From 2593da95aeb1913b28f86e78e2f3bb51a0a8e9f6 Mon Sep 17 00:00:00 2001 From: Andy Grove Date: Sat, 23 May 2026 16:16:05 -0600 Subject: [PATCH] ci: gate CodeQL workflow on .github path changes CodeQL is configured with `languages: actions`, so it only scans the GitHub Actions workflow files under `.github/`. It currently runs on every push and PR regardless of what changed, plus a weekly schedule. Gate the push and pull_request triggers to `.github/**` so it only re-analyzes when there is actually something new to analyze. The weekly schedule is unchanged and keeps base-line coverage even if no workflow file has changed. --- .github/workflows/codeql.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3eaee93ac..c9a7647c2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,11 @@ name: "CodeQL" on: push: branches: ["main"] + paths: + - ".github/**" pull_request: + paths: + - ".github/**" schedule: - cron: "16 4 * * 1"