From 81ff0c08005b59e4b2bcd87c97b30da738e4e435 Mon Sep 17 00:00:00 2001
From: Luke Cartey <lcartey@github.com>
Date: Fri, 27 Dec 2024 23:38:55 +0000
Subject: [PATCH 1/4] Skip external help integration from forks

PRs from forks do not have access to the help repo.
---
 .github/workflows/code-scanning-pack-gen.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml
index 1b620260c3..51ffb1edb7 100644
--- a/.github/workflows/code-scanning-pack-gen.yml
+++ b/.github/workflows/code-scanning-pack-gen.yml
@@ -80,6 +80,8 @@ jobs:
 
       - name: Checkout external help files
         id: checkout-external-help-files
+        # Forks do not have access to an appropriate token for the help files
+        if: !github.event.pull_request.head.repo.fork
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -88,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: !github.event.pull_request.head.repo.fork && steps.checkout-external-help-files.outcome == 'success'
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

From 6f595af4c404c3d77e6eea7f7f0568ecb4d5c189 Mon Sep 17 00:00:00 2001
From: Luke Cartey <5377966+lcartey@users.noreply.github.com>
Date: Mon, 6 Jan 2025 10:21:17 +0000
Subject: [PATCH 2/4] Exclude Dependabot PRs from help checkout

Dependabot does not have access to the external help repo.
---
 .github/workflows/code-scanning-pack-gen.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml
index 51ffb1edb7..b67db3d413 100644
--- a/.github/workflows/code-scanning-pack-gen.yml
+++ b/.github/workflows/code-scanning-pack-gen.yml
@@ -81,7 +81,7 @@ jobs:
       - name: Checkout external help files
         id: checkout-external-help-files
         # Forks do not have access to an appropriate token for the help files
-        if: !github.event.pull_request.head.repo.fork
+        if: !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -90,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: !github.event.pull_request.head.repo.fork && steps.checkout-external-help-files.outcome == 'success'
+        if: !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success'
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

From b817d0cde9701c3d2b1e343a9eb37ab224f6aff7 Mon Sep 17 00:00:00 2001
From: Luke Cartey <5377966+lcartey@users.noreply.github.com>
Date: Mon, 6 Jan 2025 20:17:03 +0000
Subject: [PATCH 3/4] Improve comment

Explain why we exclude dependabot PRs.
---
 .github/workflows/code-scanning-pack-gen.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml
index b67db3d413..85a157d8b6 100644
--- a/.github/workflows/code-scanning-pack-gen.yml
+++ b/.github/workflows/code-scanning-pack-gen.yml
@@ -80,7 +80,7 @@ jobs:
 
       - name: Checkout external help files
         id: checkout-external-help-files
-        # Forks do not have access to an appropriate token for the help files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
         if: !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'
         uses: actions/checkout@v4
         with:

From b952fc8595c121804533c184eeeed739d138c09e Mon Sep 17 00:00:00 2001
From: Luke Cartey <lcartey@github.com>
Date: Mon, 6 Jan 2025 23:27:04 +0000
Subject: [PATCH 4/4] Use expression syntax

---
 .github/workflows/code-scanning-pack-gen.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/code-scanning-pack-gen.yml b/.github/workflows/code-scanning-pack-gen.yml
index 85a157d8b6..678b3be403 100644
--- a/.github/workflows/code-scanning-pack-gen.yml
+++ b/.github/workflows/code-scanning-pack-gen.yml
@@ -81,7 +81,7 @@ jobs:
       - name: Checkout external help files
         id: checkout-external-help-files
         # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
-        if: !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -90,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;