From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 16 Nov 2021 10:46:16 +0000 (+0000)
Subject: ci: run codeql on PRs from Dependabot
X-Git-Tag: v250-rc1~228
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7e7e31521ada806096c5c31a5892c2d0bbfc216c;p=thirdparty%2Fsystemd.git

ci: run codeql on PRs from Dependabot

To make sure PRs like https://github.com/systemd/systemd/pull/21409
don't break anything.
---

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 460002eaeb1..03517c9955e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,6 +5,8 @@
 name: "CodeQL"
 
 on:
+  pull_request:
+    branches: [main]
   # It takes the workflow approximately 30 minutes to analyze the code base
   # so it doesn't seem to make much sense to trigger it on every PR or commit.
   # It runs daily at 01:00 to avoid colliding with the Coverity workflow.
@@ -18,6 +20,7 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event.pull_request.user.login == 'dependabot[bot]'
     concurrency:
       group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
       cancel-in-progress: true