From 1c1b6735c6aa5c8f511b0d2b38ffda90195bbfa3 Mon Sep 17 00:00:00 2001
From: Twicechild <twicechild@grannysparlor.gr>
Date: Thu, 5 Mar 2026 12:28:48 +0200
Subject: [PATCH] ci(sonarcloud): make SonarCloud scan conditional on
 SONAR_TOKEN

---
 .github/workflows/code-quality.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/code-quality.yaml b/.github/workflows/code-quality.yaml
index ba485c3..4369e8e 100644
--- a/.github/workflows/code-quality.yaml
+++ b/.github/workflows/code-quality.yaml
@@ -7,8 +7,8 @@
 #   2. Lint, Test & Verify (tox: unit tests + architecture + clean-code checks)
 #   3. SonarCloud analysis (coverage, quality gate)
 #
-# Required repository secrets:
-#   - SONAR_TOKEN: SonarCloud authentication token
+# Optional repository secrets:
+#   - SONAR_TOKEN: SonarCloud authentication token (step skipped when absent)
 #
 # If the private ers-spec dependency fails to resolve with the default
 # GITHUB_TOKEN, add a PAT as GH_TOKEN_PRIVATE_REPOS and uncomment the
@@ -29,6 +29,8 @@ jobs:
   quality:
     name: Lint, Test & Verify
     runs-on: ubuntu-latest
+    env:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
     services:
       redis:
@@ -101,7 +103,7 @@ jobs:
       # SonarCloud
       # ------------------------------------------------------------------
       - name: SonarCloud scan
-        if: always()
+        if: always() && env.SONAR_TOKEN != ''
         uses: SonarSource/sonarqube-scan-action@v6
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}