diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..f1710c7 --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,68 @@ +name: CI + +on: + push: + branches: [master] + pull_request: + branches: [master] + +jobs: + lint: + runs-on: linux + steps: + - uses: actions/checkout@v4 + - name: Lint + run: | + podman run --rm \ + -v "$PWD:/app:ro" \ + -w /app \ + python:3.12-alpine \ + sh -c "pip install --no-cache-dir -q ruff && \ + ruff check src/ tests/" + + test: + runs-on: linux + needs: [lint] + steps: + - uses: actions/checkout@v4 + - name: Test + run: | + podman run --rm \ + -v "$PWD:/app:ro" \ + -w /app \ + python:3.12-alpine \ + sh -c "pip install --no-cache-dir -q -r requirements.txt && \ + pip install --no-cache-dir -q pytest pytest-asyncio && \ + PYTHONPATH=src pytest tests/ -v" + + secrets: + runs-on: linux + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Scan for secrets + run: | + podman run --rm \ + -v "$PWD:/scan:ro" \ + ghcr.io/gitleaks/gitleaks:latest \ + detect --source /scan -v + + build: + runs-on: linux + needs: [test, secrets] + if: github.event_name == 'push' && github.ref == 'refs/heads/master' + steps: + - uses: actions/checkout@v4 + - name: Login to Harbor + run: echo "$HARBOR_PASS" | podman login -u "$HARBOR_USER" --password-stdin harbor.mymx.me + env: + HARBOR_USER: ${{ secrets.HARBOR_USER }} + HARBOR_PASS: ${{ secrets.HARBOR_PASS }} + - name: Build and push + run: | + TAG="harbor.mymx.me/library/bouncer:${GITHUB_SHA::8}" + LATEST="harbor.mymx.me/library/bouncer:latest" + podman build -t "$TAG" -t "$LATEST" -f Containerfile . + podman push "$TAG" + podman push "$LATEST" diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..61b598e --- /dev/null +++ b/requirements.txt @@ -0,0 +1,5 @@ +python-socks[asyncio]>=2.4 +aiosqlite>=0.19 +aiohttp>=3.9 +aiohttp-socks>=0.8 +cryptography>=41.0