From bdea6b2b229f2e8262a6315c0b134fe925894184 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:28:17 +0000 Subject: [PATCH 01/27] fix(ci): update dependencies in CI flow --- .../ci-python-poetry-with-docker.yml | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 .gitea/workflows/ci-python-poetry-with-docker.yml diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml new file mode 100644 index 0000000..7984bb8 --- /dev/null +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -0,0 +1,77 @@ +name: CI w/ Poetry and Docker +on: + pull_request: + types: [opened, synchronize, reopened] + paths-ignore: + - "README.md" + - "LICENSE.md" + - ".gitignore" + - "renovate.json" + - ".gitea/CODEOWNERS" + - ".archive" + +env: + PATH: ${{ env.PATH }}:/root/.poetry/bin + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 + + - uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: sonarqube + no-fail: true + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "${{ vars.PYTHON_VERSION }}" + + - name: Setup Poetry + uses: abatilo/actions-poetry@v4 + + - name: Setup virtual environment + run: | + poetry config virtualenvs.create true --local + poetry config virtualenvs.in-project true --local + + - uses: actions/cache@v4.2.0 + name: Define cache for dependencies + with: + path: ./.venv + key: venv-${{ hashFiles('poetry.lock') }} + restore-keys: venv-${{ hashFiles('poetry.lock') }} + + - name: Install dependencies + run: poetry install + + - name: Lint + run: | + poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + cat lintreport.txt + + - name: Unit Test + run: | + poetry run coverage run -m pytest -v --junitxml=testresults.xml + poetry run coverage xml + sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + - name: SonarQube Cloud Scan + uses: SonarSource/sonarqube-scan-action@v4.2.1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: Snyk Vulnerability Scan + uses: snyk/actions/python-3.10@master + continue-on-error: true # To make sure that SARIF upload gets called + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + args: --sarif-file-output=snyk.sarif --all-projects -- 2.45.2 From 48d9b9709cc30fb66cedf815b1851118698cb447 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:33:14 +0000 Subject: [PATCH 02/27] fix(ci): only override PATH when needed --- .gitea/workflows/ci-python-poetry-with-docker.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 7984bb8..2100bea 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -10,9 +10,6 @@ on: - ".gitea/CODEOWNERS" - ".archive" -env: - PATH: ${{ env.PATH }}:/root/.poetry/bin - jobs: ci: runs-on: ubuntu-latest @@ -38,6 +35,8 @@ jobs: uses: abatilo/actions-poetry@v4 - name: Setup virtual environment + env: + ${{ env.PATH }}:/root/.poetry/bin run: | poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local @@ -50,14 +49,20 @@ jobs: restore-keys: venv-${{ hashFiles('poetry.lock') }} - name: Install dependencies + env: + ${{ env.PATH }}:/root/.poetry/bin run: poetry install - name: Lint + env: + ${{ env.PATH }}:/root/.poetry/bin run: | poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt - name: Unit Test + env: + ${{ env.PATH }}:/root/.poetry/bin run: | poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml -- 2.45.2 From c883b33e42997af72f07e696b0efa6458d673463 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:40:16 +0000 Subject: [PATCH 03/27] fix(ci): ensure pipx is in PATH --- .gitea/workflows/ci-python-poetry-with-docker.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 2100bea..c95994d 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -31,12 +31,13 @@ jobs: with: python-version: "${{ vars.PYTHON_VERSION }}" + - name: Ensure pipx is in PATH + run: pipx ensurepath + - name: Setup Poetry uses: abatilo/actions-poetry@v4 - name: Setup virtual environment - env: - ${{ env.PATH }}:/root/.poetry/bin run: | poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local @@ -49,20 +50,14 @@ jobs: restore-keys: venv-${{ hashFiles('poetry.lock') }} - name: Install dependencies - env: - ${{ env.PATH }}:/root/.poetry/bin run: poetry install - name: Lint - env: - ${{ env.PATH }}:/root/.poetry/bin run: | poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt - name: Unit Test - env: - ${{ env.PATH }}:/root/.poetry/bin run: | poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml -- 2.45.2 From b4f9eea63a599a21ed0e34858c240665015d35f9 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:42:25 +0000 Subject: [PATCH 04/27] fix(ci): ensure pipx is in PATH 2 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index c95994d..65ae86b 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -32,7 +32,9 @@ jobs: python-version: "${{ vars.PYTHON_VERSION }}" - name: Ensure pipx is in PATH - run: pipx ensurepath + run: | + pipx ensurepath + export PATH=$PATH:/root/.local/bin - name: Setup Poetry uses: abatilo/actions-poetry@v4 -- 2.45.2 From 71254deb9d24a8ac81060e79a0a035c7af6d5060 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:45:17 +0000 Subject: [PATCH 05/27] fix(ci): ensure pipx is in PATH 3 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 65ae86b..7ab431a 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -36,8 +36,13 @@ jobs: pipx ensurepath export PATH=$PATH:/root/.local/bin + # - name: Setup Poetry + # uses: abatilo/actions-poetry@v4 + - name: Setup Poetry - uses: abatilo/actions-poetry@v4 + run: | + pipx install poetry + echo $PIPX_BIN_DIR >> $GITEA_PATH - name: Setup virtual environment run: | -- 2.45.2 From 1ffaea566d60aeeff8591e9841e6f56c4793dcd9 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:48:50 +0000 Subject: [PATCH 06/27] fix(ci): ensure pipx is in PATH 4 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 7ab431a..f492145 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -33,6 +33,10 @@ jobs: - name: Ensure pipx is in PATH run: | + echo HOME=$HOME + echo PATH=$PATH + echo PWD=$PWD + ls -lah $PWD pipx ensurepath export PATH=$PATH:/root/.local/bin -- 2.45.2 From c5413cbd97aea96a36024037fc8c1fe69e84f00b Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:50:38 +0000 Subject: [PATCH 07/27] fix(ci): ensure pipx is in PATH 5 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index f492145..5765b7e 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -33,10 +33,9 @@ jobs: - name: Ensure pipx is in PATH run: | + echo $0 echo HOME=$HOME - echo PATH=$PATH - echo PWD=$PWD - ls -lah $PWD + ls -lah $HOME pipx ensurepath export PATH=$PATH:/root/.local/bin -- 2.45.2 From 793f04686244445364c34923b384d004b60e18e5 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:53:00 +0000 Subject: [PATCH 08/27] fix(ci): ensure pipx is in PATH 6 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 5765b7e..8a0009c 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -19,7 +19,8 @@ jobs: with: fetch-depth: 0 - - uses: hadolint/hadolint-action@v3.1.0 + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile output-file: hadolint.out @@ -33,11 +34,10 @@ jobs: - name: Ensure pipx is in PATH run: | - echo $0 - echo HOME=$HOME - ls -lah $HOME + cat $HOME/.profile pipx ensurepath export PATH=$PATH:/root/.local/bin + cat $HOME/.profile # - name: Setup Poetry # uses: abatilo/actions-poetry@v4 -- 2.45.2 From 759efc8da9c86c49f071aa69a6e5d1bbad69bc15 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:54:41 +0000 Subject: [PATCH 09/27] fix(ci): ensure pipx is in PATH 7 --- .../workflows/ci-python-poetry-with-docker.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 8a0009c..5fbf8f4 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -34,21 +34,21 @@ jobs: - name: Ensure pipx is in PATH run: | - cat $HOME/.profile pipx ensurepath export PATH=$PATH:/root/.local/bin - cat $HOME/.profile - - # - name: Setup Poetry - # uses: abatilo/actions-poetry@v4 - name: Setup Poetry - run: | - pipx install poetry - echo $PIPX_BIN_DIR >> $GITEA_PATH + uses: abatilo/actions-poetry@v4 + + # - name: Setup Poetry + # run: | + # pipx install poetry + # echo $PIPX_BIN_DIR >> $GITEA_PATH - name: Setup virtual environment run: | + cat $HOME/.profile + echo $PATH poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local -- 2.45.2 From 0f9d40518bcaefe50f95827de85fbf917a2445c9 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:56:55 +0000 Subject: [PATCH 10/27] fix(ci): ensure pipx is in PATH 8 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 5fbf8f4..e0a1261 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -47,8 +47,7 @@ jobs: - name: Setup virtual environment run: | - cat $HOME/.profile - echo $PATH + source $HOME/.profile poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local @@ -64,11 +63,13 @@ jobs: - name: Lint run: | + source $HOME/.profile poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt - name: Unit Test run: | + source $HOME/.profile poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml -- 2.45.2 From 45856b94d33abc0222c117aac0d103401d2071ac Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 13:58:44 +0000 Subject: [PATCH 11/27] fix(ci): ensure pipx is in PATH 9 --- .gitea/workflows/ci-python-poetry-with-docker.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index e0a1261..ebb281a 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -59,7 +59,9 @@ jobs: restore-keys: venv-${{ hashFiles('poetry.lock') }} - name: Install dependencies - run: poetry install + run: | + source $HOME/.profile + poetry install - name: Lint run: | -- 2.45.2 From c1f431bf8d30928f958639dee616d2ef6c75943f Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 14:02:29 +0000 Subject: [PATCH 12/27] feat(ci): use built-in caching in setup-python --- .../ci-python-poetry-with-docker.yml | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index ebb281a..b7e62c3 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -31,6 +31,7 @@ jobs: uses: actions/setup-python@v5 with: python-version: "${{ vars.PYTHON_VERSION }}" + cache: 'poetry' - name: Ensure pipx is in PATH run: | @@ -51,24 +52,11 @@ jobs: poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local - - uses: actions/cache@v4.2.0 - name: Define cache for dependencies - with: - path: ./.venv - key: venv-${{ hashFiles('poetry.lock') }} - restore-keys: venv-${{ hashFiles('poetry.lock') }} - - name: Install dependencies run: | source $HOME/.profile poetry install - - name: Lint - run: | - source $HOME/.profile - poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . - cat lintreport.txt - - name: Unit Test run: | source $HOME/.profile @@ -76,6 +64,12 @@ jobs: poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + - name: Lint + run: | + source $HOME/.profile + poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + cat lintreport.txt + - name: SonarQube Cloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.1 env: -- 2.45.2 From 8a66880eb403b0ffccac87f63330620529783cde Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 14:06:06 +0000 Subject: [PATCH 13/27] fix(ci): install Poetry before doing Python setup --- .gitea/workflows/ci-python-poetry-with-docker.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index b7e62c3..761a1a7 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -27,12 +27,6 @@ jobs: format: sonarqube no-fail: true - - name: Setup Python - uses: actions/setup-python@v5 - with: - python-version: "${{ vars.PYTHON_VERSION }}" - cache: 'poetry' - - name: Ensure pipx is in PATH run: | pipx ensurepath @@ -52,6 +46,12 @@ jobs: poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "${{ vars.PYTHON_VERSION }}" + cache: 'poetry' + - name: Install dependencies run: | source $HOME/.profile -- 2.45.2 From 30c36729792d39dc023220bacdd058cc904c9917 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 14:11:47 +0000 Subject: [PATCH 14/27] fix(ci): install Poetry globally --- .../ci-python-poetry-with-docker.yml | 25 +++++++------------ 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 761a1a7..2bb2b23 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -27,22 +27,19 @@ jobs: format: sonarqube no-fail: true - - name: Ensure pipx is in PATH - run: | - pipx ensurepath - export PATH=$PATH:/root/.local/bin - - - name: Setup Poetry - uses: abatilo/actions-poetry@v4 + # - name: Ensure pipx is in PATH + # run: | + # pipx ensurepath + # export PATH=$PATH:/root/.local/bin # - name: Setup Poetry - # run: | - # pipx install poetry - # echo $PIPX_BIN_DIR >> $GITEA_PATH + # uses: abatilo/actions-poetry@v4 + + - name: Setup Poetry + run: pipx install --global poetry - name: Setup virtual environment run: | - source $HOME/.profile poetry config virtualenvs.create true --local poetry config virtualenvs.in-project true --local @@ -53,20 +50,16 @@ jobs: cache: 'poetry' - name: Install dependencies - run: | - source $HOME/.profile - poetry install + run: poetry install - name: Unit Test run: | - source $HOME/.profile poetry run coverage run -m pytest -v --junitxml=testresults.xml poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml - name: Lint run: | - source $HOME/.profile poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt -- 2.45.2 From 8799856019e703a76841431bcb1e8de7157ac891 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 14:18:58 +0000 Subject: [PATCH 15/27] fix(ci): correct --global to PIPX_BIN_DIR --- .gitea/workflows/ci-python-poetry-with-docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 2bb2b23..863dee9 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -36,7 +36,7 @@ jobs: # uses: abatilo/actions-poetry@v4 - name: Setup Poetry - run: pipx install --global poetry + run: PIPX_BIN_DIR=/usr/local/bin pipx install poetry - name: Setup virtual environment run: | -- 2.45.2 From 11a5900077451d862666a5f130a2df64bacedc6d Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 14:34:12 +0000 Subject: [PATCH 16/27] fix(ci): only run lint on app/ and tests/ --- .../workflows/ci-python-poetry-with-docker.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.gitea/workflows/ci-python-poetry-with-docker.yml index 863dee9..6088326 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.gitea/workflows/ci-python-poetry-with-docker.yml @@ -27,22 +27,9 @@ jobs: format: sonarqube no-fail: true - # - name: Ensure pipx is in PATH - # run: | - # pipx ensurepath - # export PATH=$PATH:/root/.local/bin - - # - name: Setup Poetry - # uses: abatilo/actions-poetry@v4 - - name: Setup Poetry run: PIPX_BIN_DIR=/usr/local/bin pipx install poetry - - name: Setup virtual environment - run: | - poetry config virtualenvs.create true --local - poetry config virtualenvs.in-project true --local - - name: Setup Python uses: actions/setup-python@v5 with: @@ -60,7 +47,8 @@ jobs: - name: Lint run: | - poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + mkdir -p $HOME/.cache/pylint + poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ cat lintreport.txt - name: SonarQube Cloud Scan -- 2.45.2 From 47b7a72a81e5b3bdd44f916aa7c063b53e86cd11 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:30:20 +0000 Subject: [PATCH 17/27] fix(ci): use new Poetry runner --- .../.gitea/workflows/ci.yml | 53 +++++++++++++------ .gitea/workflows/ci.yml | 43 ++++----------- 2 files changed, 46 insertions(+), 50 deletions(-) rename .gitea/workflows/ci-python-poetry-with-docker.yml => .archive/.gitea/workflows/ci.yml (50%) diff --git a/.gitea/workflows/ci-python-poetry-with-docker.yml b/.archive/.gitea/workflows/ci.yml similarity index 50% rename from .gitea/workflows/ci-python-poetry-with-docker.yml rename to .archive/.gitea/workflows/ci.yml index 6088326..1b960b1 100644 --- a/.gitea/workflows/ci-python-poetry-with-docker.yml +++ b/.archive/.gitea/workflows/ci.yml @@ -1,4 +1,4 @@ -name: CI w/ Poetry and Docker +name: CI on: pull_request: types: [opened, synchronize, reopened] @@ -19,41 +19,57 @@ jobs: with: fetch-depth: 0 - - name: Run Hadolint - uses: hadolint/hadolint-action@v3.1.0 + - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile output-file: hadolint.out format: sonarqube no-fail: true - - name: Setup Poetry - run: PIPX_BIN_DIR=/usr/local/bin pipx install poetry - - name: Setup Python uses: actions/setup-python@v5 with: python-version: "${{ vars.PYTHON_VERSION }}" - cache: 'poetry' + + - name: Setup Poetry + uses: abatilo/actions-poetry@v3 + # run: curl -sSL https://install.python-poetry.org | python3 - + + - name: Update PATH + run: export PATH="/root/.local/bin:$PATH" + + - name: Setup virtual environment + run: | + /root/.local/bin/poetry config virtualenvs.create true --local + /root/.local/bin/poetry config virtualenvs.in-project true --local + + - uses: actions/cache@v3 + name: Define cache for dependencies + with: + path: ./.venv + key: venv-${{ hashFiles('poetry.lock') }} - name: Install dependencies - run: poetry install - - - name: Unit Test - run: | - poetry run coverage run -m pytest -v --junitxml=testresults.xml - poetry run coverage xml - sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + run: /root/.local/bin/poetry install - name: Lint run: | - mkdir -p $HOME/.cache/pylint - poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ + /root/.local/bin/poetry run pylint --verbose --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt + - name: Unit Test + run: | + /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml + /root/.local/bin/poetry run coverage xml + sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION + # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB - name: SonarQube Cloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.1 + continue-on-error: true env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan @@ -63,3 +79,8 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --sarif-file-output=snyk.sarif --all-projects + + # - name: Upload result to GitHub Code Scanning + # uses: github/codeql-action/upload-sarif@v3 + # with: + # sarif_file: snyk.sarif diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 5072832..4e58fe7 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,4 +1,4 @@ -name: CI +name: CI w/ Poetry and Docker on: pull_request: types: [opened, synchronize, reopened] @@ -12,14 +12,15 @@ on: jobs: ci: - runs-on: ubuntu-latest + runs-on: ubuntu-poetry-latest steps: - name: Check out repository code uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - - uses: hadolint/hadolint-action@v3.1.0 + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile output-file: hadolint.out @@ -30,46 +31,25 @@ jobs: uses: actions/setup-python@v5 with: python-version: "${{ vars.PYTHON_VERSION }}" - - - name: Setup Poetry - uses: abatilo/actions-poetry@v3 - # run: curl -sSL https://install.python-poetry.org | python3 - - - - name: Update PATH - run: export PATH="/root/.local/bin:$PATH" - - - name: Setup virtual environment - run: | - /root/.local/bin/poetry config virtualenvs.create true --local - /root/.local/bin/poetry config virtualenvs.in-project true --local - - - uses: actions/cache@v3 - name: Define cache for dependencies - with: - path: ./.venv - key: venv-${{ hashFiles('poetry.lock') }} + cache: 'poetry' - name: Install dependencies - run: /root/.local/bin/poetry install + run: poetry install - name: Lint run: | - /root/.local/bin/poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . + poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ cat lintreport.txt - name: Unit Test run: | - /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml - /root/.local/bin/poetry run coverage xml + poetry run coverage run -m pytest -v --junitxml=testresults.xml + poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml - # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION - # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB - name: SonarQube Cloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.1 - continue-on-error: true env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan @@ -79,8 +59,3 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --sarif-file-output=snyk.sarif --all-projects - - # - name: Upload result to GitHub Code Scanning - # uses: github/codeql-action/upload-sarif@v3 - # with: - # sarif_file: snyk.sarif -- 2.45.2 From 68883f835c0bdaa59784efc36bcd4a9429f93013 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:33:04 +0000 Subject: [PATCH 18/27] fix(dependencies): don't add extra labels to PRs --- renovate.json | 26 +++----------------------- 1 file changed, 3 insertions(+), 23 deletions(-) diff --git a/renovate.json b/renovate.json index b72de20..3b02d07 100644 --- a/renovate.json +++ b/renovate.json @@ -1,36 +1,16 @@ { - "ignorePaths": [ - "**/.archive/**" - ], "assignAutomerge": true, "assigneesFromCodeOwners": true, "dependencyDashboardAutoclose": true, "extends": [ "config:recommended" ], + "ignorePaths": [ + "**/.archive/**" + ], "labels": [ "type/dependencies" ], - "packageRules": [ - { - "labels": [ - "linting" - ], - "matchPackageNames": [ - "/black/", - "/pylint/" - ] - }, - { - "labels": [ - "unit-tests" - ], - "matchPackageNames": [ - "/coverage/", - "/pytest/" - ] - } - ], "platformCommit": "enabled", "rebaseWhen": "behind-base-branch", "rollbackPrs": true, -- 2.45.2 From 560a4c37eaeb1629394f4e42efe281354ea0c6ee Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:38:40 +0000 Subject: [PATCH 19/27] fix(ci): update Snyk config --- .gitea/workflows/ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 4e58fe7..a72f038 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -54,8 +54,10 @@ jobs: - name: Snyk Vulnerability Scan uses: snyk/actions/python-3.10@master - continue-on-error: true # To make sure that SARIF upload gets called + continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - args: --sarif-file-output=snyk.sarif --all-projects + command: test + args: --all-projects + json: true -- 2.45.2 From c31aac8538651efbf5c1bc036fd5b6cf40a0a1ab Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:45:17 +0000 Subject: [PATCH 20/27] fix(ci): fix Snyk scan --- .gitea/workflows/ci.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index a72f038..8013c0e 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -53,11 +53,15 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan - uses: snyk/actions/python-3.10@master continue-on-error: true # Sometimes vulns aren't immediately fixable - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - command: test - args: --all-projects - json: true + run: docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python-3.10@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # command: test + # args: --all-projects + # json: true -- 2.45.2 From ba1313a21515887a2b6035ea6ab2c3aa48083980 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:47:29 +0000 Subject: [PATCH 21/27] fix(ci): fix Snyk --- .gitea/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 8013c0e..07e7262 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -54,7 +54,9 @@ jobs: - name: Snyk Vulnerability Scan continue-on-error: true # Sometimes vulns aren't immediately fixable - run: docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json + run: | + echo ${{ github.workspace }} + docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json # - name: Snyk Vulnerability Scan # uses: snyk/actions/python-3.10@master -- 2.45.2 From 7070344fe57e5c569db9fc41ccd31c69cd20a584 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:51:03 +0000 Subject: [PATCH 22/27] fix(ci): fix Snyk --- .gitea/workflows/ci.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 07e7262..e8b7aaf 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -52,18 +52,18 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - name: Snyk Vulnerability Scan - continue-on-error: true # Sometimes vulns aren't immediately fixable - run: | - echo ${{ github.workspace }} - docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json - # - name: Snyk Vulnerability Scan - # uses: snyk/actions/python-3.10@master # continue-on-error: true # Sometimes vulns aren't immediately fixable - # env: - # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - # with: - # command: test - # args: --all-projects - # json: true + # run: | + # echo ${{ github.workspace }} + # docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json + + - name: Snyk Vulnerability Scan + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: snyk test --all-projects --json + # args: --all-projects + # json: true -- 2.45.2 From 8d2fa2a8dc8b66ad9ba502b82f8fd690e2cc0dc9 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:54:53 +0000 Subject: [PATCH 23/27] fix(ci): fix Snyk --- .gitea/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index e8b7aaf..bf78d38 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -64,6 +64,6 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - command: snyk test --all-projects --json - # args: --all-projects + command: snyk + args: test --all-projects --json # json: true -- 2.45.2 From 8d837932e431dd167f69114d25444927ef712b62 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:57:26 +0000 Subject: [PATCH 24/27] fix(ci): fix Snyk --- .gitea/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index bf78d38..233e50b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -65,5 +65,4 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: command: snyk - args: test --all-projects --json - # json: true + args: test --all-projects -- 2.45.2 From 588a6e257c0834dc62f413bb631131b734549452 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 16:57:44 +0000 Subject: [PATCH 25/27] fix(ci): fix Snyk --- .gitea/workflows/ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 233e50b..fd55030 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -52,12 +52,6 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - # - name: Snyk Vulnerability Scan - # continue-on-error: true # Sometimes vulns aren't immediately fixable - # run: | - # echo ${{ github.workspace }} - # docker run --rm -v "${{ gitea.workspace }}:/app" -e "SNYK_TOKEN=${{ secrets.SNYK_TOKEN }}" snyk/snyk:python snyk test --all-projects --json - - name: Snyk Vulnerability Scan uses: snyk/actions/python@master continue-on-error: true # Sometimes vulns aren't immediately fixable -- 2.45.2 From 76e35d03ec52c002f241ad3e6282685e76d2bcdd Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 17:02:41 +0000 Subject: [PATCH 26/27] chore(ci): remove names from CI files --- .gitea/workflows/ci.yml | 1 - .gitea/workflows/release.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index fd55030..4529a9e 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,4 +1,3 @@ -name: CI w/ Poetry and Docker on: pull_request: types: [opened, synchronize, reopened] diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 6be24a4..df8049a 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -1,4 +1,3 @@ -name: Release on: schedule: - cron: "0 9 * * 0" -- 2.45.2 From ad002923135a3b2174ee67f2d90c3253477507c1 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Thu, 2 Jan 2025 17:04:24 +0000 Subject: [PATCH 27/27] revert: chore(ci): remove names from CI files This reverts commit 76e35d03ec52c002f241ad3e6282685e76d2bcdd. --- .gitea/workflows/ci.yml | 1 + .gitea/workflows/release.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 4529a9e..fd55030 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,3 +1,4 @@ +name: CI w/ Poetry and Docker on: pull_request: types: [opened, synchronize, reopened] diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index df8049a..6be24a4 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -1,3 +1,4 @@ +name: Release on: schedule: - cron: "0 9 * * 0" -- 2.45.2