From ebb4081443a8079306f55d86711ec5080599ddf3 Mon Sep 17 00:00:00 2001
From: Konrad Windszus <kwin@apache.org>
Date: Mon, 9 Feb 2026 18:01:35 +0100
Subject: [PATCH] Update sonar-m-p to 5.5.0.6356

Execute Sonar run with Java 21 (Java 17 is deprecated for Sonar)
Update Actions to Node.js 24 compliant versions
---
 .github/workflows/build.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f112f2d3929..7b9108af5b0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,9 +28,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Git clone
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Set up JDK 11
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           java-version: 11
           distribution: temurin
@@ -57,7 +57,7 @@ jobs:
         # executing ITs requires installing artifacts to the local repository
         run: mvn -B ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} -Pcoverage,integrationTesting,javadoc -Dorg.ops4j.pax.url.mvn.repositories="https://repo1.maven.org/maven2@id=central"
       - name: Upload build result
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         with:
           name: compiled-classes-and-coverage
           # compare with https://docs.sonarsource.com/sonarqube-cloud/advanced-setup/languages/java/#java-analysis-and-bytecode
@@ -72,15 +72,15 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     # not supported on forks, https://portal.productboard.com/sonarsource/1-sonarqube-cloud/c/50-sonarcloud-analyzes-external-pull-request
-    if: ${{ github.repository == 'apache/jackrabbit'  }}
+    if: ${{ github.repository == 'apache/jackrabbit' }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
         with:
-          java-version: 17
+          java-version: 21
           distribution: temurin
           cache: maven
       - name: Download compiled classes
@@ -88,7 +88,7 @@ jobs:
         with:
           name: compiled-classes-and-coverage
       - name: Cache SonarQube packages
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -97,4 +97,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
-        run: SONAR_SCANNER_JAVA_OPTS="-Xmx8g" mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.1.0.4751:sonar -Dsonar.projectKey=apache_jackrabbit -Dsonar.organization=apache -Dsonar.scanner.skipJreProvisioning=true
\ No newline at end of file
+        run: SONAR_SCANNER_JAVA_OPTS="-Xmx8g" mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:5.5.0.6356:sonar -Dsonar.projectKey=apache_jackrabbit -Dsonar.organization=apache -Dsonar.scanner.skipJreProvisioning=true
\ No newline at end of file