fix: allow triage job to run when Trivy scan is skipped

msukkari · claude · msukkari · commit 79280d5697d5 · 2026-04-20T17:35:17.000-07:00
When called from external repos (e.g., zoekt), the Trivy Scan job is
skipped because the repository doesn't match sourcebot-dev/sourcebot.
Add always() &amp;&amp; !cancelled() to the triage job condition so it proceeds
based on Dependabot/CodeQL alerts even when Trivy is skipped.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/vulnerability-triage.yml b/.github/workflows/vulnerability-triage.yml
@@ -232,9 +232,11 @@ jobs:
     name: Claude Analysis & Linear Triage
     needs: [scan, check-alerts]
     if: >-
-      needs.scan.outputs.has_vulnerabilities == 'true' ||
-      needs.check-alerts.outputs.has_alerts == 'true' ||
-      inputs.force_analysis == true
+      always() && !cancelled() && (
+        needs.scan.outputs.has_vulnerabilities == 'true' ||
+        needs.check-alerts.outputs.has_alerts == 'true' ||
+        inputs.force_analysis == true
+      )
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
