repos/roboluke
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions 1 Packages Releases 79 Activity

feat(ci): add SonarQube workflow for code quality analysis
All checks were successful
Validate PR Title / validate (pull_request) Successful in 7s
Details
CI / ci (pull_request) Successful in 23s
Details

Browse Source 
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
Luke Tainton
2026-04-17 19:20:15 +01:00
parent 6c14683770
commit a47d1f7cd7
2 changed files with 61 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
.gitea/workflows/ci.yml
View File

@@ -16,14 +16,6 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.3.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v6 uses: actions/setup-python@v6
with: with:
@@ -53,44 +45,6 @@ jobs:
run: | run: |
uv run coverage run -m pytest -v --junitxml=testresults.xml uv run coverage run -m pytest -v --junitxml=testresults.xml
uv run coverage report uv run coverage report
uv run coverage xml -q -o coverage.xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
- name: Minimize uv cache - name: Minimize uv cache
run: uv cache prune --ci run: uv cache prune --ci
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v7.1.0
env:
SONAR_HOST_URL: ${{ vars.SONAR_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# - name: Set up environment for Snyk
# run: |
# uv pip freeze > requirements.txt
# mv pyproject.toml pyproject.toml.bak
# mv uv.lock uv.lock.bak
# - name: Snyk SAST Scan
# uses: snyk/actions/python@master
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# # command: snyk
# args: snyk code test #--all-projects --exclude=.archive
# - name: Snyk Vulnerability Scan
# uses: snyk/actions/python@master
# continue-on-error: true # Sometimes vulns aren't immediately fixable
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# DEBUG: "*snyk*"
# with:
# # command: snyk
# args: snyk test #--all-projects --exclude=.archive
# - name: Reverse set up environment for Snyk
# run: |
# rm -f requirements.txt
# mv pyproject.toml.bak pyproject.toml
# mv uv.lock.bak uv.lock

61
.gitea/workflows/sonar.yml Normal file
View File

@@ -0,0 +1,61 @@
name: Sonar
on:
push:
branches:
- main
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v6.0.2
with:
fetch-depth: 0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.3.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v6
with:
python-version: "3.14"
- name: uv cache
uses: actions/cache@v5
with:
path: /tmp/.uv-cache
key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
restore-keys: |
uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
uv-${{ runner.os }}
- name: Install dependencies
run: uv sync
- name: Lint
run: |
uv run pylint --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
cat lintreport.txt
- name: Unit Test
run: |
uv run coverage run -m pytest -v --junitxml=testresults.xml
uv run coverage report
uv run coverage xml -q -o coverage.xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
- name: Minimize uv cache
run: uv cache prune --ci
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v7.1.0
env:
SONAR_HOST_URL: ${{ vars.SONAR_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}