ci: add sonar scan for pull requests (#197)

additionally: remove not functioning sonar-maven-plugin parameters

.github/workflows/maven-build.yml

@@ -3,6 +3,9 @@ name: maven-build
 on:
   push:
     branches: ['**/**']
+  pull_request:
+    branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -17,11 +20,11 @@ jobs:
       MARKDOWN2HTML_MAVEN_PLUGIN_FAIL_ON_ERROR: true
     steps:
       - name: 📄 Checkout
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4
         with:
           fetch-depth: 0
       - name: 🧱 Set up JDK and Maven
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73  # v4
         with:
           distribution: adopt
           java-version: 17
@@ -34,7 +37,7 @@ jobs:
         run: echo "cache_key=${{ runner.os }}-mvn-${{ hashFiles('**/pom.xml') }}-${{ github.sha }}" >> $GITHUB_OUTPUT
       - name: 💾 Prepare Cache
         id: prepare-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8  # v4
         with:
           path: |
             /home/runner/.m2
@@ -89,8 +92,12 @@ jobs:
             ]
       - name: 🔘 Print settings.xml
         run: cat /home/runner/.m2/settings.xml
-      - name: 📦 Build with Maven
-        run: mvn --batch-mode clean package sonar:sonar
+      - name: 📦 Build with Maven for Pushes
+        if: github.event_name == 'push'
+        run: mvn --batch-mode clean package sonar:sonar -Dsonar.branch.name=${{ github.head_ref }}
+      - name: 📦 Build with Maven for PRs
+        if: github.event_name == 'pull_request'
+        run: mvn --batch-mode clean package sonar:sonar -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.branch=${{ github.head_ref }} -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
     outputs:
       project_version: ${{ steps.project_version.outputs.project_version }}
       cache_key: ${{ steps.cache_key.outputs.cache_key }}
@@ -108,14 +115,14 @@ jobs:
       COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PASSPHRASE }}
     steps:
       - name: 🧱 Set up JDK and Maven
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73  # v4
         with:
           distribution: adopt
           java-version: 17
           gpg-private-key: ${{ secrets.COM_SONATYPE_CENTRAL_POLARION_OPENSOURCE_GPG_PRIVATE_KEY }}
       - name: 💾 Restore Cache
         id: restore-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8  # v4
         with:
           path: |
             /home/runner/.m2
@@ -138,13 +145,13 @@ jobs:
       GITHUB_TOKEN: ${{ github.token }}
     steps:
       - name: 🧱 Set up JDK and Maven
-        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4
+        uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73  # v4
         with:
           distribution: adopt
           java-version: 17
       - name: 💾 Restore Cache
         id: restore-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8  # v4
         with:
           path: |
             /home/runner/.m2

.github/workflows/pr.yml

@@ -10,12 +10,12 @@ jobs:
     name: Check commit messages
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4
+      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871  # v4
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           fetch-depth: 0
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5
         with:
           cache: pip  # caching pip dependencies
       - run: pip install commitizen

.github/workflows/release-please.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - name: release-please
         id: release
-        uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4
+        uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f  # v4
         with:
           release-type: maven
           target-branch: main

.pre-commit-config.yaml

@@ -9,6 +9,8 @@ repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v5.0.0
     hooks:
+      - id: check-added-large-files
+      - id: check-case-conflict
       - id: check-merge-conflict
       - id: trailing-whitespace
       - id: check-xml

.yamlfix.toml

@@ -1,3 +1,3 @@
 allow_duplicate_keys = false
 line_length = 180
-sequence_style = "flow_style"
+sequence_style = "flow_style"

pom.xml

@@ -702,15 +702,6 @@
                     <groupId>org.sonarsource.scanner.maven</groupId>
                     <artifactId>sonar-maven-plugin</artifactId>
                     <version>${sonar-maven-plugin.version}</version>
-                    <executions>
-                        <execution>
-                            <id>sonar</id>
-                            <phase>verify</phase>
-                            <goals>
-                                <goal>sonar</goal>
-                            </goals>
-                        </execution>
-                    </executions>
                 </plugin>
 
                 <plugin>