Migration from code climate to QLTY (#531)

## Changes
- Migration from Code Climate to QLTY
- Badge updates
- Residual cleanup

## Checklist
<!-- Put an `x` in the boxes. All tasks must be completed and boxes
checked before merging. -->
- [ ] 🤖 This change is covered by unit tests (if applicable).
- [ ] 🤹 Manual testing has been performed (if necessary).
- [x] 🛡️ Security impacts have been considered (if relevant).
- [ ] 📖 Documentation updates are complete (if required).
- [ ] 🧠 Third-party dependencies and TPIP updated (if required).

Author: soumeh01

.github/workflows/test.yml

@@ -165,16 +165,14 @@ jobs:
         if: always()
         run: |
           go-junit-report -set-exit-code -in build/cpackgettests-${{ matrix.goos }}-amd64.txt -iocopy -out build/cpackget-testreport-${{ matrix.goos }}-amd64.xml
-
-      - name: Publish coverage report to Code Climate
+ 
+      - name: Publish coverage report to QLTY
         if: ${{ startsWith(matrix.runs-on, 'ubuntu') && (github.workflow != 'Release') }}
-        uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0
-        env:
-          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
+        uses: qltysh/qlty-action/coverage@f13b3559771beedd11e68b03d49512f3c21a75ba # v1
         with:
-          debug: true
-          coverageLocations: ./cover.out:gocov
-          prefix: github.com/open-cmsis-pack/cpackget
+          token: ${{ secrets.QLTY_COVERAGE_TOKEN }}
+          files: ./cover.out
+          strip-prefix: github.com/open-cmsis-pack/cpackget
 
       - name: Archive unit test results
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

.qlty/qlty.toml

@@ -0,0 +1,74 @@
+# Configuration version for compatibility with the tool
+config_version = "0"
+
+# Glob patterns to exclude from analysis (e.g., build artifacts and dependencies)
+exclude_patterns = [
+    "scripts/**",
+    ".github/**",
+    "testdata/**",
+    "**/*_test.go"
+]
+
+# Glob patterns to identify test files
+test_patterns = [
+    "**/*_test.go"         # Match go test files
+]
+
+# === Smells Configuration ===
+# Controls how detected code smells are reported
+[smells]
+mode = "comment"          # Adds comments in code or PRs to report smells
+
+# === Source Configuration ===
+# Defines a code source for analysis
+[[source]]
+name = "default"          # Name of the source
+default = true            # Marks this as the default source to scan
+
+# === Individual Code Smell Toggles ===
+# Enables or disables detection of specific code smells
+
+[smells.similar_code]
+enabled = true            # Detects similar (but not identical) code blocks
+
+[smells.duplication]
+enabled = true            # Detects duplication of code blocks
+
+[smells.identical_code]
+enabled = true            # Detects exact duplicate code blocks
+
+[smells.function_parameters]
+enabled = false           # Flags functions with too many parameters
+
+[smells.nested_control_flow]
+enabled = false           # Would flag deeply nested control flow (e.g., many if/else)
+
+[smells.file_complexity]
+enabled = false           # Would flag files with high overall complexity
+
+[smells.function_complexity]
+enabled = false           # Would flag individual functions that are too complex
+
+[smells.return_statements]
+enabled = false           # Would flag functions with multiple return paths
+
+[smells.boolean_logic]
+enabled = false           # Detects overly complex or nested boolean logic
+
+# === Plugins Section ===
+# Each plugin performs a specific type of analysis or linting
+
+[[plugin]]
+name = "actionlint"       # Validates GitHub Actions workflows
+
+[[plugin]]
+name = "osv-scanner"      # Scans for known vulnerabilities using OSV database
+
+[[plugin]]
+name = "ripgrep"          # Fast searching for pattern matching in codebase
+
+[[plugin]]
+name = "trivy"            # Scans for vulnerabilities in containers and dependencies
+
+[[plugin]]
+name = "trufflehog"       # Detects secrets and sensitive data in code

README.md

@@ -4,8 +4,8 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/open-cmsis-pack/cpackget)](https://goreportcard.com/report/github.com/open-cmsis-pack/cpackget)
 [![GoDoc](https://godoc.org/github.com/open-cmsis-pack/cpackget?status.svg)](https://godoc.org/github.com/open-cmsis-pack/cpackget)
 
-[![Maintainability](https://api.codeclimate.com/v1/badges/eea6cb90a9a1e39bcff7/maintainability)](https://codeclimate.com/github/Open-CMSIS-Pack/cpackget/maintainability)
-[![Test Coverage](https://api.codeclimate.com/v1/badges/eea6cb90a9a1e39bcff7/test_coverage)](https://codeclimate.com/github/Open-CMSIS-Pack/cpackget/test_coverage)
+[![Maintainability](https://qlty.sh/badges/f4b0ccfb-f90d-4410-985d-3363e144102a/maintainability.svg)](https://qlty.sh/gh/Open-CMSIS-Pack/projects/cpackget)
+[![Test Coverage](https://qlty.sh/badges/f4b0ccfb-f90d-4410-985d-3363e144102a/test_coverage.svg)](https://qlty.sh/gh/Open-CMSIS-Pack/projects/cpackget)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Open-CMSIS-Pack/cpackget/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Open-CMSIS-Pack/cpackget)
 
 # cpackget: Open-CMSIS-Pack Package Installer