Compare commits
9 Commits
v1.26.0
...
snyk-fix-4
| Author | SHA1 | Date | |
|---|---|---|---|
| 73b5af02dc | |||
| 33186a47c7 | |||
| 948d223fa4 | |||
| 70a92c76db | |||
| b11cc26daa | |||
| 6cac9dc9c2 | |||
| ebca87230a | |||
| 5eecd59645 | |||
| b561122778 |
48
.github/workflows/release.yml
vendored
48
.github/workflows/release.yml
vendored
@ -5,6 +5,54 @@ on:
|
||||
- cron: "0 9 * * 0"
|
||||
|
||||
jobs:
|
||||
test:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4.2.2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- uses: hadolint/hadolint-action@v3.1.0
|
||||
with:
|
||||
dockerfile: Dockerfile
|
||||
output-file: hadolint.out
|
||||
format: sonarqube
|
||||
no-fail: true
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: "3.11"
|
||||
- name: Setup Poetry
|
||||
uses: abatilo/actions-poetry@v3
|
||||
- name: Install dependencies
|
||||
run: poetry install
|
||||
- name: Lint
|
||||
run: |
|
||||
poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
|
||||
cat lintreport.txt
|
||||
- name: Unit Test
|
||||
run: |
|
||||
poetry run coverage run -m pytest -v --junitxml=testresults.xml
|
||||
poetry run coverage xml
|
||||
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
|
||||
- name: SonarCloud Scan
|
||||
uses: SonarSource/sonarcloud-github-action@master
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
- name: Snyk Vulnerability Scan
|
||||
uses: snyk/actions/python-3.10@master
|
||||
continue-on-error: true # To make sure that SARIF upload gets called
|
||||
env:
|
||||
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||
with:
|
||||
args: --sarif-file-output=snyk.sarif --all-projects
|
||||
- name: Upload result to GitHub Code Scanning
|
||||
uses: github/codeql-action/upload-sarif@v3
|
||||
with:
|
||||
sarif_file: snyk.sarif
|
||||
|
||||
create_release:
|
||||
name: Create Release
|
||||
uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
FROM python:3.11-slim
|
||||
FROM python:3.13.0b2-slim
|
||||
LABEL maintainer="Luke Tainton <luke@tainton.uk>"
|
||||
LABEL org.opencontainers.image.source="https://github.com/luketainton/roboluke-tasks"
|
||||
USER root
|
||||
@ -12,7 +12,9 @@ RUN mkdir -p /.local && \
|
||||
|
||||
COPY pyproject.toml /run/pyproject.toml
|
||||
COPY poetry.lock /run/poetry.lock
|
||||
RUN poetry install --without dev --no-root
|
||||
|
||||
RUN poetry config virtualenvs.create false && \
|
||||
poetry install --without dev
|
||||
|
||||
ENTRYPOINT ["python3", "-B", "-m", "app.main"]
|
||||
|
||||
|
||||
@ -47,31 +47,27 @@ class Config:
|
||||
return os.environ["N8N_WEBHOOK_URL"]
|
||||
|
||||
@property
|
||||
def approved_users(self) -> list | None:
|
||||
def approved_users(self) -> list:
|
||||
"""Returns a list of approved users."""
|
||||
_emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
|
||||
_emails: list[str] = [i.strip() for i in _emails if i]
|
||||
if not _emails:
|
||||
return None
|
||||
return []
|
||||
emails = [i for i in _emails if validate_email_syntax(i)]
|
||||
return emails
|
||||
|
||||
@property
|
||||
def approved_rooms(self) -> list | None:
|
||||
def approved_rooms(self) -> list:
|
||||
"""Returns a list of approved rooms."""
|
||||
_rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
|
||||
rooms: list[str] = [i.strip() for i in _rooms if i]
|
||||
if not rooms:
|
||||
return None
|
||||
return rooms
|
||||
|
||||
@property
|
||||
def approved_domains(self) -> list | None:
|
||||
def approved_domains(self) -> list:
|
||||
"""Returns a list of approved domains."""
|
||||
_domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
|
||||
domains: list[str] = [i.strip() for i in _domains if i]
|
||||
if not domains:
|
||||
return None
|
||||
return domains
|
||||
|
||||
|
||||
|
||||
@ -25,9 +25,9 @@ def test_config_no_admin_vars() -> None:
|
||||
# needs to be imported AFTER environment variables are set
|
||||
from app.utils.config import config # pragma: no cover
|
||||
|
||||
assert config.approved_domains is None
|
||||
assert config.approved_rooms is None
|
||||
assert config.approved_users is None
|
||||
assert config.approved_domains == []
|
||||
assert config.approved_rooms == []
|
||||
assert config.approved_users == []
|
||||
assert config.admin_emails == config_vars["ADMIN_EMAIL"].split(",")
|
||||
assert config.admin_first_name == config_vars["ADMIN_FIRST_NAME"]
|
||||
assert config.bot_name == config_vars["BOT_NAME"]
|
||||
|
||||
Reference in New Issue
Block a user