From 951e5ed45def964dd10b4d5974d43e079aaace94 Mon Sep 17 00:00:00 2001 From: Mauricio Astudillo Toledo Date: Wed, 10 Jun 2026 13:26:28 -0400 Subject: [PATCH] chore: update sonar actions --- .github/workflows/build.yml | 8 ++++++-- .github/workflows/publish_release.yml | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6795019..79c1266 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,13 +4,17 @@ on: pull_request: types: [synchronize, opened, reopened] +permissions: + contents: read + pull-requests: read + jobs: sonar-cloud-check: runs-on: ubuntu-latest steps: - name: 1. Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 with: fetch-depth: 0 @@ -31,7 +35,7 @@ jobs: run: mvn clean install -P no-gpg --no-transfer-progress - name: 5. SonarQube Scan - uses: SonarSource/sonarqube-scan-action@7006c4492b2e0ee0f816d36501671557c97f5995 + uses: SonarSource/sonarqube-scan-action@713881670b6b3676cda39549040e2d88c70d582e with: projectBaseDir: . env: diff --git a/.github/workflows/publish_release.yml b/.github/workflows/publish_release.yml index 18199f9..69a4b7e 100644 --- a/.github/workflows/publish_release.yml +++ b/.github/workflows/publish_release.yml @@ -10,16 +10,16 @@ jobs: steps: - name: 1. Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 with: fetch-depth: 0 - name: 2. Set up Maven Central Repository uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 with: - java-version: '8' - distribution: 'temurin' - server-id: central + java-version: "8" + distribution: "temurin" + server-id: central server-username: MAVEN_USERNAME server-password: MAVEN_PASSWORD gpg-private-key: ${{ secrets.GPG_SIGNING_KEY }}