replace code scanning v3 with v4 which ignores dependabot pulls

lifeomic · Jun 14, 2021 · 937e033 · 937e033
1 parent 9f91ee9
commit 937e033
Showing 1 changed file with 3 additions and 19 deletions.
diff --git a/.github/workflows/code-scanning-v3.yml → .github/workflows/code-scanning-v4.yml b/.github/workflows/code-scanning-v3.yml → .github/workflows/code-scanning-v4.yml
@@ -1,5 +1,4 @@
-# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-v3.yml
-# 
+# This workflow is inherited from our internal .github repo at https://github.com/lifeomic/.github/blob/master/workflow-templates/code-scanning-2021-06-08.yml
 # Setting up this workflow on the repository will perform a static scan for security issues using GitHub Code Scanning. 
 # Any findings for a repository can be found under the `Security` tab -> `Code Scanning Alerts`
 name: "CodeQL"
@@ -26,6 +25,7 @@ on:
 
 jobs:
   analyze:
+    if: ${{ !contains(github.head_ref, 'dependabot') }}
     name: Analyze
     runs-on: ubuntu-latest
 
@@ -40,11 +40,6 @@ jobs:
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
@@ -53,20 +48,9 @@ jobs:
         queries: +security-extended  # This will run all queries at https://github.com/github/codeql/:language/ql/src/codeql-suites/:language-security-extended.qls
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
+    # If this step fails, it should be removed and replaced with custom build steps.
     - name: Autobuild
       uses: github/codeql-action/autobuild@v1
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v1