feat: add sonarqube

[diego-dm-morais]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @diego-dm-morais, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new GitHub Composite Action to streamline SonarQube integration for Python projects. It automates the entire process from code scanning and coverage calculation to dynamic quality gate updates and status enforcement, aiming to improve and maintain code quality continuously.

Highlights

• New GitHub Composite Action: This pull request introduces a new GitHub Composite Action (sonarqube-python/action.yml) designed for integrating SonarQube analysis specifically for Python projects. It provides a comprehensive set of configurable inputs for various SonarQube parameters.
• Automated SonarQube Scan Integration: The action orchestrates a SonarQube scan using the sonarsource/sonarqube-scan-action@v5.2.0, passing dynamic project keys, source paths, test paths, exclusions, and coverage report paths based on the action's inputs. The scan is conditional on the base branch being 'develop' and SonarQube being enabled for Python.
• Dynamic Quality Gate Management: A new script (sonarqube-python/quality-gates-sonarqube.sh) is added to interact with the SonarQube API. This script dynamically updates the 'new_coverage' quality gate condition based on the project's current coverage. It aims to prevent regressions by setting the threshold to the current coverage or 80% if the current coverage is higher than the existing threshold.
• Quality Gate Status Enforcement: The PR includes a script (sonarqube-python/sonarqube-status.sh) that checks the SonarQube quality gate status after the scan. If the quality gate status is 'ERROR', the workflow will fail, ensuring that code quality standards are met before merging.
• Code Coverage Calculation: A dedicated script (sonarqube-python/coverage-calc.sh) is introduced to parse the coverage.xml report, extract the line coverage rate, and export it as a GitHub Action output. This calculated coverage is then used by the quality gate management script.
• Potential Unrelated Step: I've noted the presence of a 'Push to RubyGems' step in sonarqube-python/action.yml (lines 51-55), which appears unrelated to a Python SonarQube action and references an undefined input rubygems_api_key. This might be a leftover from a template or a copy-paste error.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request introduces a SonarQube integration for Python projects. The changes include a composite action for running SonarQube scans, calculating coverage, and updating quality gates. The review identified a few issues, including an unnecessary RubyGems step, a message in Portuguese, missing validation for coverage calculation, and a hardcoded delay in the status check script.