diff --git a/.claude/skills/release-runbook/SKILL.md b/.claude/skills/release-runbook/SKILL.md index 5f154c1a..da6b318c 100644 --- a/.claude/skills/release-runbook/SKILL.md +++ b/.claude/skills/release-runbook/SKILL.md @@ -234,6 +234,14 @@ authoritative checker.) + `publish-release-tag`. - Cutting an `agent-assembly` core tag for an SDK-only change — that triggers the full coordinated pipeline and double-publishes. +- **`sonar.projectVersion`** — the SonarCloud Scan job in + `rw_run_all_test_and_record.yaml` derives it from `pyproject.toml`'s `version` + at scan time and passes it via the scanner `args`, so the SonarCloud quality + gate always tracks the current release. Do **not** hand-bump the + `sonar.projectVersion` literal in `sonar-project.properties` per release — that + literal is only the local-scan fallback and must stay off `0.0.0`, which + otherwise leaves the gate stuck at "Not computed" (AAASM-3815). (Contrast the + `agent-assembly` monorepo, where the literal is bumped statically.) ## What this runbook does not cover diff --git a/.claude/skills/sdk-only-release/SKILL.md b/.claude/skills/sdk-only-release/SKILL.md index a39e7e42..c8fd65a6 100644 --- a/.claude/skills/sdk-only-release/SKILL.md +++ b/.claude/skills/sdk-only-release/SKILL.md @@ -132,6 +132,13 @@ or drifted wheels. `workflow_dispatch`. Dispatch the docs pipeline separately if needed. - **Yanking lower versions** — this skill does not yank; do it in the PyPI web UI after the fact if required. +- **`sonar.projectVersion`** — the SonarCloud Scan job in + `rw_run_all_test_and_record.yaml` derives it from `pyproject.toml`'s `version` + at scan time, so the quality gate tracks the current release automatically. Do + **not** hand-bump the `sonar.projectVersion` literal in + `sonar-project.properties` per release — it is only the local-scan fallback and + must stay off `0.0.0` (a literal `0.0.0` leaves the gate stuck at "Not + computed"; AAASM-3815). ## Do Not Assume diff --git a/.github/workflows/rw_run_all_test_and_record.yaml b/.github/workflows/rw_run_all_test_and_record.yaml index 52ff90a0..6fdd26f6 100644 --- a/.github/workflows/rw_run_all_test_and_record.yaml +++ b/.github/workflows/rw_run_all_test_and_record.yaml @@ -173,9 +173,27 @@ jobs: exit 1 fi + # Derive the analysis version from the package's own pyproject.toml so the + # SonarCloud quality gate always tracks the current release. A literal + # sonar.projectVersion=0.0.0 leaves the gate stuck at "Not computed" + # (AAASM-3815); passing the live version below overrides the static + # fallback in sonar-project.properties. + - name: Resolve project version + id: sonar_version + run: | + version="$(grep -m1 -E '^version = ' pyproject.toml | sed -E 's/^version = "(.*)"/\1/')" + if [ -z "$version" ]; then + echo "Could not parse version from pyproject.toml" >&2 + exit 1 + fi + echo "version=$version" >> "$GITHUB_OUTPUT" + - name: SonarCloud Scan uses: SonarSource/sonarqube-scan-action@v8.2.0 env: GITHUB_TOKEN: ${{ github.token }} SONAR_TOKEN: ${{ secrets.sonar_token }} SONAR_HOST_URL: https://sonarcloud.io + with: + args: > + -Dsonar.projectVersion=${{ steps.sonar_version.outputs.version }} diff --git a/sonar-project.properties b/sonar-project.properties index bb757adb..2512ebcb 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -6,7 +6,13 @@ sonar.issues.defaultAssigneeLogin=Bryant # This is the name and version displayed in the SonarCloud UI. sonar.projectName=python-sdk -sonar.projectVersion=0.0.0 +# A non-0.0.0 version is required for SonarCloud to compute the quality gate +# (a literal 0.0.0 leaves the gate stuck at "Not computed"; AAASM-3815). CI +# overrides this at scan time with the live pyproject.toml version via +# `-Dsonar.projectVersion=...` (see .github/workflows/rw_run_all_test_and_record.yaml), +# so it always tracks the current release; this static value is the local-scan +# fallback only. +sonar.projectVersion=0.0.1rc1 # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows. sonar.projectBaseDir=./