chore(deps): update docker/build-push-action action to v6

revert bye

.archive/.gitea/workflows/ci.yml

@@ -0,0 +1,86 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - "renovate.json"
+      - ".gitea/CODEOWNERS"
+      - ".archive"
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ vars.PYTHON_VERSION }}"
+
+      - name: Setup Poetry
+        uses: abatilo/actions-poetry@v3
+        # run: curl -sSL https://install.python-poetry.org | python3 -
+
+      - name: Update PATH
+        run: export PATH="/root/.local/bin:$PATH"
+
+      - name: Setup virtual environment
+        run: |
+          /root/.local/bin/poetry config virtualenvs.create true --local
+          /root/.local/bin/poetry config virtualenvs.in-project true --local
+
+      - uses: actions/cache@v3
+        name: Define cache for dependencies
+        with:
+          path: ./.venv
+          key: venv-${{ hashFiles('poetry.lock') }}
+
+      - name: Install dependencies
+        run: /root/.local/bin/poetry install
+
+      - name: Lint
+        run: |
+          /root/.local/bin/poetry run pylint --verbose --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
+          cat lintreport.txt
+
+      - name: Unit Test
+        run: |
+          /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          /root/.local/bin/poetry run coverage xml
+          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
+
+      # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
+      # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
+      - name: SonarQube Cloud Scan
+        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        continue-on-error: true
+        env:
+          # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python-3.10@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif --all-projects
+
+      # - name: Upload result to GitHub Code Scanning
+      #   uses: github/codeql-action/upload-sarif@v3
+      #   with:
+      #     sarif_file: snyk.sarif

.archive/.github/CODEOWNERS

@@ -0,0 +1 @@
+*   @luketainton

.archive/.github/workflows/ci.yml

@@ -0,0 +1,20 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - ".github/CODEOWNERS"
+      - ".github/renovate.json"
+      - ".github/dependabot.yml"
+
+jobs:
+  ci:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.archive/.github/workflows/release.yml

@@ -0,0 +1,26 @@
+name: Release
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 9 * * 0"
+
+jobs:
+  test:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
+  create_release:
+    name: Create Release
+    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
+
+  create_docker:
+    name: Create Docker Image
+    needs: create_release
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
+    with:
+        release: ${{ needs.create_release.outputs.release_name }}

.archive/requirements-dev.txt

@@ -1,20 +1,20 @@
 astroid==3.2.4
 black==24.10.0
 cfgv==3.4.0
-click==8.1.7
+click==8.1.8
 colorama==0.4.6 ; sys_platform == "win32" or platform_system == "Windows"
-coverage==7.6.4
+coverage==7.6.10
 dill==0.3.9
 distlib==0.3.9
 filelock==3.16.1
-identify==2.6.1
+identify==2.6.4
 iniconfig==2.0.0
 isort==5.13.2
 lazy-object-proxy==1.10.0
 mccabe==0.7.0
 mypy-extensions==1.0.0
 nodeenv==1.9.1
-packaging==24.1
+packaging==24.2
 pathspec==0.12.1
 platformdirs==4.3.6
 pluggy==1.5.0
@@ -23,8 +23,8 @@ pylint==3.2.6
 pylint-exit==1.2.0
 pytest==8.3.3
 PyYAML==6.0.2
-setuptools==75.3.0
+setuptools==75.6.0
 tomlkit==0.13.2
-virtualenv==20.27.1
+virtualenv==20.28.0
-wrapt==1.16.0
+wrapt==1.17.0
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

.archive/requirements.txt

@@ -1,15 +1,15 @@
 backoff==2.2.1
 certifi==2024.8.30
-charset-normalizer==3.4.0
+charset-normalizer==3.4.1
 coloredlogs==15.0.1
 future==1.0.0
 humanfriendly==10.0
 idna==3.10
 pillow==11.0.0
-PyJWT==2.9.0
+PyJWT==2.10.1
 requests==2.32.3
 requests-toolbelt==1.0.0
-sentry-sdk==2.17.0
+sentry-sdk==2.19.0
 tomlkit==0.13.2
 urllib3==2.2.3
 webex-bot==0.5.2

.env.default

@@ -1,4 +1,2 @@
 APP_LIFECYCLE="dev"
-SENTRY_ENABLED="False"
-SENTRY_DSN=""
 WEBEX_API_KEY=""

.gitea/CODEOWNERS

@@ -0,0 +1 @@
+*   @luke

.gitea/workflows/ci.yml

@@ -0,0 +1,62 @@
+name: CI
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths-ignore:
+      - "README.md"
+      - "LICENSE.md"
+      - ".gitignore"
+      - "renovate.json"
+      - ".gitea/CODEOWNERS"
+      - ".archive"
+
+jobs:
+  ci:
+    runs-on: ubuntu-poetry-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Run Hadolint
+        uses: hadolint/hadolint-action@v3.1.0
+        with:
+          dockerfile: Dockerfile
+          output-file: hadolint.out
+          format: sonarqube
+          no-fail: true
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ vars.PYTHON_VERSION }}"
+          cache: 'poetry'
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Lint
+        run: |
+          poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
+          cat lintreport.txt
+
+      - name: Unit Test
+        run: |
+          poetry run coverage run -m pytest -v --junitxml=testresults.xml
+          poetry run coverage xml
+          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
+
+      - name: SonarQube Cloud Scan
+        uses: SonarSource/sonarqube-scan-action@v4.2.1
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Snyk Vulnerability Scan
+        uses: snyk/actions/python@master
+        continue-on-error: true  # Sometimes vulns aren't immediately fixable
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: snyk
+          args: test --all-projects

.gitea/workflows/pr-title-semantic.yml

@@ -0,0 +1,34 @@
+name: "Enforce Conventional Commit PR Title"
+
+on:
+  pull_request_target:
+    types:
+      - opened
+      - edited
+      - synchronize
+      - reopened
+      - labeled
+      - unlabeled
+
+jobs:
+  validate:
+    name: Validate PR Title
+    runs-on: ubuntu-latest
+    steps:
+      # - name: PR Conventional Commit Validation
+      #   uses: ytanikin/pr-conventional-commits@1.4.0
+      #   with:
+      #     task_types: '["feat","fix","docs","test","ci","refactor","perf","chore","revert"]'
+      #     add_label: 'false'
+
+      # DOES NOT WORK WITH GITEA
+      - uses: amannn/action-semantic-pull-request@v5
+        env:
+          GITHUB_TOKEN: ${{ gitea.token }}
+        with:
+          requireScope: true
+          wip: true
+          validateSingleCommit: true
+          validateSingleCommitMatchesPrTitle: true
+          githubBaseUrl: https://git.tainton.uk/api/v1
+          ignoreLabels: ignore/semantic-pr-title

.gitea/workflows/release.yml

@@ -0,0 +1,168 @@
+name: Release
+on:
+  schedule:
+    - cron: "0 9 * * 0"
+  issue_comment:
+    types: [created]
+
+jobs:
+  manual_trigger:
+    name: Manual Trigger Cleanup
+    runs-on: ubuntu-latest
+    if: ${{ gitea.event_name == 'issue_comment' }}
+    steps:
+      - name: Log event metadata
+        run: |
+          echo "Issue: ${{ gitea.event.issue.number }}"
+          echo "Comment: ${{ gitea.event.comment.body }}"
+          echo "User: ${{ gitea.event.comment.user.login }}"
+
+      - name: Stop workflow if required conditions are not met
+        if: ${{ !contains(gitea.event.issue.number, '436') || !contains(gitea.event.comment.body, '/trigger-release') || !contains(gitea.event.comment.user.login, 'luke') }}
+        run: exit 1
+
+      - name: Delete issue comment
+        run: |
+          curl -X DELETE \
+            -H "Authorization: token ${{ gitea.token }}" \
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/comments/${{ gitea.event.comment.id }}"
+
+  # test:
+  #   name: Unit Test
+  #   uses: https://git.tainton.uk/public/webexmemebot/.gitea/workflows/ci.yml@main
+  #   continue-on-error: true
+
+  create_release:
+    name: Create Release
+    runs-on: ubuntu-latest
+    # needs: test
+    outputs:
+      release_name: ${{ steps.get_next_version.outputs.tag }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Changes since last tag
+        id: changes
+        run: |
+          rm -f .changes
+          git log $(git describe --tags --abbrev=0)..HEAD --no-merges --oneline >> .changes
+          cat .changes
+
+      - name: Check for changes
+        run: |
+          if [[ -z $(grep '[^[:space:]]' .changes) ]] ; then
+            echo "changes=false"
+            echo "changes=false" >> "$GITEA_OUTPUT"
+          else
+            echo "changes=true"
+            echo "changes=true" >> "$GITEA_OUTPUT"
+          fi
+
+      - name: Cancel if no changes
+        if: steps.changes.outputs.changes == 'false'
+        run: exit 1
+
+      - name: Set server URL
+        id: set_srvurl
+        run: |
+          SRVURL=$(echo "${{ gitea.server_url }}" | sed 's/https:\/\/\(.*\)/\1/')
+          echo "srvurl=$SRVURL" >> "$GITEA_OUTPUT"
+
+      - name: Get next version
+        uses: TriPSs/conventional-changelog-action@v6
+        id: get_next_version
+        with:
+          git-url: ${{ steps.set_srvurl.outputs.srvurl }}
+          github-token: ${{ gitea.token }}
+          preset: "conventionalcommits"
+          # preset: "angular"  # This is the default
+          skip-commit: true
+          release-count: 1
+          output-file: false
+          create-summary: true
+          skip-on-empty: true
+          skip-version-file: true
+          skip-tag: true
+
+      - name: Create release
+        run: |
+          curl -s -X POST \
+            -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \
+            -H "accept: application/json" \
+            -H "Content-Type: application/json" \
+            -d "{\"tag_name\": \"${{ steps.get_next_version.outputs.tag }}\", \"name\": \"${{ steps.get_next_version.outputs.tag }}\", \"body\": \"${{ steps.get_next_version.outputs.changelog }}\"}" \
+            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/releases"
+
+  build_docker:
+    name: Build Docker Images
+    needs: create_release
+    steps:
+      - name: Update Docker configuration
+        continue-on-error: true
+        run: |
+          mkdir -p /etc/default
+          mkdir -p /etc/docker
+          touch -a /etc/default/docker
+          touch -a /etc/docker/daemon.json
+          echo "DOCKER_OPTS=\"--insecure-registry ${{ vars.PACKAGES_REGISTRY_URL }}\"" >> /etc/default/docker
+          echo "{\"insecure-registries\": [\"${{ vars.PACKAGES_REGISTRY_URL }}\"]}" > /etc/docker/daemon.json
+
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: ${{ needs.create_release.outputs.release_name }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ vars.PACKAGES_REGISTRY_URL }}
+          username: ${{ vars.ACTIONS_USERNAME }}
+          password: ${{ secrets.ACTIONS_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ vars.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ vars.GHCR_USERNAME }}/webexmemebot
+            ${{ vars.PACKAGES_REGISTRY_URL }}/${{ gitea.repository }}
+          tags: type=semver,pattern=v{{version}},value=${{ needs.create_release.outputs.release_name }}
+
+      - name: Print metadata
+        run: |
+          printf "Annotations:\n${{ steps.meta.outputs.annotations }}"
+          echo ""
+          printf "Labels:\n${{ steps.meta.outputs.labels }}"
+          echo ""
+          printf "Tags:\n${{ steps.meta.outputs.tags }}"
+
+      - name: Build images
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          load: true
+          annotations: ${{ steps.meta.outputs.annotations }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.meta.outputs.tags }}
+
+      - name: Push images
+        run: |
+          strtags="${{ steps.meta.outputs.tags }}"
+          readarray -t lines <<<"$strtags"
+          for element in "${lines[@]}"; do docker push "$element"; done
+          unset strtags lines

.github/workflows/ci.yml

@@ -12,7 +12,9 @@ on:
 
 jobs:
   ci:
-    uses: luketainton/gha-workflows/.github/workflows/ci-python-with-docker.yml@main
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/release.yml

@@ -5,6 +5,14 @@ on:
     - cron: "0 9 * * 0"
 
 jobs:
+  test:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml@main
+    with:
+      python-version: "3.13"
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+
   create_release:
     name: Create Release
     uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main

.gitignore

@@ -133,3 +133,6 @@ dmypy.json
 # IDE
 .vscode
 .idea
+
+# Ruff
+.ruff_cache/

Dockerfile

@@ -3,15 +3,20 @@ LABEL maintainer="Luke Tainton <luke@tainton.uk>"
 LABEL org.opencontainers.image.source="https://github.com/luketainton/webexmemebot"
 USER root
 
-ENV PYTHONPATH="/run:/usr/local/lib/python3.11/lib-dynload:/usr/local/lib/python3.11/site-packages:/usr/local/lib/python3.11"
+ENV PYTHONPATH="/run:/usr/local/lib/python3.13/lib-dynload:/usr/local/lib/python3.13/site-packages:/usr/local/lib/python3.13"
 WORKDIR /run
 
+COPY imp.py /run/imp.py
+
 RUN mkdir -p /.local && \
     chmod -R 777 /.local && \
-    pip install -U pip
+    pip install -U pip poetry
 
-COPY requirements.txt /run/requirements.txt
+COPY pyproject.toml /run/pyproject.toml
-RUN pip install --no-cache-dir -r requirements.txt
+COPY poetry.lock /run/poetry.lock
+
+RUN poetry config virtualenvs.create false && \
+    poetry install --without dev
 
 ENTRYPOINT ["python3", "-B", "-m", "app.main"]
 

README.md

@@ -1,14 +0,0 @@
-# webexmemebot
-
-## Description
-Webex-based meme generation bot using memegen.link.
-
-## How to install
-1. Clone the repository
-2. Copy `.env.default` to `.env`
-3. Edit `.env` as required:
-    - `WEBEX_API_KEY` - Webex API key
-
-## How to use
-1. Install Docker and Docker Compose
-2. Run `docker-compose up -d`

app/config.py

@@ -11,11 +11,6 @@ class Config:
         self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
         self.__version: str = os.environ["APP_VERSION"]
         self.__webex_token: str = os.environ["WEBEX_API_KEY"]
-        self.__sentry_dsn: str = os.environ.get("SENTRY_DSN", "")
-        self.__sentry_enabled: bool = bool(
-            os.environ.get("SENTRY_ENABLED", "False").upper() == "TRUE"
-            and self.__sentry_dsn != ""
-        )
 
     @property
     def environment(self) -> str:
@@ -27,19 +22,6 @@ class Config:
         """Returns the current app version."""
         return self.__version
 
-    @property
-    def sentry_enabled(self) -> bool:
-        """Returns True if Sentry SDK is enabled, else False."""
-        return self.__sentry_enabled
-
-    @property
-    def sentry_dsn(self) -> str:
-        """Returns the Sentry DSN value if Sentry SDK is enabled AND
-        Sentry DSN is set, else blank string."""
-        if not self.__sentry_enabled:
-            return ""
-        return self.__sentry_dsn
-
     @property
     def webex_token(self) -> str:
         """Returns the Webex API key."""

app/img.py

@@ -18,7 +18,7 @@ CHAR_REPLACEMENTS: list = [
 
 def get_templates() -> list[dict]:
     url: str = "https://api.memegen.link/templates"
-    req: requests.Response = requests.get(url=url, timeout=5)
+    req: requests.Response = requests.get(url=url, timeout=10)
     req.raise_for_status()
     data: dict = req.json()
     templates: list = []

app/main.py

@@ -1,22 +1,10 @@
 #!/usr/local/bin/python3
 
-import sentry_sdk
-from sentry_sdk.integrations.stdlib import StdlibIntegration
 from webex_bot.webex_bot import WebexBot
 
 from app import close, meme
 from app.config import config
 
-if config.sentry_enabled:
-    apm = sentry_sdk.init(
-        dsn=config.sentry_dsn,
-        enable_tracing=True,
-        environment=config.environment,
-        release=config.version,
-        integrations=[StdlibIntegration()],
-        spotlight=True,
-    )
-
 
 def create_bot() -> WebexBot:
     """Create a Bot object."""

imp.py

@@ -0,0 +1,4 @@
+"""Compatibility module that imports all symbols from the importlib module.
+and exposes them as imp."""
+
+from importlib import *

pyproject.toml

@@ -1,22 +1,24 @@
 [tool.poetry]
 name = "webexmemebot"
-version = "0.1.0"
+version = "0.0.0"  # Version is tracked by GitHub Releases
 description = "Webex-based meme generation bot using memegen.link."
 authors = ["luketainton"]
 readme = "README.md"
+package-mode = false
 
 [tool.poetry.dependencies]
 python = "^3.11.2"
 webex-bot = "^0.5.2"
 pillow = "^11.0.0"
-sentry-sdk = "^2.17.0"
+astroid = "<=3.3.8"
 
 [tool.poetry.group.dev.dependencies]
 black = "^24.10.0"
-coverage = "^7.6.4"
+coverage = "^7.6.10"
-pylint = "^3.2.6"
+isort = "^5.13.2"
+pylint = "^3.3.2"
 pylint-exit = "^1.2.0"
-pytest = "^8.3.3"
+pytest = "^8.3.4"
 pre-commit = "^4.0.1"
 
 [build-system]

renovate.json

@@ -0,0 +1,25 @@
+{
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "dependencyDashboardAutoclose": true,
+  "extends": [
+    "config:recommended"
+  ],
+  "ignorePaths": [
+    "**/.archive/**"
+  ],
+  "labels": [
+    "type/dependencies"
+  ],
+  "platformCommit": "enabled",
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
+  "vulnerabilityAlerts": {
+    "commitMessagePrefix": "[SECURITY] ",
+    "enabled": true,
+    "labels": [
+      "security"
+    ],
+    "prCreation": "immediate"
+  }
+}

sonar-project.properties

@@ -1,8 +1,8 @@
 sonar.organization=luketainton
-sonar.projectKey=luketainton_webexmemebot
+sonar.projectKey=luketainton_webexmemebot2
 sonar.projectName=webexmemebot
 sonar.projectVersion=0.1.0
-sonar.python.version=3.11
+sonar.python.version=3.13
 sonar.python.coverage.reportPaths=coverage.xml
 sonar.python.pylint.reportPaths=lintreport.txt
 sonar.python.xunit.reportPath=testresults.xml

tests/test_config.py

@@ -5,8 +5,6 @@ import os
 vars: dict = {
     "APP_VERSION": "dev",
     "WEBEX_API_KEY": "testing",
-    "SENTRY_ENABLED": "false",
-    "SENTRY_DSN": "http://localhost",
 }
 
 
@@ -20,4 +18,3 @@ from app.config import config  # pragma: no cover  # noqa: E402
 def test_config() -> None:
     assert config.webex_token == vars["WEBEX_API_KEY"]
     assert config.version == vars["APP_VERSION"]
-    assert config.sentry_enabled == bool(vars["SENTRY_ENABLED"].lower() == "true")