workflow: run codeql for PRs and ignore actions for doc changes #3801

	name: CI
	on:
	push:
	branches:
	- 'release-*'
	pull_request:
	branches:
	- main
	- 'release-*'
	# ignore PRs with only documentation changes
	paths-ignore:
	- '*/.md'

	permissions:
	contents: read
	pull-requests: read

	jobs:
	trivy:
	permissions:
	actions: read
	contents: read
	security-events: write
	uses: "./.github/workflows/lib-trivy.yaml"

	validate:
	uses: "./.github/workflows/lib-validate.yaml"

	codeql:
	permissions:
	actions: read
	contents: read
	security-events: write
	uses: "./.github/workflows/lib-codeql.yaml"

	build:
	needs:
	- trivy
	- validate
	uses: "./.github/workflows/lib-build.yaml"

	e2e:
	needs:
	- build
	uses: "./.github/workflows/lib-e2e.yaml"

Provide feedback