ai-agent-assembly · Chisanan232 · Jun 26, 2026 · Jun 26, 2026 · Jun 26, 2026 · Jun 26, 2026
@@ -234,6 +234,14 @@ authoritative checker.)
   + `publish-release-tag`.
 - Cutting an `agent-assembly` core tag for an SDK-only change — that triggers the
   full coordinated pipeline and double-publishes.
+- **`sonar.projectVersion`** — the SonarCloud Scan job in
+  `rw_run_all_test_and_record.yaml` derives it from `pyproject.toml`'s `version`
+  at scan time and passes it via the scanner `args`, so the SonarCloud quality
+  gate always tracks the current release. Do **not** hand-bump the
+  `sonar.projectVersion` literal in `sonar-project.properties` per release — that
+  literal is only the local-scan fallback and must stay off `0.0.0`, which
+  otherwise leaves the gate stuck at "Not computed" (AAASM-3815). (Contrast the
+  `agent-assembly` monorepo, where the literal is bumped statically.)
 
 ## What this runbook does not cover
 

@@ -132,6 +132,13 @@ or drifted wheels.
   `workflow_dispatch`. Dispatch the docs pipeline separately if needed.
 - **Yanking lower versions** — this skill does not yank; do it in the PyPI web
   UI after the fact if required.
+- **`sonar.projectVersion`** — the SonarCloud Scan job in
+  `rw_run_all_test_and_record.yaml` derives it from `pyproject.toml`'s `version`
+  at scan time, so the quality gate tracks the current release automatically. Do
+  **not** hand-bump the `sonar.projectVersion` literal in
+  `sonar-project.properties` per release — it is only the local-scan fallback and
+  must stay off `0.0.0` (a literal `0.0.0` leaves the gate stuck at "Not
+  computed"; AAASM-3815).
 
 ## Do Not Assume
 

@@ -173,9 +173,27 @@ jobs:
             exit 1
           fi
 
+      # Derive the analysis version from the package's own pyproject.toml so the
+      # SonarCloud quality gate always tracks the current release. A literal
+      # sonar.projectVersion=0.0.0 leaves the gate stuck at "Not computed"
+      # (AAASM-3815); passing the live version below overrides the static
+      # fallback in sonar-project.properties.
+      - name: Resolve project version
+        id: sonar_version
+        run: |
+          version="$(grep -m1 -E '^version = ' pyproject.toml | sed -E 's/^version = "(.*)"/\1/')"
+          if [ -z "$version" ]; then
+            echo "Could not parse version from pyproject.toml" >&2
+            exit 1
+          fi
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+
       - name: SonarCloud Scan
         uses: SonarSource/sonarqube-scan-action@v8.2.0
         env:
           GITHUB_TOKEN: ${{ github.token }}
           SONAR_TOKEN: ${{ secrets.sonar_token }}
           SONAR_HOST_URL: https://sonarcloud.io
+        with:
+          args: >
+            -Dsonar.projectVersion=${{ steps.sonar_version.outputs.version }}
@@ -6,7 +6,13 @@ sonar.issues.defaultAssigneeLogin=Bryant
 
 # This is the name and version displayed in the SonarCloud UI.
 sonar.projectName=python-sdk
-sonar.projectVersion=0.0.0
+# A non-0.0.0 version is required for SonarCloud to compute the quality gate
+# (a literal 0.0.0 leaves the gate stuck at "Not computed"; AAASM-3815). CI
+# overrides this at scan time with the live pyproject.toml version via
+# `-Dsonar.projectVersion=...` (see .github/workflows/rw_run_all_test_and_record.yaml),
+# so it always tracks the current release; this static value is the local-scan
+# fallback only.
+sonar.projectVersion=0.0.1rc1
 
 # Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
 sonar.projectBaseDir=./