Suggestion: Allow the quality profiles and quality gate to be configured in code, in a flexible manner.
For example, we could have a file
sonar-config.yml, like this:
sonar-config: new-code: since_days: 1 branches: long_lived_pattern: "(master|main|develop|(release-.+))" main_branch: develop profile: initial: INCLUDE_ALL exclude: tags: [deprecated, convention, test_coverage] source: [!SonarSource] rules: [S5612, S121, S1774] gate: security_hotspots_reviewed: min: 100% vulnerabilities: max: 0 defects: max: 0 severity_blocker: max: 0 severity_critical: max: 0 maintainability_rating: at_least: A
This would create a quality gate and associate it with this specific repository, and it would create as many quality profiles for this repository as required (based on the languages used in the code), etc.
Benefits of this approach:
- no need to do manual configuration of quality gates and quality profiles
- configuration can be copied easily between repositories
- configuration can be changed automatically (using a bot on the git repository) based on the results from SonarQube/SonarCloud (main use case: status quo quality gates)
- all the regular benefits of xxx-as-code
- when there is a SonarQube upgrade (e.g. more rules, or deprecation of existing rules), then the appropriate rules get activated or deactivated automatically – no manual intervention required