Skip to content

Black Duck integration and CI/SonarQube updates #303

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nikhil2611 merged 5 commits into from
Nov 13, 2025
Merged

Black Duck integration and CI/SonarQube updates #303

nikhil2611 merged 5 commits into from
Nov 13, 2025

Conversation

@nikhil2611
Copy link
Contributor

@nikhil2611 nikhil2611 commented Sep 16, 2025

This pull request introduces a new GitHub Actions workflow stub for continuous integration (CI) on the main branch and updates the SonarQube project configuration. The main goals are to standardize CI checks using a shared workflow and to enhance SonarQube settings with improved metadata, language targeting, and documentation.

Description

This pull request introduces a new GitHub Actions workflow stub for CI on the main branch and significantly updates the SonarQube configuration. The changes improve CI/CD automation, security, and code quality analysis by centralizing and clarifying workflow parameters and enhancing SonarQube project metadata and settings.

Continuous Integration Workflow Enhancements:

  • Added .github/workflows/ci-main-pull-request-stub.yml as a reusable workflow stub to standardize CI checks on pull requests and pushes to main and chef-cli-5 branches, integrating security scans (Trivy, Trufflehog, BlackDuck Polaris), SonarQube analysis, SBOM generation, and more. The stub forwards relevant secrets and parameters to a central workflow and includes detailed documentation for each input.

SonarQube Configuration Improvements:

  • Refactored sonar-project.properties to provide clearer documentation, updated the project name to a standardized format (Chef_Chef-Agents_chef-cli), explicitly set the language to Ruby, and specified source (lib) and test (spec) directories. Additional comments guide future configuration for coverage, Rubocop, and SARIF reports.

Related Issue

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

  • I have read the CONTRIBUTING document.
  • I have run the pre-merge tests locally and they pass.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
  • All new and existing tests passed.
  • All commits have been signed-off for the Developer Certificate of Origin.

@nikhil2611 nikhil2611 requested review from a team as code owners September 16, 2025 10:24
@nikhil2611 nikhil2611 changed the title Nikhil/enable blackduck sca Black Duck integration and CI/SonarQube updates Sep 16, 2025
@github-actions
Copy link

github-actions bot commented Sep 16, 2025

Simplecov Report

Covered Threshold
98.51% 90%

@sonarqube-for-infrastructure-prod
Copy link

sonarqube-for-infrastructure-prod bot commented Nov 12, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@nikhil2611
updating blackduck config
771e4ab 
Signed-off-by: nikhil2611 <[email protected]>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 13, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
2 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@nikhil2611 nikhil2611 added the Expeditor: Skip All Used to skip all merge_actions. label Nov 13, 2025
@nikhil2611 nikhil2611 merged commit da4ace0 into main Nov 13, 2025
33 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashiqueps ashiqueps ashiqueps approved these changes

@sanjain-progress sanjain-progress sanjain-progress approved these changes

Assignees

No one assigned

Labels

Expeditor: Skip All Used to skip all merge_actions.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nikhil2611 @ashiqueps @sanjain-progress