Disable check-spelling sarif for PowerDNS/pdns

- At present, it's too complicated to rely on rulesets in combination
  with `pull_request` so it makes sense to turn it off for the main
  repository.

- Leave SARIF reporting enabled by default for repositories other than
  PowerDNS/pdns.

- When active, public repositories will need to add a code scanning
  ruleset if they want to use pull requests that are not cross-forks
  and they should not accept pull requests from forks as processing
  won't work.

- For private repositories, unless you're using GHEC and paying for
  Advanced Security, you'll want to set a repository actions variable
  `DO_NOT_USE_SARIF_REPORTING` (see `/settings/variables/actions`) to
  `1` to disable SARIF.
  - This commit fixes the logic for that.

diff --git a/.github/workflows/spelling3.yml b/.github/workflows/spelling3.yml
index 6196d8b99b7bdcaa87ad2633f2eb929521ea676b..e5279488ff8b10cbdb336dd2dd837a5c14b07891 100644 (file)
--- a/.github/workflows/spelling3.yml
+++ b/.github/workflows/spelling3.yml
@@ -48,7 +48,7 @@ jobs:
           post_comment: 0
           use_magic_file: 1
           warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check,unclosed-block-ignore-begin,unclosed-block-ignore-end
-          use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && !env.DO_NOT_USE_SARIF_REPORTING && 1 }}
+          use_sarif: ${{ (!github.event.pull_request || (github.repository_owner != 'PowerDNS' && github.event.pull_request.head.repo.full_name == github.repository)) && !vars.DO_NOT_USE_SARIF_REPORTING && 1 }}
           dictionary_source_prefixes: >
             {
             "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20241114/dictionaries/"