Skip to content

sonarqube

Set up SonarQube in your project.

active
IDE:
claude
codex
vscode
Version:
1.0.0
Owner:pcorazao
sonarqube
workflow
github

SonarQube Setup

Workflow

Use this skill when a repository needs SonarQube scanning added to its GitHub Actions workflow. Keep the work read-only until the user confirms the target repository already has a SonarQube project in HCP.

  1. Verify the SonarQube project exists at https://console.hcp.uhg.com/products/sonarqube.
  2. Capture the required inputs before editing files:
    • AIDE ID
    • GitHub organization
    • GitHub repository name
    • source directory to scan, usually src
    • test and generated-file exclusion patterns
  3. Confirm the project naming values:
    • Project Name: match the GitHub repository name.
    • Project Key: com.optum.{AIDE_ID}:{Project Name}
    • GitHub Repository: github.com/{ORG_NAME}/{REPO_NAME}
  4. Add or update the GitHub Actions workflow with a Dojo, EPL, or company SonarQube scan action path. Search this repository for github-workflows-dojo360-* skills and review https://github.com/uhg-actions/sonarqube-scan-action for company scan action behavior.
  5. Add sonar-project.properties at the repository root or at the CI working directory. Start from ./templates/sonar-project.properties.
  6. Add vitals.yaml at the repository root. Start from ./templates/vitals.yaml.
  7. Run the repository's normal validation command and verify the workflow syntax before pushing.

Required Files

Create or update sonar-project.properties with the project key, quality gate timeout, source path, and exclusions:

sonar.projectKey=com.optum.{AIDE_ID}:{Project Name}
sonar.qualitygate.timeout=600
sonar.sources=src
sonar.exclusions=**/*.test.*,**/*.spec.*,**/__tests__/**,**/__mocks__/**

Create or update vitals.yaml with the same AIDE ID and project key:

apiVersion: v1
metadata:
  askId: {AIDE_ID}
  caAgileId: poc
  projectKey: com.optum.{AIDE_ID}:{Project Name}
  projectFriendlyName: {Project Name}
  componentType: code
  targetQG: GATE_00

Constraints

  • MUST NOT invent the AIDE ID, organization, repository name, or SonarQube project key.
  • MUST NOT add local secret values to workflow files.
  • MUST keep scan configuration aligned between sonar-project.properties, vitals.yaml, and the GitHub Actions workflow.
  • MUST route destructive repository changes through the normal branch and pull request workflow.

Example

For repository github.com/optum-tech-compute/example-api with AIDE ID AIDE_123456, use:

  • Project Name: example-api
  • Project Key: com.optum.AIDE_123456:example-api
  • GitHub Repository: github.com/optum-tech-compute/example-api

After the workflow runs, review scan results at https://sonar.optum.com and confirm the quality gate at https://sonar.optum.com/quality_gates/show/GATE_00.

Official Documentation

https://docs.hcp.uhg.com/sonarqube https://docs.hcp.uhg.com/sonarqube/faq https://docs.hcp.uhg.com/sonarqube/getting-started

Related Assets

Label Taxonomy Audit

experimental

Audit GitHub label usage across repositories to identify inconsistencies, redundancies, and missing labels, then recommend a standardized taxonomy.

claude
codex
vscode
agile
issue-management
labels
taxonomy
github

Owner: community

Epic Progress Dashboard

active

Generate comprehensive epic progress dashboards showing completion status, velocity trends, blocker analysis, and burn-down forecasts for multi-sprint initiatives and large features.

claude
codex
vscode
agile
progress-tracking
epics
metrics
github
+1

Owner: thudak_uhg

Backlog Refinement Assistant

active

Facilitates backlog grooming sessions by analyzing issues for readiness, suggesting improvements to acceptance criteria, estimating complexity, and identifying dependencies before sprint planning.

claude
codex
vscode
agile
sprint-ceremonies
backlog-grooming
sprint-planning
github
+1

Owner: thudak_uhg

Daily Standup Preparation

active

Comprehensive standup preparation assistant that aggregates blockers, PR status, issue progress, and team updates into a concise, actionable format for daily standup meetings.

claude
codex
vscode
agile
sprint-ceremonies
standup
scrum
github
+1

Owner: thudak_uhg

Dependency Analysis & Critical Path

experimental

Map dependencies between issues and PRs to identify critical paths, bottlenecks, and risk areas for sprint and epic planning.

claude
codex
vscode
agile
sprint-hygiene
dependencies
critical-path
github

Owner: community

Duplicate Detection & Consolidation

experimental

Identify duplicate or overlapping pull requests and issues across repositories using similarity analysis, and recommend consolidation strategies to reduce redundant work.

claude
codex
vscode
agile
sprint-hygiene
duplicates
technical-debt
github

Owner: community