overrides on-headers dependency #66

	name: SonarQube
	on:
	workflow_dispatch:
	push:
	branches:
	- main
	pull_request:
	types: [opened, synchronize, reopened]
	merge_group:
	permissions:
	contents: read

	jobs:
	sonarqube:
	name: SonarQube
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner
	uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.24

	- name: Setup Node.js 22.x
	uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
	with:
	node-version: 22.x

	- name: Install pnpm
	uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

	- name: Install dependencies
	run: pnpm install --frozen-lockfile

	- name: Run tests with coverage
	run: \|
	pnpm test:coverage

	- name: SonarQube Scan
	uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback