Add SonarQube integration and unit testing setup

[killev]

• Configures SonarQube analysis in CI pipeline
• Adds sonar-project.properties configuration file
• Sets up Jest testing framework with initial stub test
• Updates docker-compose.yml to support test coverage reporting
• Implements test coverage artifact sharing between CI jobs

Summary by CodeRabbit

• Chores

  • Enhanced build, deployment, and quality assurance pipelines to improve overall system stability.
  • Refined container and service configurations for smoother operation.
  • Added coverage directory to .dockerignore to optimize Docker builds.

• New Features

  • Introduced new jobs for unit testing and SonarQube scanning in the CI/CD workflow.
  • Added new scripts for running tests and generating coverage reports in the application.

• Tests

  • Introduced additional testing setups, including a new Jest configuration and test files, to verify functionality and boost code reliability.
  • Added a simple stub function with corresponding tests to ensure correct behavior.

• Documentation

  • Updated README with a new "Status" section featuring quality and health badges for better visibility of project metrics.

[coderabbitai]

Walkthrough

The pull request updates the CI/CD pipeline and project configurations. It adds two new jobs in the GitHub Actions workflow for running unit tests and SonarQube scans with conditional execution. In Docker configurations, it removes certain volume mappings, sets a new command for the Apostrophe service, and specifies root user execution in an override file. Additionally, new configuration files for SonarQube, Babel, and Jest are introduced. The project’s package.json and .dockerignore are updated for testing and coverage, and a stub function along with its test suite is added.

Changes

File(s)	Change Summary
.github/workflows/code-quality.yml	Added unit-tests and sonarqube jobs with conditional checks, artifact handling, and minor formatting adjustments.
docker-compose.yml, docker-compose.override.yml	Removed volume mappings and added command for the Apostrophe service along with guidance comments; override file now includes user: root.
sonar-project.properties	New file with SonarQube settings: organization, project key, source directory, LCOV report path, and coverage exclusions.
website/package.json, .dockerignore	Added test scripts and new dependencies in package.json; .dockerignore updated to exclude the coverage directory.
Dockerfile	Modified COPY commands to include the entire website directory and removed commands setting ownership and non-root user directives.
website/babel.config.js, website/jest.config.js	New configuration files for Babel and Jest, establishing transpilation and testing parameters.
website/libs/stub.js, website/libs/stub.test.js	Introduced a new stub function and its corresponding unit test.
README.md	Added a new "Status" section with badges for project quality metrics.

Sequence Diagram(s)

sequenceDiagram
    participant PR as Pull Request
    participant WF as Code Quality Workflow
    participant UT as Unit Tests Job
    participant SQ as SonarQube Job

    PR ->> WF: Trigger CI/CD Workflow
    WF ->> UT: Execute unit-tests job
    UT ->> UT: Checkout code, setup, build Docker, run tests, save coverage artifact
    UT -->> WF: Report test completion
    WF ->> SQ: Execute sonarqube job (after UT success)
    SQ ->> SQ: Checkout repo, download artifact, run SonarQube scan, check quality gate
    SQ -->> WF: Report scan outcome

Loading

Poem

I'm a playful rabbit with a hop so light,
New tests and scans keep our code just right.
Docker bounds through changes with a rooty delight,
Babel and Jest teaming up to shine bright.
In a garden of configs, my ears perk in cheer—
CodeRabbit Inc. sings, "Hurry, innovations are here!"

Tip

⚡💬 Agentic Chat (Pro Plan, General Availability)

• We're introducing multi-step agentic chat in review comments and issue comments, within and outside of PR's. This feature enhances review and issue discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments and add commits to existing pull requests.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e751244 and 9c33f0f.

📒 Files selected for processing (2)

• README.md (1 hunks)
• sonar-project.properties (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• README.md

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: sonarqube
• GitHub Check: security-scan

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Copilot reviewed 4 out of 6 changed files in this pull request and generated no comments.

Files not reviewed (2)

• sonar-project.properties: Language not supported
• website/package.json: Language not supported

Comments suppressed due to low confidence (1)

docker-compose.yml:29

• [nitpick] The test command comment uses service name 'apostrophe' while the workflow job uses 'app-nextjs'. Consider aligning these names if they refer to the same service.

# Command to run tests: docker compose run --rm apostrophe npm run test

[github-actions]

🔍 Vulnerabilities of apostrophe-cms:test

📦 Image Reference apostrophe-cms:test

digest	sha256:ddc3f1e249620a6fb8544943e8e9b631b8cb5945382b798506a33e664e740b3b
vulnerabilities
platform	linux/amd64
size	244 MB
packages	1340

📦 Base Image node:23-alpine

also known as	23-alpine3.21 23.11-alpine 23.11-alpine3.21 23.11.0-alpine 23.11.0-alpine3.21 alpine alpine3.21 current-alpine current-alpine3.21
digest	sha256:0d468be7d2997dd2f6a3cda45e121a6b5140eb7ba3eba299a215030dbb0fb1ca
vulnerabilities

async 0.9.2 (npm) pkg:npm/async@0.9.2 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <2.6.4 Fixed version 2.6.4, 3.2.2 CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.915% EPSS Percentile 74th percentile Description A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

async 1.5.2 (npm) pkg:npm/async@1.5.2 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <2.6.4 Fixed version 2.6.4, 3.2.2 CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.915% EPSS Percentile 74th percentile Description A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2), which could let a malicious user obtain privileges via the mapValues() method.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

website/tests/stub.test.js (1)

1-9: Stub Test File Added – Validate and Expand Test Coverage.

This new test file correctly establishes a basic test suite using describe and test to confirm that the testing framework is operational. As the file is a stub, please plan to add more comprehensive tests in the future to cover critical functionality.

docker-compose.yml (1)

29-30: Informative Comments for Test Execution.

The added comments on how to run tests and tests with coverage provide useful guidance for developers working with Docker Compose. These instructions enhance clarity and ease of use.

.github/workflows/code-quality.yml (2)

87-87: Remove Trailing Spaces for YAML Compliance.

Trailing spaces were detected on line 87. Please remove these extra spaces to adhere to YAML lint guidelines.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 87-87: trailing spaces

(trailing-spaces)

---

112-112: Newline at End of File.

A newline is missing at the end of the file (line 112). Please add a newline to comply with standard file formatting practices.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 112-112: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 68a36a9 and 2d26f54.

⛔ Files ignored due to path filters (1)

• website/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (5)

• .github/workflows/code-quality.yml (1 hunks)
• docker-compose.yml (2 hunks)
• sonar-project.properties (1 hunks)
• website/package.json (3 hunks)
• website/tests/stub.test.js (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/code-quality.yml

[error] 87-87: trailing spaces

(trailing-spaces)

---

[error] 112-112: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: security-scan

🔇 Additional comments (4)

sonar-project.properties (1)

1-8: SonarQube Configuration – Verify LCOV Report Location.

The configuration properties are set appropriately for SonarQube analysis, with correct organization, project key, and source definitions. Please ensure that the LCOV coverage report is available at the location specified (lcov.info) after the artifact download. If the file lands in a subdirectory (e.g., website/coverage), consider adjusting the path accordingly.

website/package.json (2)

10-11: Test Script Addition – Confirm Jest Integration.

The addition of the "test": "jest" script is a positive enhancement, enabling the CI pipeline to run the test suite. Please verify that any additional Jest configuration required is in place or documented elsewhere in the project.

---

37-39: Dependency Updates – Confirm Version Compatibility.

The updates in dependencies (e.g., "connect-redis": "^7.1.1", "lodash": "^4.17.21") and the addition of "jest": "^29.7.0" in devDependencies are well noted. Please ensure these versions have been verified for compatibility with the rest of the project.

Also applies to: 44-44

docker-compose.yml (1)

19-19: Coverage Volume Mapping Added.

The new volume mapping (./website/coverage:/app/coverage) facilitates sharing the test coverage report from the host to the container. Confirm that the coverage reports are generated in the expected directory inside the container during tests.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/code-quality.yml (1)

66-67: YAML Formatting: Remove Trailing Spaces and Add Newline at EOF
Static analysis tools detected trailing spaces (e.g., around line 87) and the absence of a newline at the end of the file (line 112). Please update the file to remove any extraneous trailing whitespace and ensure there is a newline at the end of the file.

Apply the following diff as an example fix:

@@
-          category: docker-scout
-  
+          category: docker-scout

(Ensure that any trailing spaces on blank lines are removed and a newline is added at the end of the file.)

Also applies to: 87-87, 112-112

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d26f54 and 38624f6.

📒 Files selected for processing (1)

• .github/workflows/code-quality.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/code-quality.yml

[error] 87-87: trailing spaces

(trailing-spaces)

---

[error] 112-112: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (2)

.github/workflows/code-quality.yml (2)

68-87: Unit-tests Job: Service Name and Coverage Artifact Setup
The unit-tests job now properly references apostrophe in the "Run tests" step, which is consistent with your Docker Compose configuration. The steps to build the app image, run tests with coverage, and save the coverage report to website/coverage/lcov.info are clear and well-structured.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 87-87: trailing spaces

(trailing-spaces)

---

88-112: SonarQube Job: Effective Integration and Dependency Handling
This job correctly depends on the unit-tests job and uses a full Git checkout (fetch-depth: 0) to facilitate a comprehensive analysis. The steps to download the coverage artifact, perform the SonarQube scan, and then execute a quality gate check are implemented appropriately. Ensure that the SONAR_TOKEN secret is setup in your repository settings as required.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 112-112: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

.github/workflows/code-quality.yml (2)

90-92: Remove Trailing Whitespace
Static analysis reported trailing whitespace on line 92. Please remove any extraneous spaces to adhere to YAML linting standards.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 92-92: trailing spaces

(trailing-spaces)

---

117-117: Ensure Newline at End of File
The file is missing a newline at the end. Please add a newline to comply with best practices for file formatting.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 117-117: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 38624f6 and 0f8fd0f.

📒 Files selected for processing (2)

• .github/workflows/code-quality.yml (1 hunks)
• docker-compose.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docker-compose.yml

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/code-quality.yml

[error] 92-92: trailing spaces

(trailing-spaces)

---

[error] 117-117: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: security-scan

🔇 Additional comments (3)

.github/workflows/code-quality.yml (3)

66-67: Category Field Update in Scan Results Upload Step
The update to include the category: docker-scout field is clear and aligns with our scanning strategy. Please double-check that no extraneous trailing spaces have been introduced here.

---

68-92: Unit Tests Job Setup Verification
The unit-tests job is well structured. It correctly checks out the repository, prepares the coverage directory, builds the app image, runs tests using the proper service name (apostrophe), and uploads the coverage report artifact from website/coverage/lcov.info. This setup should effectively support our unit testing and coverage reporting as part of the CI pipeline.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 92-92: trailing spaces

(trailing-spaces)

---

93-117: SonarQube Job Configuration Review
The SonarQube job is configured appropriately. It performs a full repository checkout (with zero fetch depth), downloads the previously saved coverage report, and runs both the SonarQube scan and quality gate check. Ensure that the SONAR_TOKEN secret is correctly configured in the repository settings, and verify any additional SonarQube project-specific settings are managed as needed.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 117-117: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

docker-compose.yml (1)

79-79: Missing Newline at End of File.
YAML linting recommends ending files with a newline. Please add a newline character at the end of this file to comply with formatting standards.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 79-79: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/code-quality.yml (2)

90-90: Remove Trailing Whitespace.
Trailing spaces detected on this line should be removed to adhere to YAML formatting best practices.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: trailing spaces

(trailing-spaces)

---

115-115: Add Newline at EOF.
The file is missing a newline at the end, which is recommended by YAML linters. Please add a newline after the last line to ensure proper formatting.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0f8fd0f and 16e4619.

📒 Files selected for processing (2)

• .github/workflows/code-quality.yml (1 hunks)
• docker-compose.yml (3 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/code-quality.yml

[error] 90-90: trailing spaces

(trailing-spaces)

---

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

docker-compose.yml

[error] 79-79: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: security-scan

🔇 Additional comments (5)

docker-compose.yml (2)

15-16: Coverage Volume Mapping and Startup Command.
The new volume mapping (./website/coverage:/app/coverage) ensures that test coverage data is correctly persisted and shared between the container and host. In addition, explicitly setting the container’s startup command to ["npm", "start"] helps enforce a consistent run behavior for the Apostrophe CMS service.

---

26-27: Helpful Test Command Comments.
The added comments clearly document how to run tests and execute tests with coverage using Docker Compose. This guidance will be valuable for developers to quickly verify test execution locally.

.github/workflows/code-quality.yml (3)

66-67: SARIF Category Addition in Upload Step.
Adding the category: docker-scout field under the "Upload scan results" step enhances the classification of SARIF reports. This change improves tooling integration and is correctly applied.

---

68-90: Unit-Tests Job Configuration.
The new unit-tests job is configured to build the application image, run tests with coverage using the apostrophe service (which aligns with your Docker Compose configuration), and then upload the generated coverage report. This integration is solid and well-aligned with the CI objectives.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: trailing spaces

(trailing-spaces)

---

91-115: SonarQube Job Integration.
The sonarqube job correctly depends on the successful completion of the unit-tests job. The steps for checking out the repository, downloading the coverage artifact, running a SonarQube scan, and triggering a quality gate check are properly defined. Excellent configuration overall.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Dockerfile (1)

13-14: Assess COPY Command Impact on Build Caching

Changing the COPY command to COPY website/ ./ from a more selective file copy improves simplicity but may negatively affect caching efficiency. Any modification anywhere in the website directory will invalidate the cache, potentially increasing build times. Consider if preserving the caching layer by initially copying only package.json (or other dependency files) is preferable.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 16e4619 and ca74ac9.

📒 Files selected for processing (2)

• .dockerignore (1 hunks)
• Dockerfile (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: security-scan

🔇 Additional comments (1)

.dockerignore (1)

7-7: Add Coverage Directory to Docker Ignore

The addition of the coverage directory ensures that test coverage reports are excluded from the Docker build context. This keeps the build lightweight and prevents unnecessary files from being sent to Docker during image creation.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

Dockerfile (2)

13-13: Attention: Copying the Entire Website Directory.
The command COPY website/ ./ now copies all contents of the website directory instead of just the package files. While this may be needed for your integration or testing purposes, please verify that the potential impact on Docker layer caching and build performance is acceptable.

---

21-21: Clarification Needed: Omitted Additional File Copy.
The annotation on line 21 suggests that an additional copy step (for the rest of the application) was removed or modified. Confirm that this omission is intentional and that it does not affect the application’s functionality.

docker-compose.yml (1)

78-78: YAML Formatting: Missing Newline at End of File.
YAMLlint has flagged that there is no newline character at the end of the file. Please add a newline at the end to ensure consistent file formatting.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 78-78: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/code-quality.yml (2)

90-90: YAML Formatting: Remove Trailing Spaces.
Static analysis has detected trailing spaces on line 90. Please remove these extra spaces to ensure compliance with YAML formatting standards.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: trailing spaces

(trailing-spaces)

---

115-115: YAML Formatting: Missing Newline at End of File.
Ensure that the workflow file ends with a newline character to meet YAML formatting best practices.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ca74ac9 and 8297f30.

📒 Files selected for processing (4)

• .github/workflows/code-quality.yml (1 hunks)
• Dockerfile (1 hunks)
• docker-compose.override.yml (1 hunks)
• docker-compose.yml (3 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/code-quality.yml

[error] 90-90: trailing spaces

(trailing-spaces)

---

[error] 115-115: no new line character at the end of file

(new-line-at-end-of-file)

docker-compose.yml

[error] 78-78: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: security-scan

🔇 Additional comments (4)

docker-compose.yml (2)

15-15: Update: Service Start Command.
The new explicit command ["npm", "start"] for the apostrophe service replaces previous startup behavior. Please ensure that this aligns with your production requirements while the development-specific command (e.g., using nodemon) remains available, for example, in an override configuration.

---

25-26: Informative: Developer Testing Guidelines Added.
The added comments on lines 25–26 provide clear instructions for running tests and generating coverage reports. These guidelines improve developer experience and clarity, so good job including them!

.github/workflows/code-quality.yml (2)

68-90: Verification: Unit-Tests Job Setup.
The unit-tests job is configured well for checking out the repository, creating the coverage directory, building the app image, running tests on the apostrophe service, and uploading the coverage report. Please verify that the combined Docker Compose files (docker-compose.yml and docker-compose.override.yml) correctly define the intended behavior for both development and CI.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 90-90: trailing spaces

(trailing-spaces)

---

91-114: Verification: SonarQube Job Configuration.
The SonarQube job correctly depends on the unit-tests job, checks out the repository with full history, and uses the downloaded coverage artifact for scanning and quality gate checks. Consider adding explicit error handling for scan failures if not already managed downstream.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

website/package.json (1)

10-10: New "serve" Script Added
The addition of the "serve": "NODE_ENV=production node app.js" script provides an alternative way to run the app in production mode. Please ensure that its purpose is clearly distinguished from the "start" script to avoid any confusion with startup commands.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8297f30 and e751244.

⛔ Files ignored due to path filters (1)

• website/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (6)

• sonar-project.properties (1 hunks)
• website/babel.config.js (1 hunks)
• website/jest.config.js (1 hunks)
• website/libs/stub.js (1 hunks)
• website/libs/stub.test.js (1 hunks)
• website/package.json (3 hunks)

✅ Files skipped from review due to trivial changes (1)

• website/babel.config.js

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: sonarqube
• GitHub Check: security-scan

🔇 Additional comments (9)

website/libs/stub.js (1)

1-3: The stub function is implemented correctly.

This simple implementation provides a basic function for testing purposes, which aligns with the PR's objective to establish a unit testing framework.

website/libs/stub.test.js (1)

1-10: The stub test is properly structured and follows Jest conventions.

The test correctly imports and verifies the stub function's behavior. Good use of descriptive test suite naming and assertion.

website/jest.config.js (1)

1-20: The Jest configuration is comprehensive and well-structured.

The configuration properly sets up the Node.js test environment with appropriate coverage collection exclusions. The configuration for test matching patterns and transformations is correctly implemented.

sonar-project.properties (1)

1-4: The SonarQube project configuration is correctly defined.

The organization, project key, and source paths are properly set up for the SonarQube integration.

website/package.json (5)

11-12: Integration of Jest Test Scripts
The newly added "test": "jest" and "test:coverage": "jest --coverage" scripts enable running unit tests and generating coverage reports. Ensure that the corresponding Jest configuration (e.g., in jest.config.js) is properly aligned with these scripts for consistent test execution.

---

38-38: Addition of "connect-redis" Dependency
The inclusion of "connect-redis": "^7.1.1" appears to support Redis integration (likely for session management or caching). Please verify that this version is compatible with the rest of the application and that any duplicate entries have indeed been removed.

---

40-40: Update to "lodash" Dependency
The version for "lodash" has been updated to "^4.17.21". Confirm that this update does not conflict with other dependencies and that any previous duplicate entries have been properly addressed.

---

43-45: New Babel and Babel-Jest Dependencies Added
The addition of "@babel/core", "@babel/preset-env", and "babel-jest" (with their respective versions) will support the use of modern JavaScript features and proper transpilation during testing. Make sure that babel.config.js is updated accordingly to use these versions and to avoid potential inconsistencies.

---

48-48: New Jest Dependency Added in DevDependencies
Including "jest": "^29.7.0" as a development dependency is critical for establishing the unit testing framework. Verify that the Jest configuration (likely in jest.config.js) properly utilizes this dependency for running tests and generating coverage reports as expected.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud