From 12ce8984c3d85005f5268d607300386242e329a0 Mon Sep 17 00:00:00 2001
From: RainbowMango <qdurenhongcai@gmail.com>
Date: Mon, 25 Apr 2022 09:56:39 +0800
Subject: [PATCH] Disable fossa on fork repository and referecing API key with
 secret

Signed-off-by: RainbowMango <qdurenhongcai@gmail.com>
---
 .github/workflows/fossa.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index f48a4d6e3..0816e69f4 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -1,12 +1,13 @@
 name: FOSSA
 on:
-  # Run this workflow every time a new commit pushed to upstream/fork repository.
-  # Run workflow on fork repository will help contributors find and resolve issues before sending a PR.
   push:
-  pull_request:
 jobs:
   fossa:
     name: FOSSA
+    # prevent job running from forked repository, otherwise
+    # 1. running on the forked repository would fail as missing necessary secret.
+    # 2. running on the forked repository would use unnecessary GitHub Action time.
+    if: ${{ github.repository == 'karmada-io/karmada' }}
     runs-on: ubuntu-18.04
     steps:
       - name: checkout code
@@ -14,4 +15,4 @@ jobs:
       - name: Run FOSSA scan and upload build data
         uses: fossas/fossa-action@v1
         with:
-          api-key: 7ac0174603e25cb0a4b3ebd2e131a89f
+          api-key: ${{secrets.FOSSA_API_KEY}}