From 7a13bb2015cecdf7f1ab03faa50a4173582638a4 Mon Sep 17 00:00:00 2001
From: Yonas Yanfa <yonas.y@gmail.com>
Date: Mon, 22 Dec 2025 12:10:41 -0500
Subject: [PATCH 1/2] chore: Update SonarQube scan action version

---
 .github/workflows/security.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 2e64610..1c468d2 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -24,7 +24,7 @@ jobs:
           fetch-depth: 0
 
       - name: SonarQube Scan
-        uses: sonarsource/sonarqube-scan-action@v6.0.0
+        uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

From 09b17cd0cfa98f73fa31bb5e165218c10a5d1ff0 Mon Sep 17 00:00:00 2001
From: Yonas Yanfa <yonas.y@gmail.com>
Date: Mon, 22 Dec 2025 12:28:03 -0500
Subject: [PATCH 2/2] fix: Disable SonarQube job in security.yaml. Fixes #110

Commented out SonarQube job steps in the workflow.

Fixes #110
---
 .github/workflows/security.yaml | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 1c468d2..1a653a2 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -14,20 +14,21 @@ on:
     types: [opened, synchronize, reopened]
 
 jobs:
-  sonarqube:
-    name: SonarQube
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v6
-        with:
-          # Disabling shallow clones is recommended for improving the relevancy of reporting
-          fetch-depth: 0
-
-      - name: SonarQube Scan
-        uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  # FIXME: https://github.com/yonasBSD/github-rs/issues/110
+  #sonarqube:
+  #  name: SonarQube
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #    - uses: actions/checkout@v6
+  #      with:
+  #        # Disabling shallow clones is recommended for improving the relevancy of reporting
+  #        fetch-depth: 0
+  #
+  #    - name: SonarQube Scan
+  #      uses: sonarsource/sonarqube-scan-action@a31c9398be7ace6bbfaf30c0bd5d415f843d45e9 # v7.0.0
+  #      env:
+  #        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+  #        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   secrets:
     name: Secrets