Merge pull request #264 from oracle/stop-dependabot-failure

rjeberhard · web-flow · commit 0c371eaaf2ee · 2023-02-09T16:08:19.000-05:00
Don't run Sonar checks when SONAR_TOKEN not set, such as for dependabot
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,13 +19,13 @@ jobs:
           distribution: 'temurin'
           java-version: 17
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@v3
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache Maven packages
-        uses: actions/cache@v1
+        uses: actions/cache@v3
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -34,4 +34,8 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.ECNJ_GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=oracle_weblogic-monitoring-exporter
+        run: |
+          mvn clean install
+          if [ ! -z "${SONAR_TOKEN}" ]; then
+            mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=oracle_weblogic-monitoring-exporter
+          fi
