From 5a6b209b95513afcbbd03c8f4d2a2bc702181682 Mon Sep 17 00:00:00 2001
From: Matt Lord <mattalord@gmail.com>
Date: Tue, 13 Feb 2024 16:34:55 -0500
Subject: [PATCH] Try to use fossa push-only token again

So that we can run the license scan on PRs opened
with forks.

Signed-off-by: Matt Lord <mattalord@gmail.com>
---
 .github/workflows/static_checks_etc.yml | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml
index 06f86cb9c70..a9b9ca039c9 100644
--- a/.github/workflows/static_checks_etc.yml
+++ b/.github/workflows/static_checks_etc.yml
@@ -34,17 +34,11 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run FOSSA scan and upload build data
-        # Fails on pull requests when using the API key secret.
-        # In order to run it on pull requests we would need to
-        # generate a push only token and specify that as plain
-        # text here:
-        #   https://github.com/fossa-contrib/fossa-action#push-only-api-token
-        # BUT, it also requires that the fork have its own
-        # independent integration setup with fossa.com.
-        if: github.ref == 'refs/heads/main'
         uses: fossa-contrib/fossa-action@v3
         with:
-          fossa-api-key: ${{ secrets.FOSSA_API_KEY }}
+          # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token
+          fossa-api-key: f62c11ef0c249fef239947f01279aa0f
+          github-token: ${{ github.token }}
 
       - name: Check for changes in Go files
         if: steps.skip-workflow.outputs.skip-workflow == 'false'