build(deps): bump gradle/actions from 4.4.3 to 5.0.0 (#885)

* build(deps): bump gradle/actions from 4.4.3 to 5.0.0

Bumps [gradle/actions](https://github.com/gradle/actions) from 4.4.3 to 5.0.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@ed40850...4d9f0ba)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* ci(sonar): resolve githubactions:S7636 by using env vars for secrets

Pass SONAR_KEY and SONAR_TOKEN through environment variables instead of direct expansion in run commands to prevent exposure in process lists and shell history

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Capt. Cutlass <5120290+ParanoidUser@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/build.yml

@@ -56,7 +56,7 @@ jobs:
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
+        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4
 
       - name: Test project
         run: |
@@ -111,11 +111,14 @@ jobs:
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
+        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4
         with:
           add-job-summary-as-pr-comment: always
 
       - name: Analyze code quality
+        env:
+          SONAR_KEY: ${{ secrets.SONAR_KEY }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           ./gradlew sonar -x compileJava -x compileTestJava \
             --parallel \
@@ -126,7 +129,7 @@ jobs:
             --no-problems-report \
             -Pversion=${{ format('{0}+{1}', env.VERSION, github.RUN_NUMBER) }} \
             -Dsonar.host.url=https://sonarcloud.io \
-            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
-            -Dsonar.organization=${{ secrets.SONAR_KEY }} \
+            -Dsonar.token=$SONAR_TOKEN \
+            -Dsonar.organization=$SONAR_KEY \
             -Dsonar.qualitygate.wait=true \
             -Dsonar.gradle.skipCompile=true

.github/workflows/kata-pr-analysis.yml

@@ -57,11 +57,14 @@ jobs:
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
+        uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v4
         with:
           add-job-summary-as-pr-comment: always
 
       - name: Analyze code quality
+        env:
+          SONAR_KEY: ${{ secrets.SONAR_KEY }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
         run: |
           ./gradlew ${{ steps.projects.outputs.tasks }} sonar -x processResources -x processTestResources\
             --parallel \
@@ -71,8 +74,8 @@ jobs:
             --scan \
             --no-problems-report \
             -Pversion=${{ format('{0}+{1}', env.VERSION, github.RUN_NUMBER) }} \
-            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
-            -Dsonar.organization=${{ secrets.SONAR_KEY }} \
+            -Dsonar.token=$SONAR_TOKEN \
+            -Dsonar.organization=$SONAR_KEY \
             -Dsonar.inclusions=${{ steps.projects.outputs.dirs }} \
             -Dsonar.qualitygate.wait=true \
             -Dsonar.gradle.skipCompile=true