From 2a4028f093cb11db243891b235d54efe25cefff7 Mon Sep 17 00:00:00 2001
From: Duncan Overbruck <mail@duncano.de>
Date: Tue, 25 Jan 2022 15:03:15 +0100
Subject: [PATCH] .github/workflows/coverity-scan.yml: set secret token env var
 at job level

This stops the job from being run if the secret is not available,
i.e. forks without a coverity token.
---
 .github/workflows/coverity-scan.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
index 10c31d43..35858c07 100644
--- a/.github/workflows/coverity-scan.yml
+++ b/.github/workflows/coverity-scan.yml
@@ -6,7 +6,10 @@ on:
 
 jobs:
   latest:
+    if: github.repository == 'void-linux/xbps'
     runs-on: ubuntu-latest
+    env:
+      TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
     steps:
 
       - name: Setup container
@@ -21,8 +24,6 @@ jobs:
           wget -q https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=void-linux%2Fxbps" -O cov-analysis-linux64.tar.gz
           mkdir cov-analysis-linux64
           tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
-        env:
-          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
 
       - name: Configure and build in voidlinux/voilinux container
         run: |
@@ -44,5 +45,3 @@ jobs:
             --form version=trunk \
             --form description="github action coverity scan" \
             https://scan.coverity.com/builds?project=void-linux%2Fxbps
-        env:
-          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}