feat: harden qrcode flow, CI, and logo customization#12
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 635f6a6e4e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| - name: SonarQube scan | ||
| uses: SonarSource/sonarqube-scan-action@v6 | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} |
There was a problem hiding this comment.
This step now runs on every pull_request, but forked PRs do not receive repository secrets, so SONAR_TOKEN/SONAR_HOST_URL are empty in that context and the Sonar action fails; that makes the workflow fail for external contributors even when tests pass. This regression was introduced by adding the pull_request trigger without gating the Sonar step, so the scan should be conditional (or moved to a trusted event) for forked PRs.
Useful? React with 👍 / 👎.
raskitoma
changed the title
1 participant
Summary\n- remove Sonar token-bearing README badge reference\n- add QR input validation and basic tests\n- pin Docker base image to Python 3.12 Alpine\n- modernize CI to run unit tests on push/PR before Sonar analysis\n- add empty-state placeholder UI when no text is entered\n- add optional logo upload with adjustable size and centered rendering\n\n## Validation\n- foxhound Docker Compose review instance tested successfully\n- homepage returns 200\n- QR generation returns PNG\n- blank input is rejected with 400\n- placeholder and logo customization behavior verified in review deployment\n