Feat SonarQube static code analysis workflow

.github/workflows/actions.yml

@@ -75,6 +75,27 @@ jobs:
       working-directory: ./frontend
 
 
+  sonarcube-analysis:
+    name: Static Code Analysis
+    runs-on: ubuntu-latest
+    needs: [frontend-job, backend-job]
+    permissions: read-all
+    steps:
+      - uses: actions/checkout@v4
+        with:
+            fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: sonarsource/sonarqube-scan-action@master
+        env:
+            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+            SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+        # If you wish to fail your job when the Quality Gate is red, uncomment the
+        # following lines. This would typically be used to fail a deployment.
+      - uses: sonarsource/sonarqube-quality-gate-action@master
+        timeout-minutes: 5
+        env:
+            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+
   deploy-job:
       name: Deploy to Server
       needs: [ backend-job, frontend-job]
@@ -97,7 +118,7 @@ jobs:
           ssh-keyscan -p $SSH_PORT $SSH_HOST >> ~/.ssh/known_hosts
           ssh -p $PORT $SSH_USERNAME@$SSH_HOST '~/deploy_script.sh'
 
-  
+
   lighthouse-job:
     name: Lighthouse Audit
     runs-on: ubuntu-latest