diff --git a/.github/CODEOWNERS b/.archive/.github_archived/CODEOWNERS similarity index 100% rename from .github/CODEOWNERS rename to .archive/.github_archived/CODEOWNERS diff --git a/.github/dependabot.yml b/.archive/.github_archived/dependabot.yml similarity index 100% rename from .github/dependabot.yml rename to .archive/.github_archived/dependabot.yml diff --git a/.github/renovate.json b/.archive/.github_archived/renovate.json similarity index 100% rename from .github/renovate.json rename to .archive/.github_archived/renovate.json diff --git a/.github/workflows/ci.yml b/.archive/.github_archived/workflows/ci.yml similarity index 100% rename from .github/workflows/ci.yml rename to .archive/.github_archived/workflows/ci.yml diff --git a/.gitea/CODEOWNERS b/.gitea/CODEOWNERS new file mode 100644 index 0000000..e286c1e --- /dev/null +++ b/.gitea/CODEOWNERS @@ -0,0 +1 @@ +* @luke diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..5afd216 --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,95 @@ +name: CI +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v6.0.1 + with: + fetch-depth: 0 + + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.3.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: sonarqube + no-fail: true + + - name: Setup Python + uses: actions/setup-python@v6 + with: + python-version: "3.14" + + - name: uv cache + uses: actions/cache@v5 + with: + path: /tmp/.uv-cache + key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + restore-keys: | + uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + uv-${{ runner.os }} + + - name: Install dependencies + run: uv sync + + - name: Check Import Sorting + run: uv run isort --check app/ tests/ + + - name: Lint + run: | + uv run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ + cat lintreport.txt + + - name: Unit Test + run: | + uv run coverage run -m pytest -v --junitxml=testresults.xml + uv run coverage report + # sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + - name: Minimize uv cache + run: uv cache prune --ci + + # - name: SonarQube Scan + # uses: SonarSource/sonarqube-scan-action@v5.2.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Set up environment for Snyk + run: | + uv pip freeze > requirements.txt + mv pyproject.toml pyproject.toml.bak + mv uv.lock uv.lock.bak + + - name: Snyk SAST Scan + uses: snyk/actions/python@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + # command: snyk + args: snyk code test #--all-projects --exclude=.archive + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # DEBUG: "*snyk*" + # with: + # # command: snyk + # args: snyk test #--all-projects --exclude=.archive + + - name: Reverse set up environment for Snyk + run: | + rm -f requirements.txt + mv pyproject.toml.bak pyproject.toml + mv uv.lock.bak uv.lock diff --git a/.gitea/workflows/conventional_commit.yml b/.gitea/workflows/conventional_commit.yml new file mode 100644 index 0000000..a2ce159 --- /dev/null +++ b/.gitea/workflows/conventional_commit.yml @@ -0,0 +1,16 @@ +name: Validate PR Title +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.3.0 + with: + commit-message: ${{ gitea.event.pull_request.title }} diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml new file mode 100644 index 0000000..32ec487 --- /dev/null +++ b/.gitea/workflows/release.yml @@ -0,0 +1,98 @@ +name: Release +on: + workflow_dispatch: + schedule: + - cron: '0 9 * * 0' + +jobs: + tag: + name: Tag release + uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main + + create_release: + name: Create Release + needs: tag + uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main + with: + tag: ${{ needs.tag.outputs.tag_name }} + body: ${{ needs.tag.outputs.changelog }} + secrets: + ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }} + + create_docker: + name: Publish Docker Images + runs-on: ubuntu-latest + needs: [tag, create_release] + steps: + - name: Update Docker configuration + continue-on-error: true + run: | + mkdir -p /etc/default + mkdir -p /etc/docker + touch -a /etc/default/docker + touch -a /etc/docker/daemon.json + echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker + echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json + + - name: Get repo name + id: split + run: echo "repo=${REPO##*/}" >> "$GITEA_OUTPUT" + env: + REPO: ${{ gitea.repository }} + + - name: Check out repository + uses: actions/checkout@v6.0.1 + with: + fetch-depth: 0 + ref: ${{ needs.tag.outputs.tag_name }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log in to Gitea Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ vars.PACKAGES_REGISTRY_URL }} + username: ${{ vars.ACTIONS_USERNAME }} + password: ${{ secrets.ACTIONS_TOKEN }} + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ vars.GHCR_USERNAME }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + tags: type=semver,pattern=v{{version}},value=${{ needs.tag.outputs.tag_name }} + images: | + ghcr.io/${{ vars.GHCR_USERNAME }}/${{ steps.split.outputs.repo }} + ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }} + + - name: Print metadata + run: | + printf "Annotations:\n${{ steps.meta.outputs.annotations }}" + echo "" + printf "Labels:\n${{ steps.meta.outputs.labels }}" + echo "" + printf "Tags:\n${{ steps.meta.outputs.tags }}" + + - name: Build images + uses: docker/build-push-action@v6 + with: + context: . + push: false + load: true + annotations: ${{ steps.meta.outputs.annotations }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + + - name: Push images + run: | + strtags="${{ steps.meta.outputs.tags }}" + readarray -t lines <<<"$strtags" + for element in "${lines[@]}"; do docker push "$element"; done + unset strtags lines diff --git a/.gitea/workflows/snyk.yml b/.gitea/workflows/snyk.yml new file mode 100644 index 0000000..a4505d6 --- /dev/null +++ b/.gitea/workflows/snyk.yml @@ -0,0 +1,24 @@ +name: Snyk + +on: + workflow_dispatch: + push: + branches: + - main + schedule: + - cron: "@daily" + +jobs: + security: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v6.0.1 + + - name: Snyk + uses: snyk/actions/python@master + continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: monitor diff --git a/Dockerfile b/Dockerfile index f175388..181ca18 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -FROM python:3.11-slim +FROM python:3.14-slim LABEL maintainer="Luke Tainton " LABEL org.opencontainers.image.source="https://github.com/luketainton/6to4_converter" USER root -ENV PYTHONPATH="/run:/usr/local/lib/python3.11/lib-dynload:/usr/local/lib/python3.11/site-packages:/usr/local/lib/python3.11" +ENV PYTHONPATH="/run:/usr/local/lib/python3.14/lib-dynload:/usr/local/lib/python3.14/site-packages:/usr/local/lib/python3.14" WORKDIR /run RUN mkdir -p /.local && \ diff --git a/README.md b/README.md index 0251f08..eace32a 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,11 @@ -# 6to4_converter [![CI](https://github.com/luketainton/6to4_converter/actions/workflows/merge-to-main.yml/badge.svg?branch=main)](https://github.com/luketainton/6to4_converter/actions/workflows/merge-to-main.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=luketainton_6to4_converter&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=luketainton_6to4_converter) +# 6to4_converter ## Description Simple script to convert IPv4 addresses to 6to4 addresses. See RFC 3056 for details. ## How to install - Clone the repository. +- Run `uv sync`. ## How to use -- Run `python3 app/main.py --help` for information on how to use this script. +- Run `uv run python -m app.main --help` for information on how to use this script. diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5cee6b5 --- /dev/null +++ b/renovate.json @@ -0,0 +1,23 @@ +{ + "assignAutomerge": false, + "assigneesFromCodeOwners": false, + "dependencyDashboardAutoclose": true, + "extends": ["config:recommended"], + "ignorePaths": ["**/.archive/**"], + "labels": ["type/dependencies"], + "platformCommit": "enabled", + "rebaseWhen": "behind-base-branch", + "rollbackPrs": true, + "semanticCommits": "enabled", + "semanticCommitScope": "deps", + "semanticCommitType": "feat", + "vulnerabilityAlerts": { + "commitMessagePrefix": "[SECURITY] ", + "enabled": true, + "labels": ["security"], + "prCreation": "immediate" + }, + "lockFileMaintenance": { + "enabled": true + } +}