From d68464ef018684c904b84257aacaaa2832c3d0d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mattias=20M=C3=A4lman?=
 <74465165+bellmano@users.noreply.github.com>
Date: Wed, 13 May 2026 22:57:37 +0200
Subject: [PATCH] Update Sonarscan workflow for Node.js and Ubuntu

---
 .github/workflows/sonarscan.yml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml
index 086ac07..1c902be 100644
--- a/.github/workflows/sonarscan.yml
+++ b/.github/workflows/sonarscan.yml
@@ -5,30 +5,28 @@ on:
       - main
   pull_request:
     types: [opened, synchronize, reopened]
-env:
-  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 jobs:
   sonarqube:
     name: Sonarscan
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
 
+      - name: Install npm
+        run: npm install
+
       - name: Setup Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v4
         with:
-          node-version: '24'
+          node-version: '18'
           cache: 'npm'
 
-      - name: Install dependencies
-        run: npm ci
-
       - name: Run tests with coverage
         run: npm run test:coverage
       
       - name: Sonarscan
-        uses: SonarSource/sonarqube-scan-action@1a6d90ebcb0e6a6b1d87e37ba693fe453195ae25
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602 # v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}