From 9b6d0dc4ffa206b2e7e30bba8bd9951ad582791c Mon Sep 17 00:00:00 2001
From: Jan Svitok <jsv@whitestein.com>
Date: Wed, 4 Jun 2025 10:34:33 +0200
Subject: [PATCH] Update SonarCloud analysis

- change to the new unified sonarqube-scan-action

source: https://github.com/SonarSource/sonarqube-scan-action/?tab=readme-ov-file#cloud-1
---
 .github/workflows/sonarcloud.yml | 35 +++++++++++++-------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index b989998..babb00e 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -29,28 +29,29 @@
 name: SonarCloud analysis
 
 on:
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
   push:
-    branches: [ "main" ]
+    branches:
+      - main
+      - 'releases/**'
   pull_request:
-    branches: [ "main" ]
-  workflow_dispatch:
+      types: [opened, synchronize, reopened]
 
 permissions:
   pull-requests: read # allows SonarCloud to decorate PRs with analysis results
 
 jobs:
-  Analysis:
+  sonarqube:
     runs-on: ubuntu-latest
-    
     steps:
-      - name: Analyze with SonarCloud         
-
-        # You can pin the exact commit or the version.
-        # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
-        uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+    - uses: actions/checkout@v4
+      with:
+        # Disabling shallow clones is recommended for improving the relevancy of reporting
+        fetch-depth: 0
+    - name: SonarQube Scan
+      uses: SonarSource/sonarqube-scan-action@v5.2.0 # Ex: v4.1.0, See the latest version at https://github.com/marketplace/actions/official-sonarqube-scan
+      env:
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         with:
           # Additional arguments for the sonarcloud scanner
           args:             
@@ -58,11 +59,3 @@ jobs:
             # mandatory
             -Dsonar.projectKey=MobileID-Strong-Authentication_mobileid-client-java
             -Dsonar.organization=mobileid-strong-authentication
-            # Comma-separated paths to directories containing main source files.
-            #-Dsonar.sources= # optional, default is project base directory
-            # When you need the analysis to take place in a directory other than the one from which it was launched
-            #-Dsonar.projectBaseDir= # optional, default is .
-            # Comma-separated paths to directories containing test source files.
-            #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
-            # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
-            #-Dsonar.verbose= # optional, default is false