Compare commits
5 Commits
eb5e0a3e18
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 97a47ed9c8 | |||
| 3f0df932e0 | |||
| 02f1ebdecf | |||
| 7eec0c6902 | |||
| b7eb8aacfc |
@@ -49,43 +49,7 @@ jobs:
|
|||||||
- name: Unit Test
|
- name: Unit Test
|
||||||
run: |
|
run: |
|
||||||
uv run coverage run -m pytest -v --junitxml=testresults.xml
|
uv run coverage run -m pytest -v --junitxml=testresults.xml
|
||||||
uv run coverage xml
|
uv run coverage report
|
||||||
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
|
|
||||||
|
|
||||||
- name: Minimize uv cache
|
- name: Minimize uv cache
|
||||||
run: uv cache prune --ci
|
run: uv cache prune --ci
|
||||||
|
|
||||||
# - name: SonarQube Scan
|
|
||||||
# uses: SonarSource/sonarqube-scan-action@v5.2.0
|
|
||||||
# env:
|
|
||||||
# SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
|
|
||||||
# SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
|
|
||||||
|
|
||||||
# - name: Set up environment for Snyk
|
|
||||||
# run: |
|
|
||||||
# uv pip freeze > requirements.txt
|
|
||||||
# mv pyproject.toml pyproject.toml.bak
|
|
||||||
# mv uv.lock uv.lock.bak
|
|
||||||
|
|
||||||
# - name: Snyk SAST Scan
|
|
||||||
# uses: snyk/actions/python@master
|
|
||||||
# env:
|
|
||||||
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
||||||
# with:
|
|
||||||
# # command: snyk
|
|
||||||
# args: snyk code test #--all-projects --exclude=.archive
|
|
||||||
|
|
||||||
# - name: Snyk Vulnerability Scan
|
|
||||||
# uses: snyk/actions/python@master
|
|
||||||
# continue-on-error: true # Sometimes vulns aren't immediately fixable
|
|
||||||
# env:
|
|
||||||
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
||||||
# with:
|
|
||||||
# command: snyk
|
|
||||||
# args: test --all-projects
|
|
||||||
|
|
||||||
# - name: Reverse set up environment for Snyk
|
|
||||||
# run: |
|
|
||||||
# rm -f requirements.txt
|
|
||||||
# mv pyproject.toml.bak pyproject.toml
|
|
||||||
# mv uv.lock.bak uv.lock
|
|
||||||
|
|||||||
@@ -53,7 +53,7 @@ jobs:
|
|||||||
# with:
|
# with:
|
||||||
# python-version: "3.13"
|
# python-version: "3.13"
|
||||||
- name: Install uv
|
- name: Install uv
|
||||||
uses: astral-sh/setup-uv@v7
|
uses: astral-sh/setup-uv@v8.1.0
|
||||||
with:
|
with:
|
||||||
enable-cache: true
|
enable-cache: true
|
||||||
cache-dependency-glob: "uv.lock"
|
cache-dependency-glob: "uv.lock"
|
||||||
|
|||||||
61
.gitea/workflows/sonar.yml
Normal file
61
.gitea/workflows/sonar.yml
Normal file
@@ -0,0 +1,61 @@
|
|||||||
|
name: Sonar
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
sonar:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out repository code
|
||||||
|
uses: actions/checkout@v6.0.2
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Run Hadolint
|
||||||
|
uses: hadolint/hadolint-action@v3.3.0
|
||||||
|
with:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
output-file: hadolint.out
|
||||||
|
format: sonarqube
|
||||||
|
no-fail: true
|
||||||
|
|
||||||
|
- name: Setup Python
|
||||||
|
uses: actions/setup-python@v6
|
||||||
|
with:
|
||||||
|
python-version: "3.14"
|
||||||
|
|
||||||
|
- name: uv cache
|
||||||
|
uses: actions/cache@v5
|
||||||
|
with:
|
||||||
|
path: /tmp/.uv-cache
|
||||||
|
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
|
||||||
|
restore-keys: |
|
||||||
|
uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
|
||||||
|
uv-${{ runner.os }}
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: uv sync
|
||||||
|
|
||||||
|
|
||||||
|
- name: Lint
|
||||||
|
run: |
|
||||||
|
uv run pylint --exit-zero --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
|
||||||
|
cat lintreport.txt
|
||||||
|
|
||||||
|
- name: Unit Test
|
||||||
|
run: |
|
||||||
|
uv run coverage run -m pytest -v --junitxml=testresults.xml
|
||||||
|
uv run coverage report
|
||||||
|
uv run coverage xml -q -o coverage.xml
|
||||||
|
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
|
||||||
|
|
||||||
|
- name: Minimize uv cache
|
||||||
|
run: uv cache prune --ci
|
||||||
|
|
||||||
|
- name: SonarQube Scan
|
||||||
|
uses: SonarSource/sonarqube-scan-action@v7.1.0
|
||||||
|
env:
|
||||||
|
SONAR_HOST_URL: ${{ vars.SONAR_URL }}
|
||||||
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||||
@@ -3,12 +3,14 @@ LABEL maintainer="Luke Tainton <luke@tainton.uk>"
|
|||||||
LABEL org.opencontainers.image.source="https://github.com/luketainton/pypilot"
|
LABEL org.opencontainers.image.source="https://github.com/luketainton/pypilot"
|
||||||
USER root
|
USER root
|
||||||
|
|
||||||
ENV PYTHONPATH="/run:/usr/local/lib/python3.13/lib-dynload:/usr/local/lib/python3.13/site-packages:/usr/local/lib/python3.13"
|
RUN useradd -r -s /sbin/nologin -M user
|
||||||
|
|
||||||
|
ENV PYTHONPATH="/run:/usr/local/lib/python3.14/lib-dynload:/usr/local/lib/python3.14/site-packages:/usr/local/lib/python3.14"
|
||||||
WORKDIR /run
|
WORKDIR /run
|
||||||
|
|
||||||
RUN mkdir -p /.local && \
|
RUN mkdir -p /.local && \
|
||||||
chmod -R 777 /.local && \
|
chmod -R 777 /.local && \
|
||||||
pip install -U pip uv==0.5.14
|
pip install --no-cache-dir -U pip uv==0.5.14
|
||||||
|
|
||||||
COPY pyproject.toml /run/pyproject.toml
|
COPY pyproject.toml /run/pyproject.toml
|
||||||
COPY uv.lock /run/uv.lock
|
COPY uv.lock /run/uv.lock
|
||||||
@@ -23,3 +25,6 @@ ARG version="dev"
|
|||||||
ENV APP_VERSION=$version
|
ENV APP_VERSION=$version
|
||||||
|
|
||||||
COPY app /run/app
|
COPY app /run/app
|
||||||
|
|
||||||
|
RUN chown -R user:user /run
|
||||||
|
USER user
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# iPilot [](https://github.com/luketainton/pypilot/actions/workflows/ci.yml) [](https://sonarcloud.io/summary/new_code?id=luketainton_pypilot)
|
# iPilot
|
||||||
|
|
||||||
## Description
|
## Description
|
||||||
IP Information Lookup Tool
|
IP Information Lookup Tool
|
||||||
|
|||||||
@@ -1,10 +1,10 @@
|
|||||||
sonar.projectKey=pypilot
|
sonar.projectKey=pypilot
|
||||||
sonar.projectName=pypilot
|
sonar.projectName=pypilot
|
||||||
sonar.python.version=3.13
|
sonar.python.version=3.14
|
||||||
sonar.python.coverage.reportPaths=coverage.xml
|
sonar.python.coverage.reportPaths=coverage.xml
|
||||||
sonar.python.pylint.reportPaths=lintreport.txt
|
sonar.python.pylint.reportPaths=lintreport.txt
|
||||||
sonar.python.xunit.reportPath=testresults.xml
|
sonar.python.xunit.reportPath=testresults.xml
|
||||||
sonar.sources=Dockerfile,app
|
sonar.sources=Dockerfile,app
|
||||||
sonar.tests=tests
|
sonar.tests=tests
|
||||||
sonar.exclusions=,.archive/**,.gitea/**,.gitignore,renovate.json
|
sonar.exclusions=,.archive/**,.gitea/**,.gitignore,renovate.json
|
||||||
sonar.coverage.exclusions=app/_version.py,app/args.py,app/main.py
|
sonar.coverage.exclusions=app/args.py,app/main.py
|
||||||
|
|||||||
Reference in New Issue
Block a user