diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index e2ae0b0..95425df 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -40,6 +40,9 @@ jobs: - name: Install dependencies run: uv sync + + - name: Check Import Sorting + run: uv run isort --check app/ tests/ - name: Lint run: | @@ -49,23 +52,44 @@ jobs: - name: Unit Test run: | uv run coverage run -m pytest -v --junitxml=testresults.xml - uv run coverage xml - sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + uv run coverage report + # sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml - name: Minimize uv cache run: uv cache prune --ci - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v5.2.0 - env: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + # - name: SonarQube Scan + # uses: SonarSource/sonarqube-scan-action@v5.2.0 + # env: + # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Snyk Vulnerability Scan + - name: Set up environment for Snyk + run: | + uv pip freeze > requirements.txt + mv pyproject.toml pyproject.toml.bak + mv uv.lock uv.lock.bak + + - name: Snyk SAST Scan uses: snyk/actions/python@master - continue-on-error: true # Sometimes vulns aren't immediately fixable env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: - command: snyk - args: test --all-projects + # command: snyk + args: snyk code test #--all-projects --exclude=.archive + + # - name: Snyk Vulnerability Scan + # uses: snyk/actions/python@master + # continue-on-error: true # Sometimes vulns aren't immediately fixable + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # DEBUG: "*snyk*" + # with: + # # command: snyk + # args: snyk test #--all-projects --exclude=.archive + + - name: Reverse set up environment for Snyk + run: | + rm -f requirements.txt + mv pyproject.toml.bak pyproject.toml + mv uv.lock.bak uv.lock diff --git a/.gitignore b/.gitignore index 9e15164..82c307e 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ share/python-wheels/ *.egg MANIFEST .pdm-build/ +requirements*.txt # PyInstaller # Usually these files are written by a python script from a template @@ -136,3 +137,6 @@ dmypy.json # IDE .vscode .idea + +# Other +.dccache diff --git a/app/commands/submit_task.py b/app/commands/submit_task.py index 6197f47..e9b5be7 100644 --- a/app/commands/submit_task.py +++ b/app/commands/submit_task.py @@ -4,16 +4,8 @@ import logging from webex_bot.models.command import Command from webex_bot.models.response import Response, response_from_adaptive_card -from webexpythonsdk.models.cards import ( - AdaptiveCard, - Column, - ColumnSet, - Date, - FontSize, - FontWeight, - Text, - TextBlock, -) +from webexpythonsdk.models.cards import (AdaptiveCard, Column, ColumnSet, Date, + FontSize, FontWeight, Text, TextBlock) from webexpythonsdk.models.cards.actions import Submit from app.utils.config import config diff --git a/app/utils/n8n.py b/app/utils/n8n.py index de74d44..42fd030 100644 --- a/app/utils/n8n.py +++ b/app/utils/n8n.py @@ -20,7 +20,7 @@ def __n8n_post(data: dict) -> bool: headers=headers, json=data, timeout=10, - verify=False, + verify=True, ) return bool(resp.status_code == 200) @@ -61,7 +61,7 @@ def get_tasks(requestor) -> bool: url=config.n8n_webhook_url, headers=headers, timeout=10, - verify=False, + verify=True, params={"requestor": requestor}, ) _data = bool(resp.status_code == 200)