Do not attempt to run scan on forked repos without credentials

Author: Gabriel Kihlman

.github/workflows/scan.yml

@@ -9,6 +9,7 @@ on:
 env:
   SCAN_IMG:
     yes-docker-local.artifactory.in.yubico.org/static-code-analysis/java:v1
+  SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}
 
 jobs:
   build:
@@ -17,17 +18,17 @@ jobs:
     steps:
     - uses: actions/checkout@master
 
-    - name: Prep scan
-      run: |
-        docker login yes-docker-local.artifactory.in.yubico.org/ \
-             -u svc-static-code-analysis-reader \
-             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
-        docker pull ${SCAN_IMG}
-
     - name: Scan and fail on warnings
       run: |
-        docker run -v${PWD}:/k \
-          -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+        if [ "${SECRET}" != "" ]; then
+          docker login yes-docker-local.artifactory.in.yubico.org/ \
+            -u svc-static-code-analysis-reader -p ${SECRET}
+          docker pull ${SCAN_IMG}
+          docker run -v${PWD}:/k \
+            -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+        else
+          echo "No docker registry credentials, not scanning"
+        fi
 
     - uses: actions/upload-artifact@master
       if: failure()