Update .gitea/workflows/ci.yml

.gitea/workflows/ci.yml

@@ -54,18 +54,38 @@ jobs:
 
       - name: Minimize uv cache
         run: uv cache prune --ci
+      
+      - name: Set up environment for Snyk
+        run: |
+          uv pip freeze > requirements.txt
+          mv pyproject.toml pyproject.toml.bak
+          mv uv.lock uv.lock.bak
 
-      - name: SonarQube Scan
+      - name: Snyk SAST Scan
-        uses: SonarSource/sonarqube-scan-action@v5.2.0
-        env:
-          SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
-          SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
-
-      - name: Snyk Vulnerability Scan
         uses: snyk/actions/python@master
-        continue-on-error: true # Sometimes vulns aren't immediately fixable
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
-          command: snyk
+          # command: snyk
-          args: test --all-projects
+          args: snyk code test #--all-projects --exclude=.archive
+
+      # - name: SonarQube Scan
+      #   uses: SonarSource/sonarqube-scan-action@v5.2.0
+      #   env:
+      #     SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
+      #     SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+
+      # - name: Snyk Vulnerability Scan
+      #   uses: snyk/actions/python@master
+      #   continue-on-error: true # Sometimes vulns aren't immediately fixable
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     command: snyk
+      #     args: test --all-projects
+
+      - name: Reverse set up environment for Snyk
+        run: |
+          rm -f requirements.txt
+          mv pyproject.toml.bak pyproject.toml
+          mv uv.lock.bak uv.lock