t3837: Skip SonarCloud analysis gracefully when SONAR_TOKEN is missing

[marcusquinn]

Summary

• Adds conditional check (if: env.SONAR_TOKEN != '') to skip SonarCloud scan when the token secret is not configured, preventing CI failures on all PRs
• Emits a ::warning:: annotation with setup instructions when skipped, instead of a hard failure
• Updates the Quality Analysis Summary step to reflect actual SonarCloud status (was hardcoded to "completed")
• Verified sonar-project.properties has correct projectKey and organization — no changes needed

Note: The SONAR_TOKEN secret itself must be set manually in GitHub repo settings (Settings > Secrets > Actions). See issue comment for instructions.

Closes #3837

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 27 minutes and 57 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6be8f693-2d44-4b23-923a-4a6d5723c7d9

📥 Commits

Reviewing files that changed from the base of the PR and between 339facd and ba7d15c.

📒 Files selected for processing (1)

• .github/workflows/code-quality.yml

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/sonarcloud-ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 125 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Sun Mar 8 01:56:06 UTC 2026: Code review monitoring started
Sun Mar 8 01:56:07 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 125

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 125
• VULNERABILITIES: 0

Generated on: Sun Mar 8 01:56:10 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[marcusquinn]

@coderabbitai review

Review bots were rate-limited when this PR was created (affected: coderabbitai gemini-code-assist). Requesting a review retry.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

@marcusquinn: Sure! Kicking off a full review of PR #3839 now — the SonarCloud graceful-skip changes look like a solid DevOps quality improvement. On it! 🚀

---

🧠 Learnings used

Learnt from: marcusquinn
Repo: marcusquinn/aidevops PR: 0
File: :0-0
Timestamp: 2026-03-03T16:33:18.313Z
Learning: For the marcusquinn/aidevops repository: The daily quality sweep system (pulse-wrapper.sh) should only mention coderabbitai for full codebase review when there are significant changes (Quality Gate failure, +10 issues in one day, etc.), not on every automated sweep with stable metrics.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[marcusquinn]

This PR appears orphaned — no active worker process found and no activity for 6+ hours. Flagging for re-dispatch. If work is still in progress, remove the status:orphaned label.

[marcusquinn]

Merging via pulse supervisor.

• CI: All checks passing
• Reviews: 0 formal reviews (systemic issue systemic: CodeRabbit not submitting formal reviews on maintainer PRs — all merges blocked #3932 — CodeRabbit not submitting formal reviews on maintainer PRs)
• Bot gate: PASS (CodeRabbit commented)
• Rationale: PASS_RATE_LIMITED scenario — PR is 3+ hours old with bot gate PASS. Safe to merge per pulse.md.

[marcusquinn]

Merge conflict detected — this PR cannot be auto-merged. The branch needs to be rebased onto main. Daily PR cap reached for today; will retry dispatch tomorrow.

[marcusquinn]

Closing — this PR has merge conflicts and touches too many files (blast radius issue, see t1422 / GH#3955). The underlying fixes will be re-created as smaller PRs (max 5 files each) to prevent conflict cascades.

Root cause: quality-debt batch PRs touching 10-69 files each created a conflict cascade where each merge invalidated the next PR's base. New rules cap quality-debt PRs at 5 files max and enforce serial merge ordering.