BUILD-8718: Shadow scans suport in maven

[jayadeep-km-sonarsource]

BUILD-8718

BUILD-8718: Shadow scans suport in maven

[SamirM-BE]

LGTM, my recommendation is to extract the sonar functions in a different file to be able to re-use them for other actions.

[mikolaj-matuszny-ext-sonarsource]

https://sonarcloud.io/summary/new_code?id=SonarSource_sonar-dummy-maven-enterprise&pullRequest=78

https://next.sonarqube.com/sonarqube/dashboard?id=SonarSource_sonar-dummy-maven-enterprise&pullRequest=78

https://sonarqube.us/summary/new_code?id=SonarSource_sonar-dummy-maven-enterprise&pullRequest=78

[sonarqubecloud]

🤖 Pull Request summary

This pull request adds support for running SonarQube analysis on multiple platforms (shadow scans).

• New feature: Added run-shadow-scans parameter to enable analysis across all SonarQube platforms (next, sqc-eu, sqc-us) instead of just the selected one
• Credential management: Refactored to fetch tokens for all three platforms from Vault instead of dynamically selecting one
• Build script changes: Separated Maven build execution from SonarQube analysis, with conditional deployment disabling during shadow scans
• Shared utilities: Created new common-functions.sh with reusable functions for platform configuration and multi-platform analysis coordination
• Test coverage: Updated test suite to cover new functionality including platform switching and shadow scan behavior

Review focus: The credential exposure in the action.yml file now retrieves tokens for all platforms regardless of usage, and the deployment disabling logic in build.sh uses string manipulation that should be validated for edge cases.

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud