From d9151105e8acfdd8a25794c6711c117d19e62891 Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 03:40:18 +0300 Subject: [PATCH 1/6] add gate --- .gitea/workflows/build.yml | 22 +++++++++++++++++++++- README.md | 6 ++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 6f4ae68..76c38bc 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -51,4 +51,24 @@ jobs: echo "Running tests with coverage..." dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput=./coverage/ /p:Exclude="[*]*.Migrations.*" /p:ExcludeByFile="**/Migrations/*.cs" echo "Ending SonarQube analysis..." - ~/.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" \ No newline at end of file + ~/.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + - name: Wait for Quality Gate + run: | + echo "Waiting for SonarQube Quality Gate result..." + sleep 10 + + # Get Quality Gate status + QUALITY_GATE_STATUS=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" \ + "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=ChatBot" \ + | grep -o '"status":"[^"]*"' | cut -d'"' -f4) + + echo "Quality Gate Status: $QUALITY_GATE_STATUS" + + if [ "$QUALITY_GATE_STATUS" != "OK" ]; then + echo "❌ Quality Gate failed! Status: $QUALITY_GATE_STATUS" + echo "Please check the SonarQube dashboard for details:" + echo "${{ secrets.SONAR_HOST_URL }}/dashboard?id=ChatBot" + exit 1 + else + echo "✅ Quality Gate passed!" + fi \ No newline at end of file diff --git a/README.md b/README.md index 196af14..f0cc1dd 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,12 @@ [![License](https://img.shields.io/badge/license-MIT-green)](LICENSE.txt) [![PostgreSQL](https://img.shields.io/badge/PostgreSQL-14+-blue)](https://www.postgresql.org/) +[![Quality Gate Status](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=alert_status)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Coverage](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=coverage)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Bugs](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=bugs)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Vulnerabilities](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=vulnerabilities)](https://sonarqube.api.home/dashboard?id=ChatBot) +[![Code Smells](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=code_smells)](https://sonarqube.api.home/dashboard?id=ChatBot) + Интеллектуальный Telegram-бот на базе локальных AI моделей (Ollama), построенный на .NET 9 с использованием Clean Architecture. ## ✨ Основные возможности -- 2.49.1 From 6a45c047701feab00f531853984fe5426420679a Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 03:50:49 +0300 Subject: [PATCH 2/6] fix security hotspots exclusion --- .gitea/workflows/build.yml | 3 ++- .sonarqube/exclusions.txt | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 76c38bc..b5cfb61 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -45,7 +45,8 @@ jobs: /d:sonar.coverage.exclusions="**/Migrations/**/*.cs,**/*ModelSnapshot.cs,**/Migrations/*.cs,**/Program.cs" \ /d:sonar.exclusions="**/Migrations/**/*.cs,**/obj/**,**/bin/**,**/TestResults/**" \ /d:sonar.cpd.exclusions="**/Migrations/**/*.cs" \ - /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs" + /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs" \ + /d:sonar.security.hotspots.excluded="**/Models/Configuration/**/*.cs" echo "Building project..." dotnet build --verbosity normal --no-incremental echo "Running tests with coverage..." diff --git a/.sonarqube/exclusions.txt b/.sonarqube/exclusions.txt index 90438eb..30dd58a 100644 --- a/.sonarqube/exclusions.txt +++ b/.sonarqube/exclusions.txt @@ -12,6 +12,9 @@ **/bin/** **/TestResults/** +## Security Hotspots Exclusions (sonar.security.hotspots.excluded) +**/Models/Configuration/**/*.cs + ## Source and Test Directories Sources: ChatBot/ Tests: ChatBot.Tests/ @@ -21,3 +24,4 @@ Tests: ChatBot.Tests/ - ModelSnapshot: Auto-generated EF Core snapshot - obj/bin: Build artifacts - TestResults: Test execution results +- Configuration Models: Safe usage of environment variables for secrets (BotToken, ConnectionString) -- 2.49.1 From 57652d87e1e5b42d026841331bdbf1bcef056cc1 Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 03:57:33 +0300 Subject: [PATCH 3/6] fix --- .windsurf/rules/basesettings.md | 3 ++- ChatBot/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.windsurf/rules/basesettings.md b/.windsurf/rules/basesettings.md index 9adada6..4ec7d50 100644 --- a/.windsurf/rules/basesettings.md +++ b/.windsurf/rules/basesettings.md @@ -3,10 +3,11 @@ trigger: always_on --- MCP предоставляет ассистенту доступ к данным SonarQube. Используй инструменты для: -Поиска проблем: search_sonar_issues_in_projects, search_dependency_risks +Поиска проблем: search_sonar_issues_in_projects Проверки статуса: get_project_quality_gate_status, get_system_status, get_system_health Анализа кода: analyze_code_snippet, get_raw_source Работы с задачами: change_sonar_issue_status Получения метрик: get_component_measures, search_metrics +Получение документации по библиотекам: use context7 Не гадай — запрашивай данные. Уточняй ключи проектов и issue. Действуй точно, опираясь на информацию из SonarQube. Текущий проект ChatBot \ No newline at end of file diff --git a/ChatBot/Dockerfile b/ChatBot/Dockerfile index 2d20874..a2f5c13 100644 --- a/ChatBot/Dockerfile +++ b/ChatBot/Dockerfile @@ -29,7 +29,7 @@ RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/ap COPY --from=publish /app/publish . # Create directory for logs -RUN mkdir -p /app/logs && chmod 777 /app/logs +RUN mkdir -p /app/logs && chmod 755 /app/logs # Expose ports (if needed for health checks or metrics) EXPOSE 8080 -- 2.49.1 From d71542a0d19889fbfb4e4edd433bb98f2ec3a249 Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 03:59:52 +0300 Subject: [PATCH 4/6] f --- .gitea/workflows/build.yml | 3 +-- .sonarqube/exclusions.txt | 4 ---- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index b5cfb61..76c38bc 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -45,8 +45,7 @@ jobs: /d:sonar.coverage.exclusions="**/Migrations/**/*.cs,**/*ModelSnapshot.cs,**/Migrations/*.cs,**/Program.cs" \ /d:sonar.exclusions="**/Migrations/**/*.cs,**/obj/**,**/bin/**,**/TestResults/**" \ /d:sonar.cpd.exclusions="**/Migrations/**/*.cs" \ - /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs" \ - /d:sonar.security.hotspots.excluded="**/Models/Configuration/**/*.cs" + /d:sonar.test.inclusions="**/*Tests.cs,**/ChatBot.Tests/**/*.cs" echo "Building project..." dotnet build --verbosity normal --no-incremental echo "Running tests with coverage..." diff --git a/.sonarqube/exclusions.txt b/.sonarqube/exclusions.txt index 30dd58a..90438eb 100644 --- a/.sonarqube/exclusions.txt +++ b/.sonarqube/exclusions.txt @@ -12,9 +12,6 @@ **/bin/** **/TestResults/** -## Security Hotspots Exclusions (sonar.security.hotspots.excluded) -**/Models/Configuration/**/*.cs - ## Source and Test Directories Sources: ChatBot/ Tests: ChatBot.Tests/ @@ -24,4 +21,3 @@ Tests: ChatBot.Tests/ - ModelSnapshot: Auto-generated EF Core snapshot - obj/bin: Build artifacts - TestResults: Test execution results -- Configuration Models: Safe usage of environment variables for secrets (BotToken, ConnectionString) -- 2.49.1 From 96026fb69e24efbe3ac012ae7e0f6dca0acef99c Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 04:05:04 +0300 Subject: [PATCH 5/6] fix sec --- ChatBot/Dockerfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/ChatBot/Dockerfile b/ChatBot/Dockerfile index a2f5c13..c86a943 100644 --- a/ChatBot/Dockerfile +++ b/ChatBot/Dockerfile @@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final WORKDIR /app -# Install PostgreSQL client for healthcheck (optional) -RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/* +# Install PostgreSQL client, create user, and prepare directories +RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \ + && groupadd -r appuser && useradd -r -g appuser appuser \ + && mkdir -p /app/logs -# Copy published application +# Copy published application (safe: only contains compiled output from dotnet publish) COPY --from=publish /app/publish . -# Create directory for logs -RUN mkdir -p /app/logs && chmod 755 /app/logs +# Set ownership after copying files +RUN chown -R appuser:appuser /app + +# Switch to non-root user +USER appuser # Expose ports (if needed for health checks or metrics) EXPOSE 8080 -- 2.49.1 From 85515b89e19066f5f39e1b8bf7dec214b521ec53 Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 04:20:39 +0300 Subject: [PATCH 6/6] fix build --- .gitea/workflows/build.yml | 16 +++++++++++---- .gitea/workflows/tests.yml | 40 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 .gitea/workflows/tests.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 76c38bc..7b80b56 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -57,10 +57,18 @@ jobs: echo "Waiting for SonarQube Quality Gate result..." sleep 10 - # Get Quality Gate status - QUALITY_GATE_STATUS=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" \ - "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=ChatBot" \ - | grep -o '"status":"[^"]*"' | cut -d'"' -f4) + # Get Quality Gate status using jq for proper JSON parsing + RESPONSE=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" \ + "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=ChatBot") + + echo "API Response: $RESPONSE" + + # Install jq if not available + if ! command -v jq &> /dev/null; then + sudo apt-get update && sudo apt-get install -y jq + fi + + QUALITY_GATE_STATUS=$(echo "$RESPONSE" | jq -r '.projectStatus.status') echo "Quality Gate Status: $QUALITY_GATE_STATUS" diff --git a/.gitea/workflows/tests.yml b/.gitea/workflows/tests.yml new file mode 100644 index 0000000..dc16373 --- /dev/null +++ b/.gitea/workflows/tests.yml @@ -0,0 +1,40 @@ +name: Tests +on: + push: + branches: + - master + - develop + pull_request: + types: [opened, synchronize, reopened] + +jobs: + test: + name: Run Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup .NET + uses: actions/setup-dotnet@v4 + with: + dotnet-version: '9.0.x' + + - name: Restore dependencies + run: dotnet restore --verbosity normal + + - name: Build + run: dotnet build --configuration Release --no-restore --verbosity normal + + - name: Run tests + run: dotnet test --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=test-results.trx" + + - name: Test Summary + if: always() + run: | + if [ -f "**/test-results.trx" ]; then + echo "✅ Tests completed" + else + echo "❌ Test results not found" + fi -- 2.49.1