repos/webexmemebot
4
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 49 Activity

chore(ci): migrate SOT to Gitea
Some checks failed
CI / ci (pull_request) Failing after 3m43s
Details

Browse Source
This commit is contained in:
Luke Tainton
2024-12-31 22:37:37 +00:00
parent d05905e432
commit 7a2424ca76
10 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.archive/.github/CODEOWNERS vendored Normal file
View File

@@ -0,0 +1 @@
* @luketainton

0
.github/dependabot.yml → .archive/.github/dependabot.yml vendored
View File

0
.github/renovate.json → .archive/.github/renovate.json vendored
View File

0
.github/workflows-old/release.yml → .archive/.github/workflows-old/release.yml vendored
View File

20
.archive/.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- "README.md"
- "LICENSE.md"
- ".gitignore"
- ".github/CODEOWNERS"
- ".github/renovate.json"
- ".github/dependabot.yml"
jobs:
ci:
uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
with:
python-version: "3.13"
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

26
.archive/.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: Release
on:
workflow_dispatch:
schedule:
- cron: "0 9 * * 0"
jobs:
test:
uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
with:
python-version: "3.13"
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
create_release:
name: Create Release
uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
create_docker:
name: Create Docker Image
needs: create_release
if: ${{ needs.create_release.outputs.success == 'true' }}
uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
with:
release: ${{ needs.create_release.outputs.release_name }}

1
.gitea/CODEOWNERS Normal file
View File

@@ -0,0 +1 @@
* @luke

59
.gitea/workflows/ci.yml Normal file
View File

@@ -0,0 +1,59 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- "README.md"
- "LICENSE.md"
- ".gitignore"
- "renovate.json"
- ".gitea/CODEOWNERS"
- ".archive"
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
- name: Setup Poetry
uses: abatilo/actions-poetry@v3
- name: Install dependencies
run: poetry install
- name: Lint
run: |
poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
cat lintreport.txt
- name: Unit Test
run: |
poetry run coverage run -m pytest -v --junitxml=testresults.xml
poetry run coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: snyk.sarif

133
.gitea/workflows/release.yml Normal file
View File

@@ -0,0 +1,133 @@
name: Release
on:
schedule:
- cron: "0 9 * * 0"
jobs:
test:
uses: https://git.tainton.uk/public/webexmemebot/src/branch/main/.gitea/workflows/ci.yml
create_release:
runs-on: ubuntu-latest
outputs:
release_name: ${{ steps.tag_version.outputs.new_tag }}
success: ${{ steps.set_flag.outputs.success }}
steps:
- uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- name: Changes since last tag
id: changes
run: |
CHANGES=$(git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline)
echo "$CHANGES"
if [ -z "$CHANGES" ]; then echo "changes=false" >> "$GITEA_OUTPUT"; else echo "changes=true" >> "$GITEA_OUTPUT"; fi
- name: Bump version and push tag
id: tag_version
if: steps.changes.outputs.changes == 'true'
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ gitea.token }}
default_bump: minor
# default_bump: false
- name: Build Changelog
uses: mikepenz/release-changelog-builder-action@v4
id: build_changelog
env:
GITHUB_TOKEN: ${{ gitea.token }}
with:
configurationJson: |
{
"pr_template": "- #{{TITLE}} ([##{{NUMBER}}](#{{URL}}))",
"empty_template": "- no changes",
"categories": [
{
"title": "## 💬 Other",
"labels": ["other"]
},
{
"title": "## 📦 Dependencies",
"labels": ["dependencies"]
},
{
"title": "## 🚀 Features",
"labels": ["feature"]
},
{
"title": "## 🐛 Bug Fixes",
"labels": ["bugfix"]
},
]
}
- name: Create release
id: create_release
uses: akkuman/gitea-release-action@v1
env:
NODE_OPTIONS: '--experimental-fetch' # if nodejs < 18
with:
tag: ${{ steps.tag_version.outputs.new_tag }}
name: ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.build_changelog.outputs.changelog }}
- name: Set success/fail flag
id: set_flag
if: steps.changes.outputs.changes == 'true'
run: if test "${{ steps.changes.outputs.changes }}" = "true"; then echo "success=true" >> "$GITHUB_OUTPUT"; else echo "success=false" >> "$GITHUB_OUTPUT"; fi
create_docker:
name: Create Docker Image
needs: create_release
if: ${{ needs.create_release.outputs.success == 'true' }}
outputs:
success: ${{ steps.set_flag.outputs.success }}
with:
release: ${{ needs.create_release.outputs.release_name }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Gitea Container Registry
uses: docker/login-action@v3
with:
registry: git.tainton.uk
username: ${{ gitea.actor }}
password: ${{ gitea.token }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
git.tainton.uk/${{ gitea.repository }}
tags: |
type=semver,pattern=v{{version}},value=${{ inputs.release }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
push: true
labels: ${{ steps.meta.outputs.labels }}
tags: |
git.tainton.uk/${{ gitea.repository }}:latest
git.tainton.uk/${{ gitea.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v2
with:
subject-name: git.tainton.uk/${{ gitea.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
- name: Set success flag
id: set_flag
run: echo "success=true" >> "$GITHUB_OUTPUT"

42
renovate.json Normal file
View File

@@ -0,0 +1,42 @@
{
"assignAutomerge": true,
"assigneesFromCodeOwners": true,
"dependencyDashboardAutoclose": true,
"extends": [
"config:base"
],
"labels": [
"dependencies"
],
"packageRules": [
{
"labels": [
"linting"
],
"matchPackagePatterns": [
"black",
"pylint"
]
},
{
"labels": [
"unit-tests"
],
"matchPackagePatterns": [
"coverage",
"pytest"
]
}
],
"platformCommit": true,
"rebaseWhen": "behind-base-branch",
"rollbackPrs": true,
"vulnerabilityAlerts": {
"commitMessagePrefix": "[SECURITY] ",
"enabled": true,
"labels": [
"security"
],
"prCreation": "immediate"
}
}