Issue #245978 feat: Adding sonar properties file to ignore docker and yaml files from sonar cloud scanner

[rajnishdargan]

User description

… yaml files from sonar cloud scanner

---

PR Type

Other

---

Description

• Add SonarCloud configuration file for code analysis

• Exclude Docker and YAML files from scanning

• Configure TypeScript-specific analysis settings

• Set up coverage reporting and test exclusions

---

Diagram Walkthrough

flowchart LR
  A["SonarCloud Scanner"] --> B["sonar-project.properties"]
  B --> C["Exclude Docker files"]
  B --> D["Exclude YAML files"]
  B --> E["Configure TypeScript analysis"]
  B --> F["Set coverage reporting"]

Loading

File Walkthrough

	Relevant files
Configuration changes	sonar-project.properties Add comprehensive SonarCloud project configuration              sonar-project.properties Create new SonarCloud configuration file Configure project metadata and source paths Exclude Docker, YAML, and build artifacts from analysis Set up TypeScript-specific settings and coverage reporting +36/-0

---

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Integrated configuration for SonarCloud code quality and security analysis of the backend.
  • Enabled test coverage reporting with appropriate exclusions to focus on application source code.
  • Standardized TypeScript project settings to improve static analysis accuracy.
  • No user-facing changes.

Walkthrough

Adds a SonarCloud configuration file (sonar-project.properties) setting project metadata, analysis scope (sources/tests), encoding, coverage report path, coverage and analysis exclusions, test exclusions, and TypeScript analyzer settings.

Changes

Cohort / File(s)

Summary of Changes

SonarCloud Configuration sonar-project.properties

Added SonarCloud properties: sonar.projectKey, sonar.projectName, sonar.projectVersion; sonar.sources=src, sonar.tests=test; sonar.sourceEncoding=UTF-8; coverage report path sonar.javascript.lcov.reportPaths=coverage/lcov.info; coverage exclusions sonar.coverage.exclusions=**/*.spec.ts,**/*.test.ts,**/*.e2e-spec.ts,test/**; analysis exclusions sonar.exclusions=Dockerfile,docker-compose.yml,**/*.yaml,**/*.yml,node_modules/**,dist/**,coverage/**; test exclusions sonar.test.exclusions=**/*.spec.ts,**/*.test.ts,**/*.e2e-spec.ts; TypeScript config path sonar.typescript.tsconfigPaths=tsconfig.json (with commented example for sonar.nodejs.executable).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 1e23c05 and fd78af5.

📒 Files selected for processing (1)

• sonar-project.properties (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• sonar-project.properties

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Possible Misconfiguration Using deprecated or legacy properties like sonar.language and sonar.typescript.* may be ignored by current SonarCloud analyzers; confirm that these settings are supported or migrate to current equivalents (e.g., relying on auto-detection, sonar.javascript.* for TS). sonar.language=ts # File encoding sonar.sourceEncoding=UTF-8 # Coverage reports sonar.javascript.lcov.reportPaths=coverage/lcov.info sonar.coverage.exclusions=**/*.spec.ts,**/*.test.ts,**/*.e2e-spec.ts,test/**/* # Exclude files from analysis sonar.exclusions=\ Dockerfile,\ docker-compose.yml,\ **/*.yaml,\ **/*.yml,\ node_modules/**/*,\ dist/**/*,\ coverage/**/* # Test exclusions (optional - remove if you want SonarCloud to analyze tests) sonar.test.exclusions=\ **/*.spec.ts,\ **/*.test.ts,\ **/*.e2e-spec.ts # TypeScript specific settings sonar.typescript.node=node sonar.typescript.tsconfigPath=tsconfig.json Over-Exclusion Excluding all YAML files and Docker files from analysis may hide useful issues (e.g., security or DevOps smells). Validate that these exclusions are intended; consider narrowing patterns instead of blanket exclusions. # Exclude files from analysis sonar.exclusions=\ Dockerfile,\ docker-compose.yml,\ **/*.yaml,\ **/*.yml,\ node_modules/**/*,\ dist/**/*,\ coverage/**/* Coverage Scope sonar.coverage.exclusions already excludes tests; combined with sonar.test.exclusions you may prevent Sonar from measuring test code and could impact coverage metrics. Ensure this aligns with reporting goals. sonar.javascript.lcov.reportPaths=coverage/lcov.info sonar.coverage.exclusions=**/*.spec.ts,**/*.test.ts,**/*.e2e-spec.ts,test/**/* # Exclude files from analysis sonar.exclusions=\ Dockerfile,\ docker-compose.yml,\ **/*.yaml,\ **/*.yml,\ node_modules/**/*,\ dist/**/*,\ coverage/**/* # Test exclusions (optional - remove if you want SonarCloud to analyze tests) sonar.test.exclusions=\ **/*.spec.ts,\ **/*.test.ts,\ **/*.e2e-spec.ts

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	Fix SonarCloud properties and metadata The configuration uses deprecated/unsupported keys (sonar.language, sonar.typescript.*) and omits SonarCloud-required metadata like sonar.organization (and often sonar.host.url), risking failed or incomplete analysis. Replace the TypeScript settings with SonarJS equivalents (e.g., sonar.javascript.tsconfigPaths, sonar.nodejs.executable) and remove sonar.language. Also ensure the project key aligns with your organization and add sonar.organization so the scanner targets the correct SonarCloud project. Examples: sonar-project.properties [1-36] # SonarCloud project configuration for UBI Wallet Backend sonar.projectKey=ubi-wallet-backend sonar.projectName=UBI Wallet Backend sonar.projectVersion=0.0.1 # Source code configuration sonar.sources=src sonar.tests=test sonar.language=ts ... (clipped 26 lines) Solution Walkthrough: Before: # sonar-project.properties sonar.projectKey=ubi-wallet-backend ... sonar.language=ts ... # TypeScript specific settings sonar.typescript.node=node sonar.typescript.tsconfigPath=tsconfig.json After: # sonar-project.properties sonar.organization=your-org-key-here sonar.projectKey=ubi-wallet-backend ... # sonar.language=ts is removed ... # TypeScript specific settings sonar.nodejs.executable=node sonar.javascript.tsconfigPath=tsconfig.json Suggestion importance[1-10]: 10 __ Why: The suggestion correctly identifies critical configuration errors, such as the missing sonar.organization property and the use of deprecated sonar.typescript.* keys, which would cause the SonarCloud analysis to fail.	High
Possible issue	Add required SonarCloud organization SonarCloud requires the sonar.organization property; without it, analysis will fail. Add your SonarCloud organization key to the configuration near the project metadata. sonar-project.properties [2-4] sonar.projectKey=ubi-wallet-backend sonar.projectName=UBI Wallet Backend +sonar.organization=YOUR_ORG_KEY sonar.projectVersion=0.0.1 Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that the mandatory sonar.organization property is missing, which would cause the SonarCloud analysis to fail.	High
Update

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 05dd907 and 1e23c05.

📒 Files selected for processing (1)

• sonar-project.properties (1 hunks)

🔇 Additional comments (2)

sonar-project.properties (2)

18-27: PR objective met: Docker and YAML excluded from analysis.

The sonar.exclusions patterns for Dockerfile, docker-compose.yml, and all .yml/.yaml files are correct and will exclude them from SonarCloud analysis as intended. Node modules, dist, and coverage are also safely excluded. (docs.sonarsource.com)

---

15-17: Verify coverage report path and intended exclusions.

Confirm coverage/lcov.info is produced by CI and that excluding test files from coverage is desired (it’s common but optional). (docs.sonarsource.com)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud