BUILD-7998 Update CODEOWNERS and update action ref

[tomverin]

This pull request includes updates to the repository's configuration files to improve maintainability and streamline workflows. The most notable changes involve replacing external GitHub actions with local actions and refining ownership rules for the repository.

Repository Ownership Updates:

• .github/CODEOWNERS: Added default owners for the entire repository and protected the CODEOWNERS file by assigning ownership to the @sonarsource/platform-eng-xp-squad team. Removed the rule that excluded .md files from review.

Workflow Enhancements:

• .github/workflows/build.yml: Added a comment to clarify the use of the SonarSource GitHub action for SonarCloud scans.

• .github/workflows/javadoc-publication.yaml: Replaced the external SonarSource/gh-action_release/aws-s3 action with a local ./aws-s3 action for publishing, deleting, and uploading javadoc files to S3. This change ensures better control over the actions used in the workflow. [1] [2] [3]

• .github/workflows/maven-central.yaml: Replaced the external SonarSource/gh-action_release/download-build and SonarSource/gh-action_release/maven-central-sync actions with local actions (./download-build and ./maven-central-sync). Updated step names for clarity and added comments to indicate the use of local actions.

[Copilot]

Pull Request Overview

This PR updates the repository’s automation and ownership configuration by switching certain GitHub Actions to local copies and tightening code ownership rules.

• Swap remote SonarSource release actions for local action folders in CI workflows
• Annotate the SonarCloud action and suggest version pinning
• Protect the CODEOWNERS file and set default ownership

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
.github/workflows/maven-central.yaml	Use local download-build and maven-central-sync actions instead of remote references
.github/workflows/javadoc-publication.yaml	Use local aws-s3 action for Javadoc publication
.github/workflows/build.yml	Add comment and recommend pinning for SonarCloud action
.github/CODEOWNERS	Add default owner comment and protect the CODEOWNERS file

Comments suppressed due to low confidence (3)

.github/workflows/maven-central.yaml:60

• [nitpick] Consider adding a similar inline comment to the uses: ./maven-central-sync step to clarify that both actions are local copies, improving maintainability and consistency.

        uses: ./download-build  # Local action

.github/workflows/javadoc-publication.yaml:95

• [nitpick] Add an inline comment (e.g., "# Local action") after this line to indicate that the aws-s3 action is a local implementation, matching the style used elsewhere.

        uses: ./aws-s3

.github/workflows/build.yml:47

• For reproducible CI runs, pin this action to a specific release tag or version rather than @master to avoid unexpected changes when master is updated.

        uses: SonarSource/sonarcloud-github-action@master  # First-party SonarSource action

[julien-carsique-sonarsource]

Also replace uses: SonarSource/gh-action_release/download-build@master with a local call?

Additional actions/checkout may be needed to access the local actions.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud