From d9ff738a0d15e1857b232da3fadf490d47c86bef Mon Sep 17 00:00:00 2001
From: Tomasz Janiszewski <tomek@redhat.com>
Date: Tue, 1 Jul 2025 20:21:02 +0200
Subject: [PATCH] fix: codeql on pull_requests

Warning: Workflows triggered by Dependabot on the "push" event run with read-only access. Uploading Code Scanning results requires write access. To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. See https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push for more information on how to configure these events.
---
 .github/workflows/tests.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 43de5b72..b6b62cee 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -22,7 +22,7 @@ jobs:
           cache: 'maven'
 
       - name: Initialize CodeQL
-        if: github.event_name == 'push'
+        if: github.event_name == 'pull_request'
         uses: github/codeql-action/init@v3
         with:
           languages: java, javascript
@@ -34,7 +34,7 @@ jobs:
         run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
 
       - name: Perform CodeQL Analysis
-        if: github.event_name == 'push'
+        if: github.event_name == 'pull_request'
         uses: github/codeql-action/analyze@v3
 
       - name: Run jenkins in background