Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do Not Run CodeQL Workflow on push Events for Dependabot Pull Request Branches #52

Closed
2 tasks
mcdonnnj opened this issue Apr 7, 2021 · 0 comments · Fixed by #53
Closed
2 tasks

Do Not Run CodeQL Workflow on push Events for Dependabot Pull Request Branches #52

mcdonnnj opened this issue Apr 7, 2021 · 0 comments · Fixed by #53
Assignees
@mcdonnnj
Labels
bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use

Comments

@mcdonnnj
Copy link
Member

mcdonnnj commented Apr 7, 2021

💡 Summary

Skip the CodeQL workflow on push events for PR branches generated by Dependabot.

Motivation and context

In cisagov/con-pca-api#224 there was the following error in the CodeQL / Analyze (python) (push) GitHub Action run:

Error: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.

Link

Implementation notes

I added a commit to skip the workflow if the branch matches the pattern dependabot/** in cisagov/con-pca-api@0d726be and observed that the workflow was skipped on a push event.

Acceptance criteria

  • CodeQL workflow does not run on push events for Dependabot PR branches.
  • CodeQL workflow runs for push events on all other branches.
@mcdonnnj mcdonnnj added bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use labels Apr 7, 2021
@mcdonnnj mcdonnnj self-assigned this Apr 7, 2021
@mcdonnnj mcdonnnj mentioned this issue Apr 7, 2021
Merged
6 tasks
@mcdonnnj mcdonnnj moved this to Done in Skeleton Maintenance Feb 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mcdonnnj mcdonnnj

Labels
bug This issue or pull request addresses broken functionality improvement This issue or pull request will add or improve functionality, maintainability, or ease of use
Projects
Skeleton Maintenance
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip CodeQL Workflow for Dependabot Branches on push Events cisagov/skeleton-docker
1 participant
@mcdonnnj