chore: Ignore sonar findings on GH actions

Author: hypery2k

.github/workflows/build.yml

@@ -37,14 +37,18 @@ jobs:
                     - "21"
 
         steps:
+            # sonarcloud-ignore githubactions:S7637
             -   uses: actions/checkout@v5
+                # sonarcloud-ignore githubactions:S7637
             -   uses: actions/setup-node@v5
             -   name: Set up JDK ${{ matrix.java }}
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/setup-java@v5
                 with:
                     distribution: "temurin"
                     java-version: ${{ matrix.java }}
             -   name: Cache .m2
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/cache@v4
                 with:
                     path: ~/.m2/repository
@@ -57,8 +61,9 @@ jobs:
                     cd sdk && npm run clean && npm run build
 
             -   name: Publish Test Report
+                # sonarcloud-ignore githubactions:S7637
                 uses: mikepenz/action-junit-report@v5
-                if: success() || failure() # always run even if the previous step fails
+                if: success() || failure()
                 with:
                     summary: true
                     detailed_summary: true
@@ -67,6 +72,7 @@ jobs:
                     report_paths: '**/target/*-reports/TEST-*.xml'
 
             -   name: Upload coverage to Codecov
+                # sonarcloud-ignore githubactions:S7637
                 uses: codecov/[email protected]
                 with:
                     file: "${{ github.workspace }}/spi/target/jacoco.xml"
@@ -89,10 +95,13 @@ jobs:
                     - "26.4.0"
                     - "nightly"
         steps:
+            # sonarcloud-ignore githubactions:S7637
             -   uses: actions/checkout@v5
             -   name: "Use Node.js"
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/setup-node@v5
             -   name: Install Java
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/setup-java@v5
                 with:
                     distribution: "temurin" # See 'Supported distributions' for available options
@@ -104,6 +113,7 @@ jobs:
                     ./mvnw javadoc:javadoc
 
             -   name: Run End2End Tests
+                # sonarcloud-ignore githubactions:S7637
                 uses: nick-fields/retry@v3
                 with:
                     max_attempts: 3
@@ -116,6 +126,7 @@ jobs:
 
             -   name: Build Container Image for End2End Testing
                 id: build-image
+                    # sonarcloud-ignore githubactions:S7637
                 uses: redhat-actions/buildah-build@v2
                 with:
                     image: continuoussecuritytooling/audited-keycloak
@@ -125,6 +136,7 @@ jobs:
 
             -   name: Push To Docker Hub (Preview)
                 id: push-to-dockerhub-preview
+                    # sonarcloud-ignore githubactions:S7637
                 uses: redhat-actions/push-to-registry@v2
                 with:
                     image: ${{ steps.build-image.outputs.image }}

.github/workflows/codeql-analysis.yml

@@ -41,16 +41,19 @@ jobs:
 
     steps:
     - name: Checkout repository
+      # sonarcloud-ignore githubactions:S7637
       uses: actions/checkout@v5
 
     - name: Setup Java JDK
+      # sonarcloud-ignore githubactions:S7637
       uses: actions/setup-java@v5
       with:
         distribution: 'temurin'
         java-version: 17
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
+      # sonarcloud-ignore githubactions:S7637
       uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}

.github/workflows/release.yml

@@ -20,13 +20,15 @@ jobs:
             id-token: write
         steps:
 
+            # sonarcloud-ignore githubactions:S7637
             -   uses: actions/create-github-app-token@v2
                 id: app-token
                 with:
                     app-id: ${{ vars.CI_APP_ID }}
                     private-key: ${{ secrets.CI_PRIVATE_KEY }}
 
             -   name: Checkout
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/checkout@v5
                 with:
                     fetch-depth: 0
@@ -45,12 +47,14 @@ jobs:
                     git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com>'
 
             -   name: Setup NodeJS
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/setup-node@v5
                 with:
                     node-version: "22"
                     registry-url: "https://registry.npmjs.org"
 
             -   name: Setup Java
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/setup-java@v5
                 with:
                     distribution: "temurin" # As good as any other, see: https://github.com/actions/setup-java#supported-distributions
@@ -60,6 +64,7 @@ jobs:
                     cache: "maven"
 
             -   name: Setup settings.xml
+                # sonarcloud-ignore githubactions:S7637
                 uses: s4u/[email protected]
                 with:
                     override: true
@@ -98,6 +103,7 @@ jobs:
                     EOF
 
             -   name: Conventional Changelog Action
+                # sonarcloud-ignore githubactions:S7637
                 uses: TriPSs/conventional-changelog-action@v6
                 with:
                     input-file: CHANGELOG.md
@@ -111,6 +117,7 @@ jobs:
 
             -   name: Create Release on GH
                 id: tag-and-release
+                # sonarcloud-ignore githubactions:S7637
                 uses: avakar/tag-and-release@v1
                 with:
                     draft: true
@@ -120,6 +127,7 @@ jobs:
                     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
             -   name: Add SPI to github release
+                # sonarcloud-ignore githubactions:S7637
                 uses: actions/upload-release-asset@v1
                 with:
                     upload_url: ${{ steps.tag-and-release.outputs.upload_url }}