Skip to content

ci: remove pull_request triggers from CodeQL and Semgrep to unblock Dependabot auto-merge#555

Merged
MightyPrytanis merged 2 commits intodependabot/npm_and_yarn/apps/lexfiat/vite-8.0.1from
copilot/sub-pr-541
Mar 21, 2026
Merged

ci: remove pull_request triggers from CodeQL and Semgrep to unblock Dependabot auto-merge#555
MightyPrytanis merged 2 commits intodependabot/npm_and_yarn/apps/lexfiat/vite-8.0.1from
copilot/sub-pr-541

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 21, 2026
edited
Loading

CodeQL and Semgrep were running on every PR as required status checks, blocking Dependabot auto-merges. Snyk and PMD were already disabled.

Changes

  • .github/workflows/codeql.yml — Removed pull_request trigger; retains push (main) + weekly schedule
  • .github/workflows/semgrep.yml — Removed pull_request trigger; retains push (main) + weekly schedule

Security scanning continues on merged code and via scheduled runs — just no longer gating PRs.

📱 Kick off Copilot coding agent tasks wherever you are with GitHub Mobile, available on iOS and Android.

Copilot AI self-assigned this Mar 21, 2026
Copilot AI mentioned this pull request Mar 21, 2026
Merged
@MightyPrytanis
ci: remove pull_request triggers from CodeQL and Semgrep to unblock a…
8b0df71 
…uto-merge

Co-authored-by: MightyPrytanis <219587333+MightyPrytanis@users.noreply.github.com>
Agent-Logs-Url: https://github.com/MightyPrytanis/codebase/sessions/e183808e-b928-4557-86c7-fb2804a21472
Copilot AI changed the title [WIP] Build(deps): Bump vite from 7.3.1 to 8.0.1 ci: remove pull_request triggers from CodeQL and Semgrep to unblock Dependabot auto-merge Mar 21, 2026
Copilot AI requested a review from MightyPrytanis March 21, 2026 11:55
@MightyPrytanis MightyPrytanis marked this pull request as ready for review March 21, 2026 11:55
Copilot AI review requested due to automatic review settings March 21, 2026 11:55
@MightyPrytanis MightyPrytanis merged commit 3ab5f56 into dependabot/npm_and_yarn/apps/lexfiat/vite-8.0.1 Mar 21, 2026
7 of 8 checks passed
@MightyPrytanis MightyPrytanis deleted the copilot/sub-pr-541 branch March 21, 2026 11:56
Copilot AI reviewed Mar 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts GitHub Actions security scanning workflows so CodeQL and Semgrep no longer run on pull_request events, reducing PR-gating friction (notably for Dependabot auto-merges) while still scanning merged code and on a schedule.

Changes:

  • Removed pull_request trigger from .github/workflows/codeql.yml (keeps push to main + scheduled scan).
  • Removed pull_request trigger from .github/workflows/semgrep.yml (keeps push to main + scheduled scan).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/codeql.yml Stops CodeQL from running on PRs; continues running on main pushes and weekly schedule.
.github/workflows/semgrep.yml Stops Semgrep from running on PRs; continues running on main pushes and weekly schedule.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@MightyPrytanis MightyPrytanis Awaiting requested review from MightyPrytanis

Assignees

Copilot code review Copilot

@MightyPrytanis MightyPrytanis

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MightyPrytanis