Merge pull request #163 from gdcc/renovate/dependency-check-maven.ver… #118

	name: Branch Push Verification and Security Scan
	on:
	push:
	branches:
	- main
	- jakarta
	jobs:
	verify:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	java: [17]
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
	- name: Set up Maven Central Repository
	uses: actions/setup-java@v3
	with:
	java-version: ${{ matrix.java }}
	distribution: 'adopt'
	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@v3
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2
	- name: Scan with Sonarcloud
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: mvn -B -Pcoverage -Djdk.version=${{ matrix.java }} verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar

Provide feedback