repos/pypilot
5
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 39 Activity

chore(ci): add SonarQube #437

Merged
luke merged 2 commits from ci/sonar into main 2026-04-17 18:37:28 +00:00
Conversation 0 Commits 2 Files Changed 4 +65 -40
4 changed files with 65 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
.gitea/workflows/ci.yml
View File

@@ -49,43 +49,7 @@ jobs:
- name: Unit Test
run: |
uv run coverage run -m pytest -v --junitxml=testresults.xml
uv run coverage xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
uv run coverage report
- name: Minimize uv cache
run: uv cache prune --ci
# - name: SonarQube Scan
# uses: SonarSource/sonarqube-scan-action@v5.2.0
# env:
# SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
# SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# - name: Set up environment for Snyk
# run: |
# uv pip freeze > requirements.txt
# mv pyproject.toml pyproject.toml.bak
# mv uv.lock uv.lock.bak
# - name: Snyk SAST Scan
# uses: snyk/actions/python@master
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# # command: snyk
# args: snyk code test #--all-projects --exclude=.archive
# - name: Snyk Vulnerability Scan
# uses: snyk/actions/python@master
# continue-on-error: true # Sometimes vulns aren't immediately fixable
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# command: snyk
# args: test --all-projects
# - name: Reverse set up environment for Snyk
# run: |
# rm -f requirements.txt
# mv pyproject.toml.bak pyproject.toml
# mv uv.lock.bak uv.lock

61
.gitea/workflows/sonar.yml Normal file
View File

@@ -0,0 +1,61 @@
name: Sonar
on:
push:
branches:
- main
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.3.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
with:
python-version: "3.14"
- name: uv cache
uses: actions/cache@v5
with:
path: /tmp/.uv-cache
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
restore-keys: |
uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
uv-${{ runner.os }}
- name: Install dependencies
run: uv sync
- name: Lint
run: |
uv run pylint --exit-zero --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
cat lintreport.txt
- name: Unit Test
run: |
uv run coverage run -m pytest -v --junitxml=testresults.xml
uv run coverage report
uv run coverage xml -q -o coverage.xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
- name: Minimize uv cache
run: uv cache prune --ci
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v7.1.0
env:
SONAR_HOST_URL: ${{ vars.SONAR_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

2
README.md
View File

@@ -1,4 +1,4 @@
# iPilot [![CI](https://github.com/luketainton/pypilot/actions/workflows/ci.yml/badge.svg)](https://github.com/luketainton/pypilot/actions/workflows/ci.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=luketainton_pypilot&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=luketainton_pypilot)
# iPilot
## Description
IP Information Lookup Tool

4
sonar-project.properties
View File

@@ -1,10 +1,10 @@
sonar.projectKey=pypilot
sonar.projectName=pypilot
sonar.python.version=3.13
sonar.python.version=3.14
sonar.python.coverage.reportPaths=coverage.xml
sonar.python.pylint.reportPaths=lintreport.txt
sonar.python.xunit.reportPath=testresults.xml
sonar.sources=Dockerfile,app
sonar.tests=tests
sonar.exclusions=,.archive/**,.gitea/**,.gitignore,renovate.json
sonar.coverage.exclusions=app/_version.py,app/args.py,app/main.py
sonar.coverage.exclusions=app/args.py,app/main.py