5 changed files with 87 additions and 7 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -52,3 +52,31 @@ jobs:
          dotnet test /p:CollectCoverage=true /p:CoverletOutputFormat=opencover /p:CoverletOutput=./coverage/ /p:Exclude="[*]*.Migrations.*" /p:ExcludeByFile="**/Migrations/*.cs"
          echo "Ending SonarQube analysis..."
          ~/.sonar/scanner/dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}"
      - name: Wait for Quality Gate
        run: |
          echo "Waiting for SonarQube Quality Gate result..."
          sleep 10
          # Get Quality Gate status using jq for proper JSON parsing
          RESPONSE=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" \
            "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=ChatBot")
          echo "API Response: $RESPONSE"
          # Install jq if not available
          if ! command -v jq &> /dev/null; then
            sudo apt-get update && sudo apt-get install -y jq
          fi
          QUALITY_GATE_STATUS=$(echo "$RESPONSE" | jq -r '.projectStatus.status')
          echo "Quality Gate Status: $QUALITY_GATE_STATUS"
          if [ "$QUALITY_GATE_STATUS" != "OK" ]; then
            echo "❌ Quality Gate failed! Status: $QUALITY_GATE_STATUS"
            echo "Please check the SonarQube dashboard for details:"
            echo "${{ secrets.SONAR_HOST_URL }}/dashboard?id=ChatBot"
            exit 1
          else
            echo "✅ Quality Gate passed!"
          fi
--- a/.gitea/workflows/tests.yml
+++ b/.gitea/workflows/tests.yml
@@ -0,0 +1,40 @@
 name: Tests
 on:
  push:
    branches:
      - master
      - develop
  pull_request:
    types: [opened, synchronize, reopened]
 jobs:
  test:
    name: Run Tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: '9.0.x'
      - name: Restore dependencies
        run: dotnet restore --verbosity normal
      - name: Build
        run: dotnet build --configuration Release --no-restore --verbosity normal
      - name: Run tests
        run: dotnet test --configuration Release --no-build --verbosity normal --logger "trx;LogFileName=test-results.trx"
      - name: Test Summary
        if: always()
        run: |
          if [ -f "**/test-results.trx" ]; then
            echo "✅ Tests completed"
          else
            echo "❌ Test results not found"
          fi
--- a/.windsurf/rules/basesettings.md
+++ b/.windsurf/rules/basesettings.md
@@ -3,10 +3,11 @@ trigger: always_on
 ---
 MCP предоставляет ассистенту доступ к данным SonarQube. Используй инструменты для:
-Поиска проблем: search_sonar_issues_in_projects, search_dependency_risks
+Поиска проблем: search_sonar_issues_in_projects
 Проверки статуса: get_project_quality_gate_status, get_system_status, get_system_health
 Анализа кода: analyze_code_snippet, get_raw_source
 Работы с задачами: change_sonar_issue_status
 Получения метрик: get_component_measures, search_metrics
 Получение документации по библиотекам: use context7
 Не гадай — запрашивай данные. Уточняй ключи проектов и issue. Действуй точно, опираясь на информацию из SonarQube.
 Текущий проект ChatBot
--- a/ChatBot/Dockerfile
+++ b/ChatBot/Dockerfile
@@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final
 WORKDIR /app
-# Install PostgreSQL client for healthcheck (optional)
+# Install PostgreSQL client, create user, and prepare directories
-RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \
    && groupadd -r appuser && useradd -r -g appuser appuser \
    && mkdir -p /app/logs
-# Copy published application
+# Copy published application (safe: only contains compiled output from dotnet publish)
 COPY --from=publish /app/publish .
-# Create directory for logs
+# Set ownership after copying files
-RUN mkdir -p /app/logs && chmod 777 /app/logs
+RUN chown -R appuser:appuser /app
 # Switch to non-root user
 USER appuser
 # Expose ports (if needed for health checks or metrics)
 EXPOSE 8080
--- a/README.md
+++ b/README.md
@@ -4,6 +4,12 @@
 [![License](https://img.shields.io/badge/license-MIT-green)](LICENSE.txt)
 [![PostgreSQL](https://img.shields.io/badge/PostgreSQL-14+-blue)](https://www.postgresql.org/)
 [![Quality Gate Status](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=alert_status)](https://sonarqube.api.home/dashboard?id=ChatBot)
 [![Coverage](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=coverage)](https://sonarqube.api.home/dashboard?id=ChatBot)
 [![Bugs](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=bugs)](https://sonarqube.api.home/dashboard?id=ChatBot)
 [![Vulnerabilities](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=vulnerabilities)](https://sonarqube.api.home/dashboard?id=ChatBot)
 [![Code Smells](https://sonarqube.api.home/api/project_badges/measure?project=ChatBot&metric=code_smells)](https://sonarqube.api.home/dashboard?id=ChatBot)
 Интеллектуальный Telegram-бот на базе локальных AI моделей (Ollama), построенный на .NET 9 с использованием Clean Architecture.
 ## ✨ Основные возможности