From 5656676bca1f0b68709c9631023f0298a7f7f79c Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Wed, 7 Apr 2021 16:53:27 -0400
Subject: [PATCH] Skip CodeQL workflow for Dependabot branches on push events

This should resolve the following error:

Error: Workflows triggered by Dependabot on the "push" event run with read-only
access. Uploading Code Scanning results requires write access. To use Code
Scanning with Dependabot, please ensure you are using the "pull_request" event
for this workflow and avoid triggering on the "push" event for Dependabot
branches. See
https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push
for more information on how to configure these events.
---
 .github/workflows/codeql-analysis.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d599e48..b880c44 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -8,8 +8,9 @@ name: "CodeQL"
 
 on:
   push:
-  # Push on all branches
-  # branches: [develop]
+    # Dependabot triggered push events have read-only access, but uploading code
+    # scanning requires write access.
+    branches-ignore: [dependabot/**]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [develop]