Feature: Integrate SonarCloud (#17)

* feat(workflows): add sonarqube workflow for ci/cd

* feat(workflows): create sonar-project.properties for sonarcloud setup

Add initial SonarCloud configuration for the project

* feat(workflows): add quality gate status badge to README

* fix(workflows): potential fix for code scanning alert no. 10

workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: rmottanet

.github/workflows/sonar.yml

@@ -0,0 +1,21 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+permissions:
+  contents: read
+jobs:
+  sonarqube:
+    name: SonarQube
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

README.md

@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=rmottanet_gitnap&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=rmottanet_gitnap)
+
 # GitNap: Bash Script Collection
 
 ## ctrl+s :v:

sonar-project.properties

@@ -0,0 +1,14 @@
+sonar.projectKey=rmottanet_gitnap
+sonar.organization=rmottanet
+
+
+# This is the name and version displayed in the SonarCloud UI.
+#sonar.projectName=gitnap
+#sonar.projectVersion=1.0
+
+
+# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
+#sonar.sources=.
+
+# Encoding of the source code. Default is default system encoding
+#sonar.sourceEncoding=UTF-8