From 0e1cd727c43b317c14b6232390075ff1dd7abee3 Mon Sep 17 00:00:00 2001
From: soufiane <soufiane.baali99@gmail.com>
Date: Fri, 21 Nov 2025 01:24:59 +0100
Subject: [PATCH] feat: add SonarQube integration for code quality analysis
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add SonarQube configuration files
  - sonar-project.properties with Node.js/Express settings
  - .sonarignore to exclude test files, database, and build artifacts
  - Configure source paths (src, index.js, db.js)
  - Set up test coverage paths

- Add SonarQube npm script
  - npm run sonar command for manual analysis

- Integrate SonarQube into Jenkins pipeline
  - Add SonarQube Analysis stage with sonar-scanner-cli
  - Add Quality Gate verification stage
  - Block deployment if quality gate fails
  - 5-minute timeout for quality gate check

This enables continuous code quality monitoring and ensures
code meets quality standards before deployment.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .sonarignore             | 64 ++++++++++++++++++++++++++++++++++++++++
 Jenkinsfile              | 26 ++++++++++++++++
 package.json             |  3 +-
 sonar-project.properties | 29 ++++++++++++++++++
 4 files changed, 121 insertions(+), 1 deletion(-)
 create mode 100644 .sonarignore
 create mode 100644 sonar-project.properties

diff --git a/.sonarignore b/.sonarignore
new file mode 100644
index 00000000..03263673
--- /dev/null
+++ b/.sonarignore
@@ -0,0 +1,64 @@
+# Dependencies
+node_modules/
+**/node_modules/**
+
+# Build outputs
+dist/
+build/
+
+# Testing
+coverage/
+.nyc_output/
+
+# Database
+database/
+*.sql
+
+# Scripts
+scripts/
+*.sh
+*.bat
+*.ps1
+
+# Configuration files
+*.config.js
+jest.config.js
+eslint.config.js
+
+# Environment files
+.env*
+
+# Logs
+logs/
+*.log
+npm-debug.log*
+backend.log
+
+# Test files
+test-*.js
+*.test.js
+*.spec.js
+
+# IDE
+.vscode/
+.idea/
+
+# Docker
+Dockerfile
+docker-compose*.yml
+
+# CI/CD
+Jenkinsfile
+.github/
+
+# Documentation
+*.md
+postman-collection.json
+
+# Public files
+public/
+
+# Temporary files
+*.tmp
+*.bak
+*.backup
diff --git a/Jenkinsfile b/Jenkinsfile
index 41f2e262..ab2d88a5 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -81,6 +81,32 @@ pipeline {
             }
         }
 
+        stage('SonarQube Analysis') {
+            agent {
+                docker {
+                    image 'sonarsource/sonar-scanner-cli:latest'
+                    args '-u root'
+                }
+            }
+            steps {
+                echo "🔍 Analyse de la qualité du code avec SonarQube..."
+                script {
+                    withSonarQubeEnv('SonarQube') {
+                        sh 'sonar-scanner'
+                    }
+                }
+            }
+        }
+
+        stage('Quality Gate') {
+            steps {
+                echo "🚦 Vérification du Quality Gate SonarQube..."
+                timeout(time: 5, unit: 'MINUTES') {
+                    waitForQualityGate abortPipeline: true
+                }
+            }
+        }
+
         stage('Build Docker image') {
             steps {
                 echo "🐳 Construction de l’image Docker backend..."
diff --git a/package.json b/package.json
index e1b6535f..66eb81e7 100755
--- a/package.json
+++ b/package.json
@@ -15,7 +15,8 @@
     "db:seed": "node database/seed.js",
     "db:check": "node scripts/check-database.js",
     "kill": "powershell -ExecutionPolicy Bypass -File ./scripts/kill-server.ps1",
-    "fresh": "powershell -ExecutionPolicy Bypass -File ./scripts/start-fresh.ps1"
+    "fresh": "powershell -ExecutionPolicy Bypass -File ./scripts/start-fresh.ps1",
+    "sonar": "sonar-scanner"
   },
   "keywords": [],
   "author": "",
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 00000000..6bb4347e
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,29 @@
+# Informations du projet
+sonar.projectKey=the-tip-top-backend
+sonar.projectName=Thé Tip Top - Backend
+sonar.projectVersion=1.0.0
+
+# Chemin des sources
+sonar.sources=src,index.js,db.js
+sonar.tests=test
+
+# Exclusions
+sonar.exclusions=**/node_modules/**,**/*.spec.js,**/*.test.js,**/coverage/**,**/dist/**,**/build/**,**/database/**,**/scripts/**,**/*.config.js
+
+# Encodage des fichiers
+sonar.sourceEncoding=UTF-8
+
+# Langage du projet
+sonar.language=js
+
+# Chemins de couverture de code (si tests configurés)
+sonar.javascript.lcov.reportPaths=coverage/lcov.info
+
+# Niveau de logs
+sonar.log.level=INFO
+
+# URL du serveur SonarQube (à adapter selon votre configuration)
+# sonar.host.url=http://localhost:9000
+
+# Token d'authentification (à configurer via variable d'environnement)
+# sonar.login=${SONAR_TOKEN}