Allow sonarqube analysis to contributors

Sonarque can't analyze contributions due to some GitHub limitations in sharing repository secrets.

Everything points out that we need to use a different workflow to share our secrets, using either `pull_request_target` or `workflow_run`. Some [security considerations](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions) are required to pay attention to avoid the secrets to be leaked.

To enhance security, we should manually run every CI for outside contributors.


Potential workarounds:
- https://community.sonarsource.com/t/sonar-cannot-be-run-on-pr-from-a-fork/69229/5
- https://community.sonarsource.com/t/how-to-use-sonarcloud-with-a-forked-repository-on-github/7363

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Allow sonarqube analysis to contributors #671

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Allow sonarqube analysis to contributors #671

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions