Feat/sonar qube initialization

[BilalR4M]

Summary by CodeRabbit

• Chores

  • Enhanced automated code quality assurance processes.

• Documentation

  • Updated deployment pipeline documentation.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agri-wizard	Ready	Preview, Comment	May 2, 2026 6:18am

[coderabbitai]

📝 Walkthrough

Walkthrough

A GitHub Actions workflow for SonarQube analysis was added to run Go test coverage on service modules and report results to SonarQube. Additionally, a documentation marker # test was added to the deployment pipeline docs.

Changes

SonarQube CI Workflow

Layer / File(s)	Summary
Workflow Triggers & Permissions .github/workflows/sonar.yml (lines 1–14)	Defines SonarQube Analysis workflow triggering on push, pull_request, and manual dispatch with contents: read permission.
Environment Setup & Test Execution .github/workflows/sonar.yml (lines 15–43)	Checks out repository with full history, configures Go from go.work with caching, and runs go test -coverprofile across service modules to generate per-module coverage.out files.
SonarQube Integration .github/workflows/sonar.yml (lines 44–48)	Invokes SonarSource/sonarqube-scan-action@v4 with SONAR_TOKEN and SONAR_HOST_URL from repository secrets.

Deployment Documentation Update

Layer / File(s)	Summary
Documentation Marker DEPLOYMENT_PIPELINE.md (lines 19–20)	Added # test line block to deployment pipeline documentation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A workflow springs forth, SonarQube bright,
Coverage blooming in the CI light,
Tests hopping through every module tall,
Docs marked with care—we've tested it all! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: adding SonarQube initialization via a GitHub Actions workflow configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/sonar-qube-initialization

---

_{Review rate limit: 9/10 reviews remaining, refill in 6 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/sonar.yml:
- Around line 3-10: The SonarQube scan should be skipped for forked PRs because
secrets (SONAR_TOKEN / SONAR_HOST_URL) aren’t available for those events; add a
guard on the Sonar job/step (e.g., the job that performs the scan) so it only
runs for same-repo pull requests by checking
github.event.pull_request.head.repo.full_name == github.repository (or otherwise
require github.event_name != 'pull_request' for external forks), or move the
scan into a separate workflow that only triggers on push/workflow_dispatch where
secrets are present.

In `@DEPLOYMENT_PIPELINE.md`:
- Line 19: Remove the stray top-level heading "# test" from the document (the
exact line containing "# test") so it no longer renders as an extra section;
either delete that line or replace it with appropriate deployment guidance or a
correctly-scoped subheading if content is intended, and ensure the surrounding
markdown structure remains consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e50aece8-96ec-45d6-ac85-c326ed7fe4cd

📥 Commits

Reviewing files that changed from the base of the PR and between 7a3edbd and e55cbbd.

📒 Files selected for processing (2)

• .github/workflows/sonar.yml
• DEPLOYMENT_PIPELINE.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cat -n .github/workflows/sonar.yml

Repository: 4yrg/AgriWizard

Length of output: 1592

---

Guard the scan step for forked PRs.

The workflow triggers on pull_request events from all branches, but repository secrets (SONAR_TOKEN / SONAR_HOST_URL) are not available in workflows triggered by pull requests from forked repositories. This causes the SonarQube scan to fail for external contributions. Gate the scan to same-repo events or split the scan onto a secrets-bearing workflow.

Suggested guard

       - name: SonarQube Scan
+        if: ${{ github.event_name != 'push' && github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push' }}
         uses: SonarSource/sonarqube-scan-action@v4

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/sonar.yml around lines 3 - 10, The SonarQube scan should
be skipped for forked PRs because secrets (SONAR_TOKEN / SONAR_HOST_URL) aren’t
available for those events; add a guard on the Sonar job/step (e.g., the job
that performs the scan) so it only runs for same-repo pull requests by checking
github.event.pull_request.head.repo.full_name == github.repository (or otherwise
require github.event_name != 'pull_request' for external forks), or move the
scan into a separate workflow that only triggers on push/workflow_dispatch where
secrets are present.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove the stray # test heading.

This renders as an extra top-level section and reads like a placeholder rather than deployment guidance.

Suggested cleanup

-# test

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

# test

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@DEPLOYMENT_PIPELINE.md` at line 19, Remove the stray top-level heading "#
test" from the document (the exact line containing "# test") so it no longer
renders as an extra section; either delete that line or replace it with
appropriate deployment guidance or a correctly-scoped subheading if content is
intended, and ensure the surrounding markdown structure remains consistent.