Fix: Replace pull_request with pull_request_target in SonarQube Workflow for Fork Analysis (#2977)

mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-10-25 11:17:28 +02:00

# Description of Changes

Please provide a summary of the changes, including:

This update changes the workflow trigger for SonarQube from using the
`pull_request` event to `pull_request_target` for the "main" branch. By
doing so, the workflow runs in the context of the base repository,
ensuring that the required secrets (like `SONAR_TOKEN`) are available
during execution—even when analyzing code from forked repositories. This
change enables full Sonar analysis for PRs from forks while being
mindful of potential security implications.

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [x] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.

This commit is contained in:

Ludy

2025-02-17 21:26:18 +01:00

committed by

GitHub

parent 82b1ab4263

commit 3d7eb040ab

No known key found for this signature in database

GPG Key ID: B5690EEEBB952194

1 changed files with 6 additions and 5 deletions

									
										11

.github/workflows/sonarqube.yml
									
										vendored
									
										View File
										
				@ -1,21 +1,22 @@

				name: Run Sonarqube

				on:

				  push:

				    branches:

				      - master

				  pull_request:

				    branches: [ "main" ]

				  pull_request_target:

				    branches:

				      - main

				  workflow_dispatch:

				permissions:

				  pull-requests: read

				  actions: read

				name: Run Sonarqube

				jobs:

				  sonarqube:

				    runs-on: ubuntu-latest

				    steps:

				      - name: Harden Runner

				        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4

				        with:

Fix: Replace pull_request with pull_request_target in SonarQube Workflow for Fork Analysis (#2977)

11 .github/workflows/sonarqube.yml vendored Unescape Escape View File

11

.github/workflows/sonarqube.yml vendored

View File