use CI and github actions based sonar like other projects so we can get coverage

.github/workflows/tests.yml

@@ -20,6 +20,18 @@ jobs:
       - run: npm run lint
       - run: npm test
       - run: npm run build --if-present
+      - name: SonarCloud Scan
+        # thought about just skipping dependabot
+        # if: ${{ github.actor != 'dependabot[bot]' }}
+        # but figured all pull requests seems better, since none of them will have access to sonarcloud.
+        # however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
+        # if: ${{ github.event_name != 'pull_request' }}
+        # so just skip everything but main
+        if: github.ref_name == 'main'
+        uses: sonarsource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       # part about saving PR number and then using it from auto-merge-dependabot-prs from:
       # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
       - name: Save PR number

package.json

@@ -55,7 +55,7 @@
   "scripts": {
     "start": "ESLINT_NO_DEV_ERRORS=true PORT=7001 craco start",
     "build": "craco build",
-    "test": "react-scripts test",
+    "test": "react-scripts test --coverage",
     "t": "npm test -- --watchAll=false",
     "eject": "craco eject",
     "format": "prettier --write src/**/*.js{,x}",

sonar-project.properties

@@ -0,0 +1,4 @@
+sonar.projectKey=sartography_spiffworkflow-frontend
+sonar.organization=sartography
+sonar.host.url=https://sonarcloud.io
+sonar.javascript.lcov.reportPaths=coverage/lcov.info