chore(deps-dev): bump org.sonarsource.scanner.maven:sonar-maven-plugin from 5.5.0.6356 to 5.6.0.6792 #2440

	name: Sonar PR Analysis

	on:
	pull_request_target:
	types: [opened, synchronize, reopened]
	branches: [main]
	merge_group:

	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	permissions:
	contents: read

	env:
	FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
	_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	_HEAD_REF: ${{ github.event.pull_request.head.ref }}
	_BASE_REF: ${{ github.event.pull_request.base.ref }}
	_PR_NUMBER: ${{ github.event.pull_request.number }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	# PRs use github.base_ref, no push
	JAVA_VERSION: ${{ (startsWith(github.base_ref, '23.') && '11') \|\| (startsWith(github.base_ref, '24.') && '17') \|\| '21' }}

	jobs:
	sonar-analysis:
	environment: ${{ github.event.pull_request.head.repo.fork && 'pr-tests' \|\| '' }}
	name: Sonar Analysis
	runs-on: ubuntu-latest
	timeout-minutes: 120

	steps:

	- name: Checkout code
	uses: actions/checkout@v5
	with:
	ref: ${{ env._HEAD_SHA }}
	fetch-depth: 0 # Full history required for SonarCloud PR analysis

	- name: Set up JDK
	uses: actions/setup-java@v5
	with:
	java-version: "${{ env.JAVA_VERSION }}"
	distribution: 'temurin'
	cache: 'maven'

	- name: Run Sonar analysis
	run: \|
	mvn clean install sonar:sonar \
	-ntp -B -e -V \
	-DskipTests \
	-Dsonar.projectKey=vaadin_flow \
	-Dsonar.organization=vaadin \
	-Dsonar.host.url=https://sonarcloud.io \
	-Dsonar.pullrequest.key=${{ env._PR_NUMBER }} \
	-Dsonar.pullrequest.base=${{ env._BASE_REF }} \
	-Dsonar.pullrequest.branch=${{ env._HEAD_REF }}

Provide feedback