From e6b3a0dc025c3671a53a7c64035112d26481f3ac Mon Sep 17 00:00:00 2001
From: John Kjell <john@testifysec.com>
Date: Thu, 7 Dec 2023 16:52:58 -0600
Subject: [PATCH] Don't run FOSSA Scan on PR from fork

Signed-off-by: John Kjell <john@testifysec.com>
---
 .github/workflows/fossa.yml | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index aa365a8e..13ac3e02 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -1,17 +1,3 @@
-# Copyright 2023 The Witness Contributors
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 name: "Fossa Scan"
 
 on:
@@ -28,11 +14,15 @@ permissions:
 
 jobs:
     fossa-scan:
+      env: 
+        FOSSA_API_KEY: ${{ secrets.fossaApiKey }}
       runs-on: ubuntu-latest
       steps:
-        - name: "Checkout Code"
+        - if: ${{ env.FOSSA_API_KEY }} != ""
+          name: "Checkout Code"
           uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        - name: "Run FOSSA Scan"
+        - if: ${{ env.FOSSA_API_KEY }} != ""
+          name: "Run FOSSA Scan"
           uses: fossas/fossa-action@f61a4c0c263690f2ddb54b9822a719c25a7b608f # v1.3.1
           with:
-            api-key: ${{ secrets.fossaApiKey }}
+            api-key: ${{ env.FOSSA_API_KEY }}