create new sonar workflow

.github/workflows/sonar-scan-new.yml

@@ -0,0 +1,41 @@
+name: Scan affected projects with Sonar NEW
+on:
+  push:
+    branches:
+      - main
+      - 'agora/**'
+      - 'iatlas/**'
+      - 'openchallenges/**'
+      - 'sage-monorepo/**'
+      - 'schematic/**'
+  pull_request_target:
+    types: [opened, synchronize, reopened, labeled]
+
+env:
+  HEAD_REF: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.ref || github.ref_name }}
+  HEAD_REPOSITORY: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name || github.repository }}
+
+jobs:
+  sonar:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if the label `sonar-scan-approved` exists
+        if: ${{ github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'sonar-scan-approved') != true }}
+        run: echo "Add the label 'sonar-scan-approved' to this PR to activate Sonar scan"; exit 1
+
+      - name: Checkout
+        uses: ./.github/actions/checkout
+
+      - name: Derive appropriate SHAs for base and head for `nx affected` commands
+        uses: nrwl/nx-set-shas@v4
+
+      # - name: Set up the dev container
+      #   env:
+      #     SONAR_PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      #   uses: ./.github/actions/setup-dev-container
+
+      # - name: Scan the affected projects with Sonar
+      #   run: |
+      #     devcontainer exec --workspace-folder ../sage-monorepo bash -c ". ./dev-env.sh \
+      #       && nx affected --target=sonar"