From f2ad20b92dc6be1550859c9b3c74b1a93c4319d9 Mon Sep 17 00:00:00 2001
From: demo-bot <demo-bot@kyndryl.com>
Date: Mon, 13 Apr 2026 12:47:21 +0000
Subject: [PATCH] Update .gitea/workflows/sonar-scan.yaml

---
 .gitea/workflows/sonar-scan.yaml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yaml b/.gitea/workflows/sonar-scan.yaml
index 01d3866..eabced5 100644
--- a/.gitea/workflows/sonar-scan.yaml
+++ b/.gitea/workflows/sonar-scan.yaml
@@ -4,12 +4,10 @@ on:
   push:
   pull_request:
 
-# Cancel in-progress runs for the same branch/PR
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-# Least-privilege permissions
 permissions:
   contents: read
   pull-requests: read
@@ -18,19 +16,24 @@ jobs:
   build:
     name: Build and analyze
     runs-on: ubuntu-latest
-    
+
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: sonarsource/sonarqube-scan-action@v3
+      - uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 17
+          cache: maven
+
+      - name: Build and analyze
+        run: ./mvnw -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=demo-platform
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-          SONAR_SCANNER_JSON_PARAMS: '{"sonar.projectKey":"demo-platform"}'
 
-      # Fail the build if Quality Gate is red
       - uses: sonarsource/sonarqube-quality-gate-action@v1
         timeout-minutes: 5
         env: