diff --git a/.claude/skills/release-runbook/SKILL.md b/.claude/skills/release-runbook/SKILL.md index bcb775ed..19666417 100644 --- a/.claude/skills/release-runbook/SKILL.md +++ b/.claude/skills/release-runbook/SKILL.md @@ -228,6 +228,14 @@ state machine: - Downloading + staging the `aasm-*.tar.gz` binaries. - The post-publish `v` git tag + GitHub Release. - The Docusaurus docs-version snapshot PR (`version-docs` job). +- The SonarCloud `sonar.projectVersion`. `quality-report.yml` overrides the + `sonar-project.properties` value with `-Dsonar.projectVersion=` at scan time, so the quality gate auto-advances once the five + `package.json` files are bumped — no manual `sonar.projectVersion` bump is + required on the release path (AAASM-2774). Keep the static fallback in + `sonar-project.properties` roughly in step with `package.json` so the gate + never falls back to `0.0.0` ("Not computed") if the scan ever runs without the + CI override. ## Detailed references diff --git a/.claude/skills/sdk-only-release/SKILL.md b/.claude/skills/sdk-only-release/SKILL.md index 354b2581..677c97ca 100644 --- a/.claude/skills/sdk-only-release/SKILL.md +++ b/.claude/skills/sdk-only-release/SKILL.md @@ -160,6 +160,12 @@ Three operator-side rules govern every dispatch: `repository_dispatch`); refresh docs separately if needed. - dist-tag promotion is a separate operator step from an authenticated terminal: `npm dist-tag add @agent-assembly/sdk@ alpha`. +- The SonarCloud `sonar.projectVersion` needs **no** manual bump for an SDK-only + release. `quality-report.yml` derives it from `package.json` at scan time + (`-Dsonar.projectVersion=`), so once `` is committed to + `package.json` the quality gate tracks it automatically (AAASM-2774). Keep the + static fallback in `sonar-project.properties` roughly in step so the gate never + reverts to `0.0.0` ("Not computed"). ## Do NOT manually run diff --git a/.github/workflows/quality-report.yml b/.github/workflows/quality-report.yml index 1ee801af..9a154565 100644 --- a/.github/workflows/quality-report.yml +++ b/.github/workflows/quality-report.yml @@ -60,8 +60,17 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} verbose: true + - name: Resolve package version for Sonar + id: sonar_version + run: echo "version=$(node -p "require('./package.json').version")" >> "$GITHUB_OUTPUT" + - name: SonarQube Scan if: ${{ env.SONAR_TOKEN != '' }} uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e # v8.2.0 env: SONAR_TOKEN: ${{ env.SONAR_TOKEN }} + with: + # Override sonar-project.properties' static fallback so the quality + # gate version always tracks package.json and auto-advances per release. + args: > + -Dsonar.projectVersion=${{ steps.sonar_version.outputs.version }} diff --git a/sonar-project.properties b/sonar-project.properties index 2232f7d9..fd51181a 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -3,7 +3,11 @@ sonar.projectKey=ai-agent-assembly_node-sdk sonar.organization=ai-agent-assembly sonar.projectName=node-sdk -sonar.projectVersion=0.0.0 +# Static fallback only. The CI scan (.github/workflows/quality-report.yml) +# overrides this with -Dsonar.projectVersion= so the +# SonarCloud quality gate auto-advances each release. Keep this off 0.0.0 (which +# stalls the gate at "Not computed") and roughly in step with package.json. +sonar.projectVersion=0.0.1-rc.1 sonar.projectBaseDir=./ sonar.sources=src/