From a88bfcbe53284e5a431c7bc2ffa1952821daaf95 Mon Sep 17 00:00:00 2001 From: William Storey Date: Wed, 19 Jun 2024 20:15:09 +0000 Subject: [PATCH 1/2] Do not run CodeQL on push --- .github/workflows/codeql-analysis.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c2c279b..97023cc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,9 +1,6 @@ name: "Code scanning - action" on: - push: - branches-ignore: - - 'dependabot/**' pull_request: schedule: - cron: '0 7 * * 6' @@ -25,7 +22,7 @@ jobs: # the head of the pull request instead of the merge commit. - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} - + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 From ffb67f00647412aaf887a94b5a0807bba41a534c Mon Sep 17 00:00:00 2001 From: William Storey Date: Wed, 19 Jun 2024 21:15:13 +0000 Subject: [PATCH 2/2] Add permission for scheduled CodeQL run --- .github/workflows/codeql-analysis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 97023cc..02e23db 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -5,6 +5,9 @@ on: schedule: - cron: '0 7 * * 6' +permissions: + security-events: write # Used by this action. + jobs: CodeQL-Build: