Bump actions/checkout from 2 to 4 #30

	name: SonarCloud QA
	on:
	push:
	branches:
	- main
	- 4.0.x
	- 3.12.x
	pull_request:
	types: [opened, synchronize, reopened]
	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	# Only analyze with Sonar on non-fork repos:
	# https://github.community/t/how-to-detect-a-pull-request-from-a-fork/18363/4
	if: github.event.pull_request.head.repo.fork != true
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	submodules: 'recursive'
	# For building GeoNetwork, JDK8 is necessary, but for running
	# the SonarQube plugin, JDK11 is necessary.
	# So, first install JDK 8, build GeoNetwork, then install JDK11
	# and run SonarQube:
	- name: Set up JDK 8
	uses: actions/[email protected]
	with:
	java-version: 8
	distribution: 'temurin'
	cache: 'maven'
	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Build GN
	run: mvn -B package -DskipTests
	- name: Set up JDK 11
	uses: actions/[email protected]
	with:
	distribution: 'temurin'
	java-version: '11'
	- name: Analyze with Sonar
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	#TODO: Enable tests, if reliable:
	run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=geonetwork_core-geonetwork -Dsonar.organization=geonetwork -DskipTests=true -Dmaven.javadoc.skip=true

Provide feedback