From 4d14425d28a2f63c5162c2a83af4b8edf55a816a Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 20:21:43 +0000
Subject: [PATCH 1/3] Do not run CodeQL on push

---
 .github/workflows/codeql-analysis.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9f2637a..d165cc1 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,9 +1,6 @@
 name: "Code scanning - action"
 
 on:
-  push:
-    branches-ignore:
-      - 'dependabot/**'
   pull_request:
   schedule:
     - cron: '0 11 * * 2'

From 476637d034c73468dba0f56a4176189e2a7afef9 Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 20:21:51 +0000
Subject: [PATCH 2/3] Add modver action

---
 .github/workflows/modver.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/workflows/modver.yml

diff --git a/.github/workflows/modver.yml b/.github/workflows/modver.yml
new file mode 100644
index 0000000..1313dd2
--- /dev/null
+++ b/.github/workflows/modver.yml
@@ -0,0 +1,21 @@
+name: modver
+
+on:
+  pull_request:
+
+permissions:
+  contents: read # This gets granted by default, so keep granting it.
+  packages: read # This gets granted by default, so keep granting it.
+  pull-requests: write # Needed to comment on the PR.
+
+jobs:
+  modver:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: bobg/modver@v2.8.1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          pull_request_url: https://github.com/${{ github.repository }}/pull/${{ github.event.number }}

From 170dc0f75868db47cef907c6d2786162f3c0d567 Mon Sep 17 00:00:00 2001
From: William Storey <wstorey@maxmind.com>
Date: Wed, 19 Jun 2024 21:16:23 +0000
Subject: [PATCH 3/3] Add permission for scheduled CodeQL run

---
 .github/workflows/codeql-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d165cc1..9362cb8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,6 +5,9 @@ on:
   schedule:
     - cron: '0 11 * * 2'
 
+permissions:
+  security-events: write # Used by this action.
+
 jobs:
   CodeQL-Build: