Skip to content

ci: enable sonar scanning and report results to sonacloud.io #788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

ci: enable sonar scanning and report results to sonacloud.io #788

wants to merge 8 commits into from
+25 −24

Conversation

arjun-rajappa
Copy link

No description provided.

@arjun-rajappa arjun-rajappa requested a review from a team as a code owner August 21, 2025 13:03
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

pvital
pvital requested changes Aug 21, 2025
View reviewed changes
Copy link
Member

@pvital pvital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you update the image of the final_job to use python:3.13, please?

.circleci/config.yml Outdated
@@ -296,7 +303,7 @@ jobs:
- pip-install-deps
- pip-install-tests-deps
- store-pytest-results
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can remove those three steps and only install coverage by changing line 96 to something like:

            python -m venv venv
            . venv/bin/activate
            pip install --upgrade pip coverage

@github-actions GitHub Actions
Copy link

@arjun-rajappa the signed-off-by was not found in the following 1 commits:

  • 2c81ec1: Merge branch 'main' into sonar-scan

📝 What should I do to fix it?

All proposed commits should include a sign-off in their messages, ideally at the end.

❔ Why it is required

The Developer Certificate of Origin (DCO) is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project. Here is the full text of the DCO, reformatted for readability:

By making a contribution to this project, I certify that:

a. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

b. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

c. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

d. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

Contributors sign-off that they adhere to these requirements by adding a Signed-off-by line to commit messages.

This is my commit message

Signed-off-by: Random Developer <[email protected]>

Git even has a -s command line option to append this automatically to your commit message:

$ git commit -s -m 'This is my commit message'

pvital
pvital requested changes Aug 22, 2025
View reviewed changes
Copy link
Member

@pvital pvital left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few questions and requests....

@pvital
Copy link
Member

pvital commented Aug 22, 2025

@arjun-rajappa, perhaps we can use the pysonar CLI command with the configuration in the pyproject.toml file to run the checking as described in the documentation.

@pvital pvital added the ci/cd label Aug 25, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@arjun-rajappa arjun-rajappa requested a review from pvital August 26, 2025 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pvital pvital Awaiting requested review from pvital

Requested changes must be addressed to merge this pull request.

Assignees

@arjun-rajappa arjun-rajappa

Labels
ci/cd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arjun-rajappa @pvital