refactor(ci): simplify sonar and schema-linter fork safety

Replace the broken org membership check in sonar.yml with the standard
fork-safety pattern (skip fork PRs via head.repo.full_name check).
The old check used exit 0 which didn't actually skip subsequent steps,
and fork PRs can't access secrets regardless.

Simplify schema-linter.yml fork conditional to the same pattern.

Also removes the broken "Display Quality gate result" step that
referenced a nonexistent step ID (sonarqube-result-front).

Relates to #411

Author: josephfusco

.github/workflows/schema-linter.yml

@@ -18,7 +18,7 @@ jobs:
   run:
     runs-on: ubuntu-22.04
     name: Lint WPGraphQL Schema
-    if: contains(github.event.pull_request.labels.*.name, 'safe to test ✔') || github.repository == github.event.repository.full_name || github.event_name == 'push'
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
 
     services:
       mariadb:

.github/workflows/sonar.yml

@@ -1,46 +1,22 @@
 on:
-  # Trigger analysis when pushing to main or pull requests, and when creating a pull request.
   push:
     branches:
       - main
   pull_request:
     types: [opened, synchronize, reopened]
 
 name: SonarQube Analysis
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   sonarqube:
+    # Only run for pushes or same-repo PRs (fork PRs can't access secrets)
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-22.04
     steps:
-      - name: Check if PR author is an org member
-        id: check-member
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const org = 'wpengine'; 
-            const username = context.payload.pull_request.user.login;
-
-            try {
-              const { data: membership } = await github.rest.orgs.getMembershipForUser({
-                org,
-                username,
-              });
-              console.log({ username, membership });
-              return { isMember: membership.state === 'active' };
-            } catch (error) {
-              console.log(`Error checking membership: ${error}`);
-              return { isMember: false }; // Treat as not a member if any error occurs
-            }
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      # Set an output for the job based on the result of the membership check
-      - name: Set output for isMember
-        run: echo "isMember=${{ steps.check-member.outputs.isMember }}" >> $GITHUB_ENV
-
-      - name: Skip if not an org member
-        if: env.isMember == 'false'
-        run: echo "Skipping workflow because PR author is not an org member" && exit 0
-
       - uses: actions/checkout@v4
         with:
           # Disabling shallow clone is recommended for improving relevancy of reporting
@@ -54,13 +30,9 @@ jobs:
 
       - name: SonarQube Quality Gate check
         uses: sonarsource/sonarqube-quality-gate-action@v1
-        # Force to fail step after specific time
         timeout-minutes: 5
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
         with:
           scanMetadataReportFile: .scannerwork/report-task.txt
-
-      - name: "Display Quality gate result"
-        run: echo "Front Quality Gate status ${{ toJSON(steps.sonarqube-result-front) }}"