From d2ce3a34fb9496709bb2ea5c398735f7a9c03cc8 Mon Sep 17 00:00:00 2001
From: Rain Ramm <rain@bitweb.ee>
Date: Fri, 10 Apr 2026 08:29:05 +0000
Subject: [PATCH 1/3] Add SonarCloud integration for static analysis and
 coverage

Configure the SonarQube Gradle plugin, add a dedicated GitHub Actions
workflow that runs analysis on PRs and pushes to main, wire JaCoCo XML
reports for coverage import, and add the quality gate badge to README.

Closes #2

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/sonarcloud.yml | 22 ++++++++++++++++++++++
 README.md                        |  2 ++
 build.gradle                     | 11 +++++++++++
 test.gradle                      |  7 +++++++
 4 files changed, 42 insertions(+)
 create mode 100644 .github/workflows/sonarcloud.yml

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
new file mode 100644
index 0000000..fde6365
--- /dev/null
+++ b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,22 @@
+name: SonarCloud
+
+on:
+  pull_request:
+  push:
+    branches: [ main ]
+
+jobs:
+  sonar:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-java@v5
+        with:
+          distribution: temurin
+          java-version: '17'
+      - uses: gradle/actions/setup-gradle@v6
+      - run: ./gradlew test jacocoTestReport sonar
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/README.md b/README.md
index 87d21b9..a9d94ee 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=BitWeb_montonio-java-sdk&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=BitWeb_montonio-java-sdk)
+
 # Montonio Java SDK
 
 A type-safe Java client for the [Montonio](https://montonio.com) payment gateway REST API (V2 + Stargate). Covers payment order lifecycle, payment method discovery, and JWT webhook/return validation.
diff --git a/build.gradle b/build.gradle
index 88f2c57..36c9375 100644
--- a/build.gradle
+++ b/build.gradle
@@ -9,6 +9,7 @@ plugins {
     id "org.owasp.dependencycheck" version "12.2.0"
     id "io.freefair.lombok" version "9.2.0"
     id "io.github.gradle-nexus.publish-plugin" version "2.0.0"
+    id "org.sonarqube" version "7.2.3.7755"
 }
 
 group 'ee.bitweb'
@@ -35,3 +36,13 @@ dependencies {
     testImplementation 'org.junit.jupiter:junit-jupiter'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
 }
+
+sonar {
+    properties {
+        property "sonar.projectKey", "BitWeb_montonio-java-sdk"
+        property "sonar.organization", "bitweb_oss"
+        property "sonar.host.url", "https://sonarcloud.io"
+        property "sonar.coverage.jacoco.xmlReportPaths",
+                "${layout.buildDirectory.get()}/reports/jacoco/test/jacocoTestReport.xml"
+    }
+}
diff --git a/test.gradle b/test.gradle
index 5d97125..34ad05d 100644
--- a/test.gradle
+++ b/test.gradle
@@ -2,6 +2,13 @@ apply plugin: 'jacoco'
 
 test {
     useJUnitPlatform()
+    finalizedBy jacocoTestReport
+}
+
+jacocoTestReport {
+    reports {
+        xml.required = true
+    }
 }
 
 tasks.register('unitTest', Test) {

From ed9f7b8014a7c0be5b2c28bb66dd458037dd440b Mon Sep 17 00:00:00 2001
From: Rain Ramm <rain@bitweb.ee>
Date: Fri, 10 Apr 2026 08:32:15 +0000
Subject: [PATCH 2/3] Fix SonarCloud organization key to bitweb-oss

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index 36c9375..ff55dc4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -40,7 +40,7 @@ dependencies {
 sonar {
     properties {
         property "sonar.projectKey", "BitWeb_montonio-java-sdk"
-        property "sonar.organization", "bitweb_oss"
+        property "sonar.organization", "bitweb-oss"
         property "sonar.host.url", "https://sonarcloud.io"
         property "sonar.coverage.jacoco.xmlReportPaths",
                 "${layout.buildDirectory.get()}/reports/jacoco/test/jacocoTestReport.xml"

From ea030e91a1c5472193fc17239542743b4f938e4a Mon Sep 17 00:00:00 2001
From: Rain Ramm <rain@bitweb.ee>
Date: Fri, 10 Apr 2026 08:36:01 +0000
Subject: [PATCH 3/3] Skip sonar step on fork pull requests

SONAR_TOKEN is not available for pull_request events from forks.
Split the Gradle invocation so tests always run, but the sonar
analysis only runs in trusted contexts (pushes or same-repo PRs).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .github/workflows/sonarcloud.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index fde6365..b4464c0 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -17,6 +17,8 @@ jobs:
           distribution: temurin
           java-version: '17'
       - uses: gradle/actions/setup-gradle@v6
-      - run: ./gradlew test jacocoTestReport sonar
+      - run: ./gradlew test jacocoTestReport
+      - if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
+        run: ./gradlew sonar
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}