Merge branch 'main' into snyk-fix-4bb5414255ab6a79b6697d6e1969ccff

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...v4.2.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.archive/requirements.txt

@@ -33,7 +33,6 @@ python-dotenv==1.0.1
 PyYAML==6.0.2
 requests==2.32.3
 requests-toolbelt==1.0.0
-sentry-sdk==2.19.0
 six==1.16.0
 toml==0.10.2
 tomli==2.1.0

.env.default

@@ -6,6 +6,4 @@ APPROVED_ROOMS="abc123,def456"
 APPROVED_USERS="bob@example.com,john@me.com"
 BOT_NAME=""
 N8N_WEBHOOK_URL=""
-SENTRY_DSN=""
-SENTRY_ENABLED="False"
 WEBEX_API_KEY=""

.github/workflows/release.yml

@@ -5,6 +5,54 @@ on:
     - cron: "0 9 * * 0"
 
 jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Setup Poetry
+        uses: abatilo/actions-poetry@v3
+      - name: Install dependencies
+        run: poetry install
+      - name: Lint
+        run: |
+          poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
+          cat lintreport.txt
+      - name: Unit Test
+        run: |
+          poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          poetry run coverage xml
+          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif --all-projects
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif
+
   create_release:
     name: Create Release
     uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.13.0b2-slim
 LABEL maintainer="Luke Tainton <luke@tainton.uk>"
 LABEL org.opencontainers.image.source="https://github.com/luketainton/roboluke-tasks"
 USER root
@@ -12,7 +12,9 @@ RUN mkdir -p /.local && \
 
 COPY pyproject.toml /run/pyproject.toml
 COPY poetry.lock /run/poetry.lock
-RUN poetry install --without dev --no-root
+
+RUN poetry config virtualenvs.create false && \
+    poetry install --without dev
 
 ENTRYPOINT ["python3", "-B", "-m", "app.main"]
 

README.md

@@ -9,14 +9,12 @@ Add tasks to a Wekan to do list via Webex and n8n.
 3. Edit `.env` as required:
     - `ADMIN_EMAIL` - comma-separated list of admin (who owns the to-do list) email addresses
     - `ADMIN_FIRST_NAME` - admin first name
-    - `APP_LIFECYCLE` - for use in Sentry only, set the name of the environment
+    - `APP_LIFECYCLE` - set the name of the environment
     - `APPROVED_DOMAINS` - comma-separated list of domains that users are allowed to message the bot from
     - `APPROVED_ROOMS` - comma-separated list of room IDs that users are allowed to message the bot from
     - `APPROVED_USERS` - comma-separated list of email addresses of approved users
     - `BOT_NAME` - Webex bot name
     - `N8N_WEBHOOK_URL` - n8n webhook URL
-    - `SENTRY_DSN` - for use in Sentry only, set the DSN of the Sentry project
-    - `SENTRY_ENABLED` - for use in Sentry only, enable sending data to Sentry
     - `WEBEX_API_KEY` - Webex API key
 
 ## How to use

app/commands/submit_task.py

@@ -21,9 +21,6 @@ from app.utils.n8n import get_tasks, submit_task
 
 log: logging.Logger = logging.getLogger(__name__)
 
-if config.sentry_enabled:
-    import sentry_sdk
-
 
 class SubmitTaskCommand(Command):
     """Submit task command."""
@@ -126,10 +123,7 @@ class SubmitTaskCommand(Command):
             ],
         )
         _result = response_from_adaptive_card(card)
-        if not config.sentry_enabled:
-            return _result
-        with sentry_sdk.start_transaction(name="submit_task_command"):
-            return _result
+        return _result
 
 
 class SubmitTaskCallback(Command):
@@ -173,10 +167,7 @@ class SubmitTaskCallback(Command):
 
     def execute(self, message, attachment_actions, activity) -> str:
         """Execute method."""
-        if not config.sentry_enabled:
-            return self.msg
-        with sentry_sdk.start_transaction(name="submit_task_callback"):
-            return self.msg
+        return self.msg
 
 
 class MyTasksCallback(Command):
@@ -193,21 +184,13 @@ class MyTasksCallback(Command):
     def pre_execute(self, message, attachment_actions, activity) -> str:
         """Pre-execute method."""
         _msg: str = "Getting your tasks..."
-        if not config.sentry_enabled:
-            return _msg
-        with sentry_sdk.start_transaction(name="my_tasks_preexec"):
-            return _msg
+        return _msg
 
     def execute(self, message, attachment_actions, activity) -> str | None:
         """Execute method."""
         sender: str = attachment_actions.inputs.get("sender")
         result: bool = get_tasks(requestor=sender)
         _msg: str = "Failed to get tasks. Please try again."
-        if not config.sentry_enabled:
-            if not result:
-                return _msg
-            return None
-        with sentry_sdk.start_transaction(name="my_tasks_exec"):
-            if not result:
-                return _msg
-            return None
+        if not result:
+            return _msg
+        return None

app/main.py

@@ -2,25 +2,12 @@
 
 import sys
 
-from sentry_sdk.integrations.stdlib import StdlibIntegration
 from webex_bot.webex_bot import WebexBot
 
 from app.commands.exit import ExitCommand
 from app.commands.submit_task import SubmitTaskCommand
 from app.utils.config import config
 
-if config.sentry_enabled:
-    import sentry_sdk
-
-    apm = sentry_sdk.init(
-        dsn=config.sentry_dsn,
-        enable_tracing=True,
-        environment=config.environment,
-        release=config.version,
-        integrations=[StdlibIntegration()],
-        spotlight=True,
-    )
-
 
 def create_bot() -> WebexBot:
     """Create and return a Webex Bot object."""

app/utils/config.py

@@ -11,15 +11,6 @@ class Config:
     def __init__(self) -> None:
         """Configuration module."""
 
-        # Sentry config needs to be processed first for loop prevention.
-
-        self.__sentry_dsn: str = os.environ.get("SENTRY_DSN", "")
-
-        self.__sentry_enabled: bool = bool(
-            os.environ.get("SENTRY_ENABLED", "False").upper() == "TRUE"
-            and self.__sentry_dsn != ""
-        )
-
     @property
     def environment(self) -> str:
         """Returns the current app lifecycle."""
@@ -30,19 +21,6 @@ class Config:
         """Returns the current app version."""
         return os.environ["APP_VERSION"]
 
-    @property
-    def sentry_enabled(self) -> bool:
-        """Returns True if Sentry SDK is enabled, else False."""
-        return self.__sentry_enabled
-
-    @property
-    def sentry_dsn(self) -> str:
-        """Returns the Sentry DSN value if Sentry SDK is enabled AND
-        Sentry DSN is set, else blank string."""
-        if not self.__sentry_enabled:
-            return ""
-        return self.__sentry_dsn
-
     @property
     def bot_name(self) -> str:
         """Returns the bot name."""
@@ -69,31 +47,27 @@ class Config:
         return os.environ["N8N_WEBHOOK_URL"]
 
     @property
-    def approved_users(self) -> list | None:
+    def approved_users(self) -> list:
         """Returns a list of approved users."""
         _emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
         _emails: list[str] = [i.strip() for i in _emails if i]
         if not _emails:
-            return None
+            return []
         emails = [i for i in _emails if validate_email_syntax(i)]
         return emails
 
     @property
-    def approved_rooms(self) -> list | None:
+    def approved_rooms(self) -> list:
         """Returns a list of approved rooms."""
         _rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
         rooms: list[str] = [i.strip() for i in _rooms if i]
-        if not rooms:
-            return None
         return rooms
 
     @property
-    def approved_domains(self) -> list | None:
+    def approved_domains(self) -> list:
         """Returns a list of approved domains."""
         _domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
         domains: list[str] = [i.strip() for i in _domains if i]
-        if not domains:
-            return None
         return domains
 
 

app/utils/n8n.py

@@ -4,9 +4,6 @@ import requests
 
 from app.utils.config import config
 
-if config.sentry_enabled:
-    import sentry_sdk
-
 
 def __n8n_post(data: dict) -> bool:
     """Post data to N8N webhook URL.
@@ -46,12 +43,8 @@ def submit_task(summary, description, completion_date, requestor) -> bool:
         "description": description,
         "completiondate": completion_date,
     }
-    if not config.sentry_enabled:
-        _data = __n8n_post(data=data)
-        return _data
-    with sentry_sdk.start_transaction(name="submit_task"):
-        _data = __n8n_post(data=data)
-        return _data
+    _data = __n8n_post(data=data)
+    return _data
 
 
 def get_tasks(requestor) -> bool:
@@ -64,23 +57,12 @@ def get_tasks(requestor) -> bool:
         bool: True if successful, else False.
     """
     headers: dict = {"Content-Type": "application/json"}
-    if not config.sentry_enabled:
-        resp: requests.Response = requests.get(
-            url=config.n8n_webhook_url,
-            headers=headers,
-            timeout=10,
-            verify=False,
-            params={"requestor": requestor},
-        )
-        _data = bool(resp.status_code == 200)
-        return _data
-    with sentry_sdk.start_transaction(name="get_tasks"):
-        resp: requests.Response = requests.get(
-            url=config.n8n_webhook_url,
-            headers=headers,
-            timeout=10,
-            verify=False,
-            params={"requestor": requestor},
-        )
-        _data = bool(resp.status_code == 200)
-        return _data
+    resp: requests.Response = requests.get(
+        url=config.n8n_webhook_url,
+        headers=headers,
+        timeout=10,
+        verify=False,
+        params={"requestor": requestor},
+    )
+    _data = bool(resp.status_code == 200)
+    return _data

poetry.lock

@@ -611,60 +611,6 @@ files = [
 [package.dependencies]
 requests = ">=2.0.1,<3.0.0"
 
-[[package]]
-name = "sentry-sdk"
-version = "2.19.0"
-description = "Python client for Sentry (https://sentry.io)"
-optional = false
-python-versions = ">=3.6"
-files = [
-    {file = "sentry_sdk-2.19.0-py2.py3-none-any.whl", hash = "sha256:7b0b3b709dee051337244a09a30dbf6e95afe0d34a1f8b430d45e0982a7c125b"},
-    {file = "sentry_sdk-2.19.0.tar.gz", hash = "sha256:ee4a4d2ae8bfe3cac012dcf3e4607975904c137e1738116549fc3dbbb6ff0e36"},
-]
-
-[package.dependencies]
-certifi = "*"
-urllib3 = ">=1.26.11"
-
-[package.extras]
-aiohttp = ["aiohttp (>=3.5)"]
-anthropic = ["anthropic (>=0.16)"]
-arq = ["arq (>=0.23)"]
-asyncpg = ["asyncpg (>=0.23)"]
-beam = ["apache-beam (>=2.12)"]
-bottle = ["bottle (>=0.12.13)"]
-celery = ["celery (>=3)"]
-celery-redbeat = ["celery-redbeat (>=2)"]
-chalice = ["chalice (>=1.16.0)"]
-clickhouse-driver = ["clickhouse-driver (>=0.2.0)"]
-django = ["django (>=1.8)"]
-falcon = ["falcon (>=1.4)"]
-fastapi = ["fastapi (>=0.79.0)"]
-flask = ["blinker (>=1.1)", "flask (>=0.11)", "markupsafe"]
-grpcio = ["grpcio (>=1.21.1)", "protobuf (>=3.8.0)"]
-http2 = ["httpcore[http2] (==1.*)"]
-httpx = ["httpx (>=0.16.0)"]
-huey = ["huey (>=2)"]
-huggingface-hub = ["huggingface_hub (>=0.22)"]
-langchain = ["langchain (>=0.0.210)"]
-launchdarkly = ["launchdarkly-server-sdk (>=9.8.0)"]
-litestar = ["litestar (>=2.0.0)"]
-loguru = ["loguru (>=0.5)"]
-openai = ["openai (>=1.0.0)", "tiktoken (>=0.3.0)"]
-openfeature = ["openfeature-sdk (>=0.7.1)"]
-opentelemetry = ["opentelemetry-distro (>=0.35b0)"]
-opentelemetry-experimental = ["opentelemetry-distro"]
-pure-eval = ["asttokens", "executing", "pure_eval"]
-pymongo = ["pymongo (>=3.1)"]
-pyspark = ["pyspark (>=2.4.4)"]
-quart = ["blinker (>=1.1)", "quart (>=0.16.1)"]
-rq = ["rq (>=0.6)"]
-sanic = ["sanic (>=0.8)"]
-sqlalchemy = ["sqlalchemy (>=1.2)"]
-starlette = ["starlette (>=0.19.1)"]
-starlite = ["starlite (>=1.48)"]
-tornado = ["tornado (>=6)"]
-
 [[package]]
 name = "setuptools"
 version = "75.6.0"
@@ -905,4 +851,4 @@ testing = ["coverage[toml]", "zope.event", "zope.testing"]
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.11"
-content-hash = "341e2cb729a0e9691470e528ed4b51908531612834963958eb5c88fb76939473"
+content-hash = "2b60fc563ffa2c3d82d6714b92627a110680b59194ddc33b2aee62f4cc576d55"

pyproject.toml

@@ -9,7 +9,6 @@ package-mode = false
 [tool.poetry.dependencies]
 python = "^3.11"
 webex-bot = "^0.5.2"
-sentry-sdk = "^2.19.0"
 datetime = "^5.5"
 requests = "^2.32.3"
 

test.sh

@@ -1,3 +1,3 @@
 export $(cat .env.test | xargs)
 python -B -m app.main
-unset ADMIN_EMAIL ADMIN_FIRST_NAME APP_LIFECYCLE APP_VERSION APPROVED_DOMAINS APPROVED_ROOMS APPROVED_USERS BOT_NAME N8N_WEBHOOK_URL SENTRY_DSN SENTRY_ENABLED WEBEX_API_KEY
+unset ADMIN_EMAIL ADMIN_FIRST_NAME APP_LIFECYCLE APP_VERSION APPROVED_DOMAINS APPROVED_ROOMS APPROVED_USERS BOT_NAME N8N_WEBHOOK_URL WEBEX_API_KEY

tests/test_config_1.py

@@ -17,8 +17,6 @@ def test_config() -> None:
         "ADMIN_FIRST_NAME": "Test",
         "ADMIN_EMAIL": "test@test.com",
         "N8N_WEBHOOK_URL": "https://n8n.test.com/webhook/abcdefg",
-        "SENTRY_ENABLED": "false",
-        "SENTRY_DSN": "http://localhost",
         "APPROVED_USERS": "test@test.com",
         "APPROVED_DOMAINS": "test.com",
         "APPROVED_ROOMS": "test",
@@ -37,16 +35,8 @@ def test_config() -> None:
     assert config.approved_users == config_vars["APPROVED_USERS"].split(",")
     assert config.bot_name == config_vars["BOT_NAME"]
     assert config.n8n_webhook_url == config_vars["N8N_WEBHOOK_URL"]
-    assert config.sentry_enabled == bool(
-        config_vars["SENTRY_ENABLED"].upper() == "TRUE"
-    )
     assert config.version == config_vars["APP_VERSION"]
     assert config.webex_token == config_vars["WEBEX_API_KEY"]
 
-    if config.sentry_enabled:
-        assert config.sentry_dsn == config_vars["SENTRY_DSN"]
-    else:
-        assert config.sentry_dsn == ""
-
     for config_var in config_vars:
         os.environ.pop(config_var, None)

tests/test_config_2.py

@@ -17,8 +17,6 @@ def test_config_no_admin_vars() -> None:
         "ADMIN_FIRST_NAME": "Test",
         "ADMIN_EMAIL": "test@test.com",
         "N8N_WEBHOOK_URL": "https://n8n.test.com/webhook/abcdefg",
-        "SENTRY_ENABLED": "false",
-        "SENTRY_DSN": "http://localhost",
     }
 
     for config_var, value in config_vars.items():
@@ -27,23 +25,15 @@ def test_config_no_admin_vars() -> None:
     # needs to be imported AFTER environment variables are set
     from app.utils.config import config  # pragma: no cover
 
-    assert config.approved_domains is None
-    assert config.approved_rooms is None
-    assert config.approved_users is None
+    assert config.approved_domains == []
+    assert config.approved_rooms == []
+    assert config.approved_users == []
     assert config.admin_emails == config_vars["ADMIN_EMAIL"].split(",")
     assert config.admin_first_name == config_vars["ADMIN_FIRST_NAME"]
     assert config.bot_name == config_vars["BOT_NAME"]
     assert config.n8n_webhook_url == config_vars["N8N_WEBHOOK_URL"]
-    assert config.sentry_enabled == bool(
-        config_vars["SENTRY_ENABLED"].upper() == "TRUE"
-    )
     assert config.version == config_vars["APP_VERSION"]
     assert config.webex_token == config_vars["WEBEX_API_KEY"]
 
-    if config.sentry_enabled:
-        assert config.sentry_dsn == config_vars["SENTRY_DSN"]
-    else:
-        assert config.sentry_dsn == ""
-
     for config_var in config_vars:
         os.environ.pop(config_var, None)