Update .gitea/workflows/release.yml

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [SonarSource/sonarqube-scan-action](https://github.com/SonarSource/sonarqube-scan-action) | action | minor | `v5.1.0` -> `v5.2.0` |

---

### Release Notes

<details>
<summary>SonarSource/sonarqube-scan-action (SonarSource/sonarqube-scan-action)</summary>

### [`v5.2.0`](https://github.com/SonarSource/sonarqube-scan-action/releases/tag/v5.2.0)

[Compare Source](https://github.com/SonarSource/sonarqube-scan-action/compare/v5.1.0...v5.2.0)

##### What's Changed

-   SQSCANGHA-90 remove mend dead conf by [@&#8203;pierre-guillot-gh](https://github.com/pierre-guillot-gh) in https://github.com/SonarSource/sonarqube-scan-action/pull/184
-   SQSCANGHA-89 Attempt to fix command injection by [@&#8203;henryju](https://github.com/henryju) in https://github.com/SonarSource/sonarqube-scan-action/pull/186
-   SQSCANGHA-93 Fix madhead/semver-utils' version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/187
-   SQSCANGHA-94 Update version update logic by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/188
-   SQSCANGHA-92 Validate scanner version by [@&#8203;csaba-feher-sonarsource](https://github.com/csaba-feher-sonarsource) in https://github.com/SonarSource/sonarqube-scan-action/pull/189

**Full Changelog**: https://github.com/SonarSource/sonarqube-scan-action/compare/v5...v5.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4wLjkiLCJ1cGRhdGVkSW5WZXIiOiI0MC4wLjkiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvZGVwZW5kZW5jaWVzIl19-->

Reviewed-on: #333
Co-authored-by: Renovate [BOT] <renovate-bot@git.tainton.uk>
Co-committed-by: Renovate [BOT] <renovate-bot@git.tainton.uk>

.gitea/workflows/ci.yml

@@ -56,7 +56,7 @@ jobs:
         run: uv cache prune --ci
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.1.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

.gitea/workflows/release.yml

@@ -5,57 +5,66 @@ on:
     - cron: "0 9 * * 0"
 
 jobs:
-  test:
-    name: Test
-    uses: https://git.tainton.uk/repos/pypilot/.gitea/workflows/ci.yml@main
+  # test:
+  #   name: Test
+  #   uses: https://git.tainton.uk/repos/pypilot/.gitea/workflows/ci.yml@main
+
+  tag:
+    name: Tag release
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/release-with-tag.yaml@main
 
   create_release:
     name: Create Release
-    needs: test
-    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release.yml@main
+    needs: tag
+    uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/create-release-preexisting-tag.yaml@main
+    with:
+      tag: ${{ needs.tag.outputs.tag_name }}
+      body: ${{ needs.tag.outputs.changelog }}
     secrets:
       ACTIONS_TOKEN: ${{ secrets.ACTIONS_TOKEN }}
 
-  print_release:
-    name: Print Release
+  get_release_id:
+    name: Get Release ID
     runs-on: ubuntu-latest
-    needs: create_release
+    needs: [tag, create_release]
     outputs:
       releaseid: ${{ steps.getid.outputs.releaseid }}
     steps:
-      - run: echo "Created release ${{ needs.create_release.outputs.release_name }}."
       - name: Get Release ID
         id: getid
         run: |
           rid=$(curl -s -X 'GET' \
-          -H 'accept: application/json'
-          '${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/latest' | jq -r '.[].id')
+          -H 'accept: application/json' \
+          '${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/latest' | jq -r '.id')
           echo "releaseid=$rid" >> "$GITEA_OUTPUT"
+          echo "$rid"
 
   build_whl:
     name: Build Wheel File
-    needs: [create_release, print_release]
+    needs: [tag, get_release_id]
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4.2.2
+        with:
+          ref: ${{ needs.tag.outputs.tag_name }}
+      # - name: Setup Python
+      #   uses: actions/setup-python@v5
+      #   with:
+      #     python-version: "3.13"
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
       - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-      - name: Setup Poetry
-        uses: abatilo/actions-poetry@v4
+        run: uv python install
       - name: Update pyproject.toml
-        run: ./tools/update_pyproject.sh ${{ needs.create_release.outputs.release_name }}
+        run: ./tools/update_pyproject.sh ${{ needs.tag.outputs.tag_name }}
       - name: Install dependencies
-        run: poetry install
+        run: uv sync
       - name: Build wheel file
-        run: poetry build
-      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: whl
-          path: dist/
+        run: uv build
       - name: Upload Release Asset
         run: |
           for file in dist/*.whl; do
@@ -63,31 +72,41 @@ jobs:
             -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \
             -H "Content-Type: multipart/form-data" \
             -F "attachment=@${{ gitea.workspace }}/$file" \
-            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ needs.print_release.outputs.releaseid }}"
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases/${{ needs.get_release_id.outputs.releaseid }}/assets"
           done
-
-  publish_pypi:
-    name: Publish to PyPI
-    needs: build_whl
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create dist folder
-        run: mkdir -p dist
-      - uses: actions/download-artifact@v4
-        with:
-          name: whl
-          path: dist
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          # user: ${{ vars.PYPI_USERNAME }}
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        run: uv publish
+        env:
+          UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
+      # - name: Publish to PyPI
+      #   uses: pypa/gh-action-pypi-publish@release/v1
+      #   with:
+      #     # user: ${{ vars.PYPI_USERNAME }}
+      #     user: __token__
+      #     password: ${{ secrets.PYPI_API_TOKEN }}
+
+  # publish_pypi:
+  #   name: Publish to PyPI
+  #   needs: build_whl
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Create dist folder
+  #       run: mkdir -p dist
+  #     - uses: actions/download-artifact@v4
+  #       with:
+  #         name: whl
+  #         path: dist
+  #     - name: Publish to PyPI
+  #       uses: pypa/gh-action-pypi-publish@release/v1
+  #       with:
+  #         # user: ${{ vars.PYPI_USERNAME }}
+  #         user: __token__
+  #         password: ${{ secrets.PYPI_API_TOKEN }}
 
   create_docker:
     name: Publish Docker Images
     runs-on: ubuntu-latest
-    needs: create_release
+    needs: tag
     steps:
       - name: Update Docker configuration
         continue-on-error: true
@@ -109,7 +128,7 @@ jobs:
         uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
-          ref: ${{ needs.create_release.outputs.release_name }}
+          ref: ${{ needs.tag.outputs.tag_name }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
@@ -132,7 +151,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }}
+          tags: type=semver,pattern=v{{version}},value=${{ needs.tag.outputs.tag_name }}
           images: |
             ghcr.io/${{ vars.GHCR_USERNAME }}/${{ steps.split.outputs.repo }}
             ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }}

.gitea/workflows/security.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4.2.2
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.1.0
+        uses: SonarSource/sonarqube-scan-action@v5.2.0
         env:
           SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
           SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}