From e5f93fd8de81fdc43f6284f39e4ee6198252bbd6 Mon Sep 17 00:00:00 2001
From: Stephan Schroevers <stephan.schroevers@teampicnic.com>
Date: Sun, 17 Dec 2023 20:42:12 +0100
Subject: [PATCH] Skip SonarCloud analysis of PRs from forked repositories

Because such analysis will fail due to unavailability of the relevant
secrets. Working around this is nontrivial and a likely source of
security issues.
---
 .github/workflows/sonarcloud.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index bc9ce08e309..4239246183c 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -11,6 +11,9 @@ permissions:
   contents: read
 jobs:
   analyze:
+    # Analysis of code in forked repositories is skipped, as such workflow runs
+    # do not have access to the requisite secrets.
+    if: github.event.pull_request.head.repo.full_name == github.repository
     permissions:
       contents: read
     runs-on: ubuntu-22.04