insert sonar

Took 22 minutes

.gitea/workflows/sonar.yaml

@@ -0,0 +1,45 @@
+# Name of the workflow, visible in the Gitea Actions UI
+name: Sonar analyzer
+
+# Defines the events that trigger this workflow
+on:
+  # Trigger on pushes to the 'master' branch
+  push:
+    branches:
+      - main
+
+# Definition of the jobs to be executed in the workflow
+jobs:
+  # Define the 'build' job
+  build:
+    # Name displayed for the job in the Gitea Actions UI
+    name: Sonar analyzer
+    runs-on: ubuntu-latest
+
+    # Definition of the steps within the 'build' job
+    steps:
+      # Step to checkout the repository code
+      # fetch-depth: 0 is important for SonarQube to analyze the full history
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+      # Step to run the SonarQube scan action
+      # This action handles the SonarQube scanner execution within a container
+      - name: Analyze with SonarQube
+        uses: SonarSource/sonarqube-scan-action@v5
+        # Environment variables required by the SonarQube scan action
+        env:
+          # SONAR_TOKEN and SONAR_HOST_URL must be configured as secrets in your Gitea repository
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Optional step: Check the Quality Gate status
+      # Uncomment these lines if you want the job to fail if the Quality Gate is red.
+      # This is common practice to prevent merging/deploying code that doesn't meet quality standards.
+      - name: Wait for Quality Gate status
+        uses: SonarSource/sonarqube-quality-gate-action@v1
+        timeout-minutes: 5 # Maximum time to wait for the Quality Gate status
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

sonar-project.properties

@@ -0,0 +1 @@
+sonar.projectKey=itender