diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 6f4ae68..7b80b56 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -51,4 +51,32 @@ jobs: echo "Running tests with coverage..." dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput=./coverage/ /p:Exclude="[*]*.Migrations.*" /p:ExcludeByFile="**/Migrations/*.cs" echo "Ending SonarQube analysis..." - ~/.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" \ No newline at end of file + ~/.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + - name: Wait for Quality Gate + run: | + echo "Waiting for SonarQube Quality Gate result..." + sleep 10 + + # Get Quality Gate status using jq for proper JSON parsing + RESPONSE=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" \ + "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=ChatBot") + + echo "API Response: $RESPONSE" + + # Install jq if not available + if ! command -v jq &> /dev/null; then + sudo apt-get update && sudo apt-get install -y jq + fi + + QUALITY_GATE_STATUS=$(echo "$RESPONSE" | jq -r '.projectStatus.status') + + echo "Quality Gate Status: $QUALITY_GATE_STATUS" + + if [ "$QUALITY_GATE_STATUS" != "OK" ]; then + echo "❌ Quality Gate failed! Status: $QUALITY_GATE_STATUS" + echo "Please check the SonarQube dashboard for details:" + echo "${{ secrets.SONAR_HOST_URL }}/dashboard?id=ChatBot" + exit 1 + else + echo "✅ Quality Gate passed!" + fi \ No newline at end of file diff --git a/.gitea/workflows/tests.yml b/.gitea/workflows/tests.yml new file mode 100644 index 0000000..dc16373 --- /dev/null +++ b/.gitea/workflows/tests.yml @@ -0,0 +1,40 @@ +name: Tests +on: + push: + branches: + - master + - develop + pull_request: + types: [opened, synchronize, reopened] + +jobs: + test: + name: Run Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: '9.0.x' + + - name: Restore dependencies + run: dotnet restore --verbosity normal + + - name: Build + run: dotnet build --configuration Release --no-restore --verbosity normal + + - name: Run tests + run: dotnet test --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=test-results.trx" + + - name: Test Summary + if: always() + run: | + if [ -f "**/test-results.trx" ]; then + echo "✅ Tests completed" + else + echo "❌ Test results not found" + fi diff --git a/.windsurf/rules/basesettings.md b/.windsurf/rules/basesettings.md index 9adada6..4ec7d50 100644 --- a/.windsurf/rules/basesettings.md +++ b/.windsurf/rules/basesettings.md @@ -3,10 +3,11 @@ trigger: always_on --- MCP предоставляет ассистенту доступ к данным SonarQube. Используй инструменты для: -Поиска проблем: search_sonar_issues_in_projects, search_dependency_risks +Поиска проблем: search_sonar_issues_in_projects Проверки статуса: get_project_quality_gate_status, get_system_status, get_system_health Анализа кода: analyze_code_snippet, get_raw_source Работы с задачами: change_sonar_issue_status Получения метрик: get_component_measures, search_metrics +Получение документации по библиотекам: use context7 Не гадай — запрашивай данные. Уточняй ключи проектов и issue. Действуй точно, опираясь на информацию из SonarQube. Текущий проект ChatBot \ No newline at end of file diff --git a/ChatBot/Dockerfile b/ChatBot/Dockerfile index 2d20874..c86a943 100644 --- a/ChatBot/Dockerfile +++ b/ChatBot/Dockerfile @@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final WORKDIR /app -# Install PostgreSQL client for healthcheck (optional) -RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/* +# Install PostgreSQL client, create user, and prepare directories +RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \ + && groupadd -r appuser && useradd -r -g appuser appuser \ + && mkdir -p /app/logs -# Copy published application +# Copy published application (safe: only contains compiled output from dotnet publish) COPY --from=publish /app/publish . -# Create directory for logs -RUN mkdir -p /app/logs && chmod 777 /app/logs +# Set ownership after copying files +RUN chown -R appuser:appuser /app + +# Switch to non-root user +USER appuser # Expose ports (if needed for health checks or metrics) EXPOSE 8080 diff --git a/README.md b/README.md index 196af14..f0cc1dd 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,12 @@ [![License](https://img.shields.io/badge/license-MIT-green)](LICENSE.txt) [![PostgreSQL](https://img.shields.io/badge/PostgreSQL-14+-blue)](https://www.postgresql.org/) +[![Quality Gate Status](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=alert_status)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Coverage](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=coverage)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Bugs](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=bugs)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Vulnerabilities](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=vulnerabilities)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Code Smells](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=code_smells)](https://sonarqube.api.home/dashboard?id=ChatBot) + Интеллектуальный Telegram-бот на базе локальных AI моделей (Ollama), построенный на .NET 9 с использованием Clean Architecture. ## ✨ Основные возможности