File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 2020 secrets :
2121 CODECOV_TOKEN : ${{ secrets.CODECOV_TOKEN }}
2222
23- # Fork PRs cannot run SonarCloud directly (no access to SONAR_TOKEN). Record
24- # the PR number + base branch so the trusted, workflow_run-triggered
25- # SonarCloud (fork PRs) workflow can decorate the correct pull request.
23+ # PR metadata consumed by the fork-PR SonarCloud flow (see sonarcloud-fork.yml).
2624 save-pr-metadata :
2725 if : github.event_name == 'pull_request'
2826 runs-on : ubuntu-latest
Original file line number Diff line number Diff line change 11name : SonarCloud (fork PRs)
22
3- # Runs SonarCloud analysis for pull requests opened from forks, which cannot run
4- # the standard SonarCloud workflow because fork PRs have no access to
5- # SONAR_TOKEN. Triggered by `workflow_run` once the untrusted "Build" workflow
6- # finishes, so this runs in the base repo's trusted context (token available).
7- # See the SECURITY note in workflow-common-sonarcloud-fork.yml.
3+ # SonarCloud analysis for fork PRs. See workflow-common-sonarcloud-fork.yml in
4+ # reactiveui/actions-common for how and why this works.
85
96on :
107 workflow_run :
@@ -17,8 +14,7 @@ permissions:
1714
1815jobs :
1916 sonarcloud-fork :
20- # Only for fork PR builds that succeeded. Same-repo PRs are already
21- # analysed by sonarcloud.yml, so they are excluded here.
17+ # Only successful fork-PR builds (same-repo PRs use sonarcloud.yml).
2218 if : >-
2319 github.event.workflow_run.event == 'pull_request' &&
2420 github.event.workflow_run.conclusion == 'success' &&
You can’t perform that action at this time.
0 commit comments