feat(#19): Make ThermOHL compatible with Python 3.12

- Update sonarCloud Actions to be runnable from fork

Signed-off-by: SAINTIER Francois <[email protected]>

Author: SaintierFr

.github/workflows/sonarcloud-analysis.yml

@@ -20,27 +20,24 @@ on:
 jobs:
   SonarCloudAnalysis:
     runs-on: ubuntu-latest
-    if: github.event.workflow_run.conclusion == 'success'
+    if: github.event.workflow_run && github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
     timeout-minutes: 15
 
     steps:
       - name: Download PR number artifact
-        if: github.event.workflow_run.event == 'pull_request'
         uses: dawidd6/action-download-artifact@v3
         with:
           workflow: SonarCloud Build
           run_id: ${{ github.event.workflow_run.id }}
           name: PR_NUMBER
 
       - name: Read PR_NUMBER.txt
-        if: github.event.workflow_run.event == 'pull_request'
         id: pr_number
         uses: juliangruber/read-file-action@v1
         with:
           path: ./PR_NUMBER.txt
 
       - name: Request GitHub API for PR data
-        if: github.event.workflow_run.event == 'pull_request'
         uses: octokit/[email protected]
         id: get_pr_data
         with:
@@ -57,7 +54,6 @@ jobs:
           fetch-depth: 0
 
       - name: Checkout base branch
-        if: github.event.workflow_run.event == 'pull_request'
         run: |
           git remote add upstream ${{ github.event.repository.clone_url }}
           git fetch upstream
@@ -70,9 +66,18 @@ jobs:
         with:
           python-version: 3.11
 
+      - name: Cache Python packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('**/pyproject.toml') }}
+          restore-keys: |
+            ${{ runner.os }}-pip
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
+          pip install .
           pip install -e .[test]
 
       - name: Run tests and generate coverage report
@@ -91,18 +96,24 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           args: >
+            -Dsonar.host.url=https://sonarcloud.io
+            -Dsonar.projectKey=phlowers_thermohl
+            -Dsonar.organization=phlowers
             -Dsonar.pullrequest.branch=${{ fromJson(steps.get_pr_data.outputs.data).head.ref }}
             -Dsonar.pullrequest.key=${{ fromJson(steps.get_pr_data.outputs.data).number }}
             -Dsonar.pullrequest.base=${{ fromJson(steps.get_pr_data.outputs.data).base.ref }}
             -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
 
       - name: Run Sonar analysis (Push)
-        if: ${{ github.event.workflow_run.event == 'push' }}
+        if: ${{ github.event.workflow_run.event == 'push' && github.repository == 'phlowers/thermohl'}}
         uses: sonarsource/sonarqube-scan-action@v5
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           args: >
+            -Dsonar.host.url=https://sonarcloud.io
+            -Dsonar.projectKey=phlowers_thermohl
+            -Dsonar.organization=phlowers
             -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
             -Dsonar.branch.name=${{ github.event.workflow_run.head_branch }}

.github/workflows/sonarcloud-build.yml

@@ -39,18 +39,6 @@ jobs:
           python -m pip install --upgrade pip
           pip install --upgrade build
 
-      - name: Install security check tools
-        run: |
-          pip install bandit safety
-
-      - name: Security check with bandit
-        run: |
-          bandit -r thermohl/ -f json -o bandit-results.json || true
-
-      - name: Check dependencies vulnerabilities with safety
-        run: |
-          safety check --json --output safety-results.json || true
-
       - name: Build and analyze (Pull Request)
         if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
         env:
@@ -75,11 +63,3 @@ jobs:
         with:
           name: PR_NUMBER
           path: PR_NUMBER.txt
-
-      - name: Archive security reports
-        uses: actions/upload-artifact@v4
-        with:
-          name: security-reports
-          path: |
-            bandit-results.json
-            safety-results.json