chore(deps): update docker/build-push-action action to v6

fix(ci): switch back to previous module
revert: 71d2a97105
2025-01-02 21:01:09 +00:00 · 2025-01-02 20:43:17 +00:00 · 2025-01-02 21:42:11 +01:00 · 2025-01-02 21:41:52 +01:00 · 2025-01-02 20:41:39 +00:00 · 2025-01-02 20:35:36 +00:00
35 changed files with 1202 additions and 669 deletions
--- a/.archive/.gitea/workflows/ci.yml
+++ b/.archive/.gitea/workflows/ci.yml
@ -0,0 +1,86 @@
 name: CI
 on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths-ignore:
      - "README.md"
      - "LICENSE.md"
      - ".gitignore"
      - "renovate.json"
      - ".gitea/CODEOWNERS"
      - ".archive"
 jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
      - uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "${{ vars.PYTHON_VERSION }}"
      - name: Setup Poetry
        uses: abatilo/actions-poetry@v3
        # run: curl -sSL https://install.python-poetry.org | python3 -
      - name: Update PATH
        run: export PATH="/root/.local/bin:$PATH"
      - name: Setup virtual environment
        run: |
          /root/.local/bin/poetry config virtualenvs.create true --local
          /root/.local/bin/poetry config virtualenvs.in-project true --local
      - uses: actions/cache@v3
        name: Define cache for dependencies
        with:
          path: ./.venv
          key: venv-${{ hashFiles('poetry.lock') }}
      - name: Install dependencies
        run: /root/.local/bin/poetry install
      - name: Lint
        run: |
          /root/.local/bin/poetry run pylint --verbose --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
          cat lintreport.txt
      - name: Unit Test
        run: |
          /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
          /root/.local/bin/poetry run coverage xml
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
      # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
      # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
      - name: SonarQube Cloud Scan
        uses: SonarSource/sonarqube-scan-action@v4.2.1
        continue-on-error: true
        env:
          # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      - name: Snyk Vulnerability Scan
        uses: snyk/actions/python-3.10@master
        continue-on-error: true # To make sure that SARIF upload gets called
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif --all-projects
      # - name: Upload result to GitHub Code Scanning
      #   uses: github/codeql-action/upload-sarif@v3
      #   with:
      #     sarif_file: snyk.sarif
--- a/.archive/.github/CODEOWNERS
+++ b/.archive/.github/CODEOWNERS
@ -0,0 +1 @@
 *   @luketainton
--- a/.archive/.github/dependabot.yml
+++ b/.archive/.github/dependabot.yml
@ -6,8 +6,8 @@ updates:
      interval: "daily"
    assignees:
      - "luketainton"
-    reviewers:
+    # reviewers:
-      - "luketainton"
+      # - "luketainton"
    commit-message:
      prefix: "chore(actions)"
      include: "scope"
@ -20,8 +20,8 @@ updates:
      interval: "daily"
    assignees:
      - "luketainton"
-    reviewers:
+    # reviewers:
-      - "luketainton"
+      # - "luketainton"
    commit-message:
      prefix: "chore(docker)"
      include: "scope"
@ -34,8 +34,8 @@ updates:
      interval: "daily"
    assignees:
      - "luketainton"
-    reviewers:
+    # reviewers:
-      - "luketainton"
+      # - "luketainton"
    commit-message:
      prefix: "chore(pip-prod)"
      prefix-development: "chore(pip-dev)"
--- a/.archive/.github/renovate.json
+++ b/.archive/.github/renovate.json
@ -1,26 +1,42 @@
 {
  "extends": ["config:base"],
  "platformCommit": true,
  "dependencyDashboardAutoclose": true,
  "assignAutomerge": true,
  "assigneesFromCodeOwners": true,
-  "rebaseWhen": "behind-base-branch",
+  "dependencyDashboardAutoclose": true,
-  "rollbackPrs": true,
+  "extends": [
-  "labels": ["dependencies"],
+    "config:base"
  ],
  "labels": [
    "dependencies"
  ],
  "packageRules": [
    {
-      "matchPackagePatterns": ["black", "pylint"],
+      "labels": [
-      "labels": ["linting"]
+        "linting"
      ],
      "matchPackagePatterns": [
        "black",
        "pylint"
      ]
    },
    {
-      "matchPackagePatterns": ["coverage", "pytest"],
+      "labels": [
-      "labels": ["unit-tests"]
+        "unit-tests"
      ],
      "matchPackagePatterns": [
        "coverage",
        "pytest"
      ]
    }
  ],
  "platformCommit": true,
  "rebaseWhen": "behind-base-branch",
  "rollbackPrs": true,
  "vulnerabilityAlerts": {
    "enabled": true,
    "labels": ["security"],
    "commitMessagePrefix": "[SECURITY] ",
    "enabled": true,
    "labels": [
      "security"
    ],
    "prCreation": "immediate"
  }
 }
--- a/.archive/.github/workflows-old/release.yml
+++ b/.archive/.github/workflows-old/release.yml
@ -0,0 +1,57 @@
 name: Build
 on:
  push:
    branches: [main]
 jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    outputs:
      new_tag: ${{ steps.tag_version.outputs.new_tag }}
    steps:
      - uses: actions/checkout@v4
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v6.2
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          default_bump: minor
      - name: Create a GitHub release
        uses: ncipollo/release-action@v1
        with:
          tag: ${{ steps.tag_version.outputs.new_tag }}
          name: ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
          generateReleaseNotes: true
  publish:
    name: GitHub Container Registry
    runs-on: ubuntu-latest
    needs: release
    steps:
      - uses: actions/checkout@v4
      - name: Login to GitHub Container Registry
        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
      - name: Build image for GitHub Package Registry
        run: |
          docker build . --file Dockerfile \
          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
          --tag ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }} \
          --tag ghcr.io/luketainton/webexmemebot:latest
      - name: Push image to GitHub Package Registry
        run: |
          docker push ghcr.io/luketainton/webexmemebot:latest
          docker push ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }}
  deploy:
    name: Update Portainer Deployment
    runs-on: ubuntu-latest
    needs: publish
    steps:
      - uses: fjogeleit/http-request-action@v1
        with:
          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
          method: POST
          timeout: 60000
          preventFailureOnNoResponse: "true"
--- a/.archive/.github/workflows/ci.yml
+++ b/.archive/.github/workflows/ci.yml
@ -0,0 +1,20 @@
 name: CI
 on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths-ignore:
      - "README.md"
      - "LICENSE.md"
      - ".gitignore"
      - ".github/CODEOWNERS"
      - ".github/renovate.json"
      - ".github/dependabot.yml"
 jobs:
  ci:
    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
    with:
      python-version: "3.13"
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
--- a/.archive/.github/workflows/release.yml
+++ b/.archive/.github/workflows/release.yml
@ -0,0 +1,26 @@
 name: Release
 on:
  workflow_dispatch:
  schedule:
    - cron: "0 9 * * 0"
 jobs:
  test:
    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
    with:
      python-version: "3.13"
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
  create_release:
    name: Create Release
    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
  create_docker:
    name: Create Docker Image
    needs: create_release
    if: ${{ needs.create_release.outputs.success == 'true' }}
    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
    with:
        release: ${{ needs.create_release.outputs.release_name }}
--- a/.archive/requirements-dev.txt
+++ b/.archive/requirements-dev.txt
@ -0,0 +1,30 @@
 astroid==3.2.4
 black==24.10.0
 cfgv==3.4.0
 click==8.1.8
 colorama==0.4.6 ; sys_platform == "win32" or platform_system == "Windows"
 coverage==7.6.10
 dill==0.3.9
 distlib==0.3.9
 filelock==3.16.1
 identify==2.6.4
 iniconfig==2.0.0
 isort==5.13.2
 lazy-object-proxy==1.10.0
 mccabe==0.7.0
 mypy-extensions==1.0.0
 nodeenv==1.9.1
 packaging==24.2
 pathspec==0.12.1
 platformdirs==4.3.6
 pluggy==1.5.0
 pre-commit==4.0.1
 pylint==3.2.6
 pylint-exit==1.2.0
 pytest==8.3.3
 PyYAML==6.0.2
 setuptools==75.6.0
 tomlkit==0.13.2
 virtualenv==20.28.0
 wrapt==1.17.0
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
--- a/.archive/requirements.txt
+++ b/.archive/requirements.txt
@ -0,0 +1,17 @@
 backoff==2.2.1
 certifi==2024.8.30
 charset-normalizer==3.4.1
 coloredlogs==15.0.1
 future==1.0.0
 humanfriendly==10.0
 idna==3.10
 pillow==11.0.0
 PyJWT==2.10.1
 requests==2.32.3
 requests-toolbelt==1.0.0
 sentry-sdk==2.19.0
 tomlkit==0.13.2
 urllib3==2.2.3
 webex-bot==0.5.2
 webexteamssdk==1.6.1
 websockets==11.0.3
--- a/.coveragerc
+++ b/.coveragerc
@ -1,3 +1,3 @@
 [coverage:run]
 relative_files = True
-branch = True
+branch = True
--- a/.env.default
+++ b/.env.default
@ -1,4 +1,2 @@
 APP_LIFECYCLE="dev"
 SENTRY_ENABLED="False"
 SENTRY_DSN=""
 WEBEX_API_KEY=""
--- a/.gitea/CODEOWNERS
+++ b/.gitea/CODEOWNERS
@ -0,0 +1 @@
 *   @luke
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -0,0 +1,62 @@
 name: CI
 on:
  pull_request:
    types: [opened, synchronize, reopened]
    paths-ignore:
      - "README.md"
      - "LICENSE.md"
      - ".gitignore"
      - "renovate.json"
      - ".gitea/CODEOWNERS"
      - ".archive"
 jobs:
  ci:
    runs-on: ubuntu-poetry-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
      - name: Run Hadolint
        uses: hadolint/hadolint-action@v3.1.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "${{ vars.PYTHON_VERSION }}"
          cache: 'poetry'
      - name: Install dependencies
        run: poetry install
      - name: Lint
        run: |
          poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
          cat lintreport.txt
      - name: Unit Test
        run: |
          poetry run coverage run -m pytest -v --junitxml=testresults.xml
          poetry run coverage xml
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarQube Cloud Scan
        uses: SonarSource/sonarqube-scan-action@v4.2.1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      - name: Snyk Vulnerability Scan
        uses: snyk/actions/python@master
        continue-on-error: true  # Sometimes vulns aren't immediately fixable
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          command: snyk
          args: test --all-projects
--- a/.gitea/workflows/pr-title-semantic.yml
+++ b/.gitea/workflows/pr-title-semantic.yml
@ -0,0 +1,34 @@
 name: "Enforce Conventional Commit PR Title"
 on:
  pull_request_target:
    types:
      - opened
      - edited
      - synchronize
      - reopened
      - labeled
      - unlabeled
 jobs:
  validate:
    name: Validate PR Title
    runs-on: ubuntu-latest
    steps:
      # - name: PR Conventional Commit Validation
      #   uses: ytanikin/pr-conventional-commits@1.4.0
      #   with:
      #     task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
      #     add_label: 'false'
      # DOES NOT WORK WITH GITEA
      - uses: amannn/action-semantic-pull-request@v5
        env:
          GITHUB_TOKEN: ${{ gitea.token }}
        with:
          requireScope: true
          wip: true
          validateSingleCommit: true
          validateSingleCommitMatchesPrTitle: true
          githubBaseUrl: https://git.tainton.uk/api/v1
          ignoreLabels: ignore/semantic-pr-title
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@ -0,0 +1,168 @@
 name: Release
 on:
  schedule:
    - cron: "0 9 * * 0"
  issue_comment:
    types: [created]
 jobs:
  manual_trigger:
    name: Manual Trigger Cleanup
    runs-on: ubuntu-latest
    if: ${{ gitea.event_name == 'issue_comment' }}
    steps:
      - name: Log event metadata
        run: |
          echo "Issue: ${{ gitea.event.issue.number }}"
          echo "Comment: ${{ gitea.event.comment.body }}"
          echo "User: ${{ gitea.event.comment.user.login }}"
      - name: Stop workflow if required conditions are not met
        if: ${{ !contains(gitea.event.issue.number, '436') || !contains(gitea.event.comment.body, '/trigger-release') || !contains(gitea.event.comment.user.login, 'luke') }}
        run: exit 1
      - name: Delete issue comment
        run: |
          curl -X DELETE \
            -H "Authorization: token ${{ gitea.token }}" \
            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/comments/${{ gitea.event.comment.id }}"
  # test:
  #   name: Unit Test
  #   uses: https://git.tainton.uk/public/webexmemebot/.gitea/workflows/ci.yml@main
  #   continue-on-error: true
  create_release:
    name: Create Release
    runs-on: ubuntu-latest
    # needs: test
    outputs:
      release_name: ${{ steps.get_next_version.outputs.tag }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
      - name: Changes since last tag
        id: changes
        run: |
          rm -f .changes
          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
          cat .changes
      - name: Check for changes
        run: |
          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
            echo "changes=false"
            echo "changes=false" >> "$GITEA_OUTPUT"
          else
            echo "changes=true"
            echo "changes=true" >> "$GITEA_OUTPUT"
          fi
      - name: Cancel if no changes
        if: steps.changes.outputs.changes == 'false'
        run: exit 1
      - name: Set server URL
        id: set_srvurl
        run: |
          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
      - name: Get next version
        uses: TriPSs/conventional-changelog-action@v6
        id: get_next_version
        with:
          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
          github-token: ${{ gitea.token }}
          preset: "conventionalcommits"
          # preset: "angular"  # This is the default
          skip-commit: true
          release-count: 1
          output-file: false
          create-summary: true
          skip-on-empty: true
          skip-version-file: true
          skip-tag: true
      - name: Create release
        run: |
          curl -s -X POST \
            -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \
            -H "accept: application/json" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\": \"${{ steps.get_next_version.outputs.tag }}\", \"name\": \"${{ steps.get_next_version.outputs.tag }}\", \"body\": \"${{ steps.get_next_version.outputs.changelog }}\"}" \
            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases"
  build_docker:
    name: Build Docker Images
    needs: create_release
    steps:
      - name: Update Docker configuration
        continue-on-error: true
        run: |
          mkdir -p /etc/default
          mkdir -p /etc/docker
          touch -a /etc/default/docker
          touch -a /etc/docker/daemon.json
          echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker
          echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ needs.create_release.outputs.release_name }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.PACKAGES_REGISTRY_URL }}
          username: ${{ vars.ACTIONS_USERNAME }}
          password: ${{ secrets.ACTIONS_TOKEN }}
      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ vars.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ghcr.io/${{ vars.GHCR_USERNAME }}/webexmemebot
            ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }}
          tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }}
      - name: Print metadata
        run: |
          printf "Annotations:\n${{ steps.meta.outputs.annotations }}"
          echo ""
          printf "Labels:\n${{ steps.meta.outputs.labels }}"
          echo ""
          printf "Tags:\n${{ steps.meta.outputs.tags }}"
      - name: Build images
        uses: docker/build-push-action@v6
        with:
          context: .
          push: false
          load: true
          annotations: ${{ steps.meta.outputs.annotations }}
          labels: ${{ steps.meta.outputs.labels }}
          tags: ${{ steps.meta.outputs.tags }}
      - name: Push images
        run: |
          strtags="${{ steps.meta.outputs.tags }}"
          readarray -t lines <<<"$strtags"
          for element in "${lines[@]}"; do docker push "$element"; done
          unset strtags lines
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -1 +1 @@
-*   @luketainton
+*   @luketainton
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -11,14 +11,10 @@ on:
      - ".github/dependabot.yml"
 jobs:
-  pythonci:
+  ci:
-    uses: luketainton/gha-workflows/.github/workflows/ci-python.yml@main
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
-    secrets:
+    with:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      python-version: "3.13"
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
  dockerci:
    uses: luketainton/gha-workflows/.github/workflows/ci-docker.yml@main
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,56 +1,26 @@
-name: Build
+name: Release
 on:
-  push:
+  workflow_dispatch:
-    branches: [main]
+  schedule:
    - cron: "0 9 * * 0"
 jobs:
-  release:
+  test:
-    name: Release
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
-    runs-on: ubuntu-latest
+    with:
-    outputs:
+      python-version: "3.13"
-      new_tag: ${{ steps.tag_version.outputs.new_tag }}
+    secrets:
-    steps:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      - uses: actions/checkout@v4
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v6.2
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          default_bump: minor
      - name: Create a GitHub release
        uses: ncipollo/release-action@v1
        with:
          tag: ${{ steps.tag_version.outputs.new_tag }}
          name: ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
-  publish:
+  create_release:
-    name: GitHub Container Registry
+    name: Create Release
-    runs-on: ubuntu-latest
+    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
    needs: release
    steps:
      - uses: actions/checkout@v4
      - name: Login to GitHub Container Registry
        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
      - name: Build image for GitHub Package Registry
        run: |
          docker build . --file Dockerfile \
          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
          --tag ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }} \
          --tag ghcr.io/luketainton/webexmemebot:latest
      - name: Push image to GitHub Package Registry
        run: |
          docker push ghcr.io/luketainton/webexmemebot:latest
          docker push ghcr.io/luketainton/webexmemebot:${{ needs.release.outputs.new_tag }}
-  deploy:
+  create_docker:
-    name: Update Portainer Deployment
+    name: Create Docker Image
-    runs-on: ubuntu-latest
+    needs: create_release
-    needs: publish
+    if: ${{ needs.create_release.outputs.success == 'true' }}
-    steps:
+    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
-      - uses: fjogeleit/http-request-action@v1
+    with:
-        with:
+        release: ${{ needs.create_release.outputs.release_name }}
          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
          method: POST
          timeout: 60000
          preventFailureOnNoResponse: "true"
--- a/.gitignore
+++ b/.gitignore
@ -133,3 +133,6 @@ dmypy.json
 # IDE
 .vscode
 .idea
 # Ruff
 .ruff_cache/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,60 @@
 fail_fast: false
 minimum_pre_commit_version: 3.8.0
 default_install_hook_types: [pre-commit, commit-msg]
 default_language_version:
  python: python3.11
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.6.0
    hooks:
      - id: trailing-whitespace
      - id: mixed-line-ending
      - id: end-of-file-fixer
      - id: requirements-txt-fixer
      - id: check-yaml
      - id: check-added-large-files
      - id: check-ast
      - id: check-docstring-first
      - id: check-json
      - id: check-merge-conflict
      - id: check-toml
      - id: check-xml
      - id: detect-private-key
      - id: no-commit-to-branch
      - id: requirements-txt-fixer
      - id: name-tests-test
        args: [--pytest-test-first]
      - id: pretty-format-json
        args: [--autofix]
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.5.6
    hooks:
      - id: ruff-format # Run the formatter.
      - id: ruff # Run the linter.
        args: [--fix]
  # - repo: https://github.com/pycqa/isort
  #   rev: 5.13.2
  #   hooks:
  #     - id: isort
  - repo: https://github.com/pre-commit/pygrep-hooks
    rev: v1.10.0
    hooks:
      - id: python-use-type-annotations
  - repo: https://github.com/asottile/pyupgrade
    rev: v3.17.0
    hooks:
      - id: pyupgrade
  - repo: https://github.com/compilerla/conventional-pre-commit
    rev: v3.4.0
    hooks:
      - id: conventional-pre-commit
        stages: [commit-msg]
--- a/15
+++ b/15
@ -1,17 +1,22 @@
-FROM python:3.11-slim
+FROM python:3.13-slim
 LABEL maintainer="Luke Tainton <luke@tainton.uk>"
 LABEL org.opencontainers.image.source="https://github.com/luketainton/webexmemebot"
 USER root
-ENV PYTHONPATH="/run:/usr/local/lib/python3.11/lib-dynload:/usr/local/lib/python3.11/site-packages:/usr/local/lib/python3.11"
+ENV PYTHONPATH="/run:/usr/local/lib/python3.13/lib-dynload:/usr/local/lib/python3.13/site-packages:/usr/local/lib/python3.13"
 WORKDIR /run
 COPY imp.py /run/imp.py
 RUN mkdir -p /.local && \
    chmod -R 777 /.local && \
-    pip install -U pip
+    pip install -U pip poetry
-COPY requirements.txt /run/requirements.txt
+COPY pyproject.toml /run/pyproject.toml
-RUN pip install --no-cache-dir -r requirements.txt
+COPY poetry.lock /run/poetry.lock
 RUN poetry config virtualenvs.create false && \
    poetry install --without dev
 ENTRYPOINT ["python3", "-B", "-m", "app.main"]
--- a/README.md
+++ b/README.md
@ -1,14 +0,0 @@
 # webexmemebot
 ## Description
 Webex-based meme generation bot using memegen.link.
 ## How to install
 1. Clone the repository
 2. Copy `.env.default` to `.env`
 3. Edit `.env` as required:
    - `WEBEX_API_KEY` - Webex API key
 ## How to use
 1. Install Docker and Docker Compose
 2. Run `docker-compose up -d`
--- a/app/config.py
+++ b/app/config.py
@ -5,16 +5,12 @@ import os
 class Config:
    """Configuration module."""
    def __init__(self) -> None:
        """Configuration module."""
        self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
        self.__version: str = os.environ["APP_VERSION"]
        self.__webex_token: str = os.environ["WEBEX_API_KEY"]
        self.__sentry_dsn: str = os.environ.get("SENTRY_DSN", "")
        self.__sentry_enabled: bool = bool(
            os.environ.get("SENTRY_ENABLED", "False").upper() == "TRUE"
            and self.__sentry_dsn != ""
        )
    @property
    def environment(self) -> str:
@ -26,19 +22,6 @@ class Config:
        """Returns the current app version."""
        return self.__version
    @property
    def sentry_enabled(self) -> bool:
        """Returns True if Sentry SDK is enabled, else False."""
        return self.__sentry_enabled
    @property
    def sentry_dsn(self) -> str:
        """Returns the Sentry DSN value if Sentry SDK is enabled AND
        Sentry DSN is set, else blank string."""
        if not self.__sentry_enabled:
            return ""
        return self.__sentry_dsn
    @property
    def webex_token(self) -> str:
        """Returns the Webex API key."""
--- a/app/img.py
+++ b/app/img.py
@ -1,6 +1,5 @@
 import requests
 CHAR_REPLACEMENTS: list = [
    ["_", "__"],
    ["-", "--"],
@ -19,7 +18,7 @@ CHAR_REPLACEMENTS: list = [
 def get_templates() -> list[dict]:
    url: str = "https://api.memegen.link/templates"
-    req: requests.Response = requests.get(url=url, timeout=5)
+    req: requests.Response = requests.get(url=url, timeout=10)
    req.raise_for_status()
    data: dict = req.json()
    templates: list = []
@ -56,5 +55,7 @@ def generate_api_url(template: str, top_str: str, btm_str: str) -> str:
    top_str = format_meme_string(top_str)
    btm_str = format_meme_string(btm_str)
-    url: str = f"https://api.memegen.link/images/{tmpl_name}/{top_str}/{btm_str}.{tmpl_ext}"
+    url: str = (
        f"https://api.memegen.link/images/{tmpl_name}/{top_str}/{btm_str}.{tmpl_ext}"
    )
    return url
--- a/app/main.py
+++ b/app/main.py
@ -1,25 +1,11 @@
 #!/usr/local/bin/python3
 import sentry_sdk
 from sentry_sdk.integrations.stdlib import StdlibIntegration
 from webex_bot.webex_bot import WebexBot
 from app import close, meme
 from app.config import config
 if config.sentry_enabled:
    apm = sentry_sdk.init(
        dsn=config.sentry_dsn,
        enable_tracing=True,
        environment=config.environment,
        release=config.version,
        integrations=[StdlibIntegration()],
        spotlight=True
    )
 def create_bot() -> WebexBot:
    """Create a Bot object."""
    bot = WebexBot(
--- a/app/meme.py
+++ b/app/meme.py
@ -2,25 +2,25 @@ from webex_bot.models.command import Command
 from webex_bot.models.response import Response, response_from_adaptive_card
 from webexteamssdk.models.cards import (
    AdaptiveCard,
    Choice,
    Choices,
    Column,
    ColumnSet,
    FontSize,
    FontWeight,
    Text,
    TextBlock,
    Choice,
    Choices,
 )
-from webexteamssdk.models.cards.actions import Submit, OpenUrl
+from webexteamssdk.models.cards.actions import OpenUrl, Submit
 from app import img
 TEMPLATES = img.get_templates()
 class MakeMemeCommand(Command):
    """Class for initial Webex interactive card."""
    def __init__(self) -> None:
        super().__init__(
            command_keyword="/meme",
@ -69,7 +69,8 @@ class MakeMemeCommand(Command):
                                id="meme_type",
                                isMultiSelect=False,
                                choices=[
-                                    Choice(title=x["name"], value=x["choiceval"]) for x in TEMPLATES
+                                    Choice(title=x["name"], value=x["choiceval"])
                                    for x in TEMPLATES
                                ],
                            ),
                            Text(id="text_top", placeholder="Top Text", maxLength=100),
@ -100,6 +101,7 @@ class MakeMemeCommand(Command):
 class MakeMemeCallback(Command):
    """Class to process user data and return meme."""
    def __init__(self) -> None:
        super().__init__(
            card_callback_keyword="make_meme_callback_rbamzfyx",
--- a/imp.py
+++ b/imp.py
@ -0,0 +1,4 @@
 """Compatibility module that imports all symbols from the importlib module.
 and exposes them as imp."""
 from importlib import *
--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@ -1,23 +1,25 @@
 [tool.poetry]
 name = "webexmemebot"
-version = "0.1.0"
+version = "0.0.0"  # Version is tracked by GitHub Releases
 description = "Webex-based meme generation bot using memegen.link."
 authors = ["luketainton"]
 readme = "README.md"
 package-mode = false
 [tool.poetry.dependencies]
 python = "^3.11.2"
-webex-bot = "^0.4.0"
+webex-bot = "^0.5.2"
-pillow = "^10.3.0"
+pillow = "^11.0.0"
-sentry-sdk = "^1.45.0"
+astroid = "<=3.3.8"
 [tool.poetry.group.dev.dependencies]
-black = "^24.4.0"
+black = "^24.10.0"
-coverage = "^7.4.4"
+coverage = "^7.6.10"
-pylint = "^3.1.0"
+isort = "^5.13.2"
 pylint = "^3.3.2"
 pylint-exit = "^1.2.0"
-pytest = "^8.1.1"
+pytest = "^8.3.4"
-pre-commit = "^3.7.0"
+pre-commit = "^4.0.1"
 [build-system]
 requires = ["poetry-core"]
--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,25 @@
 {
  "assignAutomerge": true,
  "assigneesFromCodeOwners": true,
  "dependencyDashboardAutoclose": true,
  "extends": [
    "config:recommended"
  ],
  "ignorePaths": [
    "**/.archive/**"
  ],
  "labels": [
    "type/dependencies"
  ],
  "platformCommit": "enabled",
  "rebaseWhen": "behind-base-branch",
  "rollbackPrs": true,
  "vulnerabilityAlerts": {
    "commitMessagePrefix": "[SECURITY] ",
    "enabled": true,
    "labels": [
      "security"
    ],
    "prCreation": "immediate"
  }
 }
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@ -1,29 +0,0 @@
 astroid==3.1.0
 black==24.4.0
 cfgv==3.4.0
 click==8.1.7
 colorama==0.4.6 ; sys_platform == "win32" or platform_system == "Windows"
 coverage==7.4.4
 dill==0.3.8
 distlib==0.3.8
 filelock==3.13.4
 identify==2.5.36
 iniconfig==2.0.0
 isort==5.13.2
 lazy-object-proxy==1.10.0
 mccabe==0.7.0
 mypy-extensions==1.0.0
 nodeenv==1.8.0
 packaging==24.0
 pathspec==0.12.1
 platformdirs==4.2.0
 pluggy==1.5.0
 pre-commit==3.7.0
 pylint-exit==1.2.0
 pylint==3.1.0
 pytest==8.1.1
 pyyaml==6.0.1
 setuptools==69.5.1
 tomlkit==0.12.4
 virtualenv==20.25.3
 wrapt==1.16.0
--- a/requirements.txt
+++ b/requirements.txt
@ -1,17 +0,0 @@
 backoff==2.2.1
 certifi==2024.2.2
 charset-normalizer==3.3.2
 coloredlogs==15.0.1
 future==1.0.0
 humanfriendly==10.0
 idna==3.7
 pillow==10.3.0
 pyjwt==2.8.0
 pyreadline3==3.4.1 ; sys_platform == "win32" and python_full_version == "3.11.2"
 requests-toolbelt==1.0.0
 requests==2.31.0
 sentry-sdk==1.45.0
 urllib3==2.2.1
 webex-bot==0.4.1
 webexteamssdk==1.6.1
 websockets==10.2
--- a/sonar-project.properties
+++ b/sonar-project.properties
@ -1,11 +1,11 @@
 sonar.organization=luketainton
-sonar.projectKey=luketainton_webexmemebot
+sonar.projectKey=luketainton_webexmemebot2
 sonar.projectName=webexmemebot
 sonar.projectVersion=0.1.0
-sonar.python.version=3.11
+sonar.python.version=3.13
 sonar.python.coverage.reportPaths=coverage.xml
 sonar.python.pylint.reportPaths=lintreport.txt
 sonar.python.xunit.reportPath=testresults.xml
 sonar.sources=app
 sonar.tests=tests
-sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json,requirements-dev.txt,requirements.txt
+sonar.exclusions=,.github/**,.gitignore,CODEOWNERS,CHANGELOG.md,LICENSE.md,README.md,renovate.json,requirements-dev.txt,requirements.txt
--- a/tests/test_config.py
+++ b/tests/test_config.py
@ -2,12 +2,9 @@
 import os
 vars: dict = {
    "APP_VERSION": "dev",
    "WEBEX_API_KEY": "testing",
    "SENTRY_ENABLED": "false",
    "SENTRY_DSN": "http://localhost"
 }
@ -15,10 +12,9 @@ for var, value in vars.items():
    os.environ[var] = value
 # needs to be imported AFTER environment variables are set
-from app.config import config  # pragma: no cover
+from app.config import config  # pragma: no cover  # noqa: E402
 def test_config() -> None:
    assert config.webex_token == vars["WEBEX_API_KEY"]
    assert config.version == vars["APP_VERSION"]
    assert config.sentry_enabled == bool(vars["SENTRY_ENABLED"].lower() == "true")
--- a/tests/test_meme.py
+++ b/tests/test_meme.py
@ -30,7 +30,7 @@ def test_error_false() -> None:
    callback.text_bottom = "TEST"
    result: Response = callback.execute(None, None, {"target": {"globalId": "TEST"}})
    assert (
-        isinstance(result, Response) \
+        isinstance(result, Response)
-        and result.roomId == "TEST" \
+        and result.roomId == "TEST"
        and result.files[0] == callback.meme_filename
    )