Merge branch 'main' into add-ci-failure-notifications

Author: ssbarnea

.github/workflows/ack.yml

@@ -33,6 +33,9 @@ jobs:
         run: echo "$GITHUB_CONTEXT"
 
       - uses: bcoe/conventional-release-labels@v1
+        with:
+          type_labels: '{"feat": "feature", "fix": "fix", "breaking": "breaking", "chore": "chore"}'
+          ignored_types: "[]"
 
       - name: Verify PR label action
         if: github.event_name != 'merge_group'

.github/workflows/tox.yml

@@ -254,40 +254,44 @@ jobs:
       # - name: Fix paths in coverage file
       #   run: |
       #     sed -i 's/\/home\/runner\/work\/anonymizer\/anonymizer/\/github\/workspace\//g' coverage.xml
-      - name: "Extract and export repo owner/name"
+      - name: Prepare SonarCloud args
+        # Run only for pull requests or push to main
+        if: >
+          ${{ !cancelled() &&
+          hashFiles('**/coverage.xml') != '' &&
+          (github.event_name == 'pull_request' ||
+          (github.event_name == 'push' && github.ref_name =='main')
+          )}}
         shell: bash
         run: |
+          PR_NUMBER=${{ github.event.number }}
+          PR_HEAD_SHA=${{ github.event.pull_request.head.sha }}
           # 1. Read the full slug (owner/repo)
           REPO_SLUG="${GITHUB_REPOSITORY}"
           # 2. Split into owner and repo
           IFS="/" read -r REPO_OWNER REPO_NAME <<< "$REPO_SLUG"
           # 3. Export to the workflow environment
           echo "REPO_OWNER=$REPO_OWNER" >> $GITHUB_ENV
           echo "REPO_NAME=$REPO_NAME"   >> $GITHUB_ENV
-
-      - name: SonarCloud scan (pull request)
-        if: ${{ !cancelled() && hashFiles('**/coverage.xml') != ''  && github.event_name == 'pull_request' }}
-        uses: SonarSource/sonarqube-scan-action@v6
-        env:
-          SONAR_TOKEN: ${{ secrets.CICD_ORG_SONAR_TOKEN_CICD_BOT || secrets.AAP_ORG_SONAR_TOKEN_ANSIBLE_CICD_BOT }}
-        with:
-          args: >
-            -Dsonar.projectKey=${{ env.REPO_OWNER }}_${{ env.REPO_NAME }}
-            -Dsonar.organization=${{ env.REPO_OWNER }}
-            -Dsonar.scm.revision=${{ github.event.workflow_run.head_sha }}
-            -Dsonar.pullrequest.key=${{ env.PR_NUMBER }}
-            -Dsonar.pullrequest.branch=${{ env.PR_HEAD }}
-        continue-on-error: true
-
-      - name: SonarCloud scan (push)
-        if: ${{ !cancelled() && hashFiles('**/coverage.xml') != '' && github.event_name == 'push' && github.ref_name == 'main' }}
+          SONAR_ARGS="-Dsonar.projectKey=${REPO_OWNER}_${REPO_NAME} -Dsonar.organization=${REPO_OWNER}"
+          if [[ -n "$PR_NUMBER" ]]; then
+            SONAR_ARGS="${SONAR_ARGS} -Dsonar.pullrequest.key=${PR_NUMBER} -Dsonar.pullrequest.branch=${PR_HEAD_SHA}"
+          fi
+          echo SONAR_ARGS="$SONAR_ARGS" >> $GITHUB_ENV
+
+      - name: SonarCloud scan
+        # Run only for pull requests or push to main
+        if: >
+          ${{ !cancelled() &&
+          hashFiles('**/coverage.xml') != '' &&
+          (github.event_name == 'pull_request' ||
+          (github.event_name == 'push' && github.ref_name =='main')
+          )}}
         uses: SonarSource/sonarqube-scan-action@v6
         env:
           SONAR_TOKEN: ${{ secrets.CICD_ORG_SONAR_TOKEN_CICD_BOT || secrets.AAP_ORG_SONAR_TOKEN_ANSIBLE_CICD_BOT }}
         with:
-          args: >
-            -Dsonar.projectKey=${{ env.REPO_OWNER }}_${{ env.REPO_NAME }}
-            -Dsonar.organization=${{ env.REPO_OWNER }}
+          args: ${{ env.SONAR_ARGS }}
         continue-on-error: true
 
   check:

.sonarcloud.properties

@@ -0,0 +1,7 @@
+sonar.python.version=3.10, 3.11, 3.12, 3.13
+sonar.sources=src/
+sonar.tests=test/
+# Ignore GitHub Actions rule S7637 across the repository
+sonar.issue.ignore.multicriteria=gha1
+sonar.issue.ignore.multicriteria.gha1.ruleKey=githubactions:S7637
+sonar.issue.ignore.multicriteria.gha1.resourceKey=.github/workflows/**/*