Don't run FOSSA Scan on PR from fork (#95)

Signed-off-by: John Kjell <[email protected]>
in-toto · Dec 8, 2023 · a10252c · a10252c
1 parent bec608e
commit a10252c
Showing 1 changed file with 7 additions and 17 deletions.
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
@@ -1,17 +1,3 @@
-# Copyright 2023 The Witness Contributors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 name: "Fossa Scan"
 
 on:
@@ -28,11 +14,15 @@ permissions:
 
 jobs:
     fossa-scan:
+      env: 
+        FOSSA_API_KEY: ${{ secrets.fossaApiKey }}
       runs-on: ubuntu-latest
       steps:
-        - name: "Checkout Code"
+        - if: ${{ env.FOSSA_API_KEY }} != ""
+          name: "Checkout Code"
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        - name: "Run FOSSA Scan"
+        - if: ${{ env.FOSSA_API_KEY }} != ""
+          name: "Run FOSSA Scan"
           uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
           with:
-            api-key: ${{ secrets.fossaApiKey }}
+            api-key: ${{ env.FOSSA_API_KEY }}