Merge pull request #552 from com-pas/fix/run-sonarcloud-analysis-on-dependabot-prs

noraeb · web-flow · commit 11135af0ba64 · 2025-12-10T13:05:48.000+01:00
chore: enable SonarCloud analysis for Dependabot pr's
diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml
@@ -18,20 +18,20 @@ jobs:
     - name: echo event
       run: cat $GITHUB_EVENT_PATH
     - name: Download PR number artifact
-      if: github.event.workflow_run.event == 'pull_request'
+      if: github.event.workflow_run.event == 'pull_request' || (github.event.workflow_run.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request_target')
       uses: dawidd6/action-download-artifact@v11
       with:
         workflow: SonarCloud Build
         run_id: ${{ github.event.workflow_run.id }}
         name: PR_NUMBER
     - name: Read PR_NUMBER.txt
-      if: github.event.workflow_run.event == 'pull_request'
+      if: github.event.workflow_run.event == 'pull_request' || (github.event.workflow_run.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request_target')
       id: pr_number
       uses: juliangruber/read-file-action@v1
       with:
         path: ./PR_NUMBER.txt
     - name: Request GitHub API for PR data
-      if: github.event.workflow_run.event == 'pull_request'
+      if: github.event.workflow_run.event == 'pull_request' || (github.event.workflow_run.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request_target')
       uses: octokit/request-action@v2.x
       id: get_pr_data
       with:
@@ -46,7 +46,7 @@ jobs:
         ref: ${{ github.event.workflow_run.head_branch }}
         fetch-depth: 0
     - name: Checkout base branch
-      if: github.event.workflow_run.event == 'pull_request'
+      if: github.event.workflow_run.event == 'pull_request' || (github.event.workflow_run.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request_target')
       run: |
         git remote add upstream ${{ github.event.repository.clone_url }}
         git fetch upstream
diff --git a/.github/workflows/sonarcloud-build.yml b/.github/workflows/sonarcloud-build.yml
@@ -67,10 +67,10 @@ jobs:
         run: |
           ./mvnw -B -s custom_maven_settings.xml clean verify
       - name: Save PR number to file
-        if: github.event_name == 'pull_request'
-        run: echo ${{ github.event.number }} > PR_NUMBER.txt
+        if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
+        run: echo ${{ github.event.pull_request.number }} > PR_NUMBER.txt
       - name: Archive PR number
-        if: github.event_name == 'pull_request'
+        if: ${{ github.event_name == 'pull_request' || (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request_target') }}
         uses: actions/upload-artifact@v5
         with:
           name: PR_NUMBER
