diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
new file mode 100644
index 0000000..7b02547
--- /dev/null
+++ b/.github/workflows/sonar.yaml
@@ -0,0 +1,42 @@
+on:
+ push:
+ branches:
+ - '**'
+ pull_request:
+ types: [opened, synchronize, reopened]
+
+name: Sonar
+jobs:
+ sonarqube:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+ - name: Set up JDK 25
+ uses: actions/setup-java@v4
+ with:
+ distribution: "temurin"
+ java-version: 25
+ overwrite-settings: false
+ - name: Cache SonarQube packages
+ uses: actions/cache@v4
+ with:
+ path: ~/.sonar/cache
+ key: ${{ runner.os }}-sonar
+ restore-keys: ${{ runner.os }}-sonar
+ - name: Cache Maven packages
+ uses: actions/cache@v4
+ with:
+ path: ~/.m2/repository
+ key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+ restore-keys: ${{ runner.os }}-maven
+ - name: Build and analyze
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+ run: |
+ mkdir -p src/test/resources
+ echo ${{ secrets.APPLICATION_TEST_PROPERTIES }} | base64 -d > src/test/resources/application-test.properties
+ mvn clean verify sonar:sonar -Dsonar.qualitygate.wait=true
diff --git a/README.md b/README.md
index a901edd..02b7578 100644
--- a/README.md
+++ b/README.md
@@ -127,6 +127,44 @@ Tests use **Testcontainers** to spin up ephemeral Docker containers for external
> **Prerequisite for tests**: Docker must be installed and running.
+---
+
+## 🔎 Code Quality (SonarQube)
+
+A GitHub Actions workflow is configured in:
+
+```bash
+.github/workflows/sonar.yaml
+```
+
+### Workflow triggers
+
+- `push` on all branches
+- `pull_request`
+
+### What it runs
+
+- Java 25 setup (Temurin)
+- Maven build + tests + SonarQube analysis:
+
+```bash
+mvn clean verify sonar:sonar
+```
+
+### Generate the JaCoCo coverage report locally
+
+Run:
+
+```bash
+./mvnw clean verify
+```
+
+Generated reports:
+
+- HTML report: `target/site/jacoco/index.html`
+- XML report (used by SonarQube): `target/site/jacoco/jacoco.xml`
+
+
---
## 📁 Project structure
@@ -156,7 +194,7 @@ This project consumes the public **Random User Generator** API:
## ✅ Todo
-- [ ] [Add Sonarqube in the project](https://github.com/XPEHO/spring_boot_java_random_user/issues/2)
+- [x] [Add Sonarqube in the project](https://github.com/XPEHO/spring_boot_java_random_user/issues/2)
- [ ] [Add PostgreSQL database with docker](https://github.com/XPEHO/spring_boot_java_random_user/issues/6)
- [ ] [Add this endpoint get /user/random](https://github.com/XPEHO/spring_boot_java_random_user/issues/5)
- [ ] [Add this endpoint get /user/{id}](https://github.com/XPEHO/spring_boot_java_random_user/issues/8)
diff --git a/pom.xml b/pom.xml
index fb16c48..bac59da 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,6 +28,8 @@
25
+ **/*Application.java
+ ${project.build.directory}/site/jacoco/jacoco.xml
@@ -92,6 +94,25 @@
org.springframework.boot
spring-boot-maven-plugin
+
+ org.jacoco
+ jacoco-maven-plugin
+ 0.8.14
+
+
+
+ prepare-agent
+
+
+
+ report
+ verify
+
+ report
+
+
+
+