feat: complete SonarLint integration with final fixes

- Fix test command in CI workflow to prevent hanging (--run flag)
- Update workflow to use correct develop branch instead of main
- Add comprehensive GitHub secrets setup documentation
- Verify coverage integration with vitest configurations
- Complete documentation with troubleshooting and best practices

All SonarLint roadmap phases now fully implemented:
✅ VSCode extension setup and configuration
✅ Custom rules and quality gates
✅ CI/CD integration with SonarCloud
✅ Complete team onboarding documentation

Author: Umutcan ÖNER

.github/workflows/sonarcloud.yml

@@ -6,8 +6,8 @@
 #          to identify bugs, vulnerabilities, code smells, and coverage gaps.
 #
 # Triggers:
-# - Push to main branch
-# - Pull requests targeting main branch
+# - Push to develop branch
+# - Pull requests targeting develop branch
 #
 # Key Features:
 # - Comprehensive code quality analysis with SonarCloud
@@ -29,10 +29,10 @@ name: SonarCloud Analysis
 
 on:
   push:
-    branches: [main]
+    branches: [develop]
   pull_request:
     types: [opened, synchronize, reopened]
-    branches: [main]
+    branches: [develop]
 
 permissions:
   contents: read
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     # Skip analysis for bots and when explicitly requested
     if: "!contains(github.event.head_commit.message, 'skip sonar') && github.actor != 'dependabot[bot]'"
-    
+
     steps:
       # Step 1: Check out the repository with full history
       # Full history is required for accurate blame information and new code detection
@@ -93,7 +93,7 @@ jobs:
       # Step 7: Run tests with coverage for SonarCloud
       # This generates coverage reports that SonarCloud will use
       - name: Run tests with coverage
-        run: pnpm test -- --coverage
+        run: pnpm test -- --coverage --run
 
       # Step 8: Run SonarCloud analysis
       # Analyzes code quality, security vulnerabilities, and test coverage
@@ -123,12 +123,12 @@ jobs:
             const status = '${{ steps.sonarcloud-quality-gate-check.outputs.quality-gate-status }}';
             const emoji = status === 'PASSED' ? '✅' : '⚠️';
             const message = `${emoji} **SonarCloud Quality Gate**: ${status}
-            
-            [View detailed analysis on SonarCloud](https://sonarcloud.io/dashboard?id=zopio)`;
-            
+
+            [View detailed analysis on SonarCloud](https://sonarcloud.io/dashboard?id=zopiolabs_zopio_test_fork)`;
+
             github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
               body: message
-            });
+            });

docs/dev/quality/sonarlint.md

@@ -245,6 +245,34 @@ SonarCloud enforces:
 
 ---
 
+## Setting Up GitHub Secrets (Repository Admin Only)
+
+For the SonarCloud CI/CD integration to work, repository administrators must set up the following GitHub secret:
+
+### Required Secret: `SONAR_TOKEN`
+
+1. **Generate SonarCloud Token:**
+   - Go to [SonarCloud Security](https://sonarcloud.io/account/security)
+   - Generate a new token with a descriptive name (e.g., "GitHub Actions CI")
+   - **Important:** This should be a different token from personal SonarLint tokens
+   - Copy the token (it will only be shown once)
+
+2. **Add Secret to GitHub Repository:**
+   - Navigate to: `Settings` → `Secrets and variables` → `Actions`
+   - Click `New repository secret`
+   - Name: `SONAR_TOKEN`
+   - Value: Paste the SonarCloud token
+   - Click `Add secret`
+
+3. **Verify Setup:**
+   - The workflow uses `${{ secrets.SONAR_TOKEN }}` automatically
+   - No code changes needed once the secret is configured
+   - Test by creating a pull request
+
+**Security Note:** Never commit SonarCloud tokens to the repository. The provided API key in the task description should be used to set up this GitHub secret, not placed in any code files.
+
+---
+
 ## Resources
 
 - [SonarLint Rules Reference](https://rules.sonarsource.com/typescript)