ci: add SonarCloud continuous inspection#31
ci: add SonarCloud continuous inspection#31don-petry wants to merge 3 commits intooneirosoft:mainfrom
Conversation
Add SonarCloud configuration and GitHub Actions workflow for automated code quality analysis on pushes to main and pull requests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds SonarCloud continuous inspection to the repository by introducing a standard SonarCloud project configuration file and a dedicated GitHub Actions workflow to run scans on main and on pull requests.
Changes:
- Add
sonar-project.propertiesto define SonarCloud project/org and analysis scope. - Add
.github/workflows/sonarcloud.ymlto run SonarCloud analysis in CI on pushes tomainand PR updates.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
sonar-project.properties |
Defines SonarCloud project settings and what paths to analyze/exclude. |
.github/workflows/sonarcloud.yml |
Introduces a CI workflow job to execute the SonarCloud scan action. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sonar-project.properties
Outdated
| sonar.sources=src | ||
| sonar.tests=tests | ||
| sonar.sourceEncoding=UTF-8 | ||
| sonar.exclusions=**/test_support.rs |
There was a problem hiding this comment.
sonar.tests=tests won’t classify the repo’s unit test files under src/core/**/tests.rs as tests, so SonarCloud will analyze them as production sources and skew metrics (bugs/smells/coverage on “new code”). Consider either adding those paths via sonar.tests + sonar.test.inclusions (e.g., matching src/**/tests.rs) or excluding src/**/tests.rs from sonar.sources using sonar.exclusions.
| sonar.exclusions=**/test_support.rs | |
| sonar.exclusions=**/test_support.rs | |
| sonar.test.inclusions=src/**/tests.rs |
There was a problem hiding this comment.
Addressed — removed sonar.tests since Rust unit tests live alongside source code in #[cfg(test)] modules, not in a separate directory.
.github/workflows/sonarcloud.yml
Outdated
| - name: SonarCloud Scan | ||
| uses: SonarSource/sonarqube-scan-action@v5 | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
There was a problem hiding this comment.
This workflow will fail on pull requests from forks because secrets.SONAR_TOKEN is not provided for forked PRs, causing the scan step to error and the PR check to go red. To avoid blocking external contributors, add a job/step if: guard to only run when the PR originates from the same repo (or when secrets.SONAR_TOKEN is set), or make the scan non-blocking for forked PRs.
There was a problem hiding this comment.
The if: ${{ env.SONAR_TOKEN \!= '' }} guard on the scan step already handles this — when the secret is unavailable on fork PRs, the step is skipped and the job succeeds. This matches the pattern used across all petry-projects repos.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Why?
SonarCloud provides continuous code quality inspection — tracking bugs, code smells, security vulnerabilities, and test coverage over time. Unlike one-shot linters, it maintains a historical baseline so quality trends are visible and regressions are caught as they happen.
Summary
sonar-project.propertieswith project configuration for SonarCloud.github/workflows/sonarcloud.ymlGitHub Actions workflow that runs SonarCloud analysis on pushes tomainand on pull requestsSONAR_TOKENis unavailableRelates to #11 (item 9 — SonarCloud / SonarQube integration).
Maintainer setup required
oneirosoft/daggerrepositorySONAR_TOKENsecret to the GitHub repository settings (Settings → Secrets and variables → Actions → New repository secret)Test plan
mainand on PRs🤖 Generated with Claude Code