Feature/sonarqube #85
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces a GitHub Actions workflow for SonarQube analysis on both backend and frontend. Adds SonarQube configuration files for backend and frontend projects to enable code quality and coverage reporting. Removes unnecessary .DS_Store files from various directories.
Bump actions/checkout from v3 to v4 and SonarSource/sonarqube-scan-action from v2 to v6 in both backend and frontend analysis jobs for improved compatibility and security.
Expanded sonar.exclusions in both backend and frontend sonar-project.properties to cover additional directories and files. Commented out sonar.tests and sonar.test.inclusions to avoid issues with empty test sets. Added sonar.language=py to backend config.
Added debug steps to SonarQube GitHub Actions workflow for both backend and frontend to show directory structure and file counts. Enabled verbose output for SonarQube scans. Updated sonar-project.properties to specify backend source directories and refined exclusions for more accurate analysis.
Replaces the unified SonarQube workflow with separate workflows for backend and frontend analysis. Updates sonar-project.properties files for both backend and frontend to simplify source and exclusion patterns, and to clarify file inclusions for each project.
Introduces a comprehensive SECURITY.md in Spanish covering static analysis fundamentals, SonarQube Cloud setup, quality gates, profiles, rules, and best practices for the Multiomix project. This document serves as a reference for developers to ensure code quality and security using SonarQube.
Removed separate backend and frontend SonarQube GitHub Actions workflows and frontend sonar-project.properties. Added a unified SonarQube analysis workflow for pull requests, simplifying CI configuration and centralizing code quality checks.
Encloses the SonarQube project name in single quotes to ensure correct parsing in the workflow arguments.
Changed project key and name to reflect Django backend. Updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for improved code analysis.
Changed SonarQube projectKey from 'omics-datascience_multiomix-django' to 'omicsdatascience_multiomix' and projectName from 'Multiomix Django' to 'multiomix' in both workflow and properties files for consistency.
Changed SonarCloud project key from 'omicsdatascience_multiomix' to 'omics-datascience_multiomix' in workflow and properties files for consistency. Added SonarCloud quality, security, maintainability, and coverage badges to README for improved project visibility.
Changed project name casing, updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for SonarQube. Also updated the last modified date to November 2025.
Genarito
reviewed
Nov 7, 2025
Member
There was a problem hiding this comment.
Borrar este archivo de todas las carpetas en las que está (cuento 5), agregar al .gitignore para evitar que el cagón de MacOS lo agregue por todos lados
| ## 📞 Soporte | ||
|
|
||
| Si tienes dudas sobre SonarQube en Multiomix: | ||
| - 💬 Pregunta en el canal de Slack del equipo |
Member
There was a problem hiding this comment.
En esta sección:
- Sacar lo de Slack y lo del tech lead,
- Agegar para enviar un mail a [email protected]
- Eliminar lo de la etiqueta
sonarqube, que directamente abran un issue en el repo, sea cual sea la etiqueta
|
|
||
| --- | ||
|
|
||
| ## 🏆 Mejores Prácticas |
Member
There was a problem hiding this comment.
Sacar esta sección, muy ChatGPT, no aporta nada y la dirección del proyecto es interna, así que no me interesa explicarle a un usuario random de Github que tiene que celebrar sus logros cuando le sale bien un coverage
| @@ -0,0 +1,936 @@ | |||
| # 🛡️ Guía Completa de Calidad y Seguridad de Código | |||
Member
There was a problem hiding this comment.
Esto es re contra re ChatGPT, debería estar escrito desde la perspectiva de alguien que quiere deployear su propia instancia de Multiomix o colaborar con el proyecto. Cosas a modificar:
- Que esté en inglés, como el otro 99.9999% del proyecto!
- Eliminar las explicaciones de cómo se leen las métricas de SonarQube, o las comparaciones de planes, o cosas marketineras de la herramienta! Este es el repo de Momix, no de SonarQube
- Lo único que tendría que mencionarse en este documento es lo siguiente:
- Decir que nosotros utilizamos SonarQube para asegurar la calidad de código y evitar errores de mantenibilidad y seguridad
- Explicar MUY brevemente qué es SonarQube (no interesan las explicaciones de los filtros, categorías y demás, esto cambia todo el tiempo y si alguien quiere verlo que vaya a la documentación oficial que es la que está actualizada)
- Agregar una interpretación de lo que escupe SonarQube en caso de que un usuario haga un PR, para que sepa qué ver y cómo corregirlo. Nuevamente, no explicar todas las categorías, poner algo más general como "Si hacés algo rancio, SonaQube arrojará warnings con diferentes niveles de importancia y categorías. Esta información resultará útil para detectar problemas introducidos en los cambios, en caso de que sea algo grave los mantainers de Multiomix dejarán un review de las cosas que hay que corregir antes de que el PR sea mergeado", y listo!
- Agregar alguna sección sobre qué tendría que configurar un usuario si quiere probar esto en su máquina (crearse la cuenta en SonarQube, configurar esto SonarCloud, setear tales variables de entorno, etc)
- Dejar la sección de contacto por si encuentran algún problema con el proyecto: cuenta de email [email protected] o abrir un issue, o crear un PR (referenciar a nuestro documento CONTRIBUTING.md)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces SonarQube integration for automated code quality analysis on pull requests. The main changes include adding a GitHub Actions workflow to run SonarQube scans and providing a configuration file to define project-specific SonarQube settings.
SonarQube Integration:
.github/workflows/sonarqube-pr.yamlto run SonarQube analysis on pull requests targeting main development branches, including setup for Python and Node.js environments and installation of dependencies. The workflow triggers on PR events and waits for SonarQube's quality gate before completing.SonarQube Configuration:
sonar-project.propertiesto specify project details, source directories, file exclusions, and Python version settings for SonarQube analysis. This ensures only relevant backend Python files are scanned and frontend or generated files are excluded.