Skip SonarCloud analysis for Dependabot PRs

[Copilot]

Description

Skip SonarCloud analysis when PRs are created by Dependabot. Automated dependency updates don't require code quality analysis and consume unnecessary CI resources.

Resolves #296

Changes

Modified .github/workflows/maven_pull_request.yml:

• Added ACTOR environment variable to capture github.actor
• Extended conditional to skip SonarCloud when ACTOR == "dependabot[bot]"
• Maintains existing behavior of skipping analysis for forked PRs

- name: Scan with Sonar
  run: |
    if [ $FORK = false ] && [ "$ACTOR" != "dependabot[bot]" ]
    then
      mvn org.sonarsource.scanner.maven:sonar-maven-plugin:sonar ...
    fi
  env:
    FORK: ${{ github.event.pull_request.head.repo.fork }}
    ACTOR: ${{ github.actor }}

Checklist:

• Public methods are documented
• Public methods are tested
• New and existing tests pass when run locally
• There are no new warnings or errors

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Enhancement]: Skip Sonar Cloud analysis for Dependabot PRs</issue_title>
<issue_description>### What

Skip Sonar Cloud analysis when the pull request is created by dependabot. The CI should detect PRs from dependabot and avoid running SonarCloud analysis for them.

Why

Dependabot pull requests are automated dependency updates and may generate unnecessary Sonar Cloud analysis runs, consuming resources without much value. Skipping these can save CI time and keep Sonar metrics clean.

Notes

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Enhancement]: Skip Sonar Cloud analysis for Dependabot PRs #301

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud