ci: T8834: remove SonarCloud workflow

[andamasov]

Summary

• Removes .github/workflows/sonarcloud.yml
• Removes sonarcloud.yml reference from AGENTS.md

Part of SonarCloud removal — IS-436 / T8834.

🤖 Generated by robots

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 08e9e612-ef75-48ae-9f77-f7983a284d86

📥 Commits

Reviewing files that changed from the base of the PR and between 1d81e20 and 6f66409.

📒 Files selected for processing (2)

• .github/workflows/sonarcloud.yml
• AGENTS.md

💤 Files with no reviewable changes (1)

• .github/workflows/sonarcloud.yml

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Summary

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: CR
Repo: vyos/vyatta-bash

Timestamp: 2026-05-09T15:02:04.168Z
Learning: Commit and PR titles must follow the format: `component: T<task_id>: description` where task IDs reference Phorge tasks at https://vyos.dev

Learnt from: CR
Repo: vyos/vyatta-bash

Timestamp: 2026-05-09T15:02:04.168Z
Learning: Treat this repository as upstream-vendored Bash; minimize diffs against the GNU Bash 4.1 baseline

Learnt from: CR
Repo: vyos/vyatta-bash

Timestamp: 2026-05-09T15:02:04.168Z
Learning: Vyatta-specific behaviour patches are scattered across multiple `.c` files without a single 'vyatta' subdirectory; use `git log -- <file>` to identify VyOS-era changes versus upstream Bash changes

Learnt from: CR
Repo: vyos/vyatta-bash

Timestamp: 2026-05-09T15:02:04.168Z
Learning: The filename `chceck-pr-message.yml` contains a known typo and should be left as-is to avoid breaking workflow references unless explicitly coordinated

Learnt from: CR
Repo: vyos/vyatta-bash

Timestamp: 2026-05-09T15:02:04.168Z
Learning: Use GNU autotools (`Makefile.in`, `aclocal.m4`, `configure`) for build configuration

🔍 Remote MCP Context7

Summary of Relevant Context for PR Review

What is Being Removed

The SonarCloud GitHub Action scans projects with SonarQube Cloud, a static analysis solution for continuous code quality and security inspection across 30+ languages.

Specifically, the removed workflow was using the sonarsource/sonarcloud-github-action to perform analysis on push and pull request events, requiring a SONAR_TOKEN secret.

Impact of Removal

The PR removes automated code quality and security scanning from the CI/CD pipeline. This means:

1. No automatic SonarQube analysis - The repository will no longer perform static code analysis on every push to the tracked branches (current, equuleus, sagitta, circinus) and pull requests
2. Loss of continuous code quality monitoring - Developers will lose automated feedback on code quality metrics, potential bugs, and security vulnerabilities
3. Documentation update - The AGENTS.md file correctly reflects this change by removing the sonarcloud.yml workflow reference

Review Considerations

• Verify that the removal is intentional and aligned with project goals (referenced as IS-436 / T8834)
• Confirm whether alternative code quality tools remain in place for the project
• Check if any project documentation or configuration files (beyond AGENTS.md) still reference SonarCloud or expect its results

🔇 Additional comments (1)

AGENTS.md (1)

38-38: Workflow list update looks correct.

sonarcloud.yml is removed from the documented active workflows, check-pr-conflicts.yml is included, and the known chceck-pr-message.yml typo is correctly preserved.

Based on learnings, the filename chceck-pr-message.yml is a known typo that should remain unchanged unless explicitly coordinated.

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Removed SonarCloud code quality scanning from the automated CI pipeline
  • Updated workflow documentation to reflect configuration changes

Walkthrough

SonarCloud GitHub Actions workflow integration is removed from the repository. The sonarcloud.yml file containing the Sonar Checks job is deleted entirely, and AGENTS.md is updated to remove sonarcloud.yml from the active workflows list while adding check-pr-conflicts.yml.

Changes

SonarCloud Workflow Removal

Layer / File(s)	Summary
Workflow Removal .github/workflows/sonarcloud.yml	Sonar Checks workflow file including all job definitions, triggers on branch pushes and pull_request_target events, and SonarCloud scan action invocation is removed.
Documentation Update AGENTS.md	Active workflows list is updated: sonarcloud.yml entry is removed; check-pr-conflicts.yml is added; typo in chceck-pr-message.yml is preserved.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: removal of the SonarCloud workflow, with reference to the task ticket T8834.
Description check	✅ Passed	The description directly relates to the changeset, listing the exact files being removed and providing context for the change via task ticket references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sonarcloud-removal

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch sonarcloud-removal

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

👍
No issues in PR Title / Commit Title

[andamasov]

@copilot review

[Copilot]

@copilot review

Reviewed the current PR change at 6f66409. No follow-up changes were needed: the SonarCloud workflow removal is clean, and the AGENTS.md workflow list is consistent with the repository state.

[andamasov]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.