From 7e7e31521ada806096c5c31a5892c2d0bbfc216c Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 16 Nov 2021 10:46:16 +0000
Subject: [PATCH] ci: run codeql on PRs from Dependabot

To make sure PRs like https://github.com/systemd/systemd/pull/21409
don't break anything.
---
 .github/workflows/codeql-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 460002eaeb1..03517c9955e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -5,6 +5,8 @@
 name: "CodeQL"
 
 on:
+  pull_request:
+    branches: [main]
   # It takes the workflow approximately 30 minutes to analyze the code base
   # so it doesn't seem to make much sense to trigger it on every PR or commit.
   # It runs daily at 01:00 to avoid colliding with the Coverity workflow.
@@ -18,6 +20,7 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event.pull_request.user.login == 'dependabot[bot]'
     concurrency:
       group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
       cancel-in-progress: true
-- 
2.47.3