[fix] github workflows

Author: kristiyan-velkov

.github/workflows/ai-code-review.yml

@@ -20,15 +20,29 @@ jobs:
     ai-review:
         name: AI-Powered Code Review
         runs-on: ubuntu-latest
-        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_review_comment'
+        if: |
+            (github.event_name == 'pull_request' || github.event_name == 'pull_request_review_comment') &&
+            github.event.repository.private == false
 
         steps:
+            - name: Check for OpenAI API Key
+              id: check_key
+              run: |
+                  if [ -z "${{ secrets.OPENAI_API_KEY }}" ]; then
+                      echo "skip=true" >> $GITHUB_OUTPUT
+                      echo "⚠️  OPENAI_API_KEY not set. Skipping AI review."
+                  else
+                      echo "skip=false" >> $GITHUB_OUTPUT
+                  fi
+
             - name: Checkout code
+              if: steps.check_key.outputs.skip == 'false'
               uses: actions/checkout@v4
               with:
                   fetch-depth: 0
 
             - name: AI Code Review with GPT
+              if: steps.check_key.outputs.skip == 'false'
               uses: anc95/ChatGPT-CodeReview@main
               env:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -64,10 +78,23 @@ jobs:
     coderabbit-review:
         name: CodeRabbit AI Review
         runs-on: ubuntu-latest
-        if: github.event_name == 'pull_request'
+        if: |
+            github.event_name == 'pull_request' &&
+            github.event.repository.private == false
 
         steps:
+            - name: Check for OpenAI API Key
+              id: check_key
+              run: |
+                  if [ -z "${{ secrets.OPENAI_API_KEY }}" ]; then
+                      echo "skip=true" >> $GITHUB_OUTPUT
+                      echo "⚠️  OPENAI_API_KEY not set. Skipping CodeRabbit review."
+                  else
+                      echo "skip=false" >> $GITHUB_OUTPUT
+                  fi
+
             - name: CodeRabbit AI Review
+              if: steps.check_key.outputs.skip == 'false'
               uses: coderabbitai/ai-pr-reviewer@latest
               env:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yml

@@ -35,7 +35,7 @@ jobs:
         with:
           reporter: github-pr-review
           eslint_flags: "."
-          fail_on_error: true
+          fail_level: error
           filter_mode: nofilter
 
       - name: Success message

.github/workflows/security.yml

@@ -87,19 +87,34 @@ jobs:
       actions: read
 
     steps:
+      - name: Check for Snyk Token
+        id: check_token
+        run: |
+          if [ -z "${{ secrets.SNYK_TOKEN }}" ]; then
+            echo "skip=true" >> $GITHUB_OUTPUT
+            echo "⚠️  SNYK_TOKEN not set. Skipping Snyk scan."
+            echo "To enable Snyk scanning, add SNYK_TOKEN to repository secrets."
+          else
+            echo "skip=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Checkout code
+        if: steps.check_token.outputs.skip == 'false'
         uses: actions/checkout@v4
 
       - name: Setup Node.js
+        if: steps.check_token.outputs.skip == 'false'
         uses: actions/setup-node@v4
         with:
           node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
+        if: steps.check_token.outputs.skip == 'false'
         run: npm ci
 
       - name: Run Snyk to check for vulnerabilities
+        if: steps.check_token.outputs.skip == 'false'
         uses: snyk/actions/node@master
         continue-on-error: true
         env:
@@ -108,8 +123,8 @@ jobs:
           args: --severity-threshold=high --sarif-file-output=snyk.sarif
 
       - name: Upload Snyk results to GitHub Security
+        if: steps.check_token.outputs.skip == 'false' && always()
         uses: github/codeql-action/upload-sarif@v3
-        if: always()
         with:
           sarif_file: snyk.sarif
           category: snyk