chore(ci): remove Sonar (#355)

Reviewed-on: #355
2025-05-31 13:08:47 +02:00 · 2025-05-31 13:08:47 +02:00 · 0da568d5eb
commit 0da568d5eb
parent 800ad92e52
4 changed files with 43 additions and 23 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -40,6 +40,9 @@ jobs:

      - name: Install dependencies
        run: uv sync
+      
+      - name: Check Import Sorting
+        run: uv run isort --check app/ tests/

      - name: Lint
        run: |
@ -49,23 +52,44 @@ jobs:
      - name: Unit Test
        run: |
          uv run coverage run -m pytest -v --junitxml=testresults.xml
-          uv run coverage xml
-          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
+          uv run coverage report
+        # sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml

      - name: Minimize uv cache
        run: uv cache prune --ci

-      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v5.2.0
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
-          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+      # - name: SonarQube Scan
+      #   uses: SonarSource/sonarqube-scan-action@v5.2.0
+      #   env:
+      #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+      #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}

-      - name: Snyk Vulnerability Scan
+      - name: Set up environment for Snyk
+        run: |
+          uv pip freeze > requirements.txt
+          mv pyproject.toml pyproject.toml.bak
+          mv uv.lock uv.lock.bak
+
+      - name: Snyk SAST Scan
        uses: snyk/actions/python@master
-        continue-on-error: true # Sometimes vulns aren't immediately fixable
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
-          command: snyk
-          args: test --all-projects
+          # command: snyk
+          args: snyk code test #--all-projects --exclude=.archive
+
+      # - name: Snyk Vulnerability Scan
+      #   uses: snyk/actions/python@master
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #     DEBUG: "*snyk*"
+      #   with:
+      #     # command: snyk
+      #     args: snyk test #--all-projects --exclude=.archive
+      
+      - name: Reverse set up environment for Snyk
+        run: |
+          rm -f requirements.txt
+          mv pyproject.toml.bak pyproject.toml
+          mv uv.lock.bak uv.lock
--- a/.gitignore
+++ b/.gitignore
@ -27,6 +27,7 @@ share/python-wheels/
 *.egg
 MANIFEST
 .pdm-build/
+requirements*.txt

 # PyInstaller
 #  Usually these files are written by a python script from a template
@ -136,3 +137,6 @@ dmypy.json
 # IDE
 .vscode
 .idea
+
+# Other
+.dccache
--- a/app/commands/submit_task.py
+++ b/app/commands/submit_task.py
@ -4,16 +4,8 @@ import logging

 from webex_bot.models.command import Command
 from webex_bot.models.response import Response, response_from_adaptive_card
-from webexpythonsdk.models.cards import (
-    AdaptiveCard,
-    Column,
-    ColumnSet,
-    Date,
-    FontSize,
-    FontWeight,
-    Text,
-    TextBlock,
-)
+from webexpythonsdk.models.cards import (AdaptiveCard, Column, ColumnSet, Date,
+                                         FontSize, FontWeight, Text, TextBlock)
 from webexpythonsdk.models.cards.actions import Submit

 from app.utils.config import config
--- a/app/utils/n8n.py
+++ b/app/utils/n8n.py
@ -20,7 +20,7 @@ def __n8n_post(data: dict) -> bool:
        headers=headers,
        json=data,
        timeout=10,
-        verify=False,
+        verify=True,
    )
    return bool(resp.status_code == 200)

@ -61,7 +61,7 @@ def get_tasks(requestor) -> bool:
        url=config.n8n_webhook_url,
        headers=headers,
        timeout=10,
-        verify=False,
+        verify=True,
        params={"requestor": requestor},
    )
    _data = bool(resp.status_code == 200)