ci: update sonar scan action version to v6

[ahnpnl]

Test plan

Green CI

Does this PR introduce a breaking change?

• Yes
• No

Other information

N.A.

Summary by CodeRabbit

• Chores
  • Updated CI/CD pipeline tooling to the latest version for improved code quality scanning and analysis capabilities.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated the SonarCloud Scan GitHub Action in the CI workflow from version 5.3.2 to 6.0.0. The action reference was bumped to use the latest commit SHA, with no changes to environment variables, token configuration, or workflow logic.

Changes

Cohort / File(s)	Summary
CI Workflow Update \\.github/workflows/ci.yml	Updated SonarSource/sonarqube-scan-action from v5.3.2 (commit 2f77a1ec) to v6.0.0 (commit fd88b7d7). Environment configuration and token usage remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Single dependency version bump in a workflow file
• No functional logic changes or control flow modifications
• Configuration remains identical aside from action reference

Poem

A rabbit hops through workflows bright,
SonarCloud now scans with newer might,
Version six arrives, the tests still run,
Quality checks shine—the work is done! 🐰✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: update sonar scan action version to v6' clearly and concisely summarizes the main change in the pull request—updating the SonarCloud scan action to version 6.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch infra/sonar-scan-workflow

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a34ec11 and 351963e.

📒 Files selected for processing (1)

• .github/workflows/ci.yml (1 hunks)

🔇 Additional comments (2)

.github/workflows/ci.yml (2)

123-124: LGTM!

The v6.0.0 breaking change involves how the args input is now parsed differently to prevent command-line injection, but this workflow doesn't use the args parameter—it only configures SONAR_TOKEN via environment variables. The upgrade is safe and aligns with the PR's claim of no breaking changes for this codebase.

---

123-124: No action needed. The sonarqube-scan-action v6.0.0 upgrade is safe for this workflow. While v6.0.0 includes a breaking change in how arguments are parsed (due to a rewrite from Bash to JavaScript for security), this workflow does not pass any custom arguments to the action, so the breaking change does not apply. The upgrade introduces a security fix for a command-injection vulnerability and poses no risk to the current configuration.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

PR Preview Action v1.6.3
Preview removed because the pull request was closed.
2025-12-02 13:16 UTC

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud