From 7ac3c5fd092b67865a6359569a181e319fa6532b Mon Sep 17 00:00:00 2001
From: Nicolas Trangez <ikke@nicolast.be>
Date: Wed, 9 Jun 2021 13:32:10 +0000
Subject: [PATCH] ci: disable CodeQL analysis on Dependabot-initiated merges

See: https://github.com/scality/changelog-binder/runs/2782047910?check_suite_focus=true#step:3:53
See: https://github.com/nihaals/a-level-misc-solvers/blob/e0473455732d97b884dec3378cf6659e361146b0/.github/workflows/static-analysis.yml#L47-L58
---
 .github/workflows/codeql-analysis.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index bc89cc4..ef574a5 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -16,6 +16,15 @@ name: "CodeQL"
 jobs:
   analyze:
     name: Analyze
+
+    # Publishing analysis results requires write access, which is not
+    # permitted for merges performed by `dependabot[bot]`. This causes
+    # this action to fail (when someone e.g., uses `@dependabot merge`)
+    # which is undesirable.
+    # CodeQL ran on the Dependabot PR anyway, so the branch is somewhat
+    # unlikely to break.
+    if: ${{ github.event_name != 'push' || (github.event_name == 'push' && github.actor != 'dependabot[bot]') }}
+
     runs-on: ubuntu-latest
 
     strategy: