.gitea/workflows/ci.yml

@@ -0,0 +1,47 @@
+name: CI
+
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main, develop]
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: https://gitea.com/actions/checkout@v4
+
+      - name: Set up Python
+        uses: https://gitea.com/actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Cache pip
+        uses: https://gitea.com/actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        run: pip install -r requirements.txt
+
+      - name: Install lint and security tools
+        run: pip install ruff bandit safety
+
+      - name: Lint with Ruff
+        run: ruff check dashboard watcher_visio
+
+      - name: Run tests
+        env:
+          USE_MOCK_DATA: "true"
+        run: python manage.py test dashboard
+
+      - name: Security check with Bandit
+        run: bandit -r dashboard watcher_visio -ll
+
+      - name: Security check with Safety
+        run: safety check -r requirements.txt

.gitea/workflows/docker-build.yml

@@ -0,0 +1,74 @@
+name: Docker build and release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    outputs:
+      tag: ${{ steps.meta.outputs.tag }}
+    steps:
+      - name: Checkout
+        uses: https://gitea.com/actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set release tag
+        id: meta
+        run: |
+          echo "tag=v$(date +%Y%m%d)-${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
+
+      - name: Extract registry host
+        id: registry
+        run: |
+          echo "host=${GITHUB_SERVER_URL#https://}" >> $GITHUB_OUTPUT
+
+      - name: Log in to Gitea Container Registry
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ steps.registry.outputs.host }} -u ${{ github.actor }} --password-stdin
+
+      - name: Build and push
+        run: |
+          IMAGE="${{ steps.registry.outputs.host }}/${{ github.repository }}"
+          TAG="${{ steps.meta.outputs.tag }}"
+          docker build -t "$IMAGE:$TAG" -t "$IMAGE:latest" .
+          docker push "$IMAGE:$TAG"
+          docker push "$IMAGE:latest"
+
+  release:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: https://gitea.com/actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Generate release notes
+        id: notes
+        run: |
+          PREV=$(git describe --tags --abbrev=0 2>/dev/null || echo "")
+          if [ -z "$PREV" ]; then
+            echo "## Changes" > release_notes.md
+            echo "" >> release_notes.md
+            git log --pretty=format:"- %s (%h)" >> release_notes.md || echo "- Initial release" >> release_notes.md
+          else
+            echo "## Changes since $PREV" > release_notes.md
+            echo "" >> release_notes.md
+            git log "$PREV"..HEAD --pretty=format:"- %s (%h)" >> release_notes.md
+          fi
+
+      - name: Create release
+        uses: https://gitea.com/actions/gitea-release-action@v1
+        with:
+          token: ${{ secrets.REGISTRY_TOKEN }}
+          tag_name: ${{ needs.build-and-push.outputs.tag }}
+          body_path: release_notes.md
+          target_commitish: ${{ github.sha }}

pyproject.toml

@@ -0,0 +1,15 @@
+[project]
+name = "watcher-visio"
+version = "0.1.0"
+description = "Watcher Visio dashboard"
+readme = "README.md"
+requires-python = ">=3.12"
+
+[tool.ruff]
+line-length = 100
+target-version = "py312"
+src = ["dashboard", "watcher_visio"]
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "N", "W"]
+ignore = []