From 18c4eba49c16961d534b53ef4852fa23e7a97f24 Mon Sep 17 00:00:00 2001
From: Tobias Hopp <thopp@conet.de>
Date: Wed, 21 May 2025 12:10:24 +0200
Subject: [PATCH] insert sonar

Took 22 minutes
---
 .gitea/workflows/sonar.yaml | 45 +++++++++++++++++++++++++++++++++++++
 sonar-project.properties    |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 .gitea/workflows/sonar.yaml
 create mode 100644 sonar-project.properties

diff --git a/.gitea/workflows/sonar.yaml b/.gitea/workflows/sonar.yaml
new file mode 100644
index 0000000..67f409d
--- /dev/null
+++ b/.gitea/workflows/sonar.yaml
@@ -0,0 +1,45 @@
+# Name of the workflow, visible in the Gitea Actions UI
+name: Sonar analyzer
+
+# Defines the events that trigger this workflow
+on:
+  # Trigger on pushes to the 'master' branch
+  push:
+    branches:
+      - main
+
+# Definition of the jobs to be executed in the workflow
+jobs:
+  # Define the 'build' job
+  build:
+    # Name displayed for the job in the Gitea Actions UI
+    name: Sonar analyzer
+    runs-on: ubuntu-latest
+
+    # Definition of the steps within the 'build' job
+    steps:
+      # Step to checkout the repository code
+      # fetch-depth: 0 is important for SonarQube to analyze the full history
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+
+      # Step to run the SonarQube scan action
+      # This action handles the SonarQube scanner execution within a container
+      - name: Analyze with SonarQube
+        uses: SonarSource/sonarqube-scan-action@v5
+        # Environment variables required by the SonarQube scan action
+        env:
+          # SONAR_TOKEN and SONAR_HOST_URL must be configured as secrets in your Gitea repository
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      # Optional step: Check the Quality Gate status
+      # Uncomment these lines if you want the job to fail if the Quality Gate is red.
+      # This is common practice to prevent merging/deploying code that doesn't meet quality standards.
+      - name: Wait for Quality Gate status
+        uses: SonarSource/sonarqube-quality-gate-action@v1
+        timeout-minutes: 5 # Maximum time to wait for the Quality Gate status
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..8a6fcd2
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1 @@
+sonar.projectKey=itender
\ No newline at end of file