From 7431b9c375d9503cb7324b82f51c2acc88c3448d Mon Sep 17 00:00:00 2001 From: Hernan Date: Wed, 22 Oct 2025 19:10:33 -0300 Subject: [PATCH 01/12] Add SonarQube CI workflow and project configs Introduces a GitHub Actions workflow for SonarQube analysis on both backend and frontend. Adds SonarQube configuration files for backend and frontend projects to enable code quality and coverage reporting. Removes unnecessary .DS_Store files from various directories. --- .DS_Store | Bin 0 -> 8196 bytes .github/workflows/sonarqube.yaml | 59 ++++++++++++++++++ sonar-project.properties | 26 ++++++++ src/.DS_Store | Bin 0 -> 6148 bytes src/frontend/.DS_Store | Bin 0 -> 6148 bytes src/frontend/static/.DS_Store | Bin 0 -> 6148 bytes src/frontend/static/frontend/.DS_Store | Bin 0 -> 6148 bytes .../static/frontend/sonar-project.properties | 23 +++++++ 8 files changed, 108 insertions(+) create mode 100644 .DS_Store create mode 100644 .github/workflows/sonarqube.yaml create mode 100644 sonar-project.properties create mode 100644 src/.DS_Store create mode 100644 src/frontend/.DS_Store create mode 100644 src/frontend/static/.DS_Store create mode 100644 src/frontend/static/frontend/.DS_Store create mode 100644 src/frontend/static/frontend/sonar-project.properties diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..e8cad7d6f2e76e9389b175d422bfd53194ffa78e GIT binary patch literal 8196 zcmeHM&ubGw6#k}7H6>O8UV2;)N^?-GKd);|^(K@=@T6@Ln--I9Fl`PZbn(YO(5prC zUl8=_sqx1_Jcy?rJPTqG(VO_*%q06Zn*`acVqI}erePvIo0SjD=m-!o@sPDx)q z$mdJ7phR=&;KYc#cu=v(1@gG0A@@(se)`9W65s?P{BP9NXFFxb5jx97%M!+ga4)mtqNk&K> zU%xM0e&Oje(X)=!VsMn?WABgyn#mfLX;-RoHuqVPm|t=Uf9_=89oJlXVj@)r#l(4h zCKybiPPaoW>6C`+!n zyVssa9?5I+#?vi(o^77wkn~Etb64%}sEBzKP()$5(kz#PpvJfM1Wnj!Nkwh9cjI13 z=TY(DuaC#{R*HN{sego|rMCA7fbiGpU + -Dsonar.projectKey=omics-datascience_multiomix-backend + -Dsonar.organization=omics-datascience + + sonarqube-frontend: + name: SonarQube Frontend Analysis + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '20.x' + + - name: Install dependencies + run: npm --prefix src/frontend/static/frontend install + + - name: Run linter and type checks + run: npm --prefix src/frontend/static/frontend run check-all + + - name: SonarQube Scan - Frontend + uses: SonarSource/sonarqube-scan-action@v2 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} + SONAR_HOST_URL: https://sonarcloud.io + with: + projectBaseDir: src/frontend/static/frontend + args: > + -Dsonar.projectKey=omics-datascience_multiomix-frontend + -Dsonar.organization=omics-datascience diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 00000000..cce839c8 --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,26 @@ +# Backend Project Configuration +sonar.projectKey=omics-datascience_multiomix-backend +sonar.organization=omics-datascience + +# This is the name and version displayed in the SonarQube UI. +sonar.projectName=Multiomix Backend +sonar.projectVersion=1.0 + +# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. +sonar.sources=src + +# Exclude frontend, tests, migrations, and other non-backend code +sonar.exclusions=**/node_modules/**,**/frontend/static/frontend/**,**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc + +# Test files +sonar.tests=src +sonar.test.inclusions=**/tests/**,**/*_test.py,**/test_*.py + +# Python specific settings +sonar.python.version=3.7,3.8,3.9,3.10,3.11 + +# Coverage reports (if you generate them) +# sonar.python.coverage.reportPaths=src/.coverage + +# Encoding of the source code. Default is default system encoding +sonar.sourceEncoding=UTF-8 diff --git a/src/.DS_Store b/src/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..96e7622fed434b94faa13dd5b21f64e7be942f48 GIT binary patch literal 6148 zcmeHKJ5Izf5S@W7BGGI~gX9JY%G@BVLPePipe1~YU9v(@QQ$LBQgIYI&V$4Oc+cZS zM7W>|I=Si_WBBHaqz80B^NQFjJDh1(m(X^GFCqPX(ZslCArC(guT_Mqb zoZ{XqxsV$fu=6kbKO2@SZg}tMeZSN!H`HW5iowWpG zLdGUzG=v4B77Dab%_W9fIOaq4YcfVd3m47Bhvt>n#fzrZkv}AN(ZhNnaMnh)ddhc+o~ge|qq8?51MZ1Vz|1XQ?i0k!s?!A>jR#@aXX`*udU?9R{KeQ>)wBBImBoxY!M$1H!1S>OKfbat6hA|x0H27-ZL zAQ;#Q130rO)sbP0!9Xw&416=d{UJe#*|9S$TL*^H0swi9E&`jq1ap#OcI*t{fvBYd zEmgh6P)o;p^0@5S8CtriHy`Rx{%T&dJRS8@2^YI+KhZ{9cI*sUh3h39 P7#D#;NDRTi4jA|Za?~#$ literal 0 HcmV?d00001 diff --git a/src/frontend/static/.DS_Store b/src/frontend/static/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..092baa5ca1c49e5112d539eae2c3be191cedc1dc GIT binary patch literal 6148 zcmeHKJ5Izf5S@V)ibS&|4U$VJ_Xc4V8rpCGw1iKwOI8SKat2B&4#5$SxEAkuW)TrC zXg~ufnXpQ_+WtNLqa3gj)P%7I?&}30LW)_7U--c7?T`p z$H5R5h*~JnLe)zQwQ$TQ_p2QTLkk!6;zNDqP4S|6b>vUkU9>igJ{SlF#tdxRaLW7t z7{5%h$RCHqC>RI^{uu*0Y1(FvkMg_q%jfZ~O=xFm6#5NRAkasT01SAJ>}8|b6Lt92 Xj)Nhya6X3v;~|g>Ei6+`Q&A~-M-q%es%Yi z%juh@gzzE3Krj#t1Ovgq&J5tr7AX!4qYnmxfnea10XZKMnqYS94E5+hrzHSTp3y4M zrIrw%(4DhI&mot2n->pABPwv`;c8w+?cAY2?=)Fe(26B!Z e>7uPC(P5VzJ41;g^Xd+ahkz0iT`=$q47>x4c{l0+ literal 0 HcmV?d00001 diff --git a/src/frontend/static/frontend/sonar-project.properties b/src/frontend/static/frontend/sonar-project.properties new file mode 100644 index 00000000..637d635a --- /dev/null +++ b/src/frontend/static/frontend/sonar-project.properties @@ -0,0 +1,23 @@ +# Frontend Project Configuration +sonar.projectKey=omics-datascience_multiomix-frontend +sonar.organization=omics-datascience + +# This is the name and version displayed in the SonarQube UI. +sonar.projectName=Multiomix Frontend +sonar.projectVersion=1.0 + +# Path is relative to the sonar-project.properties file +sonar.sources=src + +# Exclude node_modules, build output, and test files from analysis +sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx + +# Test files +sonar.tests=src +sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx + +# TypeScript/JavaScript specific +sonar.javascript.lcov.reportPaths=coverage/lcov.info + +# Encoding of the source code +sonar.sourceEncoding=UTF-8 From 201035999cb42ecda26ec1093cdac57151c83950 Mon Sep 17 00:00:00 2001 From: Hernan Date: Wed, 22 Oct 2025 19:19:40 -0300 Subject: [PATCH 02/12] Update SonarQube workflow action versions Bump actions/checkout from v3 to v4 and SonarSource/sonarqube-scan-action from v2 to v6 in both backend and frontend analysis jobs for improved compatibility and security. --- .github/workflows/sonarqube.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml index 0ae8a2bf..7be531e8 100644 --- a/.github/workflows/sonarqube.yaml +++ b/.github/workflows/sonarqube.yaml @@ -13,12 +13,12 @@ jobs: name: SonarQube Backend Analysis runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - name: SonarQube Scan - Backend - uses: SonarSource/sonarqube-scan-action@v2 + uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} SONAR_HOST_URL: https://sonarcloud.io @@ -32,7 +32,7 @@ jobs: name: SonarQube Frontend Analysis runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis @@ -48,7 +48,7 @@ jobs: run: npm --prefix src/frontend/static/frontend run check-all - name: SonarQube Scan - Frontend - uses: SonarSource/sonarqube-scan-action@v2 + uses: SonarSource/sonarqube-scan-action@v6 env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} SONAR_HOST_URL: https://sonarcloud.io From e38cf8d3c268a3231280d1c178280d9d9bdecd3d Mon Sep 17 00:00:00 2001 From: Hernan Date: Thu, 23 Oct 2025 18:50:46 -0300 Subject: [PATCH 03/12] Update SonarQube config exclusions and comment test settings Expanded sonar.exclusions in both backend and frontend sonar-project.properties to cover additional directories and files. Commented out sonar.tests and sonar.test.inclusions to avoid issues with empty test sets. Added sonar.language=py to backend config. --- sonar-project.properties | 11 +++++++---- src/frontend/static/frontend/sonar-project.properties | 8 ++++---- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/sonar-project.properties b/sonar-project.properties index cce839c8..e8837918 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -10,11 +10,11 @@ sonar.projectVersion=1.0 sonar.sources=src # Exclude frontend, tests, migrations, and other non-backend code -sonar.exclusions=**/node_modules/**,**/frontend/static/frontend/**,**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc +sonar.exclusions=**/node_modules/**,**/frontend/**,**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc,**/.venv/**,**/staticfiles/**,**/static/frontend/** -# Test files -sonar.tests=src -sonar.test.inclusions=**/tests/**,**/*_test.py,**/test_*.py +# Test files (commented out to avoid empty test issues) +# sonar.tests=src +# sonar.test.inclusions=**/tests/**,**/*_test.py,**/test_*.py # Python specific settings sonar.python.version=3.7,3.8,3.9,3.10,3.11 @@ -24,3 +24,6 @@ sonar.python.version=3.7,3.8,3.9,3.10,3.11 # Encoding of the source code. Default is default system encoding sonar.sourceEncoding=UTF-8 + +# Language +sonar.language=py diff --git a/src/frontend/static/frontend/sonar-project.properties b/src/frontend/static/frontend/sonar-project.properties index 637d635a..614cd1cf 100644 --- a/src/frontend/static/frontend/sonar-project.properties +++ b/src/frontend/static/frontend/sonar-project.properties @@ -10,11 +10,11 @@ sonar.projectVersion=1.0 sonar.sources=src # Exclude node_modules, build output, and test files from analysis -sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx +sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx,**/webpack.config.js,**/rspack.config.js -# Test files -sonar.tests=src -sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx +# Test files (commented out to avoid empty test issues) +# sonar.tests=src +# sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx # TypeScript/JavaScript specific sonar.javascript.lcov.reportPaths=coverage/lcov.info From 146d30f19b394038c2c177bfcff89a19ab8ece0a Mon Sep 17 00:00:00 2001 From: Hernan Date: Thu, 23 Oct 2025 18:57:57 -0300 Subject: [PATCH 04/12] Improve SonarQube workflow and refine project config Added debug steps to SonarQube GitHub Actions workflow for both backend and frontend to show directory structure and file counts. Enabled verbose output for SonarQube scans. Updated sonar-project.properties to specify backend source directories and refined exclusions for more accurate analysis. --- .github/workflows/sonarqube.yaml | 26 ++++++++++++++++++++++++++ sonar-project.properties | 17 +++++------------ 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml index 7be531e8..5a063bdd 100644 --- a/.github/workflows/sonarqube.yaml +++ b/.github/workflows/sonarqube.yaml @@ -17,6 +17,19 @@ jobs: with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Debug - Show directory structure + run: | + echo "=== Current directory ===" + pwd + echo "=== Root files ===" + ls -la + echo "=== src/ directory ===" + ls -la src/ + echo "=== Python files count ===" + find src/ -name "*.py" -type f | grep -v __pycache__ | grep -v migrations | wc -l + echo "=== First 20 Python files ===" + find src/ -name "*.py" -type f | grep -v __pycache__ | grep -v migrations | head -20 + - name: SonarQube Scan - Backend uses: SonarSource/sonarqube-scan-action@v6 env: @@ -27,6 +40,7 @@ jobs: args: > -Dsonar.projectKey=omics-datascience_multiomix-backend -Dsonar.organization=omics-datascience + -Dsonar.verbose=true sonarqube-frontend: name: SonarQube Frontend Analysis @@ -47,6 +61,17 @@ jobs: - name: Run linter and type checks run: npm --prefix src/frontend/static/frontend run check-all + - name: Debug - Show frontend structure + run: | + echo "=== Frontend directory ===" + pwd + echo "=== Frontend src files ===" + ls -la src/frontend/static/frontend/ + echo "=== TypeScript files count ===" + find src/frontend/static/frontend/src -type f \( -name "*.ts" -o -name "*.tsx" \) | wc -l + echo "=== First 20 TypeScript files ===" + find src/frontend/static/frontend/src -type f \( -name "*.ts" -o -name "*.tsx" \) | head -20 + - name: SonarQube Scan - Frontend uses: SonarSource/sonarqube-scan-action@v6 env: @@ -57,3 +82,4 @@ jobs: args: > -Dsonar.projectKey=omics-datascience_multiomix-frontend -Dsonar.organization=omics-datascience + -Dsonar.verbose=true diff --git a/sonar-project.properties b/sonar-project.properties index e8837918..18c479d9 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -6,15 +6,11 @@ sonar.organization=omics-datascience sonar.projectName=Multiomix Backend sonar.projectVersion=1.0 -# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. -sonar.sources=src +# Path is relative to the sonar-project.properties file +sonar.sources=src/api_service,src/biomarkers,src/common,src/datasets_synchronization,src/differential_expression,src/feature_selection,src/genes,src/inferences,src/institutions,src/molecules_details,src/multiomics_intermediate,src/statistical_properties,src/tags,src/user_files,src/users,src/websockets -# Exclude frontend, tests, migrations, and other non-backend code -sonar.exclusions=**/node_modules/**,**/frontend/**,**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc,**/.venv/**,**/staticfiles/**,**/static/frontend/** - -# Test files (commented out to avoid empty test issues) -# sonar.tests=src -# sonar.test.inclusions=**/tests/**,**/*_test.py,**/test_*.py +# Exclude migrations, tests, cache, virtual env, and frontend +sonar.exclusions=**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc,**/.venv/**,**/staticfiles/**,**/node_modules/**,**/frontend/**,**/htmlcov/**,**/email/** # Python specific settings sonar.python.version=3.7,3.8,3.9,3.10,3.11 @@ -22,8 +18,5 @@ sonar.python.version=3.7,3.8,3.9,3.10,3.11 # Coverage reports (if you generate them) # sonar.python.coverage.reportPaths=src/.coverage -# Encoding of the source code. Default is default system encoding +# Encoding of the source code sonar.sourceEncoding=UTF-8 - -# Language -sonar.language=py From 9496d256aeebcef7042b4ba0d1e49718b8bdf84a Mon Sep 17 00:00:00 2001 From: Hernan Date: Thu, 23 Oct 2025 19:16:08 -0300 Subject: [PATCH 05/12] Split SonarQube workflow into backend and frontend Replaces the unified SonarQube workflow with separate workflows for backend and frontend analysis. Updates sonar-project.properties files for both backend and frontend to simplify source and exclusion patterns, and to clarify file inclusions for each project. --- .github/workflows/sonarqube-backend.yaml | 32 +++++++ .github/workflows/sonarqube-frontend.yaml | 48 +++++++++++ .github/workflows/sonarqube.yaml | 85 ------------------- sonar-project.properties | 21 ++--- .../static/frontend/sonar-project.properties | 18 ++-- 5 files changed, 94 insertions(+), 110 deletions(-) create mode 100644 .github/workflows/sonarqube-backend.yaml create mode 100644 .github/workflows/sonarqube-frontend.yaml delete mode 100644 .github/workflows/sonarqube.yaml diff --git a/.github/workflows/sonarqube-backend.yaml b/.github/workflows/sonarqube-backend.yaml new file mode 100644 index 00000000..4926980f --- /dev/null +++ b/.github/workflows/sonarqube-backend.yaml @@ -0,0 +1,32 @@ +name: SonarQube Backend Analysis +on: + push: + branches: + - main + - develop + - 'feature/**' + paths: + - 'src/**/*.py' + - 'sonar-project.properties' + - '.github/workflows/sonarqube-backend.yaml' + pull_request: + types: [opened, synchronize, reopened] + paths: + - 'src/**/*.py' + - 'sonar-project.properties' + - '.github/workflows/sonarqube-backend.yaml' + +jobs: + sonarqube-backend: + name: SonarQube Backend + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} + SONAR_HOST_URL: https://sonarcloud.io diff --git a/.github/workflows/sonarqube-frontend.yaml b/.github/workflows/sonarqube-frontend.yaml new file mode 100644 index 00000000..e75494dc --- /dev/null +++ b/.github/workflows/sonarqube-frontend.yaml @@ -0,0 +1,48 @@ +name: SonarQube Frontend Analysis +on: + push: + branches: + - main + - develop + - 'feature/**' + paths: + - 'src/frontend/static/frontend/src/**' + - 'src/frontend/static/frontend/sonar-project.properties' + - '.github/workflows/sonarqube-frontend.yaml' + pull_request: + types: [opened, synchronize, reopened] + paths: + - 'src/frontend/static/frontend/src/**' + - 'src/frontend/static/frontend/sonar-project.properties' + - '.github/workflows/sonarqube-frontend.yaml' + +jobs: + sonarqube-frontend: + name: SonarQube Frontend + runs-on: ubuntu-latest + defaults: + run: + working-directory: src/frontend/static/frontend + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '20.x' + + - name: Install dependencies + run: npm install + + - name: Run linter and type checks + run: npm run check-all + + - name: SonarQube Scan + uses: SonarSource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} + SONAR_HOST_URL: https://sonarcloud.io + with: + projectBaseDir: ${{ github.workspace }}/src/frontend/static/frontend diff --git a/.github/workflows/sonarqube.yaml b/.github/workflows/sonarqube.yaml deleted file mode 100644 index 5a063bdd..00000000 --- a/.github/workflows/sonarqube.yaml +++ /dev/null @@ -1,85 +0,0 @@ -name: SonarQube Analysis -on: - push: - branches: - - main - - develop - - 'feature/**' - pull_request: - types: [opened, synchronize, reopened] - -jobs: - sonarqube-backend: - name: SonarQube Backend Analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - - name: Debug - Show directory structure - run: | - echo "=== Current directory ===" - pwd - echo "=== Root files ===" - ls -la - echo "=== src/ directory ===" - ls -la src/ - echo "=== Python files count ===" - find src/ -name "*.py" -type f | grep -v __pycache__ | grep -v migrations | wc -l - echo "=== First 20 Python files ===" - find src/ -name "*.py" -type f | grep -v __pycache__ | grep -v migrations | head -20 - - - name: SonarQube Scan - Backend - uses: SonarSource/sonarqube-scan-action@v6 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} - SONAR_HOST_URL: https://sonarcloud.io - with: - projectBaseDir: . - args: > - -Dsonar.projectKey=omics-datascience_multiomix-backend - -Dsonar.organization=omics-datascience - -Dsonar.verbose=true - - sonarqube-frontend: - name: SonarQube Frontend Analysis - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: '20.x' - - - name: Install dependencies - run: npm --prefix src/frontend/static/frontend install - - - name: Run linter and type checks - run: npm --prefix src/frontend/static/frontend run check-all - - - name: Debug - Show frontend structure - run: | - echo "=== Frontend directory ===" - pwd - echo "=== Frontend src files ===" - ls -la src/frontend/static/frontend/ - echo "=== TypeScript files count ===" - find src/frontend/static/frontend/src -type f \( -name "*.ts" -o -name "*.tsx" \) | wc -l - echo "=== First 20 TypeScript files ===" - find src/frontend/static/frontend/src -type f \( -name "*.ts" -o -name "*.tsx" \) | head -20 - - - name: SonarQube Scan - Frontend - uses: SonarSource/sonarqube-scan-action@v6 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} - SONAR_HOST_URL: https://sonarcloud.io - with: - projectBaseDir: src/frontend/static/frontend - args: > - -Dsonar.projectKey=omics-datascience_multiomix-frontend - -Dsonar.organization=omics-datascience - -Dsonar.verbose=true diff --git a/sonar-project.properties b/sonar-project.properties index 18c479d9..1ea73282 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,22 +1,17 @@ -# Backend Project Configuration sonar.projectKey=omics-datascience_multiomix-backend sonar.organization=omics-datascience - -# This is the name and version displayed in the SonarQube UI. sonar.projectName=Multiomix Backend sonar.projectVersion=1.0 -# Path is relative to the sonar-project.properties file -sonar.sources=src/api_service,src/biomarkers,src/common,src/datasets_synchronization,src/differential_expression,src/feature_selection,src/genes,src/inferences,src/institutions,src/molecules_details,src/multiomics_intermediate,src/statistical_properties,src/tags,src/user_files,src/users,src/websockets - -# Exclude migrations, tests, cache, virtual env, and frontend -sonar.exclusions=**/migrations/**,**/tests/**,**/__pycache__/**,**/venv/**,**/*.pyc,**/.venv/**,**/staticfiles/**,**/node_modules/**,**/frontend/**,**/htmlcov/**,**/email/** +# Sources - scan everything in src/ +sonar.sources=src -# Python specific settings -sonar.python.version=3.7,3.8,3.9,3.10,3.11 +# Exclude frontend completely and other non-code files +sonar.exclusions=**/frontend/**,**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/** -# Coverage reports (if you generate them) -# sonar.python.coverage.reportPaths=src/.coverage +# Only scan Python files +sonar.inclusions=**/*.py -# Encoding of the source code +# Python settings +sonar.python.version=3.7,3.8,3.9,3.10,3.11 sonar.sourceEncoding=UTF-8 diff --git a/src/frontend/static/frontend/sonar-project.properties b/src/frontend/static/frontend/sonar-project.properties index 614cd1cf..d75c63e9 100644 --- a/src/frontend/static/frontend/sonar-project.properties +++ b/src/frontend/static/frontend/sonar-project.properties @@ -1,23 +1,17 @@ -# Frontend Project Configuration sonar.projectKey=omics-datascience_multiomix-frontend sonar.organization=omics-datascience - -# This is the name and version displayed in the SonarQube UI. sonar.projectName=Multiomix Frontend sonar.projectVersion=1.0 -# Path is relative to the sonar-project.properties file +# Sources - scan everything in src/ sonar.sources=src -# Exclude node_modules, build output, and test files from analysis -sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx,**/webpack.config.js,**/rspack.config.js +# Exclude build outputs and configs +sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/rspack.config.js,**/webpack.config.js -# Test files (commented out to avoid empty test issues) -# sonar.tests=src -# sonar.test.inclusions=**/*.test.ts,**/*.test.tsx,**/*.spec.ts,**/*.spec.tsx +# Only scan TypeScript and JavaScript files +sonar.inclusions=**/*.ts,**/*.tsx,**/*.js,**/*.jsx -# TypeScript/JavaScript specific +# TypeScript/JavaScript settings sonar.javascript.lcov.reportPaths=coverage/lcov.info - -# Encoding of the source code sonar.sourceEncoding=UTF-8 From 2a5f8f07aee8f29b41540913876e734c6306eec3 Mon Sep 17 00:00:00 2001 From: Hernan Date: Fri, 24 Oct 2025 10:38:10 -0300 Subject: [PATCH 06/12] Add SECURITY.md with SonarQube and code quality guide Introduces a comprehensive SECURITY.md in Spanish covering static analysis fundamentals, SonarQube Cloud setup, quality gates, profiles, rules, and best practices for the Multiomix project. This document serves as a reference for developers to ensure code quality and security using SonarQube. --- SECURITY.md | 936 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 936 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..7ab2d9fc --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,936 @@ +# 🛡️ Guía Completa de Calidad y Seguridad de Código + +> Fundamentos de análisis estático, configuración de SonarQube Cloud y mejores prácticas para el proyecto Multiomix + +--- + +## 📚 Tabla de Contenidos + +1. [Fundamentos de Calidad de Código](#-fundamentos-de-calidad-de-código) +2. [¿Qué es SonarQube?](#-qué-es-sonarqube) +3. [SonarQube Cloud vs Self-Hosted](#️-sonarqube-cloud-vs-self-hosted) +4. [Plan Gratuito de SonarQube Cloud](#-plan-gratuito-de-sonarqube-cloud) +5. [Análisis Automático vs Workflows](#-análisis-automático-vs-workflows) +6. [Configuración en Multiomix](#️-configuración-en-multiomix) +7. [Navegando SonarQube Cloud](#-navegando-sonarqube-cloud) +8. [Quality Gates](#-quality-gates) +9. [Quality Profiles](#-quality-profiles) +10. [Rules (Reglas)](#-rules-reglas) +11. [Mejores Prácticas](#-mejores-prácticas) + +--- + +## 🎯 Fundamentos de Calidad de Código + +### ¿Qué es SAST? + +**SAST** (Static Application Security Testing) es el análisis de **código fuente** sin ejecutarlo para encontrar vulnerabilidades de seguridad. + +``` +📝 Código Fuente → 🔍 Análisis Estático → 🚨 Vulnerabilidades Detectadas +``` + +**Características:** +- ✅ Se ejecuta **sin correr la aplicación** +- ✅ Detecta problemas **temprano** en el desarrollo +- ✅ Analiza **todo el código**, no solo lo que se ejecuta +- ❌ Puede generar **falsos positivos** +- ❌ No detecta problemas de **runtime** + +**Ejemplos de problemas que detecta:** +- 🔐 Inyección SQL +- 🔓 Credenciales hardcodeadas +- 🐛 Null pointer exceptions +- 🔒 Uso inseguro de criptografía +- 🚪 Path traversal vulnerabilities + +### ¿Qué es SCA? + +**SCA** (Software Composition Analysis) analiza las **dependencias de terceros** (librerías, frameworks) para detectar vulnerabilidades conocidas. + +``` +📦 package.json / requirements.txt → 🔍 SCA → ⚠️ Vulnerabilidades en dependencias +``` + +**Características:** +- ✅ Detecta **CVEs** (Common Vulnerabilities and Exposures) +- ✅ Monitorea **licencias** de librerías +- ✅ Rastrea **versiones desactualizadas** +- ✅ Automatizable en CI/CD + +**Ejemplos:** +- Detectar `django==2.0` con vulnerabilidad XSS conocida +- Alertar sobre `lodash` con prototype pollution +- Identificar licencias incompatibles (GPL vs MIT) + +### Diferencias SAST vs SCA + +| Aspecto | SAST | SCA | +|---------|------|-----| +| **Analiza** | Tu código fuente | Dependencias de terceros | +| **Detecta** | Bugs, code smells, vulnerabilidades | CVEs, licencias, versiones | +| **Cuándo** | Durante desarrollo | Durante desarrollo + build | +| **Ejemplos** | SonarQube, Checkmarx | Snyk, Dependabot, OWASP Dependency-Check | + +### 📊 Dimensiones de Calidad de Código + +SonarQube evalúa código en 7 dimensiones: + +1. **🐛 Bugs**: Errores que pueden causar comportamiento incorrecto +2. **🔒 Vulnerabilities**: Puntos débiles de seguridad +3. **🔥 Security Hotspots**: Código sensible que requiere revisión manual +4. **🧹 Code Smells**: Problemas de mantenibilidad (no bugs, pero mal código) +5. **✅ Coverage**: Porcentaje de código cubierto por tests +6. **📋 Duplications**: Código duplicado +7. **🏗️ Technical Debt**: Tiempo estimado para arreglar todos los issues + +--- + +## 🔍 ¿Qué es SonarQube? + +**SonarQube** es una plataforma de análisis continuo de calidad de código que: + +- 📝 Analiza **múltiples lenguajes** (Python, TypeScript, JavaScript, Java, etc.) +- 🔍 Detecta **bugs, vulnerabilidades y code smells** +- 📊 Genera **métricas** de calidad +- 🎯 Define **Quality Gates** (pasa/no pasa) +- 📈 Rastrea **evolución** en el tiempo +- 🔄 Se integra con **CI/CD** (GitHub Actions, Jenkins, etc.) + +### Componentes Principales + +``` +┌─────────────────────────────────────────────┐ +│ SonarQube Platform │ +├─────────────────────────────────────────────┤ +│ 1. Scanner (Analiza el código) │ +│ 2. Server (Procesa y almacena resultados) │ +│ 3. Database (PostgreSQL) │ +│ 4. Web UI (Visualización) │ +└─────────────────────────────────────────────┘ +``` + +--- + +## ☁️ SonarQube Cloud vs Self-Hosted + +### SonarQube Cloud (SaaS) + +**Pros:** +- ✅ **Sin infraestructura**: No necesitas servidores +- ✅ **Siempre actualizado**: Últimas features automáticamente +- ✅ **Fácil setup**: 5 minutos para empezar +- ✅ **Escalable**: SonarSource maneja la carga +- ✅ **Gratis para proyectos públicos** + +**Contras:** +- ❌ **Datos en la nube**: Tu código se analiza en servidores de SonarSource +- ❌ **Menos customización**: No puedes instalar plugins custom +- ❌ **Costo para proyectos privados**: Planes de pago para repos privados + +### SonarQube Self-Hosted (On-Premise) + +**Pros:** +- ✅ **Control total**: Tus datos en tu infraestructura +- ✅ **Plugins custom**: Puedes extender funcionalidad +- ✅ **Sin límites de LOC**: En proyectos privados (con licencia) +- ✅ **Integración interna**: Con LDAP, SSO, etc. + +**Contras:** +- ❌ **Requiere infraestructura**: Servidores, DB, mantenimiento +- ❌ **Actualizaciones manuales**: Tú gestionas upgrades +- ❌ **Costo inicial**: Licencias, servidores, DevOps +- ❌ **Complejidad**: Más difícil de configurar y mantener + +### Comparación Rápida + +| Característica | Cloud | Self-Hosted | +|----------------|-------|-------------| +| **Setup** | 5 min | Días/semanas | +| **Mantenimiento** | ☁️ SonarSource | 👨‍💻 Tu equipo | +| **Costo inicial** | $0 (público) | $$$$ | +| **Escalabilidad** | ♾️ Automática | 📈 Manual | +| **Datos** | ☁️ Nube | 🏢 On-premise | +| **Plugins** | ❌ Solo oficiales | ✅ Cualquiera | +| **Ideal para** | Proyectos públicos, startups | Empresas, datos sensibles | + +--- + +## 💎 Plan Gratuito de SonarQube Cloud + +### ✅ Lo que INCLUYE (Gratis) + +Para **proyectos públicos en GitHub**: + +- ✅ **Análisis ilimitado** de código +- ✅ **LOC ilimitadas** (Lines of Code) +- ✅ **Todos los lenguajes** soportados (28+) +- ✅ **Pull Request decoration** (comentarios en PRs) +- ✅ **Quality Gates** +- ✅ **Security Hotspots** +- ✅ **Métricas históricas** +- ✅ **Integración con GitHub Actions** +- ✅ **Múltiples ramas** (main, develop, features) +- ✅ **Usuarios ilimitados** +- ✅ **Proyectos públicos ilimitados** + +### ❌ Lo que NO incluye (Requiere pago) + +- ❌ **Proyectos privados** (necesitas plan Developer+) +- ❌ **Branch analysis avanzado** en privados +- ❌ **Portfolio management** +- ❌ **SLA garantizado** +- ❌ **Soporte prioritario** + +### 💰 Planes de Pago (para privados) + +| Plan | Precio | LOC | Ideal para | +|------|--------|-----|------------| +| **Free** | $0 | Ilimitado | Proyectos públicos | +| **Developer** | ~$10/mes | 100K LOC | Pequeños equipos | +| **Enterprise** | Custom | Ilimitado | Grandes empresas | + +> 💡 **Tip**: Para proyectos open source o educativos, **siempre usa el repo público** para aprovechar el plan gratuito. + +--- + +## ⚖️ Análisis Automático vs Workflows + +### 🤖 Análisis Automático + +SonarQube Cloud puede analizar **automáticamente** tu código cada vez que haces push (sin configurar nada). + +**Cómo funciona:** +1. Conectas tu repo GitHub a SonarQube Cloud +2. Activas "Automatic Analysis" +3. Cada push → SonarQube analiza automáticamente + +**Pros:** +- ✅ **Cero configuración** inicial +- ✅ **Funciona inmediatamente** +- ✅ **Sin archivos de config** en el repo +- ✅ **No consume minutos de GitHub Actions** + +**Contras:** +- ❌ **Menos control**: No puedes customizar el análisis +- ❌ **Sin build steps**: No puede analizar código compilado +- ❌ **Sin coverage**: No puede procesar reportes de tests +- ❌ **Análisis básico**: Solo analiza archivos fuente directamente +- ❌ **No funciona bien con monorepos**: Difícil filtrar backend/frontend + +### 🔧 Workflows de GitHub Actions + +Configuras tu propio workflow de CI/CD para ejecutar el análisis. + +**Cómo funciona:** +1. Creas `.github/workflows/sonarqube.yaml` +2. Defines cuándo y cómo analizar +3. Cada push/PR → GitHub Actions ejecuta SonarScanner + +**Pros:** +- ✅ **Control total**: Customizas todo el proceso +- ✅ **Build steps**: Puedes compilar antes de analizar +- ✅ **Coverage reports**: Integras tests y coverage +- ✅ **Análisis condicional**: Solo en ciertas ramas o archivos +- ✅ **Multi-proyecto**: Puedes separar backend/frontend +- ✅ **Optimización**: Filtra lo que quieras analizar + +**Contras:** +- ❌ **Requiere configuración**: Más setup inicial +- ❌ **Consume minutos de GitHub**: Usa tu cuota de Actions +- ❌ **Mantenimiento**: Tú actualizas versiones + +### 📊 Comparación + +| Aspecto | Automático | Workflow | +|---------|------------|----------| +| **Setup** | ⚡ Instantáneo | 🔧 15-30 min | +| **Control** | ❌ Limitado | ✅ Total | +| **Coverage** | ❌ No | ✅ Sí | +| **Build custom** | ❌ No | ✅ Sí | +| **Minutos GitHub** | 💰 $0 | 💰 Consume cuota | +| **Monorepo** | ❌ Difícil | ✅ Fácil | +| **Ideal para** | Proyectos simples | Proyectos complejos | + +### 🎯 Recomendación + +- **Usa Automático**: Para prototipos, proyectos simples, demos +- **Usa Workflow**: Para proyectos de producción, Django + frontend, con tests + +--- + +## ⚙️ Configuración en Multiomix + +Multiomix usa **dos estrategias** en paralelo: + +### 1️⃣ Análisis Automático (Activado en SonarCloud) + +- Se ejecuta automáticamente en cada push +- Analiza todo el repositorio +- No requiere configuración local + +### 2️⃣ Workflows de GitHub Actions (3 workflows) + +#### **Workflow 1: SonarQube Analysis** (`sonarqube.yaml`) + +```yaml +name: SonarQube Analysis +on: + push: + branches: [main, develop, 'feature/**'] + pull_request: + types: [opened, synchronize, reopened] +``` + +**Qué hace:** +- Analiza **todo el proyecto** (backend + frontend) +- Ejecuta linter y type checks de frontend +- Sube resultados a SonarQube Cloud + +**Proyecto en SonarQube:** +- `omics-datascience_multiomix` (proyecto único) + +#### **Workflow 2: SonarQube Report Generator** (`sonarqube-report.yaml`) + +```yaml +name: SonarQube Report Generator +on: + workflow_dispatch: # Manual + schedule: + - cron: '0 9 * * 1' # Lunes 9 AM +``` + +**Qué hace:** +- Genera reportes semanales automáticos +- Consulta API de SonarQube +- Crea informe en Markdown +- Guarda como artifact descargable +- (Opcional) Envía a Slack/Email/GitHub Issues + +### 📁 Archivos de Configuración + +#### `sonar-project.properties` (raíz) + +```properties +sonar.projectKey=omics-datascience_multiomix +sonar.organization=omics-datascience +sonar.projectName=Multiomix +sonar.projectVersion=1.0 + +# Sources - scan both backend and frontend +sonar.sources=src + +# Exclude migrations, tests, build artifacts, and dependencies +sonar.exclusions=**/migrations/**,**/node_modules/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/dist/**,**/coverage/**,**/email/** + +# Python settings +sonar.python.version=3.7,3.8,3.9,3.10,3.11 +sonar.sourceEncoding=UTF-8 +``` + +**Explicación:** +- `sonar.sources=src`: Analiza todo dentro de `src/` +- `sonar.exclusions`: Ignora código generado, dependencias, tests +- **No usa `sonar.inclusions`**: Deja que SonarQube detecte automáticamente Python/TypeScript/JavaScript + +### 🔑 Secrets de GitHub + +Necesitas configurar en GitHub Settings → Secrets: + +- `SONAR_TOKEN`: Token de autenticación de SonarQube Cloud + +**Cómo obtener el token:** +1. Ve a SonarQube Cloud → My Account → Security +2. Generate Token +3. Copia y pégalo en GitHub Secrets + +--- + +## 🧭 Navegando SonarQube Cloud + +### 📊 Dashboard Principal + +Al abrir tu proyecto verás: + +``` +┌──────────────────────────────────────────────────┐ +│ Multiomix │ +│ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ │ +│ │ +│ Quality Gate: ✅ Passed │ +│ │ +│ 🐛 Bugs 6 │ +│ 🔒 Vulnerabilities 0 │ +│ 🔥 Security Hotspots 10 │ +│ 🧹 Code Smells 804 │ +│ ✅ Coverage 15% │ +│ 📋 Duplications 2.3% │ +│ 📏 Lines of Code 42,955 │ +└──────────────────────────────────────────────────┘ +``` + +### 🐛 Issues (Problemas) + +**Qué son:** +- Bugs, vulnerabilities y code smells detectados en tu código + +**Tipos de Issues:** + +1. **🐛 Bug**: Error de lógica que causará comportamiento incorrecto + ```python + # Ejemplo: Null pointer + user = None + print(user.name) # ← Bug: AttributeError + ``` + +2. **🔒 Vulnerability**: Problema de seguridad + ```python + # Ejemplo: SQL Injection + query = f"SELECT * FROM users WHERE id = {user_input}" # ← Vulnerable + ``` + +3. **🧹 Code Smell**: No es un bug, pero dificulta mantenibilidad + ```python + # Ejemplo: Función muy larga (200 líneas) + # Ejemplo: Complejidad ciclomática alta + # Ejemplo: Código duplicado + ``` + +**Severidades:** +- 🔴 **Blocker**: Debe arreglarse YA +- 🟠 **Critical**: Arreglar pronto +- 🟡 **Major**: Arreglar +- 🔵 **Minor**: Nice to have +- ⚪ **Info**: FYI + +**Cómo navegar Issues:** +1. Click en "Issues" en el menú +2. Filtra por: + - **Type**: Bug / Vulnerability / Code Smell + - **Severity**: Blocker, Critical, etc. + - **Language**: Python, TypeScript, JavaScript + - **Directory**: Filtra backend (`src/api_service/`) o frontend (`src/frontend/`) + - **Status**: Open, Confirmed, Resolved, False Positive +3. Click en un issue para ver: + - Descripción del problema + - Snippet de código + - Sugerencia de solución + - Regla que lo detectó + +### 🔥 Security Hotspots + +**Qué son:** +- Código "sensible" de seguridad que **requiere revisión manual** +- No son vulnerabilidades confirmadas, sino **puntos a revisar** + +**Ejemplos:** +```python +# Hotspot: Uso de random (no criptográfico) +import random +token = random.randint(1000, 9999) # ← ¿Es para seguridad? + +# Hotspot: Cookies sin flags seguros +response.set_cookie('session', value) # ← ¿Tiene HttpOnly? ¿Secure? + +# Hotspot: Logging de datos sensibles +logger.info(f"User password: {password}") # ← ¿Debería logearse? +``` + +**Cómo revisar:** +1. Ve a "Security Hotspots" +2. Para cada hotspot: + - **Review**: Lee el código + - Decide si es seguro o no + - Marca como: + - ✅ **Safe**: Revisado, no hay problema + - ❌ **Vulnerability**: Confirma como vulnerabilidad real + - 🔄 **Fixed**: Ya lo arreglaste + +### 📏 Measures (Métricas) + +**Métricas principales:** + +- **📊 Lines of Code (LOC)**: Líneas de código (sin comentarios ni líneas vacías) +- **🏗️ Technical Debt**: Tiempo estimado para arreglar todos los issues +- **📋 Duplications**: Porcentaje de código duplicado +- **🔁 Complexity**: Complejidad ciclomática (cuántos paths tiene el código) +- **✅ Coverage**: Cobertura de tests +- **🔒 Security Rating**: A (mejor) → E (peor) +- **🐛 Reliability Rating**: A → E + +**Cómo ver métricas:** +1. Click en "Measures" +2. Explora categorías: + - **Reliability**: Bugs + - **Security**: Vulnerabilities, Hotspots + - **Maintainability**: Code Smells, Technical Debt + - **Coverage**: Test coverage + - **Duplications**: Código duplicado + - **Size**: LOC, archivos, clases, funciones + +### 📂 Code (Vista de árbol) + +Navega tu código en estructura de directorios: + +``` +multiomix/ +└── src/ + ├── api_service/ [2,500 LOC] [3 bugs] [45 code smells] + ├── biomarkers/ [800 LOC] [1 bug] [12 code smells] + ├── frontend/ [5,200 LOC] [2 bugs] [38 code smells] + │ └── static/ + │ └── frontend/ + │ └── src/ + ├── genes/ [450 LOC] [0 bugs] [8 code smells] + └── ... +``` + +**Cómo usar:** +1. Click en "Code" +2. Navega por directorios +3. Para cada directorio ves: + - 📏 Lines of Code + - 🐛 Bugs + - 🔒 Vulnerabilities + - 🧹 Code Smells + - 📋 Duplications + - ✅ Coverage +4. Click en un archivo para ver issues específicos en ese archivo + +### 📈 Activity (Historial) + +Ve la evolución de tu proyecto en el tiempo: + +- 📊 Gráficos de métricas (bugs, code smells, coverage) +- 📅 Análisis históricos +- 🔄 Comparación entre análisis +- 📝 Eventos (nuevos issues, issues resueltos) + +**Ideal para:** +- Ver si la calidad está mejorando o empeorando +- Tracking de Technical Debt +- Demostrar mejoras al equipo + +--- + +## 🎯 Filtrando entre Frontend y Backend + +### Método 1: Filtro por Lenguaje + +**En Issues/Code/Measures:** +1. Click en el filtro **"Language"** +2. Selecciona: + - **Python** → Backend (Django apps) + - **TypeScript** → Frontend + - **JavaScript** → Frontend + +### Método 2: Filtro por Directorio + +**En Code tab:** +1. Navega a: + - `src/api_service/`, `src/biomarkers/`, etc. → Backend + - `src/frontend/static/frontend/src/` → Frontend + +**En Issues tab:** +1. Usa el filtro **"Directory"** +2. Escribe: + - `src/api_service` → Solo backend API + - `src/frontend` → Solo frontend + +### Método 3: Usar la búsqueda + +En la barra de búsqueda de Issues: +``` +# Solo backend Python +language:python + +# Solo frontend TypeScript +language:ts + +# Solo un app específico +directory:src/api_service + +# Combinar filtros +language:python AND severity:BLOCKER +``` + +### Método 4: Bookmarks personalizados + +1. Aplica los filtros que quieras +2. La URL cambiará, por ejemplo: + ``` + https://sonarcloud.io/project/issues?id=omics-datascience_multiomix&language=py + ``` +3. Guarda esa URL como bookmark: + - "Multiomix - Backend Issues" + - "Multiomix - Frontend Issues" + +--- + +## 🚪 Quality Gates + +### ¿Qué son? + +Un **Quality Gate** es un conjunto de **condiciones** que tu código debe cumplir para considerarse "aceptable". + +``` +Quality Gate = Conjunto de reglas de "pasa/no pasa" +``` + +**Ejemplo:** +``` +Quality Gate "Sonar way": +✅ Coverage ≥ 80% +✅ Duplications ≤ 3% +✅ Vulnerabilities = 0 +✅ Bugs nuevos = 0 +✅ Security Hotspots revisados = 100% +``` + +### Estados del Quality Gate + +- ✅ **Passed**: Tu código cumple todas las condiciones +- ❌ **Failed**: Al menos una condición no se cumple +- ⚠️ **Warning**: Algunas métricas cerca del límite + +### Quality Gate por defecto: "Sonar way" + +SonarQube Cloud incluye un Quality Gate llamado **"Sonar way"** con estas condiciones: + +#### En código nuevo (New Code): +- ✅ Coverage ≥ 80% +- ✅ Duplications ≤ 3% +- ✅ Maintainability Rating ≥ A +- ✅ Reliability Rating ≥ A +- ✅ Security Rating ≥ A +- ✅ Security Hotspots revisados = 100% + +#### En código total (Overall): +- ✅ Sin condiciones estrictas (solo se enfoca en código nuevo) + +### ¿Por qué "New Code"? + +SonarQube se enfoca en **no empeorar** la calidad: + +- 🚫 No exige que arregles código legacy de golpe +- ✅ Exige que código **nuevo** sea de calidad +- 📈 Gradualmente mejoras todo el proyecto + +### Configurar Quality Gates + +**En SonarQube Cloud:** +1. Ve a "Quality Gates" +2. Crea un nuevo Quality Gate o edita "Sonar way" +3. Agrega condiciones: + - Selecciona métrica (Coverage, Bugs, etc.) + - Selecciona si aplica a "Overall Code" o "New Code" + - Define el threshold (umbral) + - Guarda + +**Ejemplo: Quality Gate custom para Multiomix** +``` +Nombre: "Multiomix Standard" + +Condiciones: +- Coverage en nuevo código ≥ 60% (más realista que 80%) +- Bugs nuevos = 0 +- Vulnerabilities nuevas = 0 +- Code Smells nuevos ≤ 5 +- Security Hotspots revisados = 100% +- Duplications nuevas ≤ 3% +``` + +### Integración con GitHub + +Si tu Quality Gate **falla**: +- ❌ El PR en GitHub se marcará como "check failed" +- 🚫 Puedes bloquear el merge (configurando branch protection) +- 📝 Ves detalles del fallo en el PR + +--- + +## 🎨 Quality Profiles + +### ¿Qué son? + +Un **Quality Profile** es un **conjunto de reglas** (rules) activas para un lenguaje. + +``` +Quality Profile = Colección de reglas para analizar código +``` + +**Ejemplo:** +``` +Quality Profile "Sonar way (Python)": +- ✅ 250 reglas activas +- Detecta bugs, vulnerabilities, code smells +- Severidades configuradas +``` + +### Profiles por lenguaje + +Cada lenguaje tiene su propio Quality Profile: +- **Python**: Sonar way (Python) +- **TypeScript**: Sonar way (TypeScript) +- **JavaScript**: Sonar way (JavaScript) + +### Quality Profile por defecto: "Sonar way" + +SonarQube incluye profiles por defecto llamados **"Sonar way"** para cada lenguaje. + +**Características:** +- ✅ Mantenido por SonarSource (expertos) +- ✅ Actualizado regularmente +- ✅ Balance entre rigor y practicidad +- ✅ Basado en mejores prácticas de la industria + +### Crear Quality Profile custom + +**Ejemplo: Multiomix Custom Python Profile** + +1. Ve a "Quality Profiles" en SonarQube Cloud +2. Selecciona "Python" → "Sonar way" +3. Click "Copy" → Nombre: "Multiomix Python" +4. Activa/desactiva reglas: + - ✅ Activa: "Functions should not be too complex" (max complexity: 10) + - ✅ Activa: "Too many parameters" (max: 5) + - ❌ Desactiva: Reglas que generen ruido para tu proyecto +5. Ajusta severidades: + - Cambia "Code smell" → "Bug" para reglas críticas +6. Asigna el profile a tu proyecto + +### Herencia de Profiles + +Puedes crear **jerarquías**: + +``` +Sonar way (Python) + ↓ (hereda) +Company Standard (Python) + ↓ (hereda) +Multiomix Python +``` + +**Ventaja**: Cambios en el profile padre se propagan a los hijos. + +--- + +## 📋 Rules (Reglas) + +### ¿Qué son? + +Una **Rule** es una **regla específica** que SonarQube verifica en tu código. + +**Ejemplo de regla:** +``` +Rule: "S1134" - Track uses of "FIXME" tags +Tipo: Code Smell +Severidad: Major +Descripción: "FIXME" comments should be handled + +# Detecta: +# FIXME: This is a quick hack ← SonarQube lo detectará +``` + +### Tipos de Rules + +1. **🐛 Bug**: Detecta errores de lógica + - Ejemplo: "Null pointer dereference" + - Ejemplo: "Incorrect use of equals()" + +2. **🔒 Vulnerability**: Detecta problemas de seguridad + - Ejemplo: "SQL injection" + - Ejemplo: "Hardcoded credentials" + +3. **🧹 Code Smell**: Detecta problemas de mantenibilidad + - Ejemplo: "Functions too long" + - Ejemplo: "Cognitive complexity too high" + +4. **🔥 Security Hotspot**: Marca código sensible para revisión + - Ejemplo: "Using pseudorandom number generators" + - Ejemplo: "Cookies should be secure" + +### Anatomía de una Rule + +Cada regla tiene: + +- **ID**: Identificador único (ej: `S1134`, `S2068`) +- **Name**: Nombre descriptivo +- **Type**: Bug / Vulnerability / Code Smell / Security Hotspot +- **Severity**: Blocker / Critical / Major / Minor / Info +- **Description**: Explicación detallada del problema +- **Non-compliant code example**: Ejemplo de código malo +- **Compliant solution**: Ejemplo de código correcto +- **Tags**: Categorización (security, performance, confusing, etc.) + +### Ejemplo de Rule: S2068 - Hardcoded credentials + +**Descripción:** +``` +Credentials should not be hard-coded + +Hard-coding credentials in source code is a security risk. +Anyone with access to the code can steal the credentials. +``` + +**Non-compliant:** +```python +password = "MyP@ssw0rd" # ← Detectado por S2068 +db.connect(user="admin", password="admin123") +``` + +**Compliant:** +```python +import os +password = os.environ.get("DB_PASSWORD") +db.connect(user="admin", password=password) +``` + +**Severidad**: Critical +**Tipo**: Vulnerability + +### Explorar Rules + +**En SonarQube Cloud:** +1. Ve a "Rules" en el menú +2. Filtra por: + - **Language**: Python, TypeScript, JavaScript + - **Type**: Bug, Vulnerability, Code Smell + - **Severity**: Blocker, Critical, etc. + - **Tag**: security, performance, django, etc. + - **Status**: Active, Deprecated +3. Click en una rule para ver descripción completa + +**Reglas populares para Django (Python):** +- `S3649`: Database queries should not be vulnerable to injection +- `S2068`: Credentials should not be hard-coded +- `S5144`: Server-side requests should not be vulnerable to forging attacks (SSRF) +- `S5131`: Endpoints should not be vulnerable to XSS + +**Reglas populares para TypeScript/React:** +- `S1186`: Functions should not be empty +- `S6268`: React components should not render non-boolean conditions +- `S6299`: React components should use JSX syntax +- `typescript:S1128`: Unused imports should be removed + +### Activar/Desactivar Rules + +**En el Quality Profile:** +1. Ve a "Quality Profiles" +2. Selecciona tu profile (ej: "Multiomix Python") +3. Click "Activate More" +4. Busca rules y actívalas/desactívalas + +**Desde un Issue:** +1. Ve a un issue específico +2. Click en la regla (ej: "S1134") +3. Click "Deactivate" (si no quieres esa regla) + +### Marcas False Positive / Won't Fix + +Si una regla detecta algo que **no es un problema real**: + +1. Ve al issue +2. Click "..." → "Change Status" +3. Selecciona: + - **False Positive**: La regla se equivocó + - **Won't Fix**: Es real, pero decides no arreglarlo +4. Agrega un comentario explicando por qué +5. El issue desaparece de las métricas + +--- + +## 🏆 Mejores Prácticas + +### Para Desarrolladores + +1. **🔍 Revisa SonarQube antes de abrir PR** + - Ve a SonarQube Cloud + - Mira los issues en tu rama + - Arregla al menos los Blockers y Criticals + +2. **✅ Haz que el Quality Gate pase** + - Si falla, revisa qué condición no se cumple + - Arregla antes de mergear + +3. **🔥 Revisa Security Hotspots** + - No los ignores + - Evalúa si son seguros o no + - Márcalos como Safe o Vulnerability + +4. **📝 No desactives reglas sin razón** + - Si una regla molesta, discútelo con el equipo + - Documenta por qué la desactivas + +5. **🧪 Escribe tests** + - Coverage no lo es todo, pero ayuda + - Usa pytest para backend, Jest para frontend + +### Para el Equipo + +1. **📊 Revisen métricas en retrospectivas** + - ¿Technical Debt está creciendo? + - ¿Coverage está bajando? + - ¿Más bugs en código nuevo? + +2. **🎯 Definan Quality Gates realistas** + - No exijan 100% coverage de golpe + - Suban el estándar gradualmente + +3. **🔄 Actualicen Quality Profiles** + - Revisen reglas nuevas cada trimestre + - Activen reglas que agreguen valor + +4. **📚 Eduquen sobre reglas** + - Compartan reglas importantes en el equipo + - Hagan code reviews enfocados en calidad + +5. **🚀 Celebren mejoras** + - Si suben coverage de 10% → 30%, celebren + - Reconozcan a quien arregla Technical Debt + +### Para DevOps/Tech Leads + +1. **🔒 Bloqueen merges si Quality Gate falla** + ```yaml + # En GitHub branch protection rules + Require status checks to pass: + ✅ SonarQube Analysis + ``` + +2. **📧 Configuren notificaciones** + - Slack cuando Quality Gate falla + - Email con reporte semanal + +3. **📈 Tracen tendencias** + - Usen el workflow de reportes + - Compartan con stakeholders + +4. **🎓 Den training al equipo** + - Sesión sobre SonarQube + - Demo de cómo leer issues + +--- + +## 🔗 Enlaces Útiles + +- 📚 [SonarQube Docs](https://docs.sonarqube.org/) +- ☁️ [SonarCloud Docs](https://docs.sonarcloud.io/) +- 🐍 [Python Rules](https://rules.sonarsource.com/python/) +- 🟦 [TypeScript Rules](https://rules.sonarsource.com/typescript/) +- 🟨 [JavaScript Rules](https://rules.sonarsource.com/javascript/) +- 🔧 [GitHub Actions Integration](https://github.com/SonarSource/sonarqube-scan-action) + +--- + +## 📞 Soporte + +Si tienes dudas sobre SonarQube en Multiomix: +- 💬 Pregunta en el canal de Slack del equipo +- 📧 Contacta al tech lead +- 📝 Abre un issue en GitHub con la etiqueta `sonarqube` + +--- + +**Última actualización**: Octubre 2025 +**Mantenido por**: Equipo de Multiomix From 9274281b1b83e4181730689d614ae3a4be6475b0 Mon Sep 17 00:00:00 2001 From: Hernan Date: Sat, 1 Nov 2025 13:28:51 -0300 Subject: [PATCH 07/12] Consolidate SonarQube workflows and config Removed separate backend and frontend SonarQube GitHub Actions workflows and frontend sonar-project.properties. Added a unified SonarQube analysis workflow for pull requests, simplifying CI configuration and centralizing code quality checks. --- .github/workflows/sonarqube-backend.yaml | 32 --------- .github/workflows/sonarqube-frontend.yaml | 48 ------------- .github/workflows/sonarqube-pr.yaml | 69 +++++++++++++++++++ .../static/frontend/sonar-project.properties | 17 ----- 4 files changed, 69 insertions(+), 97 deletions(-) delete mode 100644 .github/workflows/sonarqube-backend.yaml delete mode 100644 .github/workflows/sonarqube-frontend.yaml create mode 100644 .github/workflows/sonarqube-pr.yaml delete mode 100644 src/frontend/static/frontend/sonar-project.properties diff --git a/.github/workflows/sonarqube-backend.yaml b/.github/workflows/sonarqube-backend.yaml deleted file mode 100644 index 4926980f..00000000 --- a/.github/workflows/sonarqube-backend.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: SonarQube Backend Analysis -on: - push: - branches: - - main - - develop - - 'feature/**' - paths: - - 'src/**/*.py' - - 'sonar-project.properties' - - '.github/workflows/sonarqube-backend.yaml' - pull_request: - types: [opened, synchronize, reopened] - paths: - - 'src/**/*.py' - - 'sonar-project.properties' - - '.github/workflows/sonarqube-backend.yaml' - -jobs: - sonarqube-backend: - name: SonarQube Backend - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v6 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }} - SONAR_HOST_URL: https://sonarcloud.io diff --git a/.github/workflows/sonarqube-frontend.yaml b/.github/workflows/sonarqube-frontend.yaml deleted file mode 100644 index e75494dc..00000000 --- a/.github/workflows/sonarqube-frontend.yaml +++ /dev/null @@ -1,48 +0,0 @@ -name: SonarQube Frontend Analysis -on: - push: - branches: - - main - - develop - - 'feature/**' - paths: - - 'src/frontend/static/frontend/src/**' - - 'src/frontend/static/frontend/sonar-project.properties' - - '.github/workflows/sonarqube-frontend.yaml' - pull_request: - types: [opened, synchronize, reopened] - paths: - - 'src/frontend/static/frontend/src/**' - - 'src/frontend/static/frontend/sonar-project.properties' - - '.github/workflows/sonarqube-frontend.yaml' - -jobs: - sonarqube-frontend: - name: SonarQube Frontend - runs-on: ubuntu-latest - defaults: - run: - working-directory: src/frontend/static/frontend - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Node.js - uses: actions/setup-node@v3 - with: - node-version: '20.x' - - - name: Install dependencies - run: npm install - - - name: Run linter and type checks - run: npm run check-all - - - name: SonarQube Scan - uses: SonarSource/sonarqube-scan-action@v6 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_FRONTEND }} - SONAR_HOST_URL: https://sonarcloud.io - with: - projectBaseDir: ${{ github.workspace }}/src/frontend/static/frontend diff --git a/.github/workflows/sonarqube-pr.yaml b/.github/workflows/sonarqube-pr.yaml new file mode 100644 index 00000000..a21f0925 --- /dev/null +++ b/.github/workflows/sonarqube-pr.yaml @@ -0,0 +1,69 @@ +name: SonarQube Analysis on Pull Request + +on: + pull_request: + branches: + - main + - develop + - 'feature/**' + - 'bugfix/**' + - 'v*' + types: [opened, synchronize, reopened] + +jobs: + sonarqube: + name: SonarQube Analysis + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + fetch-depth: 0 # Shallow clones should be disabled for better analysis + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.12' + cache: 'pip' + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + cache: 'npm' + cache-dependency-path: src/frontend/static/frontend/package-lock.json + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install -r config/requirements.txt + + - name: Install Node dependencies + run: npm --prefix src/frontend/static/frontend ci + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@v6 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + with: + args: > + -Dsonar.projectKey=omics-datascience_multiomix-django + -Dsonar.organization=omics-datascience + -Dsonar.projectName=Multiomix Django + -Dsonar.sources=src + -Dsonar.exclusions=**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/**,**/dist/** + -Dsonar.python.version=3.12 + -Dsonar.javascript.node.maxspace=4096 + -Dsonar.sourceEncoding=UTF-8 + -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} + -Dsonar.pullrequest.branch=${{ github.head_ref }} + -Dsonar.pullrequest.base=${{ github.base_ref }} + + - name: Wait for Quality Gate + uses: sonarsource/sonarqube-quality-gate-action@master + timeout-minutes: 5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} diff --git a/src/frontend/static/frontend/sonar-project.properties b/src/frontend/static/frontend/sonar-project.properties deleted file mode 100644 index d75c63e9..00000000 --- a/src/frontend/static/frontend/sonar-project.properties +++ /dev/null @@ -1,17 +0,0 @@ -sonar.projectKey=omics-datascience_multiomix-frontend -sonar.organization=omics-datascience -sonar.projectName=Multiomix Frontend -sonar.projectVersion=1.0 - -# Sources - scan everything in src/ -sonar.sources=src - -# Exclude build outputs and configs -sonar.exclusions=**/node_modules/**,**/dist/**,**/coverage/**,**/rspack.config.js,**/webpack.config.js - -# Only scan TypeScript and JavaScript files -sonar.inclusions=**/*.ts,**/*.tsx,**/*.js,**/*.jsx - -# TypeScript/JavaScript settings -sonar.javascript.lcov.reportPaths=coverage/lcov.info -sonar.sourceEncoding=UTF-8 From f82f5aa9d1b7096c2d28cb0a8dc51e8dd09e56de Mon Sep 17 00:00:00 2001 From: Hernan Date: Sun, 2 Nov 2025 14:22:26 -0300 Subject: [PATCH 08/12] Quote project name in SonarQube workflow Encloses the SonarQube project name in single quotes to ensure correct parsing in the workflow arguments. --- .github/workflows/sonarqube-pr.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarqube-pr.yaml b/.github/workflows/sonarqube-pr.yaml index a21f0925..b4bf8d98 100644 --- a/.github/workflows/sonarqube-pr.yaml +++ b/.github/workflows/sonarqube-pr.yaml @@ -51,7 +51,7 @@ jobs: args: > -Dsonar.projectKey=omics-datascience_multiomix-django -Dsonar.organization=omics-datascience - -Dsonar.projectName=Multiomix Django + -Dsonar.projectName='Multiomix Django' -Dsonar.sources=src -Dsonar.exclusions=**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/**,**/dist/** -Dsonar.python.version=3.12 From 8704c7154648e48d66804ea73ac104947e1e2cf8 Mon Sep 17 00:00:00 2001 From: Hernan Date: Sun, 2 Nov 2025 14:45:39 -0300 Subject: [PATCH 09/12] Update SonarQube project properties for Django Changed project key and name to reflect Django backend. Updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for improved code analysis. --- sonar-project.properties | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/sonar-project.properties b/sonar-project.properties index 1ea73282..609c5528 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,17 +1,17 @@ -sonar.projectKey=omics-datascience_multiomix-backend + sonar.projectKey=omics-datascience_multiomix-django sonar.organization=omics-datascience -sonar.projectName=Multiomix Backend +sonar.projectName=Multiomix Django sonar.projectVersion=1.0 # Sources - scan everything in src/ sonar.sources=src -# Exclude frontend completely and other non-code files -sonar.exclusions=**/frontend/**,**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/** - -# Only scan Python files -sonar.inclusions=**/*.py +# Exclude only node_modules, migrations and build artifacts +sonar.exclusions=**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/**,**/dist/** # Python settings -sonar.python.version=3.7,3.8,3.9,3.10,3.11 +sonar.python.version=3.12 sonar.sourceEncoding=UTF-8 + +# JavaScript/TypeScript settings +sonar.javascript.node.maxspace=4096 From 50eb4dee232933ebaf7a70a649f717668bb99d08 Mon Sep 17 00:00:00 2001 From: Hernan Date: Sun, 2 Nov 2025 15:01:38 -0300 Subject: [PATCH 10/12] Update SonarQube project key and name Changed SonarQube projectKey from 'omics-datascience_multiomix-django' to 'omicsdatascience_multiomix' and projectName from 'Multiomix Django' to 'multiomix' in both workflow and properties files for consistency. --- .github/workflows/sonarqube-pr.yaml | 4 ++-- sonar-project.properties | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarqube-pr.yaml b/.github/workflows/sonarqube-pr.yaml index b4bf8d98..bc0d0dea 100644 --- a/.github/workflows/sonarqube-pr.yaml +++ b/.github/workflows/sonarqube-pr.yaml @@ -49,9 +49,9 @@ jobs: SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} with: args: > - -Dsonar.projectKey=omics-datascience_multiomix-django + -Dsonar.projectKey=omicsdatascience_multiomix -Dsonar.organization=omics-datascience - -Dsonar.projectName='Multiomix Django' + -Dsonar.projectName=multiomix -Dsonar.sources=src -Dsonar.exclusions=**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/**,**/dist/** -Dsonar.python.version=3.12 diff --git a/sonar-project.properties b/sonar-project.properties index 609c5528..d66629c7 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,6 @@ - sonar.projectKey=omics-datascience_multiomix-django + sonar.projectKey=omicsdatascience_multiomix sonar.organization=omics-datascience -sonar.projectName=Multiomix Django +sonar.projectName=multiomix sonar.projectVersion=1.0 # Sources - scan everything in src/ From ee645446783b69e3b089d3f13eee68421a1d8d81 Mon Sep 17 00:00:00 2001 From: Hernan Date: Sun, 2 Nov 2025 15:23:37 -0300 Subject: [PATCH 11/12] Update SonarCloud project key and add badges Changed SonarCloud project key from 'omicsdatascience_multiomix' to 'omics-datascience_multiomix' in workflow and properties files for consistency. Added SonarCloud quality, security, maintainability, and coverage badges to README for improved project visibility. --- .github/workflows/sonarqube-pr.yaml | 2 +- README.md | 4 ++++ sonar-project.properties | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarqube-pr.yaml b/.github/workflows/sonarqube-pr.yaml index bc0d0dea..2d4017a6 100644 --- a/.github/workflows/sonarqube-pr.yaml +++ b/.github/workflows/sonarqube-pr.yaml @@ -49,7 +49,7 @@ jobs: SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} with: args: > - -Dsonar.projectKey=omicsdatascience_multiomix + -Dsonar.projectKey=omics-datascience_multiomix -Dsonar.organization=omics-datascience -Dsonar.projectName=multiomix -Dsonar.sources=src diff --git a/README.md b/README.md index 874a5f58..5c08d328 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,10 @@ # Multiomix [![Last Build & Push](https://github.com/omics-datascience/multiomix/actions/workflows/main-wf.yaml/badge.svg)](https://github.com/omics-datascience/multiomix/actions/workflows/main-wf.yaml) +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=omics-datascience_multiomix&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=omics-datascience_multiomix) +[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=omics-datascience_multiomix&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=omics-datascience_multiomix) +[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=omics-datascience_multiomix&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=omics-datascience_multiomix) +[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=omics-datascience_multiomix&metric=coverage)](https://sonarcloud.io/summary/new_code?id=omics-datascience_multiomix) Cloud-based platform to infer cancer genomic and epigenomic events associated with gene expression modulation. diff --git a/sonar-project.properties b/sonar-project.properties index d66629c7..7b4642fc 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,4 +1,4 @@ - sonar.projectKey=omicsdatascience_multiomix +sonar.projectKey=omics-datascience_multiomix sonar.organization=omics-datascience sonar.projectName=multiomix sonar.projectVersion=1.0 From 8508f4884dfcc3c1b147c624b07db3dfadf5bbb7 Mon Sep 17 00:00:00 2001 From: Hernan Date: Thu, 6 Nov 2025 20:12:29 -0300 Subject: [PATCH 12/12] Update SonarQube configuration in SECURITY.md Changed project name casing, updated Python version to 3.12, refined exclusions, and added JavaScript/TypeScript settings for SonarQube. Also updated the last modified date to November 2025. --- SECURITY.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7ab2d9fc..79182f2f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -314,18 +314,21 @@ on: ```properties sonar.projectKey=omics-datascience_multiomix sonar.organization=omics-datascience -sonar.projectName=Multiomix +sonar.projectName=multiomix sonar.projectVersion=1.0 -# Sources - scan both backend and frontend +# Sources - scan everything in src/ sonar.sources=src -# Exclude migrations, tests, build artifacts, and dependencies -sonar.exclusions=**/migrations/**,**/node_modules/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/dist/**,**/coverage/**,**/email/** +# Exclude only node_modules, migrations and build artifacts +sonar.exclusions=**/node_modules/**,**/migrations/**,**/__pycache__/**,**/venv/**,**/.venv/**,**/htmlcov/**,**/staticfiles/**,**/*.pyc,**/email/**,**/dist/** # Python settings -sonar.python.version=3.7,3.8,3.9,3.10,3.11 +sonar.python.version=3.12 sonar.sourceEncoding=UTF-8 + +# JavaScript/TypeScript settings +sonar.javascript.node.maxspace=4096 ``` **Explicación:** @@ -932,5 +935,5 @@ Si tienes dudas sobre SonarQube en Multiomix: --- -**Última actualización**: Octubre 2025 +**Última actualización**: Noviembre 2025 **Mantenido por**: Equipo de Multiomix