From b669ce654d102d94dee6da39ff03582b3503e6c6 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 4 Sep 2024 16:09:44 +0200
Subject: [PATCH] gitlab-ci: only trigger safety job if API key is present

---
 .gitlab-ci.yml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9f18ce63..39ec8223 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -262,18 +262,21 @@ lint_format_bandit_checks:
 # so important to scan that kind of install in CI.
 # https://docs.safetycli.com/safety-docs/installation/gitlab
 safety:
-  only:
-    changes:
-      - .gitlab-ci.yml
-      - .safety-policy.yml
-      - pyproject.toml
-      - setup.py
   image: debian:bookworm-slim
+  rules:
+    # once only:/changes: are ported to rules:, this could be removed:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "push" && $SAFETY_API_KEY
+      changes:
+        - .gitlab-ci.yml
+        - .safety-policy.yml
+        - pyproject.toml
+        - setup.py
   <<: *apt-template
   variables:
     LANG: C.UTF-8
   script:
-    - test -n "$SAFETY_API_KEY" || exit 0
     - apt-get install
         fdroidserver
         python3-biplist