Sonarqube pipeline

.github/workflows/sonarqube.yml

@@ -0,0 +1,44 @@
+name: SonarQube Code Analysis
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+    types: [ opened, synchronize, reopened ]
+
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Shallow clones should be disabled for better analysis
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '18'
+        cache: 'npm'
+
+    - name: Install dependencies
+      run: npm ci
+
+    - name: Run ESLint (for SonarQube)
+      run: npm run lint || true
+      continue-on-error: true
+
+    # SonarQube Scan (works with both SonarCloud and self-hosted)
+    - name: SonarQube Scan
+      uses: sonarsource/sonarqube-scan-action@master
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL || 'https://sonarcloud.io' }}
+

README.md

@@ -175,6 +175,51 @@ For each comparison, the tool provides:
 - **Dark Theme**: Easy on the eyes for low-light environments
 - **Persistent Preference**: Remembers your choice across sessions
 
+## Code Quality with SonarQube
+
+This project includes SonarQube integration for continuous code quality analysis.
+
+### Setup SonarCloud (Recommended for Open Source)
+
+1. **Create a SonarCloud account**:
+   - Go to [sonarcloud.io](https://sonarcloud.io)
+   - Sign in with your GitHub account
+
+2. **Import your repository**:
+   - After logging in, click "Analyze a project"
+   - Select your GitHub organization/user
+   - Choose the `diffctl` repository
+   - SonarCloud will automatically create a project
+
+3. **Get your token**:
+   - Go to your account settings → Security
+   - Generate a new token (name it "GitHub Actions")
+   - Copy the token
+
+4. **Add GitHub Secrets**:
+   - Go to your GitHub repository → Settings → Secrets and variables → Actions
+   - Add a new secret named `SONAR_TOKEN` with the token from step 3
+   - (Optional) Add `SONAR_HOST_URL` as `https://sonarcloud.io` (this is the default)
+
+5. **The workflow will run automatically** on pushes and pull requests!
+
+### Setup Self-Hosted SonarQube
+
+If you're using a self-hosted SonarQube instance:
+
+1. **Add GitHub Secrets**:
+   - `SONAR_TOKEN`: Your SonarQube authentication token
+   - `SONAR_HOST_URL`: Your SonarQube server URL (e.g., `https://sonarqube.example.com`)
+
+2. **Update `sonar-project.properties`** if needed to match your SonarQube project configuration
+
+### Viewing Results
+
+- **SonarCloud**: Results appear in the SonarCloud dashboard and as PR comments
+- **Self-hosted**: Results appear in your SonarQube instance dashboard
+
+The analysis runs automatically on every push to `main` and on pull requests.
+
 ## Contributing
 
 1. Fork the repository

sonar-project.properties

@@ -0,0 +1,26 @@
+# SonarQube Project Configuration
+# Values from SonarCloud project information page
+# Organization Key: lforlinux (lowercase)
+# Project Key: Lforlinux_diffctl (capital L)
+sonar.organization=lforlinux
+sonar.projectKey=Lforlinux_diffctl
+sonar.projectName=diffctl
+sonar.projectVersion=1.0
+
+# Source code location
+sonar.sources=src
+sonar.sourceEncoding=UTF-8
+
+# Exclusions
+sonar.exclusions=node_modules/**,dist/**,build/**,**/*.test.js,**/*.test.jsx,**/*.spec.js,**/*.spec.jsx
+
+# JavaScript/TypeScript settings
+sonar.javascript.lcov.reportPaths=coverage/lcov.info
+sonar.javascript.eslint.reportPaths=eslint-report.json
+
+# Test exclusions
+sonar.test.exclusions=**/*.test.js,**/*.test.jsx,**/*.spec.js,**/*.spec.jsx
+
+# Code coverage (if you add tests later)
+# sonar.coverage.exclusions=**/*.test.js,**/*.test.jsx
+