feat(ci): add SonarQube Cloud (#1)

Reviewed-on: #1

.gitea/CODEOWNERS

@@ -0,0 +1 @@
+*   @luke

.gitea/workflows/build_docker.yml

@@ -0,0 +1,18 @@
+name: Build Docker
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  create_docker:
+    name: Create Docker Image
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/build-push-docker.yml@main
+    with:
+      release: ${{ gitea.event.release.name }}
+      registry: ${{ vars.PACKAGES_REGISTRY_URL }}
+      actions_username: ${{ vars.ACTIONS_USERNAME }}
+      ghcr_username: ${{ vars.GHCR_USERNAME }}
+    secrets:
+      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
+      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}

.gitea/workflows/ci.yml

@@ -0,0 +1,22 @@
+name: CI
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+jobs:
+  validate_pr_title:
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/conventional-commit.yml@main
+    with:
+      commit_message: ${{ gitea.event.pull_request.title }}
+
+  ci:
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-docker.yml@main
+    with:
+      python-version: 3.13
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.gitea/workflows/release.yml

@@ -0,0 +1,31 @@
+name: Release
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+
+jobs:
+  test:
+    name: Test
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-docker.yml@main
+    with:
+      python-version: 3.13
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  create_release:
+    name: Create Release
+    needs: test
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release.yml@main
+    secrets:
+      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
+
+  print_release:
+    name: Print Release
+    runs-on: ubuntu-latest
+    needs: create_release
+    steps:
+      - run: echo "Created release ${{ needs.create_release.outputs.release_name }}."

.github/workflows/ci.yml

@@ -0,0 +1,18 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - ".github/CODEOWNERS"
+      - ".github/renovate.json"
+      - ".github/dependabot.yml"
+
+jobs:
+  ci:
+    uses: luketainton/gha-workflows/.github/workflows/ci-docker.yml@main
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

Dockerfile

@@ -1,13 +1,12 @@
 FROM alpine:3.21 AS build
 LABEL maintainer="Luke Tainton <luke@tainton.uk>"
-LABEL org.opencontainers.image.source="https://github.com/luketainton/docker-dnsmasq"
 
 FROM build AS webproc
 ENV WEBPROCVERSION 0.4.0
 ENV WEBPROCURL https://github.com/jpillora/webproc/releases/download/v$WEBPROCVERSION/webproc_"$WEBPROCVERSION"_linux_amd64.gz
-RUN apk add --no-cache curl
+RUN apk add --no-cache curl && \
-RUN curl -sL "$WEBPROCURL" | gzip -d - > /usr/local/bin/webproc
+    curl -sL "$WEBPROCURL" | gzip -d - > /usr/local/bin/webproc && \
-RUN chmod +x /usr/local/bin/webproc
+    chmod +x /usr/local/bin/webproc
 
 FROM build AS dnsmasq
 RUN apk --no-cache add dnsmasq=2.90-r3

sonar-project.properties

@@ -0,0 +1,7 @@
+sonar.organization=luketainton
+sonar.projectKey=luketainton_docker-dnsmasq
+sonar.projectName=docker-dnsmasq
+sonar.projectVersion=1.0
+sonar.docker.hadolint.reportPaths=hadolint.out
+sonar.sources=Dockerfile
+sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json