feat(ci): fix CI, switch to self-hosted SonarQube #467

Merged
luke merged 1 commits from sonarqube into main 2025-02-09 20:40:52 +00:00
10 changed files with 44 additions and 13 deletions

View File

@@ -1,14 +1,11 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- "README.md"
- "LICENSE.md"
- ".gitignore"
- "renovate.json"
- ".gitea/CODEOWNERS"
- ".archive"
types:
- opened
- edited
- synchronize
- reopened
jobs:
ci:
@@ -30,7 +27,7 @@ jobs:
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
python-version: "3.13"
- name: uv cache
uses: actions/cache@v4
@@ -58,10 +55,11 @@ jobs:
- name: Minimize uv cache
run: uv cache prune --ci
- name: SonarQube Cloud Scan
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python@master

View File

@@ -7,8 +7,6 @@ on:
- edited
- synchronize
- reopened
- labeled
- unlabeled
jobs:
validate:

View File

@@ -0,0 +1,34 @@
name: Security
on:
workflow_dispatch:
push:
branches:
- main
schedule:
- cron: "@daily"
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
snyk:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: Snyk
uses: snyk/actions/python@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

1
.gitignore vendored
View File

@@ -9,6 +9,7 @@ __pycache__/
# Distribution / packaging
.Python
build/
.pdm-build/
develop-eggs/
dist/
downloads/