repos/webexmemebot
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Releases 42 Activity

feat(ci): fix CI, switch to self-hosted SonarQube #467

Merged
luke merged 1 commits from sonarqube into main 2025-02-09 21:40:52 +01:00
Conversation 0 Commits 1 Files Changed 10 +44 -13
10 changed files with 44 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
.github/CODEOWNERS → .archive/.github.old/CODEOWNERS
View File

0
.archive/.github/dependabot.yml → .archive/.github.old/dependabot.yml
View File

0
.archive/.github/renovate.json → .archive/.github.old/renovate.json
View File

0
.archive/.github/workflows-old/release.yml → .archive/.github.old/workflows-old/release.yml
View File

0
.github/workflows/ci.yml → .archive/.github.old/workflows/ci.yml
View File

0
.github/workflows/release.yml → .archive/.github.old/workflows/release.yml
View File

20
.gitea/workflows/ci.yml
View File

@ -1,14 +1,11 @@
name: CI name: CI
on: on:
pull_request: pull_request:
types: [opened, synchronize, reopened] types:
paths-ignore: - opened
- "README.md" - edited
- "LICENSE.md" - synchronize
- ".gitignore" - reopened
- "renovate.json"
- ".gitea/CODEOWNERS"
- ".archive"
jobs: jobs:
ci: ci:
@ -30,7 +27,7 @@ jobs:
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version: "${{ vars.PYTHON_VERSION }}" python-version: "3.13"
- name: uv cache - name: uv cache
uses: actions/cache@v4 uses: actions/cache@v4
@ -58,10 +55,11 @@ jobs:
- name: Minimize uv cache - name: Minimize uv cache
run: uv cache prune --ci run: uv cache prune --ci
- name: SonarQube Cloud Scan - name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1 uses: SonarSource/sonarqube-scan-action@v4.2.1
env: env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
- name: Snyk Vulnerability Scan - name: Snyk Vulnerability Scan
uses: snyk/actions/python@master uses: snyk/actions/python@master

2
.gitea/workflows/pr-title-semantic.yml
View File

@ -7,8 +7,6 @@ on:
- edited - edited
- synchronize - synchronize
- reopened - reopened
- labeled
- unlabeled
jobs: jobs:
validate: validate:

34
.gitea/workflows/security.yml Normal file
View File

@ -0,0 +1,34 @@
name: Security
on:
workflow_dispatch:
push:
branches:
- main
schedule:
- cron: "@daily"
jobs:
sonarqube:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
snyk:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4.2.2
- name: Snyk
uses: snyk/actions/python@master
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

1
.gitignore vendored
View File

@ -9,6 +9,7 @@ __pycache__/
# Distribution / packaging # Distribution / packaging
.Python .Python
build/ build/
.pdm-build/
develop-eggs/ develop-eggs/
dist/ dist/
downloads/ downloads/