fix(CI): Trigger CodeQL on everything except the "push" event for Dep…

…endabot branches (#66) * fix(CodeQL): Avoid triggering on the "push" event for Dependabot branches * Run on everything else * Update .github/workflows/codeql-analysis.yml * feat(ci): Adding Permission Co-authored-by: Nick Liffen <[email protected]>
ScottBrenner · Jun 16, 2021 · 6b6dfaf · 6b6dfaf
1 parent 65dbd88
commit 6b6dfaf
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -2,16 +2,20 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main, v* ]
-  pull_request:
-    branches: [ main, v* ]
+    branches-ignore: dependabot/**
   schedule:
     - cron: '38 18 * * 3'
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+
+    permissions:
+      actions: write
+      contents: read
+      pull-requests: read
+      security-events: write
 
     strategy:
       fail-fast: false