From a5e24c8e7ee0fa2fc1d9019f442c289c130dbd55 Mon Sep 17 00:00:00 2001
From: Pavel Lonkin <lonkin01@gmail.com>
Date: Thu, 4 Jun 2026 15:38:58 +0200
Subject: [PATCH] fix: pin SonarCloud scan action version

Replace the floating SonarSource/sonarqube-scan-action master reference with the v8.0.0 release tag in PR and push workflows.
---
 .github/workflows/pull-request.yml        | 2 +-
 .github/workflows/push-release-branch.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 9b393c73..6512a7da 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -37,7 +37,7 @@ jobs:
       run: make check-all
 
     - name: "Run SonarCloud Scan"
-      uses: SonarSource/sonarqube-scan-action@master
+      uses: SonarSource/sonarqube-scan-action@v8.0.0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/push-release-branch.yml b/.github/workflows/push-release-branch.yml
index 612a624f..076e94f8 100644
--- a/.github/workflows/push-release-branch.yml
+++ b/.github/workflows/push-release-branch.yml
@@ -48,7 +48,7 @@ jobs:
         RP_LAUNCH_ATTR: ref:${{ github.ref }} event_name:${{ github.event_name }}
 
     - name: "Run SonarCloud Scan"
-      uses: SonarSource/sonarqube-scan-action@master
+      uses: SonarSource/sonarqube-scan-action@v8.0.0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}