Move to Gitea

.gitea/CODEOWNERS

@@ -0,0 +1 @@
+*   @luke

.gitea/workflows/build_docker.yml

@@ -0,0 +1,18 @@
+name: Build Docker
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  create_docker:
+    name: Create Docker Image
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/build-push-docker.yml@main
+    with:
+      release: ${{ gitea.event.release.name }}
+      registry: ${{ vars.PACKAGES_REGISTRY_URL }}
+      actions_username: ${{ vars.ACTIONS_USERNAME }}
+      ghcr_username: ${{ vars.GHCR_USERNAME }}
+    secrets:
+      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
+      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}

.gitea/workflows/ci.yml

@@ -0,0 +1,95 @@
+name: CI
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Run Hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.13"
+
+      - name: uv cache
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.uv-cache
+          key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
+          restore-keys: |
+            uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
+            uv-${{ runner.os }}
+
+      - name: Install dependencies
+        run: uv sync
+      
+      - name: Check Import Sorting
+        run: uv run isort --check app/ tests/
+
+      - name: Lint
+        run: |
+          uv run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
+          cat lintreport.txt
+
+      - name: Unit Test
+        run: |
+          uv run coverage run -m pytest -v --junitxml=testresults.xml
+          uv run coverage report
+        # sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
+
+      - name: Minimize uv cache
+        run: uv cache prune --ci
+
+      # - name: SonarQube Scan
+      #   uses: SonarSource/sonarqube-scan-action@v5.2.0
+      #   env:
+      #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+      #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+      - name: Set up environment for Snyk
+        run: |
+          uv pip freeze > requirements.txt
+          mv pyproject.toml pyproject.toml.bak
+          mv uv.lock uv.lock.bak
+
+      - name: Snyk SAST Scan
+        uses: snyk/actions/python@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          # command: snyk
+          args: snyk code test #--all-projects --exclude=.archive
+
+      # - name: Snyk Vulnerability Scan
+      #   uses: snyk/actions/python@master
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #     DEBUG: "*snyk*"
+      #   with:
+      #     # command: snyk
+      #     args: snyk test #--all-projects --exclude=.archive
+      
+      - name: Reverse set up environment for Snyk
+        run: |
+          rm -f requirements.txt
+          mv pyproject.toml.bak pyproject.toml
+          mv uv.lock.bak uv.lock

.gitea/workflows/conventional_commit.yml

@@ -0,0 +1,16 @@
+name: Validate PR Title
+on:
+  pull_request:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.2.4
+        with:
+          commit-message: ${{ gitea.event.pull_request.title }}

.gitea/workflows/release.yml

@@ -0,0 +1,30 @@
+name: Release
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 9 * * 0"
+
+jobs:
+  test:
+    name: Test
+    uses: https://git.tainton.uk/repos/roboluke/.gitea/workflows/ci.yml@main
+    with:
+      python-version: 3.13
+    secrets:
+      SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+      SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  create_release:
+    name: Create Release
+    needs: test
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release.yml@main
+    secrets:
+      ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
+
+  print_release:
+    name: Print Release
+    runs-on: ubuntu-latest
+    needs: create_release
+    steps:
+      - run: echo "Created release ${{ needs.create_release.outputs.release_name }}."

.gitea/workflows/snyk.yml

@@ -0,0 +1,24 @@
+name: Snyk
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "@daily"
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4.2.2
+
+      - name: Snyk
+        uses: snyk/actions/python@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor