repos/webexmemebot
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Releases 42 Activity

feat(ci): fix CI, switch to self-hosted SonarQube #467

Merged
luke merged 1 commits from sonarqube into main 2025-02-09 21:40:52 +01:00
Conversation 0 Commits 1 Files Changed 10 +44 -13
10 changed files with 44 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 44d6f9d161 - Show all commits

0
.github/CODEOWNERS → .archive/.github.old/CODEOWNERS
View File

0
.archive/.github/dependabot.yml → .archive/.github.old/dependabot.yml
View File

0
.archive/.github/renovate.json → .archive/.github.old/renovate.json
View File

0
.archive/.github/workflows-old/release.yml → .archive/.github.old/workflows-old/release.yml
View File

0
.github/workflows/ci.yml → .archive/.github.old/workflows/ci.yml
View File

0
.github/workflows/release.yml → .archive/.github.old/workflows/release.yml
View File

20
.gitea/workflows/ci.yml
View File

@ -1,14 +1,11 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- "README.md"
- "LICENSE.md"
- ".gitignore"
- "renovate.json"
- ".gitea/CODEOWNERS"
- ".archive"
types:
- opened
- edited
- synchronize
- reopened
jobs:
ci:
@ -30,7 +27,7 @@ jobs:
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
python-version: "3.13"
- name: uv cache
uses: actions/cache@v4
@ -58,10 +55,11 @@ jobs:
- name: Minimize uv cache
run: uv cache prune --ci
- name: SonarQube Cloud Scan
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python@master

2
.gitea/workflows/pr-title-semantic.yml
View File

@ -7,8 +7,6 @@ on:
- edited
- synchronize
- reopened
- labeled
- unlabeled
jobs:
validate:

34
.gitea/workflows/security.yml Normal file
View File

@ -0,0 +1,34 @@
name: Security
on:
workflow_dispatch:
push:
branches:
- main
schedule:
- cron: "@daily"
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
snyk:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: Snyk
uses: snyk/actions/python@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

1
.gitignore vendored
View File

@ -9,6 +9,7 @@ __pycache__/
# Distribution / packaging
.Python
build/
.pdm-build/
develop-eggs/
dist/
downloads/