ci: move sonar to own workflow and use official action

Author: micgro42

.github/workflows/sonarqube.yml

@@ -0,0 +1,28 @@
+on:
+  # Trigger analysis when pushing to your main branches, and when creating a pull request.
+  push:
+    branches:
+      - main
+      - master
+      - develop
+      - 'releases/**'
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+name: SonarQube Main Workflow
+jobs:
+  sonarqube:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Disabling shallow clones is recommended for improving the relevancy of reporting
+          fetch-depth: 0
+      - name: Install
+        run: npm ci
+      - name: Test
+        run: npm run test:unit --coverage
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/test-and-lint.yml

@@ -17,33 +17,3 @@ jobs:
         run: npm ci
       - name: Test
         run: npm run test
-
-  unit-test-and-sonar:
-    name: Unit tests and coverage for sonar
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-java@v3
-        with:
-          distribution: 'temurin'
-          java-version: '17'
-      - name: Set up node
-        uses: actions/setup-node@v3
-        with:
-          node-version: '24'
-      - name: Install
-        run: npm ci
-      - name: Test
-        run: npm run test:unit --coverage
-      - name: Setup Sonar Scanner
-        uses: warchant/setup-sonar-scanner@v8
-      - name: Run sonarqube
-        env:
-          # to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: sonar-scanner
-          -Dsonar.login=${{ secrets.SONAR_TOKEN }}
-          -Dsonar.host.url=https://sonarcloud.io/