Exclude dependabot "push" events from codeql Analysis

cryptomator · Jun 27, 2024 · 4bfb945 · 4bfb945
1 parent d3b9a68
commit 4bfb945
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,8 @@ jobs:
  analyse:
  name: Analyse
  runs-on: ubuntu-latest
- if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+ # dependeabot has on push events only read-only access, but codeql requires write access
+ if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
  steps:
  - uses: actions/checkout@v4
  with:
@@ -30,4 +31,4 @@ jobs:
  - name: Build
  run: mvn -B compile
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v3
+ uses: github/codeql-action/analyze@v3