From 633c5926a32e47b89da6078dbf0a2fa369fffe7e Mon Sep 17 00:00:00 2001
From: Andy Grove <agrove@apache.org>
Date: Tue, 12 May 2026 10:41:14 -0600
Subject: [PATCH 1/2] ci: skip CodeQL checks for docs-only PRs

The CodeQL workflow scans GitHub Actions files and is not relevant
when only documentation files are changed. Add paths-ignore to the
pull_request trigger, matching the pattern used by other CI workflows.
---
 .github/workflows/codeql.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 24d1078d2b..9d5edc1e9e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,6 +27,12 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+    paths-ignore:
+      - "benchmarks/**"
+      - "doc/**"
+      - "docs/**"
+      - "**.md"
+      - "dev/changelog/*.md"
   schedule:
     - cron: '16 4 * * 1'
 

From 9f59cd12ac5839c1e3b2df1868a5d602817972c0 Mon Sep 17 00:00:00 2001
From: Andy Grove <agrove@apache.org>
Date: Tue, 12 May 2026 10:42:40 -0600
Subject: [PATCH 2/2] ci: only run CodeQL on PRs that modify .github/ files

CodeQL is configured to scan GitHub Actions only, so it only needs
to run when workflow files are actually changed.
---
 .github/workflows/codeql.yml | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9d5edc1e9e..36c049e615 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,12 +27,8 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
-    paths-ignore:
-      - "benchmarks/**"
-      - "doc/**"
-      - "docs/**"
-      - "**.md"
-      - "dev/changelog/*.md"
+    paths:
+      - ".github/**"
   schedule:
     - cron: '16 4 * * 1'