feat: added sonar

M  .github/workflows/security-scan.yaml
M  android/app/build.gradle.kts

Author: IliyanKostov9

.github/workflows/security-scan.yaml

@@ -78,9 +78,10 @@ jobs:
       - name: Make gradlew executable
         run: chmod +x ./gradlew
 
-      - name: Build and analyze
+      - name: Build
+        run: |
+          ./gradlew build sonar --info
+      - name: SonarQube Scan
+        uses: SonarSource/sonarqube-scan-action@v5
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: |
-          ./gradlew build sonar --info -Dsonar.scanner.skipJreProvisioning=true

android/app/build.gradle.kts

@@ -1,10 +1,36 @@
 plugins {
   id("com.android.application")
   id("kotlin-android")
+  id("org.sonarqube") version "6.3.1.5724"
   // The Flutter Gradle Plugin must be applied after the Android and Kotlin Gradle plugins.
   id("dev.flutter.flutter-gradle-plugin")
 }
 
+sonar {
+  properties {
+    property(
+        "sonar.projectKey",
+        "ZProfile_flutter-client",
+    )
+    property(
+        "sonar.organization",
+        "zprofile01",
+    )
+    property(
+        "sonar.verbose",
+        true,
+    )
+    property(
+        "sonar.flutter.source.version",
+        "3.8.1",
+    )
+    property(
+        "sonar.language",
+        "flutter",
+    )
+  }
+}
+
 android {
   namespace = "com.example.zprofile"
   compileSdk = flutter.compileSdkVersion