diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..24f3d890 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: MPL-2.0 +# Copyright (c) 2026 Jonathan D.A. Jewell (hyperpolymath) +# +# SonarQube Cloud (SonarCloud) static analysis. Generated from the SonarCloud +# setup wizard; analysis scope + exclusions live in sonar-project.properties. +# Requires the SONAR_TOKEN repository secret (Settings -> Secrets and variables +# -> Actions). Project: https://sonarcloud.io/project/overview?id=hyperpolymath_boj-server +name: Build +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] +permissions: + contents: read +jobs: + sonarqube: + name: SonarQube + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 # v8.1.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..f8448e40 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: MPL-2.0 +# SonarQube Cloud (SonarCloud) configuration. +# Project: https://sonarcloud.io/project/overview?id=hyperpolymath_boj-server +sonar.organization=hyperpolymath +sonar.projectKey=hyperpolymath_boj-server + +# Analysable surface = the JS MCP bridge + shell scripts. Idris2 / Zig / Elixir +# / AffineScript have no SonarCloud analyser; vendored, generated, build, proof, +# and dependency trees are excluded to keep findings signal-rich. +sonar.exclusions=cartridges/**,ffi/**,generated/**,build/**,**/node_modules/**,elixir/_build/**,elixir/deps/**,external_corpora/**,.lake/**,proofs/**,verification/**,**/*.idr,**/*.zig +sonar.coverage.exclusions=mcp-bridge/tests/**,**/*test*