Skip to content

Commit

Permalink
chore(ci): Don't run sonarscan for dependabot PRs
Browse files Browse the repository at this point in the history 
- Dependabot PRs [behave like fork PRs](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/), so they don't have access to the sonarqube secret
- Instead, skip the step where the results are pushed to sonarcloud [when appropriate](https://docs.github.com/en/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions#troubleshooting-failures-when-dependabot-triggers-existing-workflows)
  • Loading branch information
@dmihalcik-virtru
dmihalcik-virtru committed Feb 19, 2025
1 parent 1503d27 commit 68496a6
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ name: Build, Test, and Deliver Client

env:
do_sonarscan: >-
${{ github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository }}
${{ (github.event_name == 'push' ||
github.event.pull_request.head.repo.full_name == github.repository) &&
github.actor != 'dependabot[bot]' }}
on:
pull_request:
Expand Down

0 comments on commit 68496a6

Please sign in to comment.