chore(deps): update sonarsource/sonarcloud-github-c-cpp action to v3.2.0

.github/workflows/sonarcloud.yml

@@ -15,19 +15,20 @@ permissions:
   contents: read
 
 jobs:
-  build-test:
-    name: SonarCloud Scan
+  build:
+    name: Build and analyze
     runs-on: ubuntu-latest
     env:
-      BUILD_WRAPPER_OUT_DIR: /tmp/build_wrapper_output_directory
+      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
+    permissions:
+      contents: read
     steps:
       - name: Install libmodsecurity
         run: |
           sudo apt-get update -y
           sudo apt-get install -y libmodsecurity-dev
 
-      - name: Check out the code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
@@ -40,8 +41,8 @@ jobs:
       - name: Install dependencies
         run: npm ci --ignore-scripts
 
-      - name: Install SonarCloud Scan for C and C++
-        uses: SonarSource/sonarcloud-github-c-cpp@816b1822d71776ee0d32bc012e95024ec52ac1fc # v3.1.0
+      - name: Install Build Wrapper
+        uses: SonarSource/sonarqube-scan-action/install-build-wrapper@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
 
       - name: Run build-wrapper
         run: |
@@ -60,8 +61,9 @@ jobs:
           find .. -name '*.o' | xargs gcov --preserve-paths
 
       - name: Run sonar-scanner
+        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: |
-          sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" --define sonar.cfamily.gcov.reportsPath=coverage
+        with:
+          args: >
+            -Dsonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" -Dsonar.cfamily.gcov.reportsPath=coverage