Try fixing Covscan PR target

This commit attempts to source the correct PR code in PR Cov Scans It is not directly testable as pull_request_target code is only really run after a PR is merged to main (by design). This commit also adds support for a no-covscan label so that PRs can be merged w/o running a covscan and yet having all tragets met and not requiring to override the project policy at merge time Signed-off-by: Simo Sorce <[email protected]>
latchset · Apr 24, 2024 · 90da145 · 90da145
1 parent 9d81483
commit 90da145
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
@@ -59,13 +59,10 @@ jobs:
                 openssl-devel openssl \
                 nss-softokn nss-tools nss-softokn-devel \
                 gh
-      - name: Find PR
-        uses: suzuki-shunsuke/[email protected]
-        id: pr
       - name: Checkout Repository
         uses: actions/checkout@v4
         with:
-          ref: ${{steps.get-pr.outputs.merge_commit_sha}}
+          ref: ${{github.event.pull_request.head.sha}}
       - name: Setup
         run: |
           meson setup builddir
@@ -84,3 +81,11 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GH_REPO: ${{ github.repository }}
           NUMBER: ${{ github.event.number }}
+
+  on-no-covscan-labeled-pr:
+    if: ${{ contains(github.event.*.labels.*.name, 'no-covscan') }}
+    name: Coverity Scan on PR
+    runs-on: ubuntu-latest
+    steps:
+      - name: Coverity Scan not needed
+        run: echo "Dummy action to report all ok and mark covscan as handled"