Refactor: Set the Sonar org and project keys as variables

Author: stefaniuk

.github/workflows/stage-2-test.yaml

@@ -86,6 +86,6 @@ jobs:
       - name: "Perform static analysis"
         uses: ./.github/actions/perform-static-analysis
         with:
-          sonar_organisation_key: "${{ secrets.SONAR_ORGANISATION_KEY }}"
-          sonar_project_key: "${{ secrets.SONAR_PROJECT_KEY }}"
+          sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
+          sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
           sonar_token: "${{ secrets.SONAR_TOKEN }}"

docs/user-guides/Perform_static_analysis.md

@@ -27,8 +27,8 @@ Static code analysis is an essential part of modern software development. It pro
   - `sonar.[language].[coverage-tool].reportPaths` to ensure the unit test coverage is reported back to Sonar
   - Do not set the `sonar.organization` and `sonar.projectKey` properties in this file; do the next step instead
 - Follow the documentation on [creating encrypted secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) to add the `SONAR_TOKEN` secret to your repository. The GitHub action is already configured to fetch that secret and pass it as a variable. In addition to that:
-  - Add `SONAR_ORGANISATION_KEY` secret
-  - Add `SONAR_PROJECT_KEY` secret
+  - Add `SONAR_ORGANISATION_KEY` variable (not a secret)
+  - Add `SONAR_PROJECT_KEY` variable (not a secret)
 - Navigate to project `Administration > Analysis Method` and turn off the `Automatic Analysis` option
 - Please, refrain from adding your repository to the GitHub SonarCloud App. Doing so will duplicate reports and initiate them outside the primary pipeline workflow
 - Confirm that the GitHub action is part of your GitHub CI/CD workflow and enforces the "Sonar Way" quality gates. You can find more information about this in the [NHSE Software Engineering Quality Framework](https://github.com/NHSDigital/software-engineering-quality-framework/blob/main/tools/sonarqube.md)