Simplified container building workflow - now only checks for presence of container tag on repo

.gitea/workflows/build-containers-on-demand.yml

@@ -211,28 +211,17 @@ jobs:
             echo "ERROR: Found $ctype \"$cname\" image repo is \"$new_repo\" but expected \"$expected_repo\""
             exit 1
           fi
-          if [ -n "${old_image:-}" ]; then
-            old_tag="${old_image##*:}"
-          else
-            old_tag=""
-          fi
 
           registry="$(echo "$new_repo" | awk -F/ '{print $1}')"
 
           {
-            echo "changed=$([ "$old_tag" != "$new_tag" ] && echo true || echo false)"
             echo "new_image=$new_image"
             echo "new_repo=$new_repo"
             echo "new_tag=$new_tag"
             echo "registry=$registry"
           } >> "$GITHUB_OUTPUT"
 
-      - name: Skip if tag unchanged
-        if: steps.img.outputs.changed != 'true'
-        run: echo "${{ matrix.description }} image tag unchanged; skipping build."
-
       - name: Check if image exists on registry
-        if: steps.img.outputs.changed == 'true'
         id: check_image
         shell: bash
         run: |
@@ -267,15 +256,15 @@ jobs:
           fi
 
       - name: Skip if image already exists
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'true'
+        if: steps.check_image.outputs.exists == 'true'
         run: echo "${{ matrix.description }} image ${{ steps.img.outputs.new_image }} already exists on registry; skipping build."
 
       - name: Set up Buildx
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
         uses: docker/setup-buildx-action@v3
 
       - name: Log in to registry
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
         uses: docker/login-action@v3
         with:
           registry: ${{ steps.img.outputs.registry }}
@@ -283,7 +272,7 @@ jobs:
           password: ${{ secrets.REGISTRY_PASSWORD }}
 
       - name: Build and push ${{ matrix.description }} (exact tag from deployment)
-        if: steps.img.outputs.changed == 'true' && steps.check_image.outputs.exists == 'false'
+        if: steps.check_image.outputs.exists == 'false'
         uses: docker/build-push-action@v6
         with:
           context: ${{ matrix.build_context }}

.gitea/workflows/check_code_in_sonarqube.yaml

@@ -0,0 +1,67 @@
+on:
+  push:
+    branches:
+      - main
+      - development
+  pull_request:
+      types: [opened, synchronize, reopened]
+
+name: SonarQube Scan
+jobs:
+  sonarqube:
+    name: SonarQube Trigger
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checking out
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11'
+
+    - name: Install dependencies
+      run: |
+        pip install -r requirements.txt
+
+    - name: Run tests with coverage
+      run: |
+        coverage run --source='.' manage.py test
+        coverage xml
+
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    - name: Cache SonarQube packages
+      uses: actions/cache@v3
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+
+    - name: Download and setup SonarScanner
+      run: |
+        mkdir -p $HOME/.sonar
+        wget -q https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
+        unzip -q sonar-scanner-cli-5.0.1.3006-linux.zip -d $HOME/.sonar/
+        echo "$HOME/.sonar/sonar-scanner-5.0.1.3006-linux/bin" >> $GITHUB_PATH
+
+    - name: Verify Java version
+      run: java -version
+
+    - name: SonarQube Scan
+      env:
+        SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST }}
+        SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
+      run: |
+        sonar-scanner \
+          -Dsonar.projectKey=${{ github.event.repository.name }} \
+          -Dsonar.sources=. \
+          -Dsonar.host.url=${SONAR_HOST_URL} \
+          -Dsonar.token=${SONAR_TOKEN} \
+          -Dsonar.python.coverage.reportPaths=coverage.xml

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13-slim AS baustelle
+FROM python:3.14 AS baustelle
 RUN mkdir /app
 WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -7,15 +7,14 @@ RUN pip install  --upgrade pip
 COPY requirements.txt /app/
 RUN pip install --no-cache-dir -r requirements.txt
 
-FROM python:3.13-slim
+FROM python:3.14-slim
 RUN useradd -m -r appuser && \
     mkdir /app && \
     chown -R appuser /app
 
-COPY --from=baustelle /usr/local/lib/python3.13/site-packages/ /usr/local/lib/python3.13/site-packages/
+COPY --from=baustelle /usr/local/lib/python3.14/site-packages/ /usr/local/lib/python3.14/site-packages/
 COPY --from=baustelle /usr/local/bin/ /usr/local/bin/
-RUN rm /usr/bin/tar
+RUN rm /usr/bin/tar /usr/lib/x86_64-linux-gnu/libncur*
-RUN rm /usr/lib/x86_64-linux-gnu/libncur*
 WORKDIR /app
 COPY --chown=appuser:appuser . .
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -31,7 +30,7 @@ RUN rm -rf /app/Dockerfile* \
            /app/requirements.txt \
            /app/node_modules \
            /app/*.json \
-           /app/test_*.py
+           /app/test_*.py && \
-RUN python3 manage.py collectstatic
+    python3 manage.py collectstatic
 CMD ["gunicorn","--bind","0.0.0.0:8000","--workers","3","VorgabenUI.wsgi:application"]
 

VorgabenUI/settings-docker.py

@@ -24,7 +24,7 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 SECRET_KEY = os.environ.get("SECRET_KEY")
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = bool(os.environ.get("DEBUG", default=0)
+DEBUG = bool(os.environ.get("DEBUG", default=0))
 
 ALLOWED_HOSTS = os.environ.get("DJANGO_ALLOWED_HOSTS","127.0.0.1").split(",")
 

argocd/deployment.yaml

@@ -25,7 +25,7 @@ spec:
               mountPath: /data
       containers:
         - name: web
-          image: git.baumann.gr/adebaumann/vui:0.961
+          image: git.baumann.gr/adebaumann/vui:0.963
           imagePullPolicy: Always
           ports:
             - containerPort: 8000

dokumente/tests.py

@@ -1620,19 +1620,25 @@ class GetVorgabeCommentsViewTest(TestCase):
         # Create users
         self.regular_user = User.objects.create_user(
             username='regularuser',
-            password='testpass123'
+            password='testpass123',
+            first_name='Regular',
+            last_name='User'
         )
         
         self.staff_user = User.objects.create_user(
             username='staffuser',
-            password='testpass123'
+            password='testpass123',
+            first_name='Staff',
+            last_name='User'
         )
         self.staff_user.is_staff = True
         self.staff_user.save()
         
         self.other_user = User.objects.create_user(
             username='otheruser',
-            password='testpass123'
+            password='testpass123',
+            first_name='Other',
+            last_name='User'
         )
         
         # Create test data
@@ -1697,7 +1703,7 @@ class GetVorgabeCommentsViewTest(TestCase):
         # Should only see their own comment
         self.assertEqual(len(data['comments']), 1)
         self.assertEqual(data['comments'][0]['text'], 'Kommentar von Regular User')
-        self.assertEqual(data['comments'][0]['user'], 'regularuser')
+        self.assertEqual(data['comments'][0]['user'], 'Regular User')
         self.assertTrue(data['comments'][0]['is_own'])
     
     def test_staff_user_sees_all_comments(self):
@@ -1715,8 +1721,8 @@ class GetVorgabeCommentsViewTest(TestCase):
         # Should see all comments
         self.assertEqual(len(data['comments']), 2)
         usernames = [c['user'] for c in data['comments']]
-        self.assertIn('regularuser', usernames)
+        self.assertIn('Regular User', usernames)
-        self.assertIn('otheruser', usernames)
+        self.assertIn('Other User', usernames)
     
     def test_get_comments_returns_404_for_nonexistent_vorgabe(self):
         """Test that requesting comments for non-existent Vorgabe returns 404"""
@@ -2041,12 +2047,16 @@ class DeleteVorgabeCommentViewTest(TestCase):
         
         self.other_user = User.objects.create_user(
             username='otheruser',
-            password='testpass123'
+            password='testpass123',
+            first_name='Other',
+            last_name='User'
         )
         
         self.staff_user = User.objects.create_user(
             username='staffuser',
-            password='testpass123'
+            password='testpass123',
+            first_name='Staff',
+            last_name='User'
         )
         self.staff_user.is_staff = True
         self.staff_user.save()

pages/templates/base.html

@@ -215,7 +215,7 @@
           </p>
         </div>
         <div class="col-sm-6 text-right">
-          <p class="text-muted">Version {{ version|default:"0.961" }}</p>
+          <p class="text-muted">Version {{ version|default:"0.963" }}</p>
         </div>
       </div>
     </div>

requirements.txt

@@ -5,7 +5,7 @@ certifi==2025.8.3
 charset-normalizer==3.4.3
 curtsies==0.4.3
 cwcwidth==0.1.10
-Django==5.2.5
+Django==5.2.8
 django-admin-sortable2==2.2.8
 django-js-asset==3.1.2
 django-mptt==0.17.0
@@ -33,3 +33,4 @@ sqlparse==0.5.3
 urllib3==2.5.0
 wcwidth==0.2.13
 bleach==6.1.0
+coverage==7.6.1