From c0e1603f903227f7046be4042631785573f60728 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ilkka=20Sepp=C3=A4l=C3=A4?=
 <iluwatar@users.noreply.github.com>
Date: Sat, 6 May 2023 11:58:19 +0300
Subject: [PATCH] fix: Fix maven pr builder (#2516)

---
 .github/workflows/maven-pr-builder.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/maven-pr-builder.yml b/.github/workflows/maven-pr-builder.yml
index 0440600a3..be5eb344d 100644
--- a/.github/workflows/maven-pr-builder.yml
+++ b/.github/workflows/maven-pr-builder.yml
@@ -31,6 +31,9 @@ on:
     branches: [ master ]
     types: [ opened, reopened, synchronize ]
 
+permissions:
+  contents: read
+
 jobs:
   build-and-analyze:
 
@@ -71,8 +74,10 @@ jobs:
       run: sudo apt-get install -y xvfb
 
     - name: Build with Maven and run SonarQube analysis
-      run: xvfb-run ./mvnw clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=iluwatar -Dsonar.projectKey=iluwatar_java-design-patterns -Dsonar.pullrequest.branch=${{ github.head_ref }} -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
       env:
+        # Intermediate variable
+        HEAD_REF: ${{ github.head_ref }}
         # These two env variables are needed for sonar analysis
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: xvfb-run ./mvnw clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.host.url=https://sonarcloud.io -Dsonar.organization=iluwatar -Dsonar.projectKey=iluwatar_java-design-patterns -Dsonar.pullrequest.branch=$HEAD_REF -Dsonar.pullrequest.base=${{ github.base_ref }} -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}