GitHub Action: How does the sonar maven plugin know on which

… branch and pull request it is running. Which properties are use to communicate that to sonar? GitHub Actions does not allow to read secrets since 01.03.2021 on a pull_request triggered action. So we need to split the workflows into two. One that triggeres the generation of files that sonar needs to analyse (jacoco and so on) and another workflow that executes ./mvnw sonar:sonar with further information. But now the second workflow is not associated with the pull request. How can I tell sonar on which branch/pull request it should analyze and comment back?

Repo: GitHub - synyx/urlaubsverwaltung: Schluss mit Papierchaos und langweiliger Software. Wir zeigen dir, dass Urlaubsverwaltung auch Spaß machen kann.
Workflows are here:
urlaubsverwaltung/maven.yml at master · synyx/urlaubsverwaltung · GitHub triggered the maven build
urlaubsverwaltung/sonarcloud.yml at master · synyx/urlaubsverwaltung · GitHub triggers sonar

GitHub Action information to the secrets here Dependabot cant read secrets anymore · Issue #3253 · dependabot/dependabot-core · GitHub