chore(deps): replace astral-sh/setup-uv action with astral-sh/setup-uv

.gitea/workflows/ci.yml

@@ -49,7 +49,43 @@ jobs:
       - name: Unit Test
         run: |
           uv run coverage run -m pytest -v --junitxml=testresults.xml
-          uv run coverage report
+          uv run coverage xml
+          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
 
       - name: Minimize uv cache
         run: uv cache prune --ci
+
+      # - name: SonarQube Scan
+      #   uses: SonarSource/sonarqube-scan-action@v5.2.0
+      #   env:
+      #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+      #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+      # - name: Set up environment for Snyk
+      #   run: |
+      #     uv pip freeze > requirements.txt
+      #     mv pyproject.toml pyproject.toml.bak
+      #     mv uv.lock uv.lock.bak
+
+      # - name: Snyk SAST Scan
+      #   uses: snyk/actions/python@master
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     # command: snyk
+      #     args: snyk code test #--all-projects --exclude=.archive
+
+      # - name: Snyk Vulnerability Scan
+      #   uses: snyk/actions/python@master
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     command: snyk
+      #     args: test --all-projects
+
+      # - name: Reverse set up environment for Snyk
+      #   run: |
+      #     rm -f requirements.txt
+      #     mv pyproject.toml.bak pyproject.toml
+      #     mv uv.lock.bak uv.lock

.gitea/workflows/release.yml

@@ -53,7 +53,7 @@ jobs:
       #   with:
       #     python-version: "3.13"
       - name: Install uv
-        uses: astral-sh/setup-uv@v8.1.0
+        uses: astral-sh/setup-uv@v8.0.0
         with:
           enable-cache: true
           cache-dependency-glob: "uv.lock"

.gitea/workflows/sonar.yml

@@ -1,61 +0,0 @@
-name: Sonar
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  sonar:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository code
-        uses: actions/checkout@v6.0.2
-        with:
-          fetch-depth: 0
-
-      - name: Run Hadolint
-        uses: hadolint/hadolint-action@v3.3.0
-        with:
-          dockerfile: Dockerfile
-          output-file: hadolint.out
-          format: sonarqube
-          no-fail: true
-
-      - name: Setup Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: "3.14"
-
-      - name: uv cache
-        uses: actions/cache@v5
-        with:
-          path: /tmp/.uv-cache
-          key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
-          restore-keys: |
-            uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
-            uv-${{ runner.os }}
-
-      - name: Install dependencies
-        run: uv sync
-      
-
-      - name: Lint
-        run: |
-          uv run pylint --exit-zero --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
-          cat lintreport.txt
-
-      - name: Unit Test
-        run: |
-          uv run coverage run -m pytest -v --junitxml=testresults.xml
-          uv run coverage report
-          uv run coverage xml -q -o coverage.xml
-          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
-
-      - name: Minimize uv cache
-        run: uv cache prune --ci
-
-      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v7.1.0
-        env:
-          SONAR_HOST_URL: ${{ vars.SONAR_URL }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Dockerfile

@@ -3,14 +3,12 @@ LABEL maintainer="Luke Tainton <luke@tainton.uk>"
 LABEL org.opencontainers.image.source="https://github.com/luketainton/pypilot"
 USER root
 
-RUN useradd -r -s /sbin/nologin -M user
+ENV PYTHONPATH="/run:/usr/local/lib/python3.13/lib-dynload:/usr/local/lib/python3.13/site-packages:/usr/local/lib/python3.13"
-
-ENV PYTHONPATH="/run:/usr/local/lib/python3.14/lib-dynload:/usr/local/lib/python3.14/site-packages:/usr/local/lib/python3.14"
 WORKDIR /run
 
 RUN mkdir -p /.local && \
     chmod -R 777 /.local && \
-    pip install --no-cache-dir -U pip uv==0.5.14
+    pip install -U pip uv==0.5.14
 
 COPY pyproject.toml /run/pyproject.toml
 COPY uv.lock /run/uv.lock
@@ -25,6 +23,3 @@ ARG version="dev"
 ENV APP_VERSION=$version
 
 COPY app /run/app
-
-RUN chown -R user:user /run
-USER user

README.md

@@ -1,4 +1,4 @@
-# iPilot
+# iPilot [![CI](https://github.com/luketainton/pypilot/actions/workflows/ci.yml/badge.svg)](https://github.com/luketainton/pypilot/actions/workflows/ci.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=luketainton_pypilot&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=luketainton_pypilot)
 
 ## Description
 IP Information Lookup Tool

sonar-project.properties

@@ -1,10 +1,10 @@
 sonar.projectKey=pypilot
 sonar.projectName=pypilot
-sonar.python.version=3.14
+sonar.python.version=3.13
 sonar.python.coverage.reportPaths=coverage.xml
 sonar.python.pylint.reportPaths=lintreport.txt
 sonar.python.xunit.reportPath=testresults.xml
 sonar.sources=Dockerfile,app
 sonar.tests=tests
 sonar.exclusions=,.archive/**,.gitea/**,.gitignore,renovate.json
-sonar.coverage.exclusions=app/args.py,app/main.py
+sonar.coverage.exclusions=app/_version.py,app/args.py,app/main.py