fix: add more validations to project attributes

[bzwei]

Now validate project url, branch, and refspec

https://issues.redhat.com/browse/AAP-47166

[bzwei]

We can ignore the quality gate failures on security hotspots. Those tests are needed.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 93.91%. Comparing base (f01fbd6) to head (1353a92).

@@            Coverage Diff             @@
##             main    #1335      +/-   ##
==========================================
+ Coverage   93.87%   93.91%   +0.04%     
==========================================
  Files         318      318              
  Lines       18667    18742      +75     
==========================================
+ Hits        17523    17602      +79     
+ Misses       1144     1140       -4     

Flag	Coverage Δ
unit-int-tests-3.11	93.85% <100.00%> (+0.04%)	⬆️
unit-int-tests-3.12	93.91% <100.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/aap_eda/api/serializers/project.py	93.26% <100.00%> (+0.19%)	⬆️
src/aap_eda/core/validators.py	87.14% <100.00%> (+0.84%)	⬆️
src/aap_eda/services/project/scm.py	73.29% <100.00%> (+5.84%)	⬆️
tests/integration/api/test_project.py	99.43% <100.00%> (+0.02%)	⬆️
tests/unit/test_scm.py	100.00% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mkanoor]

@bzwei do we need to check the integration tests to see if the error comes in the correct field names so UI can display it.

[bzwei]

@bzwei do we need to check the integration tests to see if the error comes in the correct field names so UI can display it.

Added

[bzwei]

The e2e failure is fixed by https://github.com/ansible/eda-qa/pull/474.

[Alex-Izquierdo]

LGTM
Regarding the comment from @mkanoor raw strings r'...' affects to how the backslashes are interpreted. Here they are escaped so it would not be necessary.

I personally prefer raw strings because it is easier to read and debug and less error prone. I suggest to change it but I won't block the PR for this. Up to you bill.

[Alex-Izquierdo]

sonar is complaining about a non covered line which git. I'm fine to ignore it, but it is also true that the test for it would be also simple.

[bzwei]

@Alex-Izquierdo fixed all. Please review again

[ptoscano]

There are two sonarqube reports on the "http" urls used in tests, because Using http protocol is insecure. Use https instead. It seems there is no way to disable a specific rule with an inline comment (like with flake8/pylint/etc):
https://community.sonarsource.com/t/python-add-inline-disabling-of-specific-rule/64184
(https://portal.productboard.com/sonarsource/3-sonarqube-server/c/755-python-users-can-suppress-specific-issues-with-nosonar-with-a-rule-key seems to be a way to request it more)
Another option, as mentioned in the above forum, is to disable sonarqube altogether for those two lines, eg:

        ("http://git.example.com/repo.git/sub/r2.git", True),  # /NOSONAR

IMHO either this, or let's ignore the issue altogether (which will show up in case those lines are changed again in the future).

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
1.0% Duplication on New Code

See analysis details on SonarQube Cloud