-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsonar-project.properties
More file actions
116 lines (109 loc) · 5.46 KB
/
sonar-project.properties
File metadata and controls
116 lines (109 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# SonarCloud project configuration. The scanner reads this file at the
# repo root automatically; the GitHub Action only needs SONAR_TOKEN.
#
# Project + organization keys must match what SonarCloud generated when
# the project was imported from GitHub — adjust if you renamed the org
# or the project (Sonar UI → Administration → General Settings → Project
# Key).
sonar.projectKey=RandomCodeSpace_ctm
sonar.organization=randomcodespace
sonar.projectName=ctm
# ── Sources ────────────────────────────────────────────────────────────
# Scan everything under the repo root. Generated artifacts, vendored
# code, the embedded UI dist, and agent worktree scratch never enter
# the analysis — they're either machine-written or out of scope.
sonar.sources=.
sonar.exclusions=\
**/dist/**,\
**/node_modules/**,\
**/vendor/**,\
**/_attic/**,\
**/.claude/**,\
**/.codeiq/**,\
internal/serve/dist/**,\
ui/coverage/**,\
ui/e2e/**,\
ui/playwright-report/**,\
ui/test-results/**,\
coverage.out,\
docs/**
# ── Issue suppressions ─────────────────────────────────────────────────
# go:S4036 — "Make sure the PATH variable only contains fixed,
# unwriteable directories." ctm is a CLI orchestrator that intentionally
# resolves user-installed tools (git, tmux, claude, gh) via $PATH on
# whatever box it's running on. Hardcoded absolute paths aren't viable
# across macOS / Linux / Homebrew / system installs. The risk model is
# the user's own shell, not a service account on a server, so the rule
# fires by design rather than flagging real issues. Suppressed
# project-wide.
sonar.issue.ignore.multicriteria=path
sonar.issue.ignore.multicriteria.path.ruleKey=go:S4036
sonar.issue.ignore.multicriteria.path.resourceKey=**/*.go
# ── Tests ──────────────────────────────────────────────────────────────
# Sonar separates "test code" from "production code" so coverage and
# duplication metrics target the right files. Playwright e2e specs
# stay out of the JS test set — they don't generate the unit-style
# coverage Sonar expects.
sonar.tests=.
sonar.test.inclusions=\
**/*_test.go,\
ui/src/**/*.test.ts,\
ui/src/**/*.test.tsx
sonar.test.exclusions=ui/e2e/**
# ── Coverage report paths ──────────────────────────────────────────────
# Go: `go test -coverprofile=coverage.out ./...` writes to repo root.
# JS/TS: vitest with provider:v8 writes lcov to ui/coverage/lcov.info
# (configured in ui/vitest.config.ts).
sonar.go.coverage.reportPaths=coverage.out
sonar.javascript.lcov.reportPaths=ui/coverage/lcov.info
# ── Coverage exclusions ────────────────────────────────────────────────
# Files in this list are excluded from coverage measurement entirely —
# they exist on the integration boundary (tmux, shell-outs, real
# install paths, hook stdin readers, cobra RunE bodies that delegate
# to those paths) and have no meaningful unit-testable surface in jsdom
# / sandboxed CI. Where useful, the testable helpers a file delegates
# to live in a separate file in the same package and ARE covered (see
# cmd/yolo.go ↔ cmd/yolo_runners.go split for the pattern).
#
# Specifics:
# - internal/fsutil/atomic.go: 30-line stdlib glue around os.CreateTemp
# + Chmod + Rename. Defensive Write/Chmod/Close error branches aren't
# reachable on Linux as the file's owner. Success / rename-onto-dir
# / missing-parent paths ARE tested in atomic_test.go.
# - cmd/yolo_runners.go: cobra wiring + RunE bodies for yolo / yolo! /
# safe. Shells out to tmux + git + claude. Pure helpers in cmd/yolo.go
# are unit-tested.
# - cmd/attach.go, cmd/install.go, cmd/check.go, cmd/log_tool_use.go,
# cmd/auth.go, cmd/forget.go, cmd/kill.go, cmd/last.go, cmd/list.go,
# cmd/new.go, cmd/pick.go, cmd/serve.go, cmd/setup.go,
# cmd/statusline.go, cmd/uninstall.go: cobra RunE bodies that depend
# on a live tmux server, an installed claude binary, or interactive
# prompts. The decisions inside (e.g., shouldResumeExisting,
# decideModeAction) live in helper files that are covered.
# - internal/tmux/client.go: every method shells out via exec.Command
# to tmux. No mockable seam without a tmux integration harness.
# - internal/serve/proc/proc.go: spawns the ctm serve daemon over a
# 2-second blocking deadline. Excluded for the same reason
# EnsureServeRunning is not callable from tests.
sonar.coverage.exclusions=\
internal/fsutil/atomic.go,\
cmd/yolo_runners.go,\
cmd/attach.go,\
cmd/install.go,\
cmd/log_tool_use.go,\
cmd/check.go,\
cmd/auth.go,\
cmd/forget.go,\
cmd/kill.go,\
cmd/last.go,\
cmd/list.go,\
cmd/new.go,\
cmd/pick.go,\
cmd/serve.go,\
cmd/setup.go,\
cmd/statusline.go,\
cmd/uninstall.go,\
internal/tmux/client.go,\
internal/serve/proc/proc.go
# ── General ────────────────────────────────────────────────────────────
sonar.sourceEncoding=UTF-8