This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/dependabot-sonar-scan in repository https://gitbox.apache.org/repos/asf/struts.git
commit b737a12a5c7f713a202ee706aec5605eae682f67 Author: Lukasz Lenart <[email protected]> AuthorDate: Mon Jan 26 12:05:32 2026 +0100 chore(conf): skips scans if PR created by Dependabot --- .github/workflows/sonar.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml index 4a3667e4c..d51234171 100644 --- a/.github/workflows/sonar.yml +++ b/.github/workflows/sonar.yml @@ -19,7 +19,7 @@ on: pull_request: push: branches: - - master + - release/6-8-x permissions: read-all @@ -31,12 +31,12 @@ jobs: sonarcloud: name: Scan runs-on: ubuntu-latest - if: ${{ !github.event.pull_request.head.repo.fork }} + if: ${{ !github.event.pull_request.base.repo.fork && !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - - uses: actions/setup-java@v4 + - uses: actions/setup-java@v5 with: distribution: temurin java-version: 17 @@ -44,4 +44,4 @@ jobs: - env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} - run: mvn -B -V -Pcoverage -DskipAssembly verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar --no-transfer-progress + run: ./mvnw -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Pcoverage -DskipAssembly
