CHEF-29687 - Updating to common GitHub Action 1.0.5 and updated sonar configuration and added config to run bundle install to generate lock file at runtime

[nikhil2611]

Description

This pull request updates CI/CD and static analysis configuration to align the project with the "Chef-Agents" product area, enable more security and compliance checks, and improve SonarQube configuration for Ruby projects. The changes focus on updating metadata, enabling BlackDuck and SBOM generation, and improving language and quality reporting consistency.

CI/CD configuration updates:

• Changed version to 9.4.15 and language to ruby in .github/workflows/ci-main-pull-request-checks.yml to reflect the current project stack.
• Enabled BlackDuck Polaris scans and updated polaris-application-name to "Chef-Agents" for more thorough static analysis and correct application mapping.
• Set quality-product-name and blackduck-project-group-name to "Chef-Agents" to ensure all reporting and analysis are associated with the correct product area. [1] [2]
• Enabled SBOM (Software Bill of Materials) generation and export to GitHub to improve compliance and supply chain transparency.
• Added config to run bundle install to generate lock file at runtime

SonarQube configuration improvements:

• Overhauled sonar-project.properties to provide detailed metadata, set language to Ruby, specify correct source and test directories, and update project naming conventions to match Chef-Agents standards.

Related Issue

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Chore (non-breaking change that does not add functionality or fix an issue)

Checklist:

• I have read the CONTRIBUTING document.
• I have run the pre-merge tests locally and they pass.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• If Gemfile.lock has changed, I have used --conservative to do it and included the full output in the Description above.
• All new and existing tests passed.
• All commits have been signed-off for the Developer Certificate of Origin.

[jaymzh]

@nikhil2611 - tests are broken.

[nikhil2611]

@nikhil2611 - tests are broken.

@jaymzh Yeah its failing with FAILURE_ACCURACY_NOT_MET and we are trying to fix that.

[nikhil2611]

@jaymzh We have updated the branch to main for pull_request and push.
But for common-github-actions , We still need to use this feature branch from common-github-actions since main is currently broken there, so we won’t be able to merge this branch into main at the moment. Could you please review this change? We need it to obtain the latest scan results.