fix(deps): update dependency astroid to <=3.3.8

Reviewed-on: #450

.archive/.gitea/workflows/ci.yml

@@ -0,0 +1,86 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - "renovate.json"
+      - ".gitea/CODEOWNERS"
+      - ".archive"
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ vars.PYTHON_VERSION }}"
+
+      - name: Setup Poetry
+        uses: abatilo/actions-poetry@v3
+        # run: curl -sSL https://install.python-poetry.org | python3 -
+
+      - name: Update PATH
+        run: export PATH="/root/.local/bin:$PATH"
+
+      - name: Setup virtual environment
+        run: |
+          /root/.local/bin/poetry config virtualenvs.create true --local
+          /root/.local/bin/poetry config virtualenvs.in-project true --local
+
+      - uses: actions/cache@v3
+        name: Define cache for dependencies
+        with:
+          path: ./.venv
+          key: venv-${{ hashFiles('poetry.lock') }}
+
+      - name: Install dependencies
+        run: /root/.local/bin/poetry install
+
+      - name: Lint
+        run: |
+          /root/.local/bin/poetry run pylint --verbose --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
+          cat lintreport.txt
+
+      - name: Unit Test
+        run: |
+          /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          /root/.local/bin/poetry run coverage xml
+          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
+
+      # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
+      # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
+      - name: SonarQube Cloud Scan
+        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        continue-on-error: true
+        env:
+          # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif --all-projects
+
+      # - name: Upload result to GitHub Code Scanning
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   with:
+      #     sarif_file: snyk.sarif

.gitea/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: CI
+name: CI w/ Poetry and Docker
 on:
   pull_request:
     types: [opened, synchronize, reopened]
@@ -12,14 +12,15 @@ on:
 
 jobs:
   ci:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-poetry-latest
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
-      - uses: hadolint/hadolint-action@v3.1.0
+      - name: Run Hadolint
+        uses: hadolint/hadolint-action@v3.1.0
         with:
           dockerfile: Dockerfile
           output-file: hadolint.out
@@ -30,57 +31,32 @@ jobs:
         uses: actions/setup-python@v5
         with:
           python-version: "${{ vars.PYTHON_VERSION }}"
-
+          cache: 'poetry'
-      - name: Setup Poetry
-        uses: abatilo/actions-poetry@v3
-        # run: curl -sSL https://install.python-poetry.org | python3 -
-
-      - name: Update PATH
-        run: export PATH="/root/.local/bin:$PATH"
-
-      - name: Setup virtual environment
-        run: |
-          /root/.local/bin/poetry config virtualenvs.create true --local
-          /root/.local/bin/poetry config virtualenvs.in-project true --local
-
-      - uses: actions/cache@v3
-        name: Define cache for dependencies
-        with:
-          path: ./.venv
-          key: venv-${{ hashFiles('poetry.lock') }}
 
       - name: Install dependencies
-        run: /root/.local/bin/poetry install
+        run: poetry install
 
       - name: Lint
         run: |
-          /root/.local/bin/poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
+          poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
           cat lintreport.txt
 
       - name: Unit Test
         run: |
-          /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          poetry run coverage run -m pytest -v --junitxml=testresults.xml
-          /root/.local/bin/poetry run coverage xml
+          poetry run coverage xml
           sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
-      # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
-      # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
       - name: SonarQube Cloud Scan
         uses: SonarSource/sonarqube-scan-action@v4.2.1
-        continue-on-error: true
         env:
-          # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
       - name: Snyk Vulnerability Scan
-        uses: snyk/actions/python-3.10@master
+        uses: snyk/actions/python@master
-        continue-on-error: true # To make sure that SARIF upload gets called
+        continue-on-error: true  # Sometimes vulns aren't immediately fixable
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          args: --sarif-file-output=snyk.sarif --all-projects
+          command: snyk
-
+          args: test --all-projects
-      # - name: Upload result to GitHub Code Scanning
-      #   uses: github/codeql-action/upload-sarif@v3
-      #   with:
-      #     sarif_file: snyk.sarif

poetry.lock

@@ -2,13 +2,13 @@
 
 [[package]]
 name = "astroid"
-version = "3.3.6"
+version = "3.3.8"
 description = "An abstract syntax tree for Python with inference support."
 optional = false
 python-versions = ">=3.9.0"
 files = [
-    {file = "astroid-3.3.6-py3-none-any.whl", hash = "sha256:db676dc4f3ae6bfe31cda227dc60e03438378d7a896aec57422c95634e8d722f"},
+    {file = "astroid-3.3.8-py3-none-any.whl", hash = "sha256:187ccc0c248bfbba564826c26f070494f7bc964fd286b6d9fff4420e55de828c"},
-    {file = "astroid-3.3.6.tar.gz", hash = "sha256:6aaea045f938c735ead292204afdb977a36e989522b7833ef6fea94de743f442"},
+    {file = "astroid-3.3.8.tar.gz", hash = "sha256:a88c7994f914a4ea8572fac479459f4955eeccc877be3f2d959a33273b0cf40b"},
 ]
 
 [[package]]
@@ -974,4 +974,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11.2"
-content-hash = "1db783217d83cb79aabec6544f05339febffa55d565af76fa9f38a10de160fe1"
+content-hash = "8883a305c2a3c0000d904dfb77d2837f077604e03d2613c3456bff12eb9c5e73"

pyproject.toml

@@ -10,7 +10,7 @@ package-mode = false
 python = "^3.11.2"
 webex-bot = "^0.5.2"
 pillow = "^11.0.0"
-astroid = "<=3.3.6"
+astroid = "<=3.3.8"
 
 [tool.poetry.group.dev.dependencies]
 black = "^24.10.0"

renovate.json

@@ -1,36 +1,16 @@
 {
-  "ignorePaths": [
-    "**/.archive/**"
-  ],
   "assignAutomerge": true,
   "assigneesFromCodeOwners": true,
   "dependencyDashboardAutoclose": true,
   "extends": [
     "config:recommended"
   ],
+  "ignorePaths": [
+    "**/.archive/**"
+  ],
   "labels": [
     "type/dependencies"
   ],
-  "packageRules": [
-    {
-      "labels": [
-        "linting"
-      ],
-      "matchPackageNames": [
-        "/black/",
-        "/pylint/"
-      ]
-    },
-    {
-      "labels": [
-        "unit-tests"
-      ],
-      "matchPackageNames": [
-        "/coverage/",
-        "/pytest/"
-      ]
-    }
-  ],
   "platformCommit": "enabled",
   "rebaseWhen": "behind-base-branch",
   "rollbackPrs": true,