From 152f35001a591db147deddc11e8e9ce610761194 Mon Sep 17 00:00:00 2001
From: Brian Hardie <777730+bhardie@users.noreply.github.com>
Date: Thu, 18 Jun 2026 07:25:52 -0700
Subject: [PATCH] Add SonarQube configuration

- sonar-project.properties with PHP static analysis config
- .github/workflows/sonar.yaml triggered on push to develop and PRs
---
 .github/workflows/sonar.yaml | 28 ++++++++++++++++++++++++++++
 sonar-project.properties     | 22 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 .github/workflows/sonar.yaml
 create mode 100644 sonar-project.properties

diff --git a/.github/workflows/sonar.yaml b/.github/workflows/sonar.yaml
new file mode 100644
index 0000000..2f460d3
--- /dev/null
+++ b/.github/workflows/sonar.yaml
@@ -0,0 +1,28 @@
+on:
+  push:
+    branches:
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+name: Sonarqube
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login != 'dependabot[bot]'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+
+      - name: SonarQube Quality Gate check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 0000000..428a5ee
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,22 @@
+# Server and project configuration
+sonar.host.url=https://sonar.wpengine.io/
+sonar.projectVersion=1.0
+sonar.sourceEncoding=UTF-8
+sonar.scm.provider=git
+
+# Project identifiers
+sonar.projectName=wpackagist
+sonar.projectKey=wpengine_wpackagist_82f90787-67b8-45bc-8b47-99fbcfb1c1e7
+
+# Language
+sonar.language=php
+
+# Paths to source code directories (relative paths)
+sonar.sources=src
+
+# Exclusions
+sonar.exclusions=**/*_test.*, **/mocks/**, **/node_modules/**, **/vendor/**
+
+# Paths to test code directories (relative paths)
+sonar.tests=.
+sonar.test.inclusions=**/*Test.php