From 683db0566c886945b944b0d06e6ee679d6e6a139 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Sun, 9 Feb 2025 20:24:23 +0000 Subject: [PATCH] fix CI --- .gitea/workflows/ci.yml | 72 ++++++++++++++++++++---- .gitea/workflows/conventional_commit.yml | 16 ++++++ .gitea/workflows/release.yml | 4 +- 3 files changed, 78 insertions(+), 14 deletions(-) create mode 100644 .gitea/workflows/conventional_commit.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 1c844b7..2aad0f9 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -8,16 +8,64 @@ on: - reopened jobs: - validate_pr_title: - uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/conventional-commit.yml@main - with: - commit_message: ${{ gitea.event.pull_request.title }} - ci: - uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-python-uv-with-docker.yml@main - with: - python-version: 3.13 - secrets: - SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + runs-on: ubuntu-latest + steps: + - name: Check out repository code + uses: actions/checkout@v4.2.2 + with: + fetch-depth: 0 + + - name: Run Hadolint + uses: hadolint/hadolint-action@v3.1.0 + with: + dockerfile: Dockerfile + output-file: hadolint.out + format: sonarqube + no-fail: true + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: uv cache + uses: actions/cache@v4 + with: + path: /tmp/.uv-cache + key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + restore-keys: | + uv-${{ runner.os }}-${{ hashFiles('uv.lock') }} + uv-${{ runner.os }} + + - name: Install dependencies + run: uv sync + + - name: Lint + run: | + uv run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/ + cat lintreport.txt + + - name: Unit Test + run: | + uv run coverage run -m pytest -v --junitxml=testresults.xml + uv run coverage xml + sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml + + - name: Minimize uv cache + run: uv cache prune --ci + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v4.2.1 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + - name: Snyk Vulnerability Scan + uses: snyk/actions/python@master + continue-on-error: true # Sometimes vulns aren't immediately fixable + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + command: snyk + args: test --all-projects diff --git a/.gitea/workflows/conventional_commit.yml b/.gitea/workflows/conventional_commit.yml new file mode 100644 index 0000000..fc3da85 --- /dev/null +++ b/.gitea/workflows/conventional_commit.yml @@ -0,0 +1,16 @@ +name: Validate PR Title +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: https://git.tainton.uk/actions/conventional-commits-check-action@v1.2.4 + with: + commit-message: ${{ gitea.event.pull_request.title }} diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index d3ff79c..dfb3e63 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -7,12 +7,12 @@ on: jobs: test: name: Test - uses: https://git.tainton.uk/actions/gha-workflows/.gitea/workflows/ci-python-uv-with-docker.yml@main + uses: https://git.tainton.uk/repos/roboluke-tasks/.gitea/workflows/ci.yml@main with: python-version: 3.13 secrets: SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} create_release: