Merge branch 'main' into snyk-fix-08443f90f1baff7a411c8037496275df

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.1.7...v4.2.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/release.yml

@@ -5,6 +5,54 @@ on:
     - cron: "0 9 * * 0"
 
 jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Setup Poetry
+        uses: abatilo/actions-poetry@v3
+      - name: Install dependencies
+        run: poetry install
+      - name: Lint
+        run: |
+          poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
+          cat lintreport.txt
+      - name: Unit Test
+        run: |
+          poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          poetry run coverage xml
+          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif --all-projects
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif
+
   create_release:
     name: Create Release
     uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.13.0b1-slim
 LABEL maintainer="Luke Tainton <luke@tainton.uk>"
 LABEL org.opencontainers.image.source="https://github.com/luketainton/roboluke-tasks"
 USER root

tests/test_config_2.py

@@ -25,9 +25,9 @@ def test_config_no_admin_vars() -> None:
     # needs to be imported AFTER environment variables are set
     from app.utils.config import config  # pragma: no cover
 
-    assert config.approved_domains is None
-    assert config.approved_rooms is None
-    assert config.approved_users is None
+    assert config.approved_domains == []
+    assert config.approved_rooms == []
+    assert config.approved_users == []
     assert config.admin_emails == config_vars["ADMIN_EMAIL"].split(",")
     assert config.admin_first_name == config_vars["ADMIN_FIRST_NAME"]
     assert config.bot_name == config_vars["BOT_NAME"]