Add Sonar

.github/workflows/ci.yml

@@ -1,80 +0,0 @@
-name: CI
-on:
-  workflow_dispatch:
-  push:
-    paths-ignore:
-      - 'README.md'
-      - 'LICENSE.md'
-      - '.gitignore'
-  pull_request:
-
-jobs:
-  skip_duplicate:
-    runs-on: ubuntu-latest
-    outputs:
-      should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    steps:
-      - id: skip_check
-        uses: fkirc/skip-duplicate-actions@v4.0.0
-        with:
-          github_token: ${{ github.token }}
-
-  analyze:
-    name: Analyze
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
-        with:
-          languages: python
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
-
-  lint:
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Setup Python
-        uses: actions/setup-python@v3
-        with:
-          python-version: "3.10"
-      - name: Install dependencies
-        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
-      - name: Lint
-        run: pylint --recursive=yes .
-
-  test:
-    needs: skip_duplicate
-    if: ${{ needs.skip_duplicate.outputs.should_skip == 'false' }}
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [ '3.10' ]
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v3
-      - name: Setup Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
-        with:
-          python-version: ${{ matrix.python-version }}
-      - name: Install dependencies
-        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
-      - name: Run test suite
-        run: coverage run -m py.test -v
-      - name: Upload Coverage to Codecov
-        uses: codecov/codecov-action@v3

.github/workflows/merge-to-main.yml

@@ -0,0 +1,34 @@
+name: Merge to main
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
+      - name: Lint
+        run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt .
+      - name: Unit Test
+        run: |
+          coverage run -m py.test -v
+          coverage xml
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/pull-request.yml

@@ -0,0 +1,39 @@
+name: CI
+on:
+  pull_request:
+    paths-ignore:
+      - 'README.md'
+      - 'LICENSE.md'
+      - '.gitignore'
+      - 'CODEOWNERS'
+      - 'renovate.json'
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: pip install -r requirements.txt && pip install -r requirements-dev.txt
+      - name: Lint
+        run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt .
+      - name: Unit Test
+        run: |
+          coverage run -m py.test -v --junitxml=testresults.xml
+          coverage xml
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -38,6 +38,8 @@ pip-log.txt
 pip-delete-this-directory.txt
 
 # Unit test / coverage reports
+lintreport.txt
+testresults.xml
 htmlcov/
 .tox/
 .nox/

codecov.yml

@@ -1,2 +0,0 @@
-ignore:
-  - "*/tests/*”

renovate.json

@@ -1,6 +1,26 @@
 {
-    "extends": [
-      "config:base"
-    ]
+  "extends": ["config:base"],
+  "platformCommit": true,
+  "dependencyDashboardAutoclose": true,
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "labels": ["dependencies"],
+  "packageRules": [
+    {
+      "matchPackagePatterns": ["black", "pylint"],
+      "labels": ["linting"]
+    },
+    {
+      "matchPackagePatterns": ["coverage", "pytest"],
+      "labels": ["unit-tests"]
+    }
+  ],
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security"],
+    "commitMessagePrefix": "[SECURITY] ",
+    "prCreation": "immediate"
   }
-  
+}

sonar-project.properties

@@ -0,0 +1,8 @@
+sonar.projectKey=luketainton_6to4_converter_AYHpASgJSbMjdyWLhHiC
+sonar.python.version=3.10
+sonar.python.coverage.reportPaths=coverage.xml
+sonar.python.pylint.reportPaths=lintreport.txt
+sonar.python.xunit.reportPath=testresults.xml
+sonar.sources=app
+sonar.tests=tests
+sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json,requirements-dev.txt,requirements.txt