ci(workflow): add GitHub Actions quality check pipeline with SonarCloud

.github/workflows/code-quality.yaml

@@ -0,0 +1,107 @@
+# Quality Check workflow for Entity Resolution Engine (ERE)
+# =========================================================
+# Runs on push to develop and on PRs targeting develop.
+#
+# Steps:
+#   1. Install (Python, Poetry, project dependencies)
+#   2. Lint, Test & Verify (tox: unit tests + architecture + clean-code checks)
+#   3. SonarCloud analysis (coverage, quality gate)
+#
+# Required repository secrets:
+#   - SONAR_TOKEN: SonarCloud authentication token
+#
+# If the private ers-core dependency fails to resolve with the default
+# GITHUB_TOKEN, add a PAT as GH_TOKEN_PRIVATE_REPOS and uncomment the
+# fallback section below.
+
+name: Quality Check
+
+on:
+  push:
+    branches: [develop]
+  pull_request:
+    branches: [develop]
+
+permissions:
+  contents: read
+
+jobs:
+  quality:
+    name: Lint, Test & Verify
+    runs-on: ubuntu-latest
+
+    services:
+      redis:
+        image: redis:7
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      # ------------------------------------------------------------------
+      # Checkout
+      # ------------------------------------------------------------------
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0  # Full history required for SonarCloud analysis
+
+      # ------------------------------------------------------------------
+      # Python & Poetry
+      # ------------------------------------------------------------------
+      - name: Read Python version from pyproject.toml
+        id: python-version
+        run: echo "version=$(grep -m1 'python = ' pyproject.toml | grep -oP '\d+\.\d+' | head -1)" >> $GITHUB_OUTPUT
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ steps.python-version.outputs.version }}
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Configure git credentials for private dependencies
+        run: |
+          git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/"
+        # NOTE: If GITHUB_TOKEN lacks cross-repo access, replace with:
+        # git config --global url."https://x-access-token:${{ secrets.GH_TOKEN_PRIVATE_REPOS }}@github.com/".insteadOf "https://github.com/"
+
+      # ------------------------------------------------------------------
+      # Dependency caching
+      # ------------------------------------------------------------------
+      - name: Cache Poetry dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cache/pypoetry
+            .tox
+          key: poetry-${{ runner.os }}-${{ hashFiles('poetry.lock', 'tox.ini') }}
+          restore-keys: |
+            poetry-${{ runner.os }}-
+
+      # ------------------------------------------------------------------
+      # Install
+      # ------------------------------------------------------------------
+      - name: Install dependencies
+        run: poetry install --with dev
+
+      # ------------------------------------------------------------------
+      # Lint, Test & Verify (tox)
+      # ------------------------------------------------------------------
+      - name: Run quality checks (unit tests + architecture + clean-code)
+        run: |
+          rm -f infra/.env.local
+          poetry run tox -e py312,architecture,clean-code
+
+      # ------------------------------------------------------------------
+      # SonarCloud
+      # ------------------------------------------------------------------
+      - name: SonarCloud scan
+        if: always()
+        uses: SonarSource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.pylintrc

@@ -1,7 +1,7 @@
 [MASTER]
 # Ignore patterns
 ignore=CVS,tests,__pycache__
-ignore-patterns=test_.*?\.py
+ignore-patterns=test_.*?\.py,_test_.*?\.py
 persistent=yes
 load-plugins=
 

README.md

@@ -1,5 +1,10 @@
 # Entity Resolution Engine (ERE)
 
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=meaningfy-ws_entity-resolution-engine-basic&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=meaningfy-ws_entity-resolution-engine-basic)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=meaningfy-ws_entity-resolution-engine-basic&metric=coverage)](https://sonarcloud.io/summary/new_code?id=meaningfy-ws_entity-resolution-engine-basic)
+[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)
+[![Python](https://img.shields.io/badge/Python-3.12-blue.svg)](https://www.python.org/downloads/)
+
 > A basic implementation of the ERE component of the Entity Resolution System (ERSys).
 
 The **Entity Resolution Engine (ERE)** is an asynchronous microservice that resolves entity

tox.ini

@@ -21,12 +21,15 @@ passenv =
     HOME
     PYTHONPATH
     PYTHON*
+    REDIS_HOST
+    REDIS_PORT
+    REDIS_PASSWORD
 setenv =
     PYTHONPATH = {toxinidir}/src
 allowlist_externals =
     poetry
 commands_pre =
-    poetry install --sync
+    poetry sync
 
 #=============================================================================
 # py312: Unit Tests + Coverage
@@ -36,7 +39,7 @@ commands_pre =
 description = Run unit tests with coverage analysis
 commands =
     pytest test \
-        --cov={env:PACKAGE_NAME:ere} \
+        --cov={toxinidir}/src/ere \
         --cov-report=term \
         --cov-report=term-missing:skip-covered \
         --cov-report=xml:coverage.xml \
@@ -45,7 +48,7 @@ commands =
 
 [coverage:run]
 branch = True
-source = ere
+source = src/ere
 
 [coverage:report]
 precision = 2