Fix: refactor sonatype scan

[ModeSevenIndustrialSolutions]

If we get this merged, we may still see issues with the upstream action's endpoint.sh script, which has multiple bugs and doesn't pass basic linting checks. Rather than roll out a series of interim fixes, it might be better to wait until we have the updated (and officially supported/provided) Nexus IQ action merged later this week (that I have been testing in portal-ng-ui). It would just need minor adjustments for the Gradle/Maven based jobs. https://github.com/sonatype/actions/tree/main/run-iq-cli This doesn't use Docker and doesn't contain the dodgy endpoint.sh shell code.

[ModeSevenIndustrialSolutions]

See here: https://github.com/onap/portal-ng-ui/blob/master/.github/workflows/gerrit-verify.yaml And here's the code that implements the workflow under testing:

  # This is a test workflow, not production, and will be replaced
  node-sonartype-lifecycle:
    needs: [notify]
    # yamllint disable-line rule:line-length
    uses: ModeSevenIndustrialSolutions/portal-ng-ui/.github/workflows/node-sonatype-lifecycle.yaml@master
    with:
      node-version: 20
      build-tool: npm
    secrets:
      NEXUS_IQ_PASSWORD: ${{ secrets.NEXUS_IQ_PASSWORD }}

[keanjapesan]

Hi @ModeSevenIndustrialSolutions Community is reporting this faulty GHA workflow so we will need a solution soon, I see a v1 release for the new action you mentioned above, should I start migration this reusable workflow to use it?