feat: add SonarCloud CI-based analysis

[abdullahmujahidali]

Description

Brief description of changes.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Refactoring (no functional changes)

Related Issues

Fixes #(issue number)

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my code
• I have added tests that prove my fix/feature works
• New and existing tests pass locally (npm test)
• I have updated documentation if needed
• I have added an ADR if this involves architectural decisions

Testing

Describe how you tested these changes.

Screenshots (if applicable)

Add screenshots to help explain your changes.

Summary by CodeRabbit

• Chores
  • Added automated code quality analysis to the CI pipeline.
  • Enabled test coverage reporting and project-level analysis to monitor and maintain code quality over time.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds SonarCloud/SonarQube analysis to CI: a new GitHub Actions job runs tests with coverage and performs a SonarCloud scan; a SonarQube properties file is added to configure project metadata, sources, exclusions, and coverage report paths.

Changes

Cohort / File(s)	Change Summary
CI workflow — SonarCloud job .github/workflows/ci.yml	Adds a new GitHub Actions job that checks out the repo (fetch-depth: 0), sets up Node.js 20, runs npm ci, runs tests with coverage, and invokes the SonarCloud / SonarSource scan action using GITHUB_TOKEN and SONAR_TOKEN.
Sonar project configuration sonar-project.properties	New SonarQube configuration defining projectKey, organization, projectName, projectVersion, sources/tests, exclusions (node_modules, dist, coverage, wasm, test files), test inclusion patterns, LCOV report paths for JS/TS, and encoding.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Developer
  participant GH_Actions as GitHub Actions Runner
  participant Repo as Repository
  participant Node as Node.js environment
  participant SonarAction as SonarSource Action
  participant SonarCloud as SonarCloud

  Developer->>Repo: push branch / open PR
  Repo->>GH_Actions: trigger CI workflow
  GH_Actions->>Repo: checkout (fetch-depth: 0)
  GH_Actions->>Node: setup Node.js 20
  GH_Actions->>Node: npm ci
  GH_Actions->>Node: run tests (with coverage)
  Node->>GH_Actions: test results + coverage reports
  GH_Actions->>SonarAction: invoke SonarCloud scan (GITHUB_TOKEN, SONAR_TOKEN) 
  SonarAction->>SonarCloud: upload sources, tests, coverage
  SonarCloud-->>SonarAction: analysis results
  SonarAction-->>GH_Actions: scan exit/status
  GH_Actions-->>Repo: report workflow status (checks)

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

"I hopped through commits with a cheerful hum,
Pushed tests and coverage, then called Sonar to come.
A scan in the clouds, numbers neat and bright,
I nibble on logs beneath CI's light.
— 🐇"

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add SonarCloud CI-based analysis' accurately and concisely summarizes the main change in the pull request, which adds SonarCloud analysis integration to the CI workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature-release-0.40

Warning

Tools execution failed with the following error:

Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.83%. Comparing base (6f8ba13) to head (4275e86).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #20   +/-   ##
=======================================
  Coverage   92.83%   92.83%           
=======================================
  Files          22       22           
  Lines        3240     3240           
  Branches      921      921           
=======================================
  Hits         3008     3008           
  Misses        232      232           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

.github/workflows/ci.yml (2)

49-56: Consider adding a dependency on the test job.

The sonarcloud job currently runs independently. If the intention is to only run SonarCloud analysis when tests pass, consider adding needs: test to ensure test failures block the analysis.

🔎 Proposed change to add job dependency

  sonarcloud:
    name: SonarCloud Analysis
    runs-on: ubuntu-latest
+   needs: test
    steps:

---

58-68: Consider reusing coverage artifacts to reduce CI time.

The test:coverage command is executed in both the test job (line 37-39) and the sonarcloud job (line 67-68). While this ensures SonarCloud has fresh coverage data, it duplicates effort and increases CI execution time.

💡 Optional approach to share coverage artifacts

If you want to optimize CI time, you could:

1. Upload coverage artifacts in the test job:

- name: Upload coverage artifact
  if: matrix.node-version == 20
  uses: actions/upload-artifact@v4
  with:
    name: coverage
    path: coverage/

2. Download artifacts in the sonarcloud job:

sonarcloud:
  name: SonarCloud Analysis
  runs-on: ubuntu-latest
  needs: test
  steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 0
    
    - name: Download coverage artifact
      uses: actions/download-artifact@v4
      with:
        name: coverage
        path: coverage/
    
    - name: SonarCloud Scan
      uses: SonarSource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

This eliminates the need to install dependencies and run tests again in the sonarcloud job.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 721acfd and 700471c.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• sonar-project.properties

🔇 Additional comments (4)

sonar-project.properties (4)

1-2: LGTM!

The project key and organization are properly configured for SonarCloud.

---

8-13: Source and test directories are correctly configured.

The src and tests directories exist and contain the expected project files. The sonar-project.properties configuration is valid.

---

15-23: Verify the coverage report path.

Ensure that the test coverage command (npm run test:coverage) generates the LCOV report at coverage/lcov.info as specified in the sonar-project.properties configuration. Check the test configuration (jest.config.js, vitest.config.ts, etc.) to confirm the coverageDirectory setting matches.

---

4-6: No issues found. The project version 0.3.0 in sonar-project.properties already aligns with package.json.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/ci.yml (1)

49-56: Job setup looks good, but consider adding job dependency.

The checkout configuration with fetch-depth: 0 is correct for comprehensive SonarCloud analysis. However, the sonarcloud job runs independently and in parallel with the test job. Consider adding needs: test to ensure tests pass before running the analysis, or keep the current parallel execution if faster feedback is preferred.

Optional: Add job dependency to ensure tests pass first

  sonarcloud:
    name: SonarCloud Analysis
    runs-on: ubuntu-latest
+   needs: test
    steps:

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 700471c and 4275e86.

📒 Files selected for processing (2)

• .github/workflows/ci.yml
• sonar-project.properties

🔇 Additional comments (7)

.github/workflows/ci.yml (2)

58-68: Setup and coverage generation are correct.

The Node.js setup and dependency installation follow standard patterns. Running tests with coverage in this job is necessary since the sonarcloud job executes independently. The coverage duplication with the test job (line 37-39) is acceptable for parallel execution.

---

70-74: [Rewritten comment]
[Classification tag]

sonar-project.properties (5)

1-3: Verify project key and organization match SonarCloud setup.

Ensure that sonar.projectKey=abdullahmujahidali_Cellify and sonar.organization=abdullahmujahidali exactly match the configuration in your SonarCloud account, as mismatches will cause the scan to fail.

---

13-17: Exclusions and test inclusions are correctly configured.

The exclusion patterns appropriately filter out build artifacts (dist), dependencies (node_modules), coverage reports, and WASM build output. Test file patterns (**/*.test.ts, **/*.spec.ts) are correctly identified for test coverage analysis.

---

5-7: Ensure project version in sonar-project.properties matches package.json.

The sonar.projectVersion=0.3.0 should align with the version specified in package.json to maintain consistency across the project.

---

19-24: Verify coverage report path matches test output.

The LCOV report paths point to coverage/lcov.info. Ensure your test configuration (likely in jest.config.js or similar) generates the coverage report at this exact path.

---

9-11: Verify test directory path is correct.

Ensure the sonar.tests=tests directory exists. Some projects use test (singular) or co-locate tests with source files. Verify this matches your actual project structure.