From d9efa4b72bec31165f0ab40965f89ce3404fb4d0 Mon Sep 17 00:00:00 2001
From: Abhinav Gupta <abg@uber.com>
Date: Tue, 25 May 2021 14:45:43 -0700
Subject: [PATCH] fossa: Run separately, only on push

FOSSA analysis currently blocks CI on pull requests because they are
denied access to secrets.

Run FOSSA as a separate job only when we push to a branch of the
project.
---
 .github/workflows/fossa.yaml | 17 +++++++++++++++++
 .github/workflows/go.yml     |  5 -----
 2 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 .github/workflows/fossa.yaml

diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
new file mode 100644
index 0000000..86e6db7
--- /dev/null
+++ b/.github/workflows/fossa.yaml
@@ -0,0 +1,17 @@
+name: FOSSA Analysis
+on: push
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'uber-go'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: FOSSA analysis
+        uses: fossas/fossa-action@v1
+        with:
+          api-key: ${{ secrets.FOSSA_API_KEY }}
+
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 717832c..cdd6071 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -27,11 +27,6 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
       
-    - name: FOSSA analysis
-      uses: fossas/fossa-action@v1
-      with:
-        api-key: ${{ secrets.FOSSA_API_KEY }}
-
     - name: Load cached dependencies
       uses: actions/cache@v1
       with: