ci: graceful-skip ggshield + codecov when their secrets aren't set (#28) #39

	name: GitGuardian Scan

	on:
	push:
	pull_request:

	jobs:
	scanning:
	name: GitGuardian Scan
	runs-on: ubuntu-latest
	# Skip Dependabot PRs (no secret access, only updates dependencies). The
	# secret-presence check is enforced per-step via `env.GITGUARDIAN_API_KEY`
	# below, because the `secrets` context isn't available in `if:` expressions.
	if: github.actor != 'dependabot[bot]'
	env:
	GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
	steps:
	- uses: actions/checkout@v6
	if: env.GITGUARDIAN_API_KEY != ''
	with:
	fetch-depth: 0
	- uses: GitGuardian/ggshield-action@v1
	if: env.GITGUARDIAN_API_KEY != ''

Provide feedback