From 785698d3f389a4ec166265b340af6f4b210dd1b9 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Tue, 16 Jun 2026 09:22:31 +0100 Subject: [PATCH 01/13] Configure SonarQube scanning --- .github/workflows/push.yml | 3 +++ sonar-project.properties | 9 +++++++++ vite.config.js | 1 + 3 files changed, 13 insertions(+) create mode 100644 sonar-project.properties diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 31b9a09..4b6b6d3 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -21,6 +21,9 @@ jobs: - run: "npm ci" - run: "npm run lint" - run: "npm run test:cover" + - uses: "SonarSource/sonarqube-scan-action@v8.2.0" + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: "npm run build" - uses: "actions/upload-artifact@v7" with: diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 0000000..b910a0d --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,9 @@ +sonar.organization=codeyourfuture +sonar.projectKey=codeyourfuture_gitbot +sonar.projectName=gitbot + +sonar.sources=src +sonar.tests=src/**/*.test.ts + +sonar.coverage.exclusions=src/**/*.test.ts +sonar.javascript.lcov.reportPaths=./reports/coverage/lcov.info diff --git a/vite.config.js b/vite.config.js index 57d523b..cc13637 100644 --- a/vite.config.js +++ b/vite.config.js @@ -4,6 +4,7 @@ export default defineConfig({ test: { coverage: { include: ["src/**"], + reporter: ["html", "lcovonly", "text"], reportsDirectory: "reports/coverage", }, globals: true, From 654704df04c0c590420a9c1067306ac1ff54d613 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Tue, 16 Jun 2026 09:31:45 +0100 Subject: [PATCH 02/13] Fix configuration issue sonar.tests cannot include wildcards https://docs.sonarsource.com/sonarqube-community-build/project-administration/adjusting-analysis/setting-analysis-scope/excluding-files-based-on-patterns --- sonar-project.properties | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index b910a0d..b48bd32 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,7 +3,8 @@ sonar.projectKey=codeyourfuture_gitbot sonar.projectName=gitbot sonar.sources=src -sonar.tests=src/**/*.test.ts +sonar.tests=src +sonar.test.exclusions=src/**/*.test.ts sonar.coverage.exclusions=src/**/*.test.ts sonar.javascript.lcov.reportPaths=./reports/coverage/lcov.info From d89cc4c81fccad643e91e49961c245fc5a89f6dd Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 08:55:03 +0100 Subject: [PATCH 03/13] Switch to test inclusions --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index b48bd32..a2c181e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -4,7 +4,7 @@ sonar.projectName=gitbot sonar.sources=src sonar.tests=src -sonar.test.exclusions=src/**/*.test.ts +sonar.test.inclusions=src/**/*.test.ts sonar.coverage.exclusions=src/**/*.test.ts sonar.javascript.lcov.reportPaths=./reports/coverage/lcov.info From 4f3bb1ae7a5c42cfd122e55be67511b4245f16db Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:06:16 +0100 Subject: [PATCH 04/13] Upgrade checkout action Make it non-shallow for better scan results. --- .github/workflows/push.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 4b6b6d3..9e9b4c5 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -13,7 +13,9 @@ jobs: check: runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" + with: + fetch-depth: 0 - uses: "actions/setup-node@v6" with: cache: "npm" @@ -38,7 +40,7 @@ jobs: if: "github.ref == 'refs/heads/main' && github.actor != 'dependabot[bot]'" runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v6" + - uses: "actions/checkout@v7" - uses: "actions/setup-node@v6" with: cache: "npm" From 25ed25f03c205986d721aab076b65aeea5157ee6 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:06:28 +0100 Subject: [PATCH 05/13] Pin SonarQube action --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 9e9b4c5..8153d53 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -23,7 +23,7 @@ jobs: - run: "npm ci" - run: "npm run lint" - run: "npm run test:cover" - - uses: "SonarSource/sonarqube-scan-action@v8.2.0" + - uses: "SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e" # v8.2.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - run: "npm run build" From a982ea9759f471372450f66ff543636bfedaea2b Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:06:53 +0100 Subject: [PATCH 06/13] Pin Netlify CLI --- .github/workflows/push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 8153d53..a6d547a 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -50,7 +50,7 @@ jobs: with: name: "build-output" path: "lib/" - - run: "npm install --global netlify-cli@latest" + - run: "npm install --global netlify-cli@26.1.0" - run: "netlify --version" - run: "netlify deploy --no-build --prod true" env: From 1b617e61bfb42b516dbef590cee3af90d2efaa1d Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:07:06 +0100 Subject: [PATCH 07/13] Don't run scripts on install --- .npmrc | 1 + 1 file changed, 1 insertion(+) diff --git a/.npmrc b/.npmrc index b6f27f1..32e6012 100644 --- a/.npmrc +++ b/.npmrc @@ -1 +1,2 @@ engine-strict=true +ignore-scripts=true From c648479f5c0abdf11cf3a4d9dd5abacdaccbbdae Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:07:15 +0100 Subject: [PATCH 08/13] Try to fix coverage report path --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index a2c181e..78d290e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -7,4 +7,4 @@ sonar.tests=src sonar.test.inclusions=src/**/*.test.ts sonar.coverage.exclusions=src/**/*.test.ts -sonar.javascript.lcov.reportPaths=./reports/coverage/lcov.info +sonar.javascript.lcov.reportPaths=reports/coverage/lcov.info From 3308ac82fae48f7de680d9048ad0ccc0b885c1b3 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 12:17:14 +0100 Subject: [PATCH 09/13] See what is on the runner --- .github/workflows/push.yml | 1 + sonar-project.properties | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index a6d547a..4bf5a78 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -23,6 +23,7 @@ jobs: - run: "npm ci" - run: "npm run lint" - run: "npm run test:cover" + - run: "tree -I 'node_modules|.git'" - uses: "SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e" # v8.2.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/sonar-project.properties b/sonar-project.properties index 78d290e..ed042d5 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -6,5 +6,4 @@ sonar.sources=src sonar.tests=src sonar.test.inclusions=src/**/*.test.ts -sonar.coverage.exclusions=src/**/*.test.ts -sonar.javascript.lcov.reportPaths=reports/coverage/lcov.info +sonar.javascript.lcov.reportPaths=./reports/coverage/lcov.info From 2d86a3bc4ad84238fc813c38d63902ae26dc8fc0 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 14:19:53 +0100 Subject: [PATCH 10/13] Figure out full path and file presence --- .github/workflows/push.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 4bf5a78..98664b2 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -23,7 +23,10 @@ jobs: - run: "npm ci" - run: "npm run lint" - run: "npm run test:cover" - - run: "tree -I 'node_modules|.git'" + - run: | + pwd + tree -I 'node_modules|.git' + cat "$(pwd)/reports/coverage/lcov.info" - uses: "SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e" # v8.2.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From fbbd733744f7b693165e2cf5d29137d5eff25834 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 14:26:07 +0100 Subject: [PATCH 11/13] Exclude type stubs from coverage --- .github/workflows/push.yml | 4 ---- vite.config.js | 1 + 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 98664b2..a6d547a 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -23,10 +23,6 @@ jobs: - run: "npm ci" - run: "npm run lint" - run: "npm run test:cover" - - run: | - pwd - tree -I 'node_modules|.git' - cat "$(pwd)/reports/coverage/lcov.info" - uses: "SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e" # v8.2.0 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/vite.config.js b/vite.config.js index cc13637..9afb22a 100644 --- a/vite.config.js +++ b/vite.config.js @@ -3,6 +3,7 @@ import { defineConfig } from "vitest/config"; export default defineConfig({ test: { coverage: { + exclude: ["**/*.d.ts"], include: ["src/**"], reporter: ["html", "lcovonly", "text"], reportsDirectory: "reports/coverage", From 7e1da7326c5aca192165828514b7ea506e71a5d2 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 14:31:49 +0100 Subject: [PATCH 12/13] Fix project key --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index ed042d5..9763035 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,5 +1,5 @@ sonar.organization=codeyourfuture -sonar.projectKey=codeyourfuture_gitbot +sonar.projectKey=CodeYourFuture_gitbot sonar.projectName=gitbot sonar.sources=src From ebfa47691e8d194ea6dae18ead1debb4cbb99bf9 Mon Sep 17 00:00:00 2001 From: Jonathan Sharpe Date: Thu, 25 Jun 2026 14:36:02 +0100 Subject: [PATCH 13/13] Add maintainability badge --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 4c3f3b2..74556c8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # CYF GitBot [![Node.js CI][ci-badge]][ci-link] +[![Maintainability Rating][sonar-badge]][sonar-link] Integrating GitHub and Slack via Netlify. @@ -85,3 +86,5 @@ The Netlify functions require the following environment variables: [github-webhooks]: https://docs.github.com/en/developers/webhooks-and-events/webhooks/about-webhooks [netlify-functions]: https://functions.netlify.com/ [slack-channel]: https://codeyourfuture.slack.com/archives/C03LSS9TNRW +[sonar-link]: https://sonarcloud.io/summary/new_code?id=CodeYourFuture_gitbot +[sonar-badge]: https://sonarcloud.io/api/project_badges/measure?project=CodeYourFuture_gitbot&metric=sqale_rating