From 08b76b12cc9c081870ff67b084782f73ec9c34c2 Mon Sep 17 00:00:00 2001
From: Tuomas Katila <tuomas.katila@intel.com>
Date: Mon, 4 Dec 2023 15:44:49 +0200
Subject: [PATCH] workflow: run codeql for PRs and ignore actions for doc
 changes

Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
---
 .github/workflows/ci.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 43bcbcff..3603a124 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -7,6 +7,9 @@ on:
     branches:
       - main
       - 'release-*'
+    # ignore PRs with only documentation changes
+    paths-ignore:
+      - '**/*.md'
 
 permissions:
   contents: read
@@ -23,6 +26,13 @@ jobs:
   validate:
     uses: "./.github/workflows/lib-validate.yaml"
 
+  codeql:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    uses: "./.github/workflows/lib-codeql.yaml"
+
   build:
     needs:
       - trivy