feat(ci): fix CI, switch to self-hosted SonarQube (#310)

Reviewed-on: #310

.archive/.github/workflows/ci.yml

@@ -0,0 +1,20 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - ".github/CODEOWNERS"
+      - ".github/renovate.json"
+      - ".github/dependabot.yml"
+
+jobs:
+  ci:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry.yml@main
+    with:
+      python-version: 3.11
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.archive/.github/workflows/publish.yml

@@ -0,0 +1,80 @@
+name: Publish
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 9 * * 0"
+
+jobs:
+  test:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry.yml@main
+    with:
+      python-version: 3.11
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  create_release:
+    name: Create Release
+    needs: test
+    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
+
+  build:
+    name: Build Wheel File
+    needs: create_release
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Setup Poetry
+        uses: abatilo/actions-poetry@v4
+      - name: Update pyproject.toml
+        run:
+          ./tools/update_pyproject.sh ${{ needs.create_release.outputs.release_name }}
+      - name: Install dependencies
+        run: poetry install
+      - name: Build wheel file
+        run: poetry build
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: whl
+          path: dist/
+      - name: Upload Release Asset
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release upload ${{ needs.create_release.outputs.release_name }} dist/*.whl
+
+  publish:
+    name: Publish to PyPI
+    needs: [create_release, build]
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment:
+      name: release
+      url: https://pypi.org/p/ipilot
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+    steps:
+      - name: Create dist folder
+        run: mkdir -p dist
+      - uses: actions/download-artifact@v4
+        with:
+          name: whl
+          path: dist
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  create_docker:
+    name: Create Docker Image
+    needs: create_release
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
+    with:
+        release: ${{ needs.create_release.outputs.release_name }}