repos/roboluke
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 51 Activity

fix(ci): re-enable Snyk
Some checks failed
Validate PR Title / validate (pull_request) Successful in 9s
Details
CI / ci (pull_request) Failing after 1m7s
Details

Browse Source
This commit is contained in:
Luke Tainton 2025-05-31 11:16:44 +01:00
parent aa3c5fbf1f
commit aa71f71bfb
Signed by: luke
SSH Key Fingerprint: SHA256:D34npKT7UaiT/7gULqu7EPSLWWVAjTjXf4kKfJ/fQBo
3 changed files with 45 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
.gitea/workflows/ci.yml
View File

@ -40,6 +40,9 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: uv sync run: uv sync
- name: Check Import Sorting
run: uv run isort --check app/ tests/
- name: Lint - name: Lint
run: | run: |
@ -61,32 +64,44 @@ jobs:
# SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
# SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
# - name: Snyk Vulnerability Scan - name: Create requirements.txt for Snyk
# uses: snyk/actions/python@master run: |
# continue-on-error: true # Sometimes vulns aren't immediately fixable uv pip freeze > requirements.txt
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - name: Snyk SAST Scan
uses: snyk/actions/python@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: snyk
args: code test --exclude=.archive
- name: Snyk Vulnerability Scan
uses: snyk/actions/python@master
continue-on-error: true # Sometimes vulns aren't immediately fixable
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: snyk
args: test --all-projects --exclude=.archive
# - name: Trivy Setup
# uses: aquasecurity/setup-trivy@v0.2.0
# with: # with:
# command: snyk # cache: true
# args: test --all-projects # version: v0.61.1
- name: Manual Trivy Setup # - name: Trivy Vulnerability Scan
uses: aquasecurity/setup-trivy@v0.2.0 # uses: aquasecurity/trivy-action@master
with: # with:
cache: true # skip-setup-trivy: true
version: v0.61.1 # scan-type: "fs"
# scan-ref: "${{ gitea.workspace }}"
- name: Trivy Vulnerability Scan # exit-code: "1"
uses: aquasecurity/trivy-action@master # ignore-unfixed: true
with: # format: "table"
skip-setup-trivy: true # severity: "CRITICAL,HIGH,MEDIUM"
scan-type: "fs" # scanners: "vuln,secret,misconfig,license"
scan-ref: "${{ gitea.workspace }}"
exit-code: "1"
ignore-unfixed: true
format: "table"
severity: "CRITICAL,HIGH,MEDIUM"
scanners: "vuln,secret,misconfig,license"
# - name: Trivy Vulnerability Scan (Docker) # - name: Trivy Vulnerability Scan (Docker)
# uses: aquasecurity/trivy-action@master # uses: aquasecurity/trivy-action@master

4
.gitignore vendored
View File

@ -27,6 +27,7 @@ share/python-wheels/
*.egg *.egg
MANIFEST MANIFEST
.pdm-build/ .pdm-build/
requirements*.txt
# PyInstaller # PyInstaller
# Usually these files are written by a python script from a template # Usually these files are written by a python script from a template
@ -136,3 +137,6 @@ dmypy.json
# IDE # IDE
.vscode .vscode
.idea .idea
# Other
.dccache

12
app/commands/submit_task.py
View File

@ -4,16 +4,8 @@ import logging
from webex_bot.models.command import Command from webex_bot.models.command import Command
from webex_bot.models.response import Response, response_from_adaptive_card from webex_bot.models.response import Response, response_from_adaptive_card
from webexpythonsdk.models.cards import ( from webexpythonsdk.models.cards import (AdaptiveCard, Column, ColumnSet, Date,
AdaptiveCard, FontSize, FontWeight, Text, TextBlock)
Column,
ColumnSet,
Date,
FontSize,
FontWeight,
Text,
TextBlock,
)
from webexpythonsdk.models.cards.actions import Submit from webexpythonsdk.models.cards.actions import Submit
from app.utils.config import config from app.utils.config import config