Path does not exist: datree.sarif for Pull Request from Forked Repo

[berry2012]

When running Datree workflow against a PR from a forked repo, it results in the error below:

Error: Path does not exist: datree.sarif
Error: Path does not exist: datree.sarif

From my observation, I see "No secret token is detected" in the jobs log.

Pull requests from the same repo works and the secret token could be detected.

My config

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

env:
  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} 

jobs:
  k8sPolicyCheck:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Run Datree Policy Check
        uses: datreeio/action-datree@main
        with:
          path: '**/*.yaml'
          cliArguments: '--only-k8s-files'

- name: Upload analysis results to GitHub
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: datree.sarif
    wait-for-processing: true

Ask

How to make Pull requests from forked repo work with Datree.

[berry2012]

Anyone can fork a public repository, and then submit a pull request that proposes changes to the repository's GitHub Actions workflows. Although workflows from forks do not have access to sensitive data such as secrets, they can be an annoyance for maintainers if they are modified for abusive purposes.

[berry2012]

Running pull_request_target solves this issue https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

[hadar-co]

Cool:) thanks for commenting the fix ✌️