Black Duck integration and CI/SonarQube updates

[nikhil2611]

Description

This pull request introduces new configuration files to improve the project's CI/CD pipeline and code quality analysis. The first file is a GitHub Actions workflow stub for standardized CI checks, and the second is a SonarQube configuration file for Ruby projects. These additions help automate quality and security checks and enable better integration with centralized analysis tools.

Continuous Integration and Quality Analysis Enhancements:

GitHub Actions Workflow Stub:

• Added .github/workflows/ci-main-pull-request-stub.yml to standardize CI checks for pull requests and pushes on main, develop, and release branches. This workflow delegates to a common CI pipeline, enabling features like complexity checks, secret scanning, dependency scanning, SAST/SCA scans, SonarQube analysis, and SBOM generation. It is highly configurable via workflow inputs and secrets.

SonarQube Integration:

• Updated sonar-project.properties with detailed settings for Ruby analysis, specifying project metadata, source and test directories, language settings, and exclusion rules. This file enables SonarQube to analyze code quality, run tests, and generate coverage reports for the repository.

Check List

• New functionality includes tests
• All tests pass
• All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco
• PR title is a worthy inclusion in the CHANGELOG

[sonarqube-for-infrastructure-prod]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube