chore(deps): bump sonarqube-scan-action v5 → v6 (supersedes #71)

[kienbui1995]

What

Bumps SonarSource/sonarqube-scan-action from v5 to v6 in .github/workflows/sonarcloud.yml.

Why

Supersedes #71. That PR was opened by Dependabot and its SonarCloud Scan check fails because Dependabot-triggered workflows don't receive SONAR_TOKEN by default — a GitHub-level secret scoping issue, not a problem with the bump itself. Re-submitting from a regular branch so the scan can authenticate and validate the upgrade.

How

One-line change: @v5 → @v6.

The v6 release introduces a breaking change in how the args input is parsed (quotes handling). This workflow only sets projectBaseDir: . and passes no args, so the breaking change does not apply.

Test plan

• All CI checks pass on this PR, including SonarCloud Scan (the target of the upgrade)
• After merge, close chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows #71

https://claude.ai/code/session_01R2n6wKqFkYPvHkwaip8EnJ

Summary by CodeRabbit

• Chores
  • Updated the code scanning tool in the continuous integration pipeline to a newer version for enhanced analysis capabilities.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8f36a2b4-2a6d-43fa-909f-574e033d996b

📥 Commits

Reviewing files that changed from the base of the PR and between c75f265 and 2ff341b.

📒 Files selected for processing (1)

• .github/workflows/sonarcloud.yml

---

📝 Walkthrough

Walkthrough

The SonarCloud GitHub Actions workflow has been updated to use version 6 of the SonarSource/sonarqube-scan-action, replacing the previously referenced version 5. The step inputs and environment variables remain unchanged.

Changes

Cohort / File(s)	Summary
SonarCloud Action Version Upgrade .github/workflows/sonarcloud.yml	Updated SonarSource/sonarqube-scan-action from @v5 to @v6 in the SonarCloud Scan step. No input parameters or environment variables were modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested labels

dependencies, github_actions

Poem

🐰 A hop, a skip, a version bump so bright!
From five to six, the scan's in flight!
With Bash rewritten into JS so fine,
Our code quality checks will surely shine! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: bumping sonarqube-scan-action from v5 to v6, with a note that it supersedes #71.
Description check	✅ Passed	The PR description covers What, Why, and How sections as required, providing clear motivation and implementation details. The test plan section is present but uses checkboxes rather than checklist format.
Linked Issues check	✅ Passed	The PR fully meets the requirement from linked issue #71 to upgrade sonarqube-scan-action from v5 to v6, with correct handling of the breaking change in args parsing.
Out of Scope Changes check	✅ Passed	All changes are within scope; only the sonarqube-scan-action version is updated in the workflow file with no extraneous modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-sonar-scan-action-v6

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud