introduce sonarqube (#102)

ajaskolski · web-flow · commit 4fd74392dd05 · 2025-05-21T15:11:58.000Z
This pull request introduces SonarQube integration to enhance code
quality analysis and reporting. The changes include adding a SonarQube
job to the CI workflow and configuring the SonarQube project properties
for the repository.

### CI Workflow Enhancements:
*
[`.github/workflows/pull-request-main.yml`](diffhunk://#diff-deba6b8d69fe72e6186b64f7934e93aa1d8213648ef0e99400caa36df42883f0R46-R57):
Added a new `sonarqube` job to perform SonarQube scans during pull
requests. This job runs after the `ci-test`, `ci-lint-misc`, and
`ci-lint` jobs and uses a custom GitHub action for the scan.

### SonarQube Configuration:
*
[`sonar-project.properties`](diffhunk://#diff-43ed9d31bea2a6d518d69836bcd1a8e6bd81bf4df96c4745792c220ca5aa549cR1-R26):
Added a configuration file for SonarQube, specifying project metadata,
source directories, exclusions for static analysis (e.g., `docs/**/*`,
`**/*.json`, `deployments/**/*`), and coverage exclusions (e.g.,
`**/*_test.go`, `**/main.go`).
diff --git a/.github/workflows/pull-request-main.yml b/.github/workflows/pull-request-main.yml
@@ -43,3 +43,15 @@ jobs:
         with:
           go-test-cmd: go test -race -coverprofile=coverage.txt $(go list ./...)
           use-go-cache: true
+
+  sonarqube:
+    name: Sonar Scan
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-24.04
+    needs: [ ci-test, ci-lint-misc,  ci-lint ]
+    steps:
+      - name: Scan with Sonarqube
+        uses: smartcontractkit/.github/actions/ci-sonarqube-go@01d931b0455a754d12e7143cc54a5a3521a8f6f6 # ci-sonarqube-go@0.3.1
+        with:
+          sonar-token: ${{ secrets.SONAR_TOKEN }}
+          sonar-host-url: ${{ secrets.SONAR_HOST_URL }}
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,26 @@
+sonar.projectKey=smartcontractkit_chainlink_deployments_framework
+sonar.projectName=chainlink_deployments_framework
+sonar.sources=.
+sonar.python.version=3.8
+
+# Full exclusions from the static analysis
+sonar.exclusions=\
+docs/**/*,\
+**/*.json, \
+**/*.pb.go
+
+# docs/**/*,                # Documentation directory
+# **/*.json \               # JSON files - speed up indexing
+# **/*.pb.go                # Protobuf generated files
+
+sonar.coverage.exclusions=\
+**/*_test.go, \
+deployments/**/*
+
+#deployments/**/*           # deployments package - temporary exclusion
+
+# Tests' root folder, inclusions (tests to check and count) and exclusions
+sonar.tests=.
+
+sonar.test.inclusions=\
+**/*_test.go
