chore(security): remove Snyk security workflow and update renovate configuration (#549)

Reviewed-on: #549
2026-01-21 20:52:36 +00:00
parent 2d09709b9f
commit 2f0fac30bc
3 changed files with 19 additions and 17 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -59,19 +59,19 @@ jobs:
      - name: Minimize uv cache
        run: uv cache prune --ci
      
-      - name: Set up environment for Snyk
-        run: |
-          uv pip freeze > requirements.txt
-          mv pyproject.toml pyproject.toml.bak
-          mv uv.lock uv.lock.bak
+      # - name: Set up environment for Snyk
+      #   run: |
+      #     uv pip freeze > requirements.txt
+      #     mv pyproject.toml pyproject.toml.bak
+      #     mv uv.lock uv.lock.bak

-      - name: Snyk SAST Scan
-        uses: snyk/actions/python@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          # command: snyk
-          args: snyk code test #--all-projects --exclude=.archive
+      # - name: Snyk SAST Scan
+      #   uses: snyk/actions/python@master
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     # command: snyk
+      #     args: snyk code test #--all-projects --exclude=.archive

      # - name: SonarQube Scan
      #   uses: SonarSource/sonarqube-scan-action@v5.2.0
@@ -88,8 +88,8 @@ jobs:
      #     command: snyk
      #     args: test --all-projects

-      - name: Reverse set up environment for Snyk
-        run: |
-          rm -f requirements.txt
-          mv pyproject.toml.bak pyproject.toml
-          mv uv.lock.bak uv.lock
+      # - name: Reverse set up environment for Snyk
+      #   run: |
+      #     rm -f requirements.txt
+      #     mv pyproject.toml.bak pyproject.toml
+      #     mv uv.lock.bak uv.lock
--- a/.gitea/workflows/security.yml
+++ b/.gitea/workflows/security.yml
@@ -1,36 +0,0 @@
-name: Security
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-  schedule:
-    - cron: "@daily"
-
-jobs:
-  # sonarqube:
-  #   name: SonarQube
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #     - name: Checkout repo
-  #       uses: actions/checkout@v4.2.2
-
-  #     - name: SonarQube Scan
-  #       uses: SonarSource/sonarqube-scan-action@v5.2.0
-  #       env:
-  #         SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
-  #         SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
-
-  snyk:
-    name: Snyk
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v6.0.1
-
-      - name: Snyk
-        uses: snyk/actions/python@master
-        continue-on-error: true
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}