ecSKILLS
All Skills
c

sap-commerce-sonarqube

Test, Deploy & Monitor

SonarQube/SonarCloud-driven code quality workflow for SAP Commerce. Use when fetching Sonar issues for a PR or branch, generating a tracking report, comparing code quality between branches, or auto-fixing rules like java:S113, java:S1128, java:S1451, groovydre:S8307, groovydre:S8306, java:S4551, java:S1312, java:S4488, java:S1068, java:S125, java:S1854, and java:S1118.

commerce-cloud-integrations/sap-commerce-agent-skills·
New Skill
debugging
c
$npx skills add commerce-cloud-integrations/sap-commerce-agent-skills --skill sap-commerce-sonarqube

SAP Commerce SonarQube

Overview

Fetch Sonar issues, produce a tracking report, and apply focused fixes for SAP Commerce projects using SonarQube or SonarCloud.

Quick Start

  1. Export your token: export SONAR_TOKEN=... (do not paste tokens in chat or commit them)
  2. Fetch issues for a PR:
python3 scripts/sonar_fetch.py --base-url https://sonarcloud.io --project-key com.example.project --pr 1234 --since-leak-period --out /tmp/sonar_issues_pr1234.json
  1. Generate a tracking report:
python3 scripts/sonar_report.py --in /tmp/sonar_issues_pr1234.json --out sonarqube-pr1234-smells.md --include-fix-hints
  1. Compare branches (fetch both, then diff):
python3 scripts/sonar_fetch.py --base-url https://sonar.mycorp.local --project-key com.example.project --branch feature/ccv2 --since-leak-period --out /tmp/sonar_feature.json

python3 scripts/sonar_fetch.py --base-url https://sonar.mycorp.local --project-key com.example.project --branch development --since-leak-period --out /tmp/sonar_development.json

python3 scripts/sonar_diff.py --left /tmp/sonar_development.json --right /tmp/sonar_feature.json --out sonar-diff.md --left-label development --right-label feature/ccv2
  1. Auto-fix newline-at-EOF issues (java:S113) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S113 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s113_files.txt --apply
  1. Auto-fix unused imports (java:S1128) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1128 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1128_files.txt --apply
  1. Auto-fix missing SAP copyright headers (java:S1451) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1451 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1451_files.txt --apply
  1. Auto-fix Groovy trailing semicolons (groovydre:S8307) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule groovydre:S8307 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s8307_files.txt --apply
  1. Auto-fix Groovy if-statement braces (groovydre:S8306) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule groovydre:S8306 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s8306_files.txt --apply
  1. Auto-fix enum equals comparisons (java:S4551) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S4551 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s4551_files.txt --apply
  1. Auto-fix logger modifiers and naming (java:S1312) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1312 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1312_files.txt --apply
  1. Auto-fix @RequestMapping method usage (java:S4488) in one step (also adds missing mapping imports and removes unused RequestMethod imports):
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S4488 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s4488_files.txt --apply
  1. Auto-fix unused private fields (java:S1068) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1068 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1068_files.txt --apply
  1. Auto-fix commented-out code blocks (java:S125) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S125 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s125_files.txt --apply
  1. Auto-fix useless assignments to local variables (java:S1854) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1854 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1854_files.txt --apply
  1. Auto-fix utility classes by adding private constructors (java:S1118) in one step:
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1118 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1118_files.txt --apply

Workflow

  1. Confirm scope: base URL, project key, PR or branch, and whether to use leak period.
  2. Fetch issues with scripts/sonar_fetch.py (use --rules and --types when targeting a specific rule).
  3. Create or update a tracking report with scripts/sonar_report.py.
  4. Auto-fix supported rules with scripts/sonar_autofix.py (start dry-run, then --apply).
  5. Fix remaining issues using the rules in references/quality-rules.md.
  6. Update the report's Fix column with the actual change made.
  7. Run targeted tests only if requested or clearly needed.

SAP Commerce Rules (strict)

Follow references/quality-rules.md. Key points:

  • Do not use @SuppressWarnings.
  • Do not use or remove //NOSONAR to silence issues.
  • @Required is deprecated but acceptable in SAP Commerce.
  • Replace deprecated APIs with JDK equivalents when possible.
  • Avoid complex refactors; prefer small, behavior-preserving fixes.

Resources

scripts/

  • sonar_api.py: Shared Sonar API helpers.
  • sonar_fetch.py: Fetch issues for a PR or branch via the Sonar API (supports --rules).
  • sonar_report.py: Generate a markdown tracking report from issues JSON.
  • sonar_diff.py: Compare two issue sets and report new/resolved issues.
  • sonar_fix_rule.py: Auto-fix supported rules from issues JSON (currently java:S113, java:S1128, java:S1451, groovydre:S8307, groovydre:S8306, java:S4551, java:S1312, java:S4488 with import cleanup, java:S1068, java:S125, java:S1854, java:S1118).
  • sonar_autofix.py: Fetch, present, and auto-fix supported rules in one step.
  • sonar_fix_unused_imports.py: Convenience wrapper to auto-fix unused imports (java:S1128).
  • sonar_fix_headers.py: Convenience wrapper to auto-fix missing SAP headers (java:S1451).
  • sonar_fix_groovy_semicolons.py: Convenience wrapper to auto-fix Groovy trailing semicolons (groovydre:S8307).
  • sonar_fix_groovy_braces.py: Convenience wrapper to auto-fix Groovy if-statement braces (groovydre:S8306).
  • sonar_fix_enum_equals.py: Convenience wrapper to auto-fix enum equals comparisons (java:S4551).
  • sonar_fix_loggers.py: Convenience wrapper to auto-fix logger modifiers/naming (java:S1312).
  • sonar_fix_request_mappings.py: Convenience wrapper to auto-fix @RequestMapping method usage (java:S4488).
  • sonar_fix_unused_fields.py: Convenience wrapper to auto-fix unused private fields (java:S1068).
  • sonar_fix_commented_code.py: Convenience wrapper to remove commented-out code blocks (java:S125).
  • sonar_fix_useless_assignments.py: Convenience wrapper to remove useless assignments (java:S1854).
  • sonar_fix_private_constructors.py: Convenience wrapper to add private constructors (java:S1118).

references/

  • quality-rules.md: SAP Commerce-specific code quality rules to follow.
  • sonar-api.md: Sonar API parameters and auth notes.