sonar-project.properties

sonar.projectKey=ericsocrat_tryvit
sonar.organization=ericsocrat

# This is the name and version displayed in the SonarQube UI.
sonar.projectName=TryVit
sonar.projectVersion=1.0

# ─── Quality Gate: focus on new code first ──────────────────────────────────
# "Clean as You Code" — block regressions on new/changed lines,
# pay down legacy debt in targeted refactor PRs.
# Quality gate is BLOCKING — the sonarqube-quality-gate-action step in
# main-gate.yml will fail the workflow if the gate does not pass.
sonar.qualitygate.wait=true
sonar.newCode.referenceBranch=main

# ─── Source directories ─────────────────────────────────────────────────────
# Only scan code that benefits from static analysis.
# SQL pipeline INSERT data and Supabase migrations are excluded below.
sonar.sources=frontend/src,pipeline,db/qa,db/views,enrich_ingredients.py,fetch_off_category.py,validate_eans.py,check_enrichment_identity.py,check_pipeline_structure.py

# ─── Exclusions ─────────────────────────────────────────────────────────────
# Build artifacts, generated files, and SQL data pipelines.
# SQL INSERT/VALUES scripts produce ~2k false-positive "duplicate literal"
# warnings — SQL has no constant mechanism for inline seed data.
# PL/SQL data dictionary not configured — exclude SQL files from deep analysis
# to silence "Data Dictionary is not configured" warnings (see docs/SONAR.md).
sonar.exclusions=\
  **/__pycache__/**,\
  **/node_modules/**,\
  **/dist/**,\
  **/.next/**,\
  **/playwright-report/**,\
  **/test-results/**,\
  **/coverage/**,\
  **/*.test.ts,\
  **/*.test.tsx,\
  **/*.spec.ts,\
  db/pipelines/**,\
  db/migrations/**,\
  db/ci_post_pipeline.sql,\
  supabase/migrations/**,\
  frontend/.next/**,\
  frontend/next-env.d.ts,\
  frontend/tailwind.config.ts,\
  frontend/postcss.config.mjs,\
  frontend/next.config.mjs,\
  frontend/vitest.config.ts

# ─── Test files ─────────────────────────────────────────────────────────────
sonar.tests=frontend/src,frontend/e2e
sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts

# ─── Coverage ───────────────────────────────────────────────────────────────
sonar.javascript.lcov.reportPaths=frontend/coverage/lcov.info
sonar.coverage.exclusions=\
  frontend/src/app/sw.ts,\
  frontend/src/app/app/search/page.tsx,\
  frontend/src/app/app/scan/page.tsx,\
  frontend/src/app/app/categories/page.tsx,\
  frontend/src/app/app/categories/[slug]/page.tsx,\
  frontend/src/app/app/product/[id]/page.tsx,\
  pipeline/**/*.py,\
  enrich_ingredients.py,\
  fetch_off_category.py,\
  validate_eans.py,\
  check_enrichment_identity.py,\
  check_pipeline_structure.py

# ─── Language-specific settings ─────────────────────────────────────────────
sonar.python.version=3.12
sonar.javascript.node.maxspace=4096

# ─── PL/SQL: disable data-dictionary-dependent rules ────────────────────────
# We don't configure a DB connection for SonarCloud PL/SQL analysis.
# All SQL migration/pipeline files are excluded above; this setting
# silences the remaining "data dictionary not configured" info message.
sonar.plsql.file.suffixes=plsql,pkb,pks,pkg

# ─── Issue suppressions (false positives) ───────────────────────────────────
# S6819 (prefer <select>/<option> over ARIA roles): SearchAutocomplete.tsx
# implements a WAI-ARIA 1.2 combobox with role="listbox"/role="option" on
# custom elements — native <select>/<option> cannot be styled for this UX.
# S7770 (prefer String.raw for backslash escaping): middleware.ts matcher
# must be a plain string literal for Next.js static route analysis.
sonar.issue.ignore.multicriteria=waiAria,nextjsMatcher
sonar.issue.ignore.multicriteria.waiAria.ruleKey=typescript:S6819
sonar.issue.ignore.multicriteria.waiAria.resourceKey=**/SearchAutocomplete.tsx
sonar.issue.ignore.multicriteria.nextjsMatcher.ruleKey=typescript:S7770
sonar.issue.ignore.multicriteria.nextjsMatcher.resourceKey=**/middleware.ts

# ─── Encoding ───────────────────────────────────────────────────────────────
sonar.sourceEncoding=UTF-8