Update .gitea/workflows/release.yml

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v5.1.0` -> `v5.2.0` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v5.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.2.0)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.1.0...v5.2.0)

##### What's Changed

-   SQSCANGHA-90 remove mend dead conf by [@&#8203;pierre-guillot-gh](https://github.com/pierre-guillot-gh) in https://github.com/SonarSource/sonarqube-scan-action/pull/184
-   SQSCANGHA-89 Attempt to fix command injection by [@&#8203;henryju](https://github.com/henryju) in https://github.com/SonarSource/sonarqube-scan-action/pull/186
-   SQSCANGHA-93 Fix madhead/semver-utils' version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/187
-   SQSCANGHA-94 Update version update logic by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/188
-   SQSCANGHA-92 Validate scanner version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/189

**Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4wLjkiLCJ1cGRhdGVkSW5WZXIiOiI0MC4wLjkiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvZGVwZW5kZW5jaWVzIl19-->

Reviewed-on: #333
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>

.gitea/workflows/ci.yml

@@ -56,7 +56,7 @@ jobs:
         run: uv cache prune --ci
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.1.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

.gitea/workflows/release.yml

@@ -5,57 +5,66 @@ on:
     - cron: "0 9 * * 0"
 
 jobs:
-  test:
-    name: Test
-    uses: https://git.tainton.uk/repos/pypilot/.gitea/workflows/ci.yml@main
+  # test:
+  #   name: Test
+  #   uses: https://git.tainton.uk/repos/pypilot/.gitea/workflows/ci.yml@main
+
+  tag:
+    name: Tag release
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main
 
   create_release:
     name: Create Release
-    needs: test
-    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release.yml@main
+    needs: tag
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main
+    with:
+      tag: ${{ needs.tag.outputs.tag_name }}
+      body: ${{ needs.tag.outputs.changelog }}
     secrets:
       ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
 
-  print_release:
-    name: Print Release
+  get_release_id:
+    name: Get Release ID
     runs-on: ubuntu-latest
-    needs: create_release
+    needs: [tag, create_release]
     outputs:
       releaseid: ${{ steps.getid.outputs.releaseid }}
     steps:
-      - run: echo "Created release ${{ needs.create_release.outputs.release_name }}."
       - name: Get Release ID
         id: getid
         run: |
           rid=$(curl -s -X 'GET' \
-          -H 'accept: application/json'
-          '${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/latest' | jq -r '.[].id')
+          -H 'accept: application/json' \
+          '${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/latest' | jq -r '.id')
           echo "releaseid=$rid" >> "$GITEA_OUTPUT"
+          echo "$rid"
 
   build_whl:
     name: Build Wheel File
-    needs: [create_release, print_release]
+    needs: [tag, get_release_id]
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4.2.2
-      - name: Setup Python
-        uses: actions/setup-python@v5
         with:
-          python-version: "3.13"
-      - name: Setup Poetry
-        uses: abatilo/actions-poetry@v4
+          ref: ${{ needs.tag.outputs.tag_name }}
+      # - name: Setup Python
+      #   uses: actions/setup-python@v5
+      #   with:
+      #     python-version: "3.13"
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
+      - name: Set up Python
+        run: uv python install
       - name: Update pyproject.toml
-        run: ./tools/update_pyproject.sh ${{ needs.create_release.outputs.release_name }}
+        run: ./tools/update_pyproject.sh ${{ needs.tag.outputs.tag_name }}
       - name: Install dependencies
-        run: poetry install
+        run: uv sync
       - name: Build wheel file
-        run: poetry build
-      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: whl
-          path: dist/
+        run: uv build
       - name: Upload Release Asset
         run: |
           for file in dist/*.whl; do
@@ -63,31 +72,41 @@ jobs:
             -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \
             -H "Content-Type: multipart/form-data" \
             -F "attachment=@${{ gitea.workspace }}/$file" \
-            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ needs.print_release.outputs.releaseid }}"
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ needs.get_release_id.outputs.releaseid }}/assets"
           done
-
-  publish_pypi:
-    name: Publish to PyPI
-    needs: build_whl
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create dist folder
-        run: mkdir -p dist
-      - uses: actions/download-artifact@v4
-        with:
-          name: whl
-          path: dist
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          # user: ${{ vars.PYPI_USERNAME }}
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        run: uv publish
+        env:
+          UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
+      # - name: Publish to PyPI
+      #   uses: pypa/gh-action-pypi-publish@release/v1
+      #   with:
+      #     # user: ${{ vars.PYPI_USERNAME }}
+      #     user: __token__
+      #     password: ${{ secrets.PYPI_API_TOKEN }}
+
+  # publish_pypi:
+  #   name: Publish to PyPI
+  #   needs: build_whl
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Create dist folder
+  #       run: mkdir -p dist
+  #     - uses: actions/download-artifact@v4
+  #       with:
+  #         name: whl
+  #         path: dist
+  #     - name: Publish to PyPI
+  #       uses: pypa/gh-action-pypi-publish@release/v1
+  #       with:
+  #         # user: ${{ vars.PYPI_USERNAME }}
+  #         user: __token__
+  #         password: ${{ secrets.PYPI_API_TOKEN }}
 
   create_docker:
     name: Publish Docker Images
     runs-on: ubuntu-latest
-    needs: create_release
+    needs: tag
     steps:
       - name: Update Docker configuration
         continue-on-error: true
@@ -109,7 +128,7 @@ jobs:
         uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
-          ref: ${{ needs.create_release.outputs.release_name }}
+          ref: ${{ needs.tag.outputs.tag_name }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -132,7 +151,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }}
+          tags: type=semver,pattern=v{{version}},value=${{ needs.tag.outputs.tag_name }}
           images: |
             ghcr.io/${{ vars.GHCR_USERNAME }}/${{ steps.split.outputs.repo }}
             ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }}

.gitea/workflows/security.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4.2.2
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.1.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

pyproject.toml

@@ -10,7 +10,7 @@ requires-python = "<4.0,>=3.11"
 dependencies = [
     "astroid==3.3.9",
     "attrs==25.3.0",
-    "certifi==2025.1.31",
+    "certifi==2025.4.26",
     "charset-normalizer==3.4.1",
     "click==8.1.8",
     "dill==0.4.0",

uv.lock

@@ -54,11 +54,11 @@ wheels = [
 
 [[package]]
 name = "certifi"
-version = "2025.1.31"
+version = "2025.4.26"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/1c/ab/c9f1e32b7b1bf505bf26f0ef697775960db7932abeb7b516de930ba2705f/certifi-2025.1.31.tar.gz", hash = "sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651", size = 167577, upload_time = "2025-01-31T02:16:47.166Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/e8/9e/c05b3920a3b7d20d3d3310465f50348e5b3694f4f88c6daf736eef3024c4/certifi-2025.4.26.tar.gz", hash = "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", size = 160705, upload_time = "2025-04-26T02:12:29.51Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/38/fc/bce832fd4fd99766c04d1ee0eead6b0ec6486fb100ae5e74c1d91292b982/certifi-2025.1.31-py3-none-any.whl", hash = "sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe", size = 166393, upload_time = "2025-01-31T02:16:45.015Z" },
+    { url = "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", hash = "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", size = 159618, upload_time = "2025-04-26T02:12:27.662Z" },
 ]
 
 [[package]]
@@ -262,7 +262,7 @@ dev = [
 requires-dist = [
     { name = "astroid", specifier = "==3.3.9" },
     { name = "attrs", specifier = "==25.3.0" },
-    { name = "certifi", specifier = "==2025.1.31" },
+    { name = "certifi", specifier = "==2025.4.26" },
     { name = "charset-normalizer", specifier = "==3.4.1" },
     { name = "click", specifier = "==8.1.8" },
     { name = "dill", specifier = "==0.4.0" },