Skip SonarCloud analysis of PRs from forked repositories

Because such analysis will fail due to unavailability of the relevant secrets. Working around this is nontrivial and a likely source of security issues.
PicnicSupermarket · Dec 17, 2023 · e5f93fd · e5f93fd
1 parent 7529b99
commit e5f93fd
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -11,6 +11,9 @@ permissions:
   contents: read
 jobs:
   analyze:
+    # Analysis of code in forked repositories is skipped, as such workflow runs
+    # do not have access to the requisite secrets.
+    if: github.event.pull_request.head.repo.full_name == github.repository
     permissions:
       contents: read
     runs-on: ubuntu-22.04