Skip to content

Plan: Fix SonarCloud LOC Double-Counting

Note: This is a temporary planning document. Delete after implementation is complete.

Problem

SonarCloud org camaradesuk is reaching the 51,269 LOC limit because shared libraries in src/libs/ are being scanned by both the API and PM SonarCloud jobs.

Root Cause

In .github/workflows/pr-tests.yml:

  • API scan builds api.slnf which includes shared libs
  • PM scan builds project-management.slnf which includes the same shared libs
  • Both scans run against the full repo, so SonarCloud counts these libraries twice

Double-counted libraries:

  • src/libs/kernel/SyRF.SharedKernel/
  • src/libs/appservices/SyRF.AppServices/
  • src/libs/webhostconfig/SyRF.WebHostConfig.Common/
  • src/libs/mongo/SyRF.Mongo.Common/
  • src/libs/api/SyRF.API.Messages/
  • src/libs/project-management/SyRF.ProjectManagement.Core/
  • src/libs/project-management/SyRF.ProjectManagement.Messages/
  • src/libs/project-management/SyRF.ProjectManagement.Mongo.Data/

Solution: Separate SonarCloud Projects for Shared Libraries

Create dedicated SonarCloud projects for shared libraries, with each service scanning only its own endpoint code.

Final Project Structure

Project Key Scans New?
syrf-api API endpoint only Update
syrf-project-management PM endpoint only Update
syrf-web Angular frontend No change
syrf-shared-libs All shared libraries in src/libs/ New

Implementation Steps

Step 1: Create new SonarCloud project

  1. Go to SonarCloud → Create new project → syrf-shared-libs
  2. Generate token and add as SONAR_TOKEN_LIBS secret in GitHub

Step 2: Create sonar-project.properties for libs

Create src/libs/sonar-project.properties:

sonar.projectKey=syrf-shared-libs
sonar.organization=camaradesuk
sonar.projectName=SyRF Shared Libraries
sonar.sources=.
sonar.exclusions=**/obj/**,**/bin/**,**/*.Tests/**
sonar.sourceEncoding=UTF-8

Step 3: Update pr-tests.yml

Add new sonar-libs job and update API/PM exclusions:

sonar-libs:
  name: SonarCloud - Shared Libraries
  needs: [detect-changes, test-dotnet]
  if: needs.detect-changes.outputs.libs_changed == 'true'
  runs-on: ubuntu-latest
  steps:
    # ... standard setup ...
    - name: Build and analyze
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_LIBS }}
      run: |
        dotnet-sonarscanner begin \
          /k:"syrf-shared-libs" \
          /o:"camaradesuk" \
          /d:sonar.token="$SONAR_TOKEN" \
          /d:sonar.exclusions="**/obj/**,**/bin/**"
        dotnet build src/libs/
        dotnet-sonarscanner end

Update API exclusions to add: **/src/libs/** Update PM exclusions to add: **/src/libs/**

Step 4: Add libs change detection

Add to detect-changes job outputs:

libs_changed: ${{ steps.filter.outputs.libs }}

Add to path filter:

libs:
  - 'src/libs/**'

Files to Modify

  1. .github/workflows/pr-tests.yml - Add sonar-libs job, update exclusions, add change detection
  2. src/libs/sonar-project.properties (new)

Manual Steps Required

  1. Create syrf-shared-libs project in SonarCloud
  2. Add SONAR_TOKEN_LIBS secret to GitHub repository

Verification

After changes, re-run PR checks and verify:

  1. SonarCloud LOC warning no longer appears
  2. All 4 projects (api, pm, web, shared-libs) show in SonarCloud
  3. Each project shows only its own code (no overlap)