fix: add sonar and change the dependabot.yaml file#90
Conversation
|
The latest Buf updates on your PR. Results from workflow Buf CI / buf (pull_request).
|
![hyperspace-insights[bot]](https://avatars.githubusercontent.com/u/2531208?s=60&v=4){kind=small}
There was a problem hiding this comment.
The PR is straightforward and well-structured — the Sonar workflow is correctly wired to trigger on the existing "Quality" workflow, and the dependabot grouping/scheduling changes are consistent across all three ecosystems. The only minor issues flagged are missing trailing newlines at the end of both modified/added files.
PR Bot Information
Version: 1.18.4 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback
- Correlation ID:
5f3b4110-1e03-11f1-9a2c-68268457f7ce - LLM:
anthropic--claude-4.6-sonnet - Event Trigger:
pull_request.opened
| jobs: | ||
| check: | ||
| uses: openkcm/build/.github/workflows/sonar.yaml@main | ||
| secrets: inherit No newline at end of file |
There was a problem hiding this comment.
Best Practices: File is missing a newline at end of file
The file ends without a trailing newline. POSIX-compliant text files should end with a newline; many tools (git diff, linters) will warn about files that lack one. Consider adding a trailing newline after the last line.
Please provide feedback on the review comment by checking the appropriate box:
- 🌟 Awesome comment, a human might have missed that.
- ✅ Helpful comment
- 🤷 Neutral
- ❌ This comment is not helpful
| update-types: | ||
| - "minor" | ||
| - "patch" | ||
| open-pull-requests-limit: 5 No newline at end of file |
There was a problem hiding this comment.
Best Practices: File is missing a newline at end of file
The file ends without a trailing newline. POSIX-compliant text files should end with a newline; many tools (git diff, linters) will warn about files that lack one. Consider adding a trailing newline after the last line.
Please provide feedback on the review comment by checking the appropriate box:
- 🌟 Awesome comment, a human might have missed that.
- ✅ Helpful comment
- 🤷 Neutral
- ❌ This comment is not helpful
1 participant
Add SonarQube Analysis Workflow and Update Dependabot Configuration
Chore
🔧 Added a SonarQube analysis workflow and updated the Dependabot configuration to improve update scheduling and grouping across all package ecosystems.
Changes
.github/workflows/sonar.yaml: Added a new secure SonarQube analysis workflow that triggers on completion of theQualityworkflow. It reuses a shared workflow fromopenkcm/buildwith inherited secrets..github/dependabot.yaml: Updated all three package ecosystems (gomod,docker,github-actions) with the following changes:dailytoweeklyfor all ecosystems.commit-messageconfiguration withfixprefix and scope.open-pull-requests-limit: 5for thedockerandgithub-actionsecosystems.