Chore/init sonarqube

.github/workflows/sonar.yaml

@@ -0,0 +1,42 @@
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+name: Sonar
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 25
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: 25
+          overwrite-settings: false
+      - name: Cache SonarQube packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-maven
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        run: |
+          mkdir -p src/test/resources
+          echo ${{ secrets.APPLICATION_TEST_PROPERTIES }} | base64 -d > src/test/resources/application-test.properties
+          mvn clean verify sonar:sonar -Dsonar.qualitygate.wait=true

README.md

@@ -127,6 +127,44 @@ Tests use **Testcontainers** to spin up ephemeral Docker containers for external
 
 > **Prerequisite for tests**: Docker must be installed and running.
 
+---
+
+## 🔎 Code Quality (SonarQube)
+
+A GitHub Actions workflow is configured in:
+
+```bash
+.github/workflows/sonar.yaml
+```
+
+### Workflow triggers
+
+- `push` on all branches
+- `pull_request`
+
+### What it runs
+
+- Java 25 setup (Temurin)
+- Maven build + tests + SonarQube analysis:
+
+```bash
+mvn clean verify sonar:sonar
+```
+
+### Generate the JaCoCo coverage report locally
+
+Run:
+
+```bash
+./mvnw clean verify
+```
+
+Generated reports:
+
+- HTML report: `target/site/jacoco/index.html`
+- XML report (used by SonarQube): `target/site/jacoco/jacoco.xml`
+
+
 ---
 
 ## 📁 Project structure
@@ -156,7 +194,7 @@ This project consumes the public **Random User Generator** API:
 
 ## ✅ Todo
 
-- [ ] [Add Sonarqube in the project](https://github.com/XPEHO/spring_boot_java_random_user/issues/2)
+- [x] [Add Sonarqube in the project](https://github.com/XPEHO/spring_boot_java_random_user/issues/2)
 - [ ] [Add PostgreSQL database with docker](https://github.com/XPEHO/spring_boot_java_random_user/issues/6)
 - [ ] [Add this endpoint get /user/random](https://github.com/XPEHO/spring_boot_java_random_user/issues/5)
 - [ ] [Add this endpoint get /user/{id}](https://github.com/XPEHO/spring_boot_java_random_user/issues/8)

pom.xml

@@ -28,6 +28,8 @@
 	</scm>
 	<properties>
 		<java.version>25</java.version>
+		<sonar.coverage.exclusions>**/*Application.java</sonar.coverage.exclusions>
+		<sonar.coverage.jacoco.xmlReportPaths>${project.build.directory}/site/jacoco/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
 	</properties>
 	<dependencies>
 		<dependency>
@@ -92,6 +94,25 @@
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>
+			<plugin>
+				<groupId>org.jacoco</groupId>
+				<artifactId>jacoco-maven-plugin</artifactId>
+				<version>0.8.14</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>prepare-agent</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>report</id>
+						<phase>verify</phase>
+						<goals>
+							<goal>report</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>