feat(ci): add coverage reports to sonar and github

[etiennej70]

What this PR Provides

• Code Coverage Integration: Adds comprehensive code coverage reporting to the CI/CD pipeline, enabling teams to track test coverage metrics over time
• SonarQube Integration: Connects coverage reports to SonarQube for centralized quality and coverage analysis alongside code quality metrics
• GitHub Coverage Visibility: Automatically publishes coverage reports in GitHub, making coverage data accessible to all developers
• JaCoCo to Cobertura Conversion: Implements automatic conversion of JaCoCo coverage reports to Cobertura format for broader tool compatibility
• Enhanced Security: Improves security permissions scope in the CI pipeline for safer automated deployments
• Upgraded SonarQube Scanner: Updates to the latest SonarQube Maven plugin (v5.7.0) for improved stability and performance

Fixes

• N/A

Review

The reviewer must double-check these points:

• The reviewer has verified coverage reports appear correctly in SonarQube and GitHub
• The CI/CD pipeline runs successfully with the new plugins
• Security permissions in CI are correctly scoped
• The JaCoCo to Cobertura conversion produces valid XML output

How to test

1. Initial state: Working on a feature branch with unit tests
2. What and how to test:
   • Create a pull request and observe the GitHub Actions workflow (so here)
   • Check that coverage reports appear in the SonarQube dashboard
3. Expected results:
   • Build succeeds with new plugins
   • target/cobertura.xml file is generated in the build output
   • Coverage metrics are visible in SonarQube
   • GitHub Actions workflow completes without errors

Breaking changes (if any)

• N/A

[github-actions]

🚫 [actionlint] _{reported by reviewdog 🐶}
unknown permission scope "code-quality". all available permission scopes are "actions", "artifact-metadata", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]

[etiennej70]

False positive 😢

[github-code-quality]

Code Coverage Overview

Languages: Java

Java / code-coverage/jacoco

The overall coverage in the ci/tests_coverage branch is 89%. Coverage data for the main branch is not yet available.

Show a code coverage summary of the most covered files.

File	main	ci/tests_coverage d8369d8	+/-
com/decathlon/i...ionService.java	—	100%	—
com/decathlon/i...serService.java	—	99%	—
com/decathlon/i...ionService.java	—	99%	—
com/decathlon/i...ateService.java	—	94%	—
com/decathlon/i...ateAdapter.java	—	92%	—
com/decathlon/i...oOutMapper.java	—	89%	—
com/decathlon/i...ionHandler.java	—	88%	—
com/decathlon/i...MapperImpl.java	—	88%	—
com/decathlon/i...MapperImpl.java	—	78%	—
com/decathlon/i...ionService.java	—	77%	—

---

_{Updated June 04, 2026 16:50 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud