fix(docker): add user creation and permissions in Dockerfile (#442)

Co-authored-by: Copilot <copilot@github.com> Reviewed-on: #442
2026-04-17 18:21:31 +00:00
parent e70360a8d6
commit 518014149e
7 changed files with 69 additions and 57 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -16,14 +16,6 @@ jobs:
        with:
          fetch-depth: 0

-      - name: Run Hadolint
-        uses: hadolint/hadolint-action@v3.3.0
-        with:
-          dockerfile: Dockerfile
-          output-file: hadolint.out
-          format: sonarqube
-          no-fail: true
-
      - name: Setup Python
        uses: actions/setup-python@v6
        with:
@@ -53,44 +45,6 @@ jobs:
        run: |
          uv run coverage run -m pytest -v --junitxml=testresults.xml
          uv run coverage report
-          uv run coverage xml -q -o coverage.xml
-          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml

      - name: Minimize uv cache
        run: uv cache prune --ci
-
-      - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@v7.1.0
-        env:
-          SONAR_HOST_URL: ${{ vars.SONAR_URL }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-      # - name: Set up environment for Snyk
-      #   run: |
-      #     uv pip freeze > requirements.txt
-      #     mv pyproject.toml pyproject.toml.bak
-      #     mv uv.lock uv.lock.bak
-
-      # - name: Snyk SAST Scan
-      #   uses: snyk/actions/python@master
-      #   env:
-      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      #   with:
-      #     # command: snyk
-      #     args: snyk code test #--all-projects --exclude=.archive
-
-      # - name: Snyk Vulnerability Scan
-      #   uses: snyk/actions/python@master
-      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
-      #   env:
-      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      #     DEBUG: "*snyk*"
-      #   with:
-      #     # command: snyk
-      #     args: snyk test #--all-projects --exclude=.archive
-      
-      # - name: Reverse set up environment for Snyk
-      #   run: |
-      #     rm -f requirements.txt
-      #     mv pyproject.toml.bak pyproject.toml
-      #     mv uv.lock.bak uv.lock