feat(ci): fix CI, switch to self-hosted SonarQube

.archive/.github.old/CODEOWNERS

@@ -0,0 +1 @@
+*   @luketainton

.archive/.github.old/dependabot.yml

@@ -0,0 +1,49 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(actions)"
+      include: "scope"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(docker)"
+      include: "scope"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(pip-prod)"
+      prefix-development: "chore(pip-dev)"
+      include: "scope"
+    labels:
+      - "dependencies"
+    groups:
+      pylint:
+        patterns:
+          - "pylint"
+          - "astroid"

.archive/.github.old/renovate.json

@@ -0,0 +1,42 @@
+{
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "dependencyDashboardAutoclose": true,
+  "extends": [
+    "config:base"
+  ],
+  "labels": [
+    "dependencies"
+  ],
+  "packageRules": [
+    {
+      "labels": [
+        "linting"
+      ],
+      "matchPackagePatterns": [
+        "black",
+        "pylint"
+      ]
+    },
+    {
+      "labels": [
+        "unit-tests"
+      ],
+      "matchPackagePatterns": [
+        "coverage",
+        "pytest"
+      ]
+    }
+  ],
+  "platformCommit": true,
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "vulnerabilityAlerts": {
+    "commitMessagePrefix": "[SECURITY] ",
+    "enabled": true,
+    "labels": [
+      "security"
+    ],
+    "prCreation": "immediate"
+  }
+}

.archive/.github.old/workflows-old/release.yml

@@ -0,0 +1,57 @@
+name: Build
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    outputs:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.2
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: minor
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          generateReleaseNotes: true
+
+  publish:
+    name: GitHub Container Registry
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
+      - name: Build image for GitHub Package Registry
+        run: |
+          docker build . --file Dockerfile \
+          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
+          --tag ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }} \
+          --tag ghcr.io/luketainton/webexmemebot:latest
+      - name: Push image to GitHub Package Registry
+        run: |
+          docker push ghcr.io/luketainton/webexmemebot:latest
+          docker push ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }}
+
+  deploy:
+    name: Update Portainer Deployment
+    runs-on: ubuntu-latest
+    needs: publish
+    steps:
+      - uses: fjogeleit/http-request-action@v1
+        with:
+          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
+          method: POST
+          timeout: 60000
+          preventFailureOnNoResponse: "true"

.archive/.github.old/workflows/ci.yml

@@ -0,0 +1,20 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - ".github/CODEOWNERS"
+      - ".github/renovate.json"
+      - ".github/dependabot.yml"
+
+jobs:
+  ci:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.archive/.github.old/workflows/release.yml

@@ -0,0 +1,26 @@
+name: Release
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 9 * * 0"
+
+jobs:
+  test:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  create_release:
+    name: Create Release
+    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
+
+  create_docker:
+    name: Create Docker Image
+    needs: create_release
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
+    with:
+        release: ${{ needs.create_release.outputs.release_name }}