use push-only token (#730)

e3b0c442 · web-flow · commit d5c7522be50d · 2022-09-22T07:28:34.000+12:00
diff --git a/.github/workflows/pr-license-scan.yaml b/.github/workflows/pr-license-scan.yaml
@@ -6,15 +6,14 @@ on:
 jobs:
   fossa-scan:
     runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - uses: actions/checkout@v3
       - name: "Run FOSSA Analyze" 
         uses: fossas/fossa-action@main
         with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
+          api-key: cf2d0196f5b5bb2fd245c559af8766d8 # push-only token, safe to expose
       - name: "Run FOSSA Test"
         uses: fossas/fossa-action@main
         with:
-          api-key: ${{ secrets.FOSSA_API_KEY }}
+          api-key: cf2d0196f5b5bb2fd245c559af8766d8 # push-only token, safe to expose
           run-tests: true
