JAVASE-202 Unpin SonarSource GitHub actions

[rombirli]

No description provided.

[hashicorp-vault-sonar-prod]

JAVASE-202

[sonar-review-alpha]

Summary

This PR unpins the SonarSource/vault-action-wrapper GitHub Action in the dogfood workflow from a specific commit hash (2.4.2-1) to the v3 version tag. This means the workflow will now use the latest v3 release instead of staying on the pinned version, receiving updates and fixes automatically.

What reviewers should know

Scope: Single line change in .github/workflows/dogfood.yml — the get secrets step.

Key consideration: Moving from a pinned commit SHA to a floating version tag means the action's behavior may change unexpectedly when v3 gets new releases. If stability is preferred, the pinned approach is safer; if staying current with fixes is priority, this is the right approach.

Context: The vault-action-wrapper is used to retrieve secrets for the dogfood workflow, so review whether the team is comfortable with automatic updates to this security-sensitive component.

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

LGTM! ✅

Clean, correct alignment change. Every other workflow in the repository (build.yml, RequestReview.yml, PullRequestClosed.yml, PullRequestCreated.yml, ToggleLockBranch.yml, SubmitReview.yml, releasability.yaml) already uses SonarSource/vault-action-wrapper@v3. This PR brings dogfood.yml into line with the rest of the codebase — it was the only remaining workflow still on the old pinned commit SHA.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube