From 3b4cd6ae21944e99714b923eac76be877d017a6c Mon Sep 17 00:00:00 2001
From: Thomas Schaffter <thomas.schaffter@gmail.com>
Date: Mon, 25 Mar 2024 21:45:01 +0000
Subject: [PATCH 1/2] simplify the sonar PR workflow

---
 .github/workflows/sonar-scan-pull-request.yml | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/sonar-scan-pull-request.yml b/.github/workflows/sonar-scan-pull-request.yml
index 3034ab3530..7e4486e361 100644
--- a/.github/workflows/sonar-scan-pull-request.yml
+++ b/.github/workflows/sonar-scan-pull-request.yml
@@ -6,17 +6,11 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, labeled]
 
-jobs:
-  authorize:
+jobs:      
+  sonar:
     environment: 
       ${{ github.event_name == 'pull_request_target' && 
-      github.event.pull_request.head.repo.full_name != github.repository && 
-      'sonar' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-      
-  sonar:
+      github.event.pull_request.head.repo.full_name != github.repository && 'sonar' || 'internal' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -24,6 +18,7 @@ jobs:
           # We need to fetch all branches and commits so that Nx affected has a base to compare
           # against.
           fetch-depth: 0
+          persist-credentials: false
           # By default, actions/checkout@v4 will checkout the main branch instead of the merge
           # commit when when using pull_request_target. It is currently difficult to checkout the
           # merge commit in this context. The current solution is to checkout the PR HEAD insteand

From a90477ba84f56faabda7e7fe595a4d9fec248651 Mon Sep 17 00:00:00 2001
From: Thomas Schaffter <thomas.schaffter@gmail.com>
Date: Mon, 25 Mar 2024 21:46:59 +0000
Subject: [PATCH 2/2] update workflow

---
 .github/workflows/sonar-scan-pull-request.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/sonar-scan-pull-request.yml b/.github/workflows/sonar-scan-pull-request.yml
index 7e4486e361..7748aa4aea 100644
--- a/.github/workflows/sonar-scan-pull-request.yml
+++ b/.github/workflows/sonar-scan-pull-request.yml
@@ -6,11 +6,11 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, labeled]
 
-jobs:      
+jobs:
   sonar:
     environment: 
       ${{ github.event_name == 'pull_request_target' && 
-      github.event.pull_request.head.repo.full_name != github.repository && 'sonar' || 'internal' }}
+      github.event.pull_request.head.repo.full_name != github.repository && 'sonar' || 'none' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4