Open rbarkerSL opened 2 months ago
Any action that requires the use of secrets throughout the primary workflows should have the following conditional applied to it:
if: ${{ github.event.pull_request.head.repo.full_name == 'org/repo' }}
This ensures that the step requiring github secrets will only run on pull requests sourced from within the original repository (not forked repositories)
I've reviewed the repository and the task and I believe Codacy is setup via GUI only for this repo. What this means is that we may still skip Codacy checks on forked PRs but we would have to make the configuration through the GUI itself and we cant use the if statement in a workflow. I don't believe I have access to the configuration through: Codacy GUI
Maybe something we can review together.
I think we just need to skip over the bash call in the Publish to Codacy
step of node-zxc-compile-application-code.yaml
. There's an if check there already that we should just need to expand on without needing access to the codacy configuration gui
Background
On forked PRs codacy fails
Request(s) and Intent
Some of the checks like the Codacy reporter need an additional if condition added in order to be skipped on forked PRs (this will need to be done for any step which requires access to secrets)
Acceptance Criteria