add mvn build

.github/workflows/cx1_2_sonar.yml

@@ -19,14 +19,26 @@ jobs:
           cx_client_id: ${{ secrets.AST_CLIENT_ID }}
           cx_client_secret: ${{ secrets.AST_CLIENT_SECRET }}
           additional_params: --report-format sonar --output-path . --scan-types sast --tags ${{ github.event.pull_request.head.sha }},${{ github.sha }}
-      - name: remove src directory
-        run: rm -r src
-      - name: Sonar CLI Action 
-        uses: sonarsource/sonarqube-scan-action@master
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'zulu' # Alternative distribution options are available.
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Build and analyze
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          args: >
-            -Dsonar.externalIssuesReportPaths=cx_result_sonar.json -Dsonar.projectKey=jvlstuff_JavaVulnerableLab_for_AST_GH_actions -Dsonar.organization=jvlstuff
+        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar  -Dsonar.externalIssuesReportPaths=cx_result_sonar.json -Dsonar.host.url=SONAR_HOST_URL -Dsonar.projectKey=jvlstuff_JavaVulnerableLab_for_AST_GH_actions -Dsonar.organization=jvlstuff