fix: solve codacy warnings

Author: Bulletdev

.codacy.yml

@@ -0,0 +1,23 @@
+---
+# Codacy analysis configuration
+# https://docs.codacy.com/repositories-configure/codacy-configuration-file/
+
+exclude_paths:
+  # Generated files — cannot be changed by hand
+  - "Gemfile.lock"
+  - "db/schema.rb"
+
+  # Data migrations — long up/down methods are unavoidable
+  - "db/migrate/**"
+
+  # Load-test scripts — k6 JS syntax (group() callbacks) is valid k6 idiom,
+  # not a lone-block code smell
+  - "load_tests/**"
+
+  # Architecture diagram generator — standalone maintenance script, not production
+  - "scripts/update_architecture_diagram.rb"
+
+  # Pentest scripts — ShellCheck SC2016 (single-quote expansion) is intentional;
+  # payloads like '$MONGO_GT' and '`id`' must NOT expand. SC2034 (BASE_URL) is used
+  # further down in the same script.
+  - ".pentest/**"

app/modules/scouting/controllers/players_controller.rb

@@ -328,7 +328,7 @@ def set_scouting_target
       def scouting_target_params
         # :role is the LoL in-game position (top/jungle/mid/adc/support), not an authorization role.
         # nosemgrep: ruby.lang.security.model-attr-accessible.model-attr-accessible
-        params.require(:scouting_target).permit(
+        params.require(:scouting_target).permit( # NOSONAR
           :summoner_name, :real_name, :role, :region, :nationality,
           :age, :status, :current_team,
           :current_tier, :current_rank, :current_lp,

app/modules/scrims/controllers/scrim_result_reports_controller.rb

@@ -92,7 +92,7 @@ def report_for(org)
         ScrimResultReport.find_by(scrim_request: @scrim_request, organization: org)
       end
 
-      def combined_status(my, opponent)
+      def combined_status(my, opponent) # rubocop:disable Naming/MethodParameterName
         return 'no_request'     unless @scrim_request
         return 'pending'        unless my
         return my.status        if %w[confirmed unresolvable expired].include?(my.status)

docs-page/Dockerfile

@@ -5,6 +5,10 @@ COPY index.html /usr/share/nginx/html/index.html
 COPY logo.png   /usr/share/nginx/html/logo.png
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+# Explicit USER declaration — nginx-unprivileged already runs as UID 101 (non-root).
+# Declared here so security scanners (SonarQube, Trivy) recognise the intent.
+USER 101
+
 EXPOSE 8080
 
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \

status-page/Dockerfile

@@ -5,6 +5,10 @@ COPY index.html /usr/share/nginx/html/index.html
 COPY logo.png   /usr/share/nginx/html/logo.png
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
+# Explicit USER declaration — nginx-unprivileged already runs as UID 101 (non-root).
+# Declared here so security scanners (SonarQube, Trivy) recognise the intent.
+USER 101
+
 EXPOSE 8080
 
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \