diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 0c9c834..bf4c743 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -49,43 +49,7 @@ jobs: - name: Unit Test run: | uv run coverage run -m pytest -v --junitxml=testresults.xml - uv run coverage xml - sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + uv run coverage report - name: Minimize uv cache run: uv cache prune --ci - - # - name: SonarQube Scan - # uses: SonarSource/sonarqube-scan-action@v5.2.0 - # env: - # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} - # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - # - name: Set up environment for Snyk - # run: | - # uv pip freeze > requirements.txt - # mv pyproject.toml pyproject.toml.bak - # mv uv.lock uv.lock.bak - - # - name: Snyk SAST Scan - # uses: snyk/actions/python@master - # env: - # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - # with: - # # command: snyk - # args: snyk code test #--all-projects --exclude=.archive - - # - name: Snyk Vulnerability Scan - # uses: snyk/actions/python@master - # continue-on-error: true # Sometimes vulns aren't immediately fixable - # env: - # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - # with: - # command: snyk - # args: test --all-projects - - # - name: Reverse set up environment for Snyk - # run: | - # rm -f requirements.txt - # mv pyproject.toml.bak pyproject.toml - # mv uv.lock.bak uv.lock diff --git a/.gitea/workflows/sonar.yml b/.gitea/workflows/sonar.yml new file mode 100644 index 0000000..66daf9e --- /dev/null +++ b/.gitea/workflows/sonar.yml @@ -0,0 +1,61 @@ +name: Sonar +on: + push: + branches: + - main + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v6.0.2 + with: + fetch-depth: 0 + + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.3.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: sonarqube + no-fail: true + + - name: Setup Python + uses: actions/setup-python@v6 + with: + python-version: "3.14" + + - name: uv cache + uses: actions/cache@v5 + with: + path: /tmp/.uv-cache + key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + restore-keys: | + uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + uv-${{ runner.os }} + + - name: Install dependencies + run: uv sync + + + - name: Lint + run: | + uv run pylint --exit-zero --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ + cat lintreport.txt + + - name: Unit Test + run: | + uv run coverage run -m pytest -v --junitxml=testresults.xml + uv run coverage report + uv run coverage xml -q -o coverage.xml + sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + - name: Minimize uv cache + run: uv cache prune --ci + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v7.1.0 + env: + SONAR_HOST_URL: ${{ vars.SONAR_URL }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/README.md b/README.md index a44a19d..e96a4b3 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# iPilot [![CI](https://github.com/luketainton/pypilot/actions/workflows/ci.yml/badge.svg)](https://github.com/luketainton/pypilot/actions/workflows/ci.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=luketainton_pypilot&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=luketainton_pypilot) +# iPilot ## Description IP Information Lookup Tool diff --git a/sonar-project.properties b/sonar-project.properties index 4710b79..74173f6 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,10 +1,10 @@ sonar.projectKey=pypilot sonar.projectName=pypilot -sonar.python.version=3.13 +sonar.python.version=3.14 sonar.python.coverage.reportPaths=coverage.xml sonar.python.pylint.reportPaths=lintreport.txt sonar.python.xunit.reportPath=testresults.xml sonar.sources=Dockerfile,app sonar.tests=tests sonar.exclusions=,.archive/**,.gitea/**,.gitignore,renovate.json -sonar.coverage.exclusions=app/_version.py,app/args.py,app/main.py +sonar.coverage.exclusions=app/args.py,app/main.py