Migrate SonarQube to sn.e-cosplay.fr, rotate badge token, drop OWASP Dependency-Check, update deploy host

- .env, .env.test, ansible/env.local.j2: point SONARQUBE_URL to https://sn.e-cosplay.fr - ansible/vault.yml, .env: rotate sonarqube_badge_token to new value - .gitea/workflows/ci.yml, sonarqube.yml: remove OWASP Dependency-Check steps and force sonar.host.url via CLI args - sonar-project.properties: drop dependencyCheck report paths - .gitea/workflows/deploy.yml: switch SSH target from 34.90.187.4 to 152.228.222.133 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:44:37 +02:00
parent 7c848bbdb0
commit 92548920c2
8 changed files with 173 additions and 203 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -116,27 +116,11 @@ jobs:
          ./hadolint docker/php/dev/Dockerfile -f json > hadolint-dev.json || true
          ./hadolint docker/php/prod/Dockerfile -f json > hadolint-prod.json || true

-      - name: OWASP Dependency-Check
-        uses: dependency-check/Dependency-Check_Action@main
-        with:
-          project: 'e-ticket'
-          path: '.'
-          format: 'JSON,HTML'
-          args: >
-            --scan composer.lock
-            --scan package.json
-            --out .
-            --disableAssembly
-            --nvdApiKey ${{ secrets.NVD_API_KEY }}
-        continue-on-error: true
-
-      - name: Rename Dependency-Check reports
-        run: |
-          mv dependency-check-report.json dependency-check-report.json 2>/dev/null || true
-          mv dependency-check-report.html dependency-check-report.html 2>/dev/null || true
-
      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@v5
+        with:
+          args: >
+            -Dsonar.host.url=https://sn.e-cosplay.fr
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-          SONAR_HOST_URL: https://sn.esy-web.dev
+          SONAR_HOST_URL: https://sn.e-cosplay.fr