I have a test workflow that have a SonarScanner step. For the same commit I get fail when the workflow is triggered by a pull request, but works when is triggered by push.
I have a secret SONAR_LOGIN and I think that is related to expose for pull request flag.
Should all secrets be exposed to run properly on pull request trigger?
Understand. In my case, all secrets are required to build, so I need to expose all of then with an attention to security. Besides the security warning, can have another issue?