "conventionalcommits"
+          # preset: "angular"  # This is the default
+          skip-commit: true
+          release-count: 1
+          output-file: false
+          create-summary: true
+          skip-on-empty: true
+          skip-version-file: true
+          skip-tag: true

.gitea/workflows/ci-docker.yml

@@ -24,7 +24,7 @@ jobs:
           no-fail: true
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry-with-docker.yml

@@ -66,7 +66,7 @@ jobs:
           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-poetry.yml

@@ -57,7 +57,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python-uv-with-docker.yml

@@ -63,7 +63,7 @@ jobs:
         run: uv cache prune --ci
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitea/workflows/ci-python-with-docker.yml

@@ -58,7 +58,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/ci-python.yml

@@ -51,7 +51,7 @@ jobs:
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
 
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 

.gitea/workflows/create-release-preexisting-tag.yaml

@@ -0,0 +1,24 @@
+name: Create Gitea Release Pre-Existing Tag
+on:
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+      body:
+        required: false
+    secrets:
+      ACTIONS_TOKEN:
+        required: true
+
+jobs:
+  create_release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create release
+        uses: https://git.tainton.uk/actions/create-release-action@v1.1.0
+        with:
+          release_name: ${{ inputs.tag }}
+          tag: ${{ inputs.tag }}
+          body: ${{ inputs.body }}
+          token: ${{ secrets.ACTIONS_TOKEN }}

.gitea/workflows/docker-compose-deploy.yml

@@ -0,0 +1,96 @@
+name: Docker Compose Deploy Stack
+
+on:
+  workflow_call:
+    secrets:
+      DEPLOY_HOST:
+        required: true
+        type: string
+      DEPLOY_USERNAME:
+        required: true
+        type: string
+      DEPLOY_SSHKEY:
+        required: true
+        type: string
+      DEPLOY_PORT:
+        required: true
+        type: string
+      PUSHOVER_USER_TOKEN:
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:      
+      - name: "[ON RUNNER] Notify Build Start"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Deploying stack ${{ gitea.repository }}"
+          title: 'Stack Deployment Started'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'
+
+      - name: "[ON RUNNER] Checkout the repo"
+        uses: actions/checkout@v4
+      
+      - name: "[ON RUNNER] Set project variables"
+        run: |
+          projectname="${{ gitea.event.repository.name }}"
+          echo "project_name=$projectname" >> $GITEA_ENV
+          echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
+
+      - name: "[ON RUNNER] Create env file"
+        run: |
+          rm -f ".env"
+          touch ".env"
+          echo "$ALLVARS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
+          echo "$ALLSECRETS" | jq -r '. | to_entries[] | select(.key | startswith("DC_")) | .key + "=" + .value' >> ".env"
+        env:
+          ALLVARS: ${{ toJSON(vars) }}
+          ALLSECRETS: ${{ toJSON(secrets) }}
+      
+      - name: "[ON HOST] Make directory if not exists"
+        uses: appleboy/ssh-action@v1.2.2
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            mkdir -p ${{ env.project_folder }}
+      
+      - name: "[ON HOST] SCP files to host"
+        uses: appleboy/scp-action@v1.0.0
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          source: "./compose.yaml,./.env"
+          target: "${{ env.project_folder }}/"
+      
+      - name: "[ON HOST] Deploy Stack"
+        uses: appleboy/ssh-action@v1.2.2
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            cd ${{ env.project_folder }}
+            docker compose --env-file .env up --detach
+      
+      - name: "[ON RUNNER] Notify Build End"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Deployed stack ${{ gitea.repository }}"
+          title: 'Stack Deployment ${{ job.status }}'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'

.gitea/workflows/docker-compose-remove.yml

@@ -0,0 +1,65 @@
+name: Docker Compose Remove Stack
+
+on:
+  workflow_call:
+    secrets:
+      DEPLOY_HOST:
+        required: true
+        type: string
+      DEPLOY_USERNAME:
+        required: true
+        type: string
+      DEPLOY_SSHKEY:
+        required: true
+        type: string
+      DEPLOY_PORT:
+        required: true
+        type: string
+      PUSHOVER_USER_TOKEN:
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "[ON RUNNER] Notify Build Start"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Removing stack ${{ gitea.repository }}"
+          title: 'Stack Removal Started'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'
+
+      - name: "[ON RUNNER] Set project variables"
+        run: |
+          projectname="${{ gitea.event.repository.name }}"
+          echo "project_name=$projectname" >> $GITEA_ENV
+          echo "project_folder=/home/${{ secrets.DEPLOY_USERNAME }}/$projectname" >> $GITEA_ENV
+
+      - name: "[ON HOST] Remove Stack"
+        uses: appleboy/ssh-action@v1.2.2
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USERNAME }}
+          key: ${{ secrets.DEPLOY_SSHKEY }}
+          port: ${{ secrets.DEPLOY_PORT }}
+          script: |
+            cd ${{ env.project_folder }}
+            docker compose --env-file .env down
+            cd ..
+            rm -rf ${{ env.project_folder }}
+      
+      - name: "[ON RUNNER] Notify Build End"
+        uses: https://git.tainton.uk/actions/pushover-action@v1.1.3
+        env:
+          PUSHOVER_APP_TOKEN: ${{ secrets.PUSHOVER_APP_TOKEN }}
+          PUSHOVER_USER_TOKEN: ${{ secrets.PUSHOVER_USER_TOKEN }}
+        with:
+          message: "Removed stack ${{ gitea.repository }}"
+          title: 'Stack Removal ${{ job.status }}'
+          url: "${{ gitea.server_url }}/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+          url_title: 'View Logs'

.gitea/workflows/release-with-tag.yaml

@@ -0,0 +1,71 @@
+name: Release w/ Tag
+on:
+  workflow_call:
+    outputs:
+      tag_name:
+        description: "Tag name"
+        value: ${{ jobs.get_next_release.outputs.release_name }}
+      changelog:
+        description: "Changelog"
+        value: ${{ jobs.get_next_release.outputs.clean_changelog }}
+
+jobs:
+  get_next_release:
+    name: Get Next Release
+    runs-on: ubuntu-latest
+    outputs:
+      release_name: ${{ steps.get_next_version.outputs.tag }}
+    #   changelog: ${{ steps.get_next_version.outputs.changelog }}
+      clean_changelog: ${{ steps.get_next_version.outputs.clean_changelog }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Changes since last tag
+        id: changes
+        run: |
+          rm -f .changes
+          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
+          cat .changes
+
+      - name: Check for changes
+        run: |
+          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
+            echo "changes=false"
+            echo "changes=false" >> "$GITEA_OUTPUT"
+          else
+            echo "changes=true"
+            echo "changes=true" >> "$GITEA_OUTPUT"
+          fi
+
+      - name: Cancel if no changes
+        if: steps.changes.outputs.changes == 'false'
+        run: exit 1
+
+      - name: Set server URL
+        id: set_srvurl
+        run: |
+          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
+          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
+
+      - name: Get next version
+        uses: TriPSs/conventional-changelog-action@v6
+        id: get_next_version
+        with:
+          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
+          github-token: ${{ gitea.token }}
+          preset: "conventionalcommits"
+          # preset: "angular"  # This is the default
+          skip-commit: true
+          release-count: 1
+          output-file: false
+          create-summary: true
+          skip-on-empty: true
+          skip-version-file: true
+          skip-tag: false
+      
+      - name: Cancel if no changelog
+        if: steps.get_next_version.outputs.skipped == 'true'
+        run: exit 1

.github/workflows/ci-docker.yml

@@ -22,7 +22,7 @@ jobs:
           format: sonarqube
           no-fail: true
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-poetry-with-docker.yml

@@ -49,7 +49,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-poetry.yml

@@ -41,7 +41,7 @@ jobs:
           poetry run coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python-with-docker.yml

@@ -50,7 +50,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/ci-python.yml

@@ -44,7 +44,7 @@ jobs:
           coverage xml
           sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
       - name: SonarQube Cloud Scan
-        uses: SonarSource/sonarqube-scan-action@v5.0.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

renovate.json

@@ -7,8 +7,8 @@
   ],
   "platformCommit": "enabled",
   "dependencyDashboardAutoclose": true,
-  "assignAutomerge": true,
+  "assignAutomerge": false,
-  "assigneesFromCodeOwners": true,
+  "assigneesFromCodeOwners": false,
   "rebaseWhen": "behind-base-branch",
   "rollbackPrs": true,
   "labels": [