Hi Kirill, Thanks for taking a close look at the SonarQube reports and for raising these points.
As far as I understand, there hasn’t been any dedicated effort yet to triage or address the reported issues. I agree with your observations and suggestions: * Excluding regression SQL files from SonarQube analysis makes sense, as they are test artifacts and not production code. * Adjusting the code duplication threshold also seems reasonable, since the current default threshold appears too strict for our codebase and may not accurately reflect real maintainability concerns. I'm not sure if you have been the admin team for SonarQube. If not, let me know. Best, Dianjin Wang On Mon, Feb 23, 2026 at 3:58 PM Kirill Reshke <[email protected]> wrote: > > Hi hackers! > > I spotted that SonarCube CI check has been added to our main branch, > immediately resulting in red CI status. > > Is anyone currently working on the issue? > I did check what's reported by SonatCube. First, code duplication > check is kind of spurious for me. It does report that Cloudberry has > 22 % code duplication for recent commits(it wants 3%), but I don't > think there is any actual problem. Maybe we can lift this restriction? > > About security checks. SonarQube reports 4k+ security issues, with > many of them being in contrib/regression sql files... Can we ignore > sql regression files? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
