-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy path.codacy.yml
More file actions
55 lines (53 loc) · 2.53 KB
/
.codacy.yml
File metadata and controls
55 lines (53 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Codacy Static Analysis Configuration
# Aligns Codacy's analysis with the project's existing shellcheck and quality settings.
#
# Reference: https://docs.codacy.com/repositories-configure/codacy-configuration-file/
#
# Root cause context (GH#4346, GH#4696):
# - Codacy flagged SC2086 (unquoted variable) in code that was being REMOVED by a PR fix.
# - "not_collected" reports were a failure-miner misclassification, not a Codacy issue.
# Codacy's action_required conclusion (= "issues found") was treated as a CI failure
# by gh-failure-miner-helper.sh. Fixed in GH#4696.
# - This config excludes archived/ (same as CI shellcheck) and aligns tool settings.
#
# Quality gate settings (GH#4910, t1489):
# - PR and commit gates: max 10 new issues, minimum severity Warning.
# - Rationale: gate was set to 0 max new issues, which tripped 4x during extract-function
# refactoring. New helper functions count as added complexity; subprocess calls in new
# functions count as new Bandit warnings. Project grade stays A throughout — these are
# not real regressions. Threshold raised to 10 Warning+ to absorb refactoring noise
# while still blocking genuine security/error issues.
# - Gate settings are managed via Codacy API (not this file). This comment documents the
# rationale so the setting is not silently reverted to 0 in the dashboard.
# API endpoint: PUT /api/v3/organizations/gh/marcusquinn/repositories/aidevops/settings/quality/pull-requests
# Current value: {"issueThreshold":{"threshold":10,"minimumSeverity":"Warning"}}
---
engines:
shellcheck:
enabled: true
semgrep:
enabled: true
trivy:
enabled: true
pylint:
enabled: true
eslint:
enabled: true
exclude_paths:
# Archived code is versioned for reference but not actively maintained.
# Matches the shellcheck exclusion in .github/workflows/code-quality.yml.
- "archived/**"
# Generated/vendor files
- "node_modules/**"
- ".git/**"
# Config templates (not executable code)
- "configs/*.json.txt"
# Transitional split of legacy playwright-automator logic (issue #4905):
# these modules currently preserve inherited complexity/taint patterns while
# functionality is being decomposed; keep them out of Codacy gates until
# follow-up hardening and complexity reductions are completed.
- ".agents/scripts/higgsfield/higgsfield-common.mjs"
- ".agents/scripts/higgsfield/higgsfield-api.mjs"
- ".agents/scripts/higgsfield/higgsfield-image.mjs"
- ".agents/scripts/higgsfield/higgsfield-video.mjs"
- ".agents/scripts/higgsfield/higgsfield-commands.mjs"