diff --git a/.github/CODEOWNERS b/.archive/.github.old/CODEOWNERS similarity index 100% rename from .github/CODEOWNERS rename to .archive/.github.old/CODEOWNERS diff --git a/.archive/.github/dependabot.yml b/.archive/.github.old/dependabot.yml similarity index 100% rename from .archive/.github/dependabot.yml rename to .archive/.github.old/dependabot.yml diff --git a/.archive/.github/renovate.json b/.archive/.github.old/renovate.json similarity index 100% rename from .archive/.github/renovate.json rename to .archive/.github.old/renovate.json diff --git a/.archive/.github/workflows-old/release.yml b/.archive/.github.old/workflows-old/release.yml similarity index 100% rename from .archive/.github/workflows-old/release.yml rename to .archive/.github.old/workflows-old/release.yml diff --git a/.github/workflows/ci.yml b/.archive/.github.old/workflows/ci.yml similarity index 100% rename from .github/workflows/ci.yml rename to .archive/.github.old/workflows/ci.yml diff --git a/.github/workflows/release.yml b/.archive/.github.old/workflows/release.yml similarity index 100% rename from .github/workflows/release.yml rename to .archive/.github.old/workflows/release.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index fc7057a..2aad0f9 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,14 +1,11 @@ name: CI on: pull_request: - types: [opened, synchronize, reopened] - paths-ignore: - - "README.md" - - "LICENSE.md" - - ".gitignore" - - "renovate.json" - - ".gitea/CODEOWNERS" - - ".archive" + types: + - opened + - edited + - synchronize + - reopened jobs: ci: @@ -30,7 +27,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v5 with: - python-version: "${{ vars.PYTHON_VERSION }}" + python-version: "3.13" - name: uv cache uses: actions/cache@v4 @@ -58,10 +55,11 @@ jobs: - name: Minimize uv cache run: uv cache prune --ci - - name: SonarQube Cloud Scan + - name: SonarQube Scan uses: SonarSource/sonarqube-scan-action@v4.2.1 env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - name: Snyk Vulnerability Scan uses: snyk/actions/python@master diff --git a/.gitea/workflows/pr-title-semantic.yml b/.gitea/workflows/pr-title-semantic.yml index 3991141..e40f86d 100644 --- a/.gitea/workflows/pr-title-semantic.yml +++ b/.gitea/workflows/pr-title-semantic.yml @@ -7,8 +7,6 @@ on: - edited - synchronize - reopened - - labeled - - unlabeled jobs: validate: diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml new file mode 100644 index 0000000..e5b8112 --- /dev/null +++ b/.gitea/workflows/security.yml @@ -0,0 +1,34 @@ +name: Security + +on: + workflow_dispatch: + push: + branches: + - main + schedule: + - cron: "@daily" + +jobs: + sonarqube: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4.2.2 + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v4.2.1 + env: + SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} + SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} + + snyk: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v4.2.2 + + - name: Snyk + uses: snyk/actions/python@master + continue-on-error: true + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/.gitignore b/.gitignore index 1a3864a..52e822a 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ __pycache__/ # Distribution / packaging .Python build/ +.pdm-build/ develop-eggs/ dist/ downloads/