fix(sonar): pin maturin-action SHA, use logger.exception, exclude benchmarks/

nikolay-e · nikolay-e · commit 4c28826bd34c · 2026-05-15T22:53:56.000+02:00
Address SonarCloud Quality Gate failures on v1.6.1-prep commits: - 2x githubactions:S7637 (TO_REVIEW hotspots) - pin PyO3/maturin-action in cd.yml to commit SHA e83996d (v1.51.0) instead of the floating @v1. - 7x python:S8572 'Use logging.exception() instead' across tree.py, writer.py, treemapper.py - drops the explicit exception arg from logger.error(...) calls in except blocks; logging.exception captures the traceback automatically and is the documented idiom. - 1x python:S8513 in tests/test_basic.py - collapse chained .startswith(a) or .startswith(b) into the tuple form .startswith((a, b)). - Restore sonar-project.properties with sonar.exclusions=benchmarks/**, diffctx/**, etc - paper-track scaffolding is not shipped in the CLI release and should not gate it. This also lifts the C Reliability rating (the 3 outstanding BUG findings live in benchmarks/) and resolves text:S8565 (lock file missing - irrelevant for the CLI wheel distribution path).
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -213,7 +213,7 @@ jobs:
           python-version: '3.12'
 
       - name: Build wheel via maturin
-        uses: PyO3/maturin-action@v1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b  # v1.51.0
         with:
           working-directory: ./repo
           target: ${{ matrix.maturin_target }}
@@ -256,7 +256,7 @@ jobs:
           python-version: '3.12'
 
       - name: Build sdist via maturin
-        uses: PyO3/maturin-action@v1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b  # v1.51.0
         with:
           working-directory: ./repo
           command: sdist
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,14 @@
+sonar.projectKey=nikolay-e_TreeMapper
+sonar.organization=nikolay-e
+
+sonar.sources=src
+sonar.tests=tests
+
+# Paper-track scaffolding — not shipped in the CLI release, excluded from
+# code-quality analysis to keep the gate focused on `src/` (treemapper itself).
+sonar.exclusions=benchmarks/**,diffctx/**,scripts/**,docs/**,**/test-repos/**,**/results/**
+sonar.test.exclusions=tests/test_benchmark_*.py,tests/framework/**
+
+sonar.python.coverage.reportPaths=coverage.xml
+sonar.python.xunit.reportPath=test-results.xml
+sonar.python.version=3.10,3.11,3.12,3.13
diff --git a/src/treemapper/tree.py b/src/treemapper/tree.py
@@ -190,8 +190,8 @@ def _create_node(entry: Path, ctx: TreeBuildContext, current_depth: int, is_dir:
             node["content"] = _read_file_content(entry, ctx.max_file_bytes)
 
         return node
-    except OSError as e:
-        logger.error("Failed to create node for %s: %s", entry.name, e)
+    except OSError:
+        logger.exception("Failed to create node for %s", entry.name)
         return None
 
 
@@ -274,6 +274,6 @@ def _read_file_content(file_path: Path, max_file_bytes: int | None) -> str:
     except UnicodeDecodeError:
         logger.error("Cannot decode %s as UTF-8. Marking as unreadable.", file_path.name)
         return "<unreadable content: not utf-8>\n"
-    except OSError as e:
-        logger.error("Could not read %s: %s", file_path.name, e)
+    except OSError:
+        logger.exception("Could not read %s", file_path.name)
         return "<unreadable content>\n"
diff --git a/src/treemapper/treemapper.py b/src/treemapper/treemapper.py
@@ -40,8 +40,8 @@ def _build_diff_tree(args: ParsedArgs) -> dict[str, Any]:
             whitelist_file=args.whitelist_file,
             scoring_mode=getattr(args, "scoring", "ego"),
         )
-    except RuntimeError as e:
-        logger.error("%s", e)
+    except RuntimeError:
+        logger.exception("diff context build failed")
         sys.exit(1)
 
 
@@ -130,8 +130,8 @@ def _handle_clipboard(output_content: str, args: ParsedArgs) -> bool:
         if not args.quiet:
             print("Copied to clipboard", file=sys.stderr)
         return True
-    except ClipboardError as e:
-        logger.error("Clipboard unavailable: %s", e)
+    except ClipboardError:
+        logger.exception("Clipboard unavailable")
         return False
 
 
@@ -147,8 +147,8 @@ def _handle_output_file(output_content: str, args: ParsedArgs) -> None:
     except IsADirectoryError:
         logger.error("'%s' is a directory", args.output_file)
         sys.exit(1)
-    except OSError as e:
-        logger.error("Cannot write '%s': %s", args.output_file, e)
+    except OSError:
+        logger.exception("Cannot write '%s'", args.output_file)
         sys.exit(1)
 
 
diff --git a/src/treemapper/writer.py b/src/treemapper/writer.py
@@ -361,10 +361,10 @@ def _write_to_file_path(output_file: Path, writer: Callable[[TextIO], None]) ->
     try:
         fd_int, tmp_path = tempfile.mkstemp(dir=output_file.parent, suffix=".tmp")
     except PermissionError:
-        logger.error("Unable to write to file '%s': permission denied", output_file)
+        logger.exception("Unable to write to file '%s': permission denied", output_file)
         raise
-    except OSError as e:
-        logger.error("Unable to write to file '%s': %s", output_file, e)
+    except OSError:
+        logger.exception("Unable to write to file '%s'", output_file)
         raise
     try:
         with open(fd_int, "w", encoding="utf-8") as f:
@@ -374,11 +374,11 @@ def _write_to_file_path(output_file: Path, writer: Callable[[TextIO], None]) ->
         os.replace(tmp_path, output_file)
     except PermissionError:
         Path(tmp_path).unlink(missing_ok=True)
-        logger.error("Unable to write to file '%s': permission denied", output_file)
+        logger.exception("Unable to write to file '%s': permission denied", output_file)
         raise
-    except OSError as e:
+    except OSError:
         Path(tmp_path).unlink(missing_ok=True)
-        logger.error("Unable to write to file '%s': %s", output_file, e)
+        logger.exception("Unable to write to file '%s'", output_file)
         raise
     except BaseException:
         Path(tmp_path).unlink(missing_ok=True)
diff --git a/tests/test_basic.py b/tests/test_basic.py
@@ -278,8 +278,8 @@ def test_unicode_content_and_encoding_errors(temp_project, run_mapper, caplog):
     assert binary_node is not None, "'binary.bin' not found"
     binary_content = binary_node.get("content", "")
     assert isinstance(binary_content, str)
-    assert binary_content.startswith("<unreadable content") or binary_content.startswith(
-        "<binary file:"
+    assert binary_content.startswith(
+        ("<unreadable content", "<binary file:")
     ), f"Binary file should be marked unreadable or binary, got: {binary_content!r}"
 
 
