[MOSIP-43983] Sonar profile addition

[rajapandi1234]

Summary by CodeRabbit

• Chores
  • Updated SonarQube analysis configuration in the build system.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The sonar Maven profile in the authentication module is restructured to use properties-driven configuration instead of embedding the sonar-maven-plugin directly. SonarQube analysis properties (sources, inclusions, exclusions, host URL) are now defined as profile properties, and the plugin is referenced with a version variable. The profile activation behavior is made explicit with an activation block.

Changes

Cohort / File(s)	Summary
Maven SonarQube Profile Refactoring authentication/pom.xml	Restructures sonar profile from plugin-centric configuration to properties-driven approach; adds sonar.sources, sonar.inclusions, sonar.exclusions, sonar.host.url properties; updates plugin version reference to maven.sonar.plugin.version variable; adds profile activation block; retains sonar:sonar execution phase under verify goal.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• Focus areas:
  • Verify that all SonarQube properties (sonar.sources, sonar.inclusions, sonar.exclusions) are correctly configured for the authentication module's structure
  • Confirm maven.sonar.plugin.version variable is defined in the parent POM or settings
  • Validate that moving from embedded plugin config to properties-driven approach doesn't alter the sonar analysis behavior or coverage reporting
  • Check if activeByDefault activation flag is intentional or should remain explicit

Poem

🐰 A rabbit hops through Maven's maze,
Where profiles once tangled in a haze;
Now properties spring forth so clear,
SonarQube's scope does reappear!
Configuration blooms, refined and bright, ✨
The build pipeline hops to new height!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Sonar profile addition' directly reflects the main change: converting the sonar profile from an embedded plugin configuration to a properties-driven profile with explicit SonarQube analysis settings.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 211f487 and 1a341d1.

📒 Files selected for processing (1)

• authentication/pom.xml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-maven-authentication / maven-build
• GitHub Check: build-maven-apitest-auth / maven-build

🔇 Additional comments (1)

authentication/pom.xml (1)

457-487: Well-structured profile refactoring using properties-driven configuration.

The shift from embedding plugin configuration directly to using profile properties (sonar.sources, sonar.inclusions, sonar.exclusions, sonar.host.url) is a cleaner, more maintainable approach. The explicit activeByDefault=false activation is good practice. Once the property name mismatch on line 474 is resolved, this profile structure will be sound.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Critical: Property name mismatch—plugin version will not resolve.

Line 474 references ${maven.sonar.plugin.version}, but the property defined at line 126 is ${maven.sonar.version}. This mismatch will cause Maven to fail at build time when attempting to resolve the sonar-maven-plugin version.

Apply this diff to fix the property reference:

                    <plugin>
                        <groupId>org.sonarsource.scanner.maven</groupId>
                        <artifactId>sonar-maven-plugin</artifactId>
-                       <version>${maven.sonar.plugin.version}</version>
+                       <version>${maven.sonar.version}</version>
                        <executions>

Alternatively, if maven.sonar.plugin.version is intended to be a separate property for the sonar plugin specifically, define it at line 126 in the properties section.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<version>${maven.sonar.plugin.version}</version>
	<plugin>
	<groupId>org.sonarsource.scanner.maven</groupId>
	<artifactId>sonar-maven-plugin</artifactId>
	<version>${maven.sonar.version}</version>
	<executions>

🤖 Prompt for AI Agents

In authentication/pom.xml around line 474, the pom references
${maven.sonar.plugin.version} but the properties section defines
${maven.sonar.version}, causing Maven to fail resolving the plugin version; fix
by either updating the plugin reference at line 474 to use
${maven.sonar.version} to match the existing property, or add a new property
maven.sonar.plugin.version in the properties block (near line 126) with the
intended version value so the plugin reference can resolve.