Set explicit check-sca project key metadata

[mostafa-mohammed-sonarsource]

Summary

• add .github/repo-metadata.yaml
• set check-sca.project-key to org.sonarsource.sslr:sslr

Why

check-sca key auto-discovery can resolve to SonarSource_sslr, while the actual Sonar project key is org.sonarsource.sslr:sslr. Setting the project key explicitly makes the check query the correct project.

Reference

• https://github.com/SonarSource/ci-github-actions/blob/master/README.md#manually-setting-the-project-key-for-the-check

[sonar-review-alpha]

Summary

This PR adds a new .github/repo-metadata.yaml file that explicitly configures the SonarQube Cloud project key for the check-sca action. Without this explicit mapping, the check-sca auto-discovery was resolving to SonarSource_sslr instead of the correct Sonar project key org.sonarsource.sslr:sslr, causing checks to query the wrong project.

What reviewers should know

What to check:

• Verify that org.sonarsource.sslr:sslr is the correct Sonar project key for this repository (confirm in SonarQube Cloud)
• The new file is placed in the standard location (.github/) where GitHub Actions can find it

Context:

• This is a single, minimal configuration file with no code changes
• The change affects the check-sca GitHub Action behavior, which is typically triggered as part of CI/CD workflows
• See the SonarSource ci-github-actions README linked in the description for how this file is used

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

LGTM! ✅

Clean, minimal change — no issues found.

🗣️ Give feedback

[sonarqube-next]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[lijun-chen-sonarsource]

Thanks for taking care of this. LGTM!