Skip to content

ci: enable sonar scanning and report results to sonacloud.io#788

Merged
pvital merged 9 commits into
mainfrom
sonar-scan
Sep 1, 2025
Merged

ci: enable sonar scanning and report results to sonacloud.io#788
pvital merged 9 commits into
mainfrom
sonar-scan

Conversation

@arjun-rajappa
Copy link
Copy Markdown
Contributor

@arjun-rajappa arjun-rajappa commented Aug 21, 2025

No description provided.

@arjun-rajappa
ci: enable sonar scanning and report results to sonacloud.io
de2bab1 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@arjun-rajappa arjun-rajappa requested a review from a team as a code owner August 21, 2025 13:03
@arjun-rajappa
ci: update test inclusions in sonar scan
d6e5221 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Aug 21, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

pvital
pvital requested changes Aug 21, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@pvital pvital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you update the image of the final_job to use python:3.13, please?

Comment thread .circleci/config.yml Outdated
@arjun-rajappa
ci: update pyhton dep Installation
70aef01 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@arjun-rajappa
ci: use python 3.13 for final_job
ddf8c10 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Aug 22, 2025

@arjun-rajappa the signed-off-by was not found in the following 1 commits:

  • 2c81ec1: Merge branch 'main' into sonar-scan

📝 What should I do to fix it?

All proposed commits should include a sign-off in their messages, ideally at the end.

❔ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:

By making a contribution to this project, I certify that:

a. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

c. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

d. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

@arjun-rajappa
Merge branch 'main' into sonar-scan
aa9f6bb 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
pvital
pvital requested changes Aug 22, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@pvital pvital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions and requests....

Comment thread .circleci/config.yml
Comment thread .circleci/config.yml
Comment thread .circleci/config.yml Outdated
Comment thread .circleci/config.yml Outdated
Comment thread sonar-project.properties Outdated
@pvital
Copy link
Copy Markdown
Member

pvital commented Aug 22, 2025

@arjun-rajappa, perhaps we can use the pysonar CLI command with the configuration in the pyproject.toml file to run the checking as described in the documentation.

@arjun-rajappa
ci: use pysonar scanner a python library to scan the repo
d53eb8a 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@arjun-rajappa
ci: read sonar.sources from properties file
999156f 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@pvital pvital added the ci/cd label Aug 25, 2025
@arjun-rajappa
ci: remove unwanted steps from final job
6c59451 
Signed-off-by: Arjun Rajappa <Arjun.Rajappa@ibm.com>
@arjun-rajappa arjun-rajappa requested a review from pvital August 26, 2025 05:52
@arjun-rajappa
Copy link
Copy Markdown
Contributor Author

arjun-rajappa commented Sep 1, 2025

@arjun-rajappa, perhaps we can use the pysonar CLI command with the configuration in the pyproject.toml file to run the checking as described in the documentation.

Latest changes pushed uses pysonar cli.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Sep 1, 2025

@arjun-rajappa the signed-off-by was not found in the following 1 commits:

  • 1840112: Merge branch 'main' into sonar-scan

📝 What should I do to fix it?

All proposed commits should include a sign-off in their messages, ideally at the end.

❔ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:

By making a contribution to this project, I certify that:

a. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

c. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

d. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <randomdeveloper@example.com>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Sep 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

pvital
pvital approved these changes Sep 1, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@pvital pvital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good to me.

@pvital pvital merged commit ad0fb4b into main Sep 1, 2025
19 checks passed
@pvital pvital deleted the sonar-scan branch September 1, 2025 07:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pvital pvital pvital approved these changes

Assignees

@arjun-rajappa arjun-rajappa

Labels

ci/cd Review & Merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arjun-rajappa @github-advanced-security @pvital