Compare commits
7 Commits
v1.26.2
...
snyk-fix-4
| Author | SHA1 | Date | |
|---|---|---|---|
| 73b5af02dc | |||
| 33186a47c7 | |||
| 948d223fa4 | |||
| 70a92c76db | |||
| b11cc26daa | |||
| 5eecd59645 | |||
| b561122778 |
48
.github/workflows/release.yml
vendored
48
.github/workflows/release.yml
vendored
@ -5,6 +5,54 @@ on:
|
|||||||
- cron: "0 9 * * 0"
|
- cron: "0 9 * * 0"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
test:
|
||||||
|
name: Test
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Check out repository code
|
||||||
|
uses: actions/checkout@v4.2.2
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
- uses: hadolint/hadolint-action@v3.1.0
|
||||||
|
with:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
output-file: hadolint.out
|
||||||
|
format: sonarqube
|
||||||
|
no-fail: true
|
||||||
|
- name: Setup Python
|
||||||
|
uses: actions/setup-python@v5
|
||||||
|
with:
|
||||||
|
python-version: "3.11"
|
||||||
|
- name: Setup Poetry
|
||||||
|
uses: abatilo/actions-poetry@v3
|
||||||
|
- name: Install dependencies
|
||||||
|
run: poetry install
|
||||||
|
- name: Lint
|
||||||
|
run: |
|
||||||
|
poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
|
||||||
|
cat lintreport.txt
|
||||||
|
- name: Unit Test
|
||||||
|
run: |
|
||||||
|
poetry run coverage run -m pytest -v --junitxml=testresults.xml
|
||||||
|
poetry run coverage xml
|
||||||
|
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
|
||||||
|
- name: SonarCloud Scan
|
||||||
|
uses: SonarSource/sonarcloud-github-action@master
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||||
|
- name: Snyk Vulnerability Scan
|
||||||
|
uses: snyk/actions/python-3.10@master
|
||||||
|
continue-on-error: true # To make sure that SARIF upload gets called
|
||||||
|
env:
|
||||||
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
||||||
|
with:
|
||||||
|
args: --sarif-file-output=snyk.sarif --all-projects
|
||||||
|
- name: Upload result to GitHub Code Scanning
|
||||||
|
uses: github/codeql-action/upload-sarif@v3
|
||||||
|
with:
|
||||||
|
sarif_file: snyk.sarif
|
||||||
|
|
||||||
create_release:
|
create_release:
|
||||||
name: Create Release
|
name: Create Release
|
||||||
uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
|
uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
FROM python:3.11-slim
|
FROM python:3.13.0b2-slim
|
||||||
LABEL maintainer="Luke Tainton <luke@tainton.uk>"
|
LABEL maintainer="Luke Tainton <luke@tainton.uk>"
|
||||||
LABEL org.opencontainers.image.source="https://github.com/luketainton/roboluke-tasks"
|
LABEL org.opencontainers.image.source="https://github.com/luketainton/roboluke-tasks"
|
||||||
USER root
|
USER root
|
||||||
|
|||||||
@ -47,31 +47,27 @@ class Config:
|
|||||||
return os.environ["N8N_WEBHOOK_URL"]
|
return os.environ["N8N_WEBHOOK_URL"]
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def approved_users(self) -> list | None:
|
def approved_users(self) -> list:
|
||||||
"""Returns a list of approved users."""
|
"""Returns a list of approved users."""
|
||||||
_emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
|
_emails: list[str] = os.environ.get("APPROVED_USERS", "").split(",")
|
||||||
_emails: list[str] = [i.strip() for i in _emails if i]
|
_emails: list[str] = [i.strip() for i in _emails if i]
|
||||||
if not _emails:
|
if not _emails:
|
||||||
return None
|
return []
|
||||||
emails = [i for i in _emails if validate_email_syntax(i)]
|
emails = [i for i in _emails if validate_email_syntax(i)]
|
||||||
return emails
|
return emails
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def approved_rooms(self) -> list | None:
|
def approved_rooms(self) -> list:
|
||||||
"""Returns a list of approved rooms."""
|
"""Returns a list of approved rooms."""
|
||||||
_rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
|
_rooms: list[str] = os.environ.get("APPROVED_ROOMS", "").split(",")
|
||||||
rooms: list[str] = [i.strip() for i in _rooms if i]
|
rooms: list[str] = [i.strip() for i in _rooms if i]
|
||||||
if not rooms:
|
|
||||||
return None
|
|
||||||
return rooms
|
return rooms
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def approved_domains(self) -> list | None:
|
def approved_domains(self) -> list:
|
||||||
"""Returns a list of approved domains."""
|
"""Returns a list of approved domains."""
|
||||||
_domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
|
_domains: list[str] = os.environ.get("APPROVED_DOMAINS", "").split(",")
|
||||||
domains: list[str] = [i.strip() for i in _domains if i]
|
domains: list[str] = [i.strip() for i in _domains if i]
|
||||||
if not domains:
|
|
||||||
return None
|
|
||||||
return domains
|
return domains
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -25,9 +25,9 @@ def test_config_no_admin_vars() -> None:
|
|||||||
# needs to be imported AFTER environment variables are set
|
# needs to be imported AFTER environment variables are set
|
||||||
from app.utils.config import config # pragma: no cover
|
from app.utils.config import config # pragma: no cover
|
||||||
|
|
||||||
assert config.approved_domains is None
|
assert config.approved_domains == []
|
||||||
assert config.approved_rooms is None
|
assert config.approved_rooms == []
|
||||||
assert config.approved_users is None
|
assert config.approved_users == []
|
||||||
assert config.admin_emails == config_vars["ADMIN_EMAIL"].split(",")
|
assert config.admin_emails == config_vars["ADMIN_EMAIL"].split(",")
|
||||||
assert config.admin_first_name == config_vars["ADMIN_FIRST_NAME"]
|
assert config.admin_first_name == config_vars["ADMIN_FIRST_NAME"]
|
||||||
assert config.bot_name == config_vars["BOT_NAME"]
|
assert config.bot_name == config_vars["BOT_NAME"]
|
||||||
|
|||||||
Reference in New Issue
Block a user