feat(ci): add SonarQube workflow for code quality analysis
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
@@ -16,14 +16,6 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Hadolint
|
||||
uses: hadolint/hadolint-action@v3.3.0
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
output-file: hadolint.out
|
||||
format: sonarqube
|
||||
no-fail: true
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v6
|
||||
with:
|
||||
@@ -53,44 +45,6 @@ jobs:
|
||||
run: |
|
||||
uv run coverage run -m pytest -v --junitxml=testresults.xml
|
||||
uv run coverage report
|
||||
uv run coverage xml -q -o coverage.xml
|
||||
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
|
||||
|
||||
- name: Minimize uv cache
|
||||
run: uv cache prune --ci
|
||||
|
||||
- name: SonarQube Scan
|
||||
uses: SonarSource/sonarqube-scan-action@v7.1.0
|
||||
env:
|
||||
SONAR_HOST_URL: ${{ vars.SONAR_URL }}
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
|
||||
# - name: Set up environment for Snyk
|
||||
# run: |
|
||||
# uv pip freeze > requirements.txt
|
||||
# mv pyproject.toml pyproject.toml.bak
|
||||
# mv uv.lock uv.lock.bak
|
||||
|
||||
# - name: Snyk SAST Scan
|
||||
# uses: snyk/actions/python@master
|
||||
# env:
|
||||
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
# with:
|
||||
# # command: snyk
|
||||
# args: snyk code test #--all-projects --exclude=.archive
|
||||
|
||||
# - name: Snyk Vulnerability Scan
|
||||
# uses: snyk/actions/python@master
|
||||
# continue-on-error: true # Sometimes vulns aren't immediately fixable
|
||||
# env:
|
||||
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
# DEBUG: "*snyk*"
|
||||
# with:
|
||||
# # command: snyk
|
||||
# args: snyk test #--all-projects --exclude=.archive
|
||||
|
||||
# - name: Reverse set up environment for Snyk
|
||||
# run: |
|
||||
# rm -f requirements.txt
|
||||
# mv pyproject.toml.bak pyproject.toml
|
||||
# mv uv.lock.bak uv.lock
|
||||
|
||||
Reference in New Issue
Block a user