Don't run Sonarcloud for Dependabot (#438)

mmwinther · web-flow · commit c10d44c2f98c · 2025-11-18T13:29:43.000+01:00
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -44,6 +44,8 @@ jobs:
         run: mvn --batch-mode --update-snapshots package
 
       - name: SonarQube Cloud Scan
+        # No need to run SonarCloud analysis if dependabot update or token not defined
+        if: env.SONAR_TOKEN != '' && (github.actor != 'dependabot[bot]')
         run: mvn --batch-mode sonar:sonar
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
