From 7c0587314e457f06932e01a909079bae79b65fb5 Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Sun, 9 Feb 2025 21:08:54 +0000
Subject: [PATCH] feat(ci): switch to self-hosted SonarQube

---
 {.github => .archive/.github}/CODEOWNERS      |  0
 {.github => .archive/.github}/dependabot.yml  |  0
 .../.github}/workflows/build.yml              |  0
 .../.github}/workflows/ci.yml                 |  0
 .gitea/workflows/ci.yml                       | 38 +++++++++++++------
 .gitea/workflows/conventional_commit.yml      | 16 ++++++++
 .gitea/workflows/release.yml                  |  9 +----
 sonar-project.properties                      |  6 +--
 8 files changed, 47 insertions(+), 22 deletions(-)
 rename {.github => .archive/.github}/CODEOWNERS (100%)
 rename {.github => .archive/.github}/dependabot.yml (100%)
 rename {.github => .archive/.github}/workflows/build.yml (100%)
 rename {.github => .archive/.github}/workflows/ci.yml (100%)
 create mode 100644 .gitea/workflows/conventional_commit.yml

diff --git a/.github/CODEOWNERS b/.archive/.github/CODEOWNERS
similarity index 100%
rename from .github/CODEOWNERS
rename to .archive/.github/CODEOWNERS
diff --git a/.github/dependabot.yml b/.archive/.github/dependabot.yml
similarity index 100%
rename from .github/dependabot.yml
rename to .archive/.github/dependabot.yml
diff --git a/.github/workflows/build.yml b/.archive/.github/workflows/build.yml
similarity index 100%
rename from .github/workflows/build.yml
rename to .archive/.github/workflows/build.yml
diff --git a/.github/workflows/ci.yml b/.archive/.github/workflows/ci.yml
similarity index 100%
rename from .github/workflows/ci.yml
rename to .archive/.github/workflows/ci.yml
diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index bf3e053..9d275f8 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -8,15 +8,31 @@ on:
       - reopened
 
 jobs:
-  validate_pr_title:
-    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/conventional-commit.yml@main
-    with:
-      commit_message: ${{ gitea.event.pull_request.title }}
-
   ci:
-    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-docker.yml@main
-    with:
-      python-version: 3.13
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        env:
+          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python@master
+        continue-on-error: true # Sometimes vulns aren't immediately fixable
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: test --all-projects
diff --git a/.gitea/workflows/conventional_commit.yml b/.gitea/workflows/conventional_commit.yml
new file mode 100644
index 0000000..fc3da85
--- /dev/null
+++ b/.gitea/workflows/conventional_commit.yml
@@ -0,0 +1,16 @@
+name: Validate PR Title
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.2.4
+        with:
+          commit-message: ${{ gitea.event.pull_request.title }}
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index 6859906..0a1332b 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -9,12 +9,7 @@ on:
 jobs:
   test:
     name: Test
-    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-docker.yml@main
-    with:
-      python-version: 3.13
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    uses: https://git.tainton.uk/repos/docker-dnsmasq/.gitea/workflows/ci.yml@main
 
   create_release:
     name: Create Release
@@ -29,7 +24,7 @@ jobs:
     needs: create_release
     steps:
       - run: echo "Created release ${{ needs.create_release.outputs.release_name }}."
-  
+
   publish:
     name: Publish Docker Images
     runs-on: ubuntu-latest
diff --git a/sonar-project.properties b/sonar-project.properties
index 9f384c8..0f51c17 100644
--- a/sonar-project.properties
+++ b/sonar-project.properties
@@ -1,7 +1,5 @@
-sonar.organization=luketainton
-sonar.projectKey=luketainton_docker-dnsmasq
+sonar.projectKey=docker-dnsmasq
 sonar.projectName=docker-dnsmasq
-sonar.projectVersion=1.0
 sonar.docker.hadolint.reportPaths=hadolint.out
 sonar.sources=Dockerfile
-sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json
+sonar.exclusions=.archive/**,.gitea/**,config/**,.gitignore,README.md,renovate.json,docker-compose.yml