They turns green if the PR comes from an outside collaborator because all steps
are skipped if the SONAR_TOKEN is not set.
I'd rather not run static analysis on PRs overall than having it turn out green.
The build pipeline already runs the tests. I think it makes sense to run SonarCloud's static
code analysis when the project can be compiled without errors.
A lot is happening in this release!
tl;dr: GitHub Actions runs tests, compiles the project, signs the jar files, deploys them to the Maven repo; Pushing a git tag issues a release instead of snapshot deployment; -SNAPSHOT is always added to the version otherwise; Core Version is now injected by maven instead of manually updating it in one of the classes
We now use GitHub Actions to run automated tests, compile the project, sign the resulting jar files, and always deploy a version to the Maven repo.
By default, a snapshot release is published but by creating a git tag, a release deploy can be triggered.
Additionally the Core version is not manually updated in one of the classes but injected after compiling it.
I think I found the most stable and easiest way to do this in maven,
although I'd have wished for it to be easier and maybe not after the class file has already been created.
We probably want to take a look at what Spigot 1.8 comes with and if we are compatible or if we want to shade the lib into the Core instead.
Maybe we can have some kind of automatic legacy system that downloads an addional jar automatically when an unsupported Spigot version is detected... Lets see what time brings
