Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: Skip CodeQL scanning on forked repositories#873

Merged
SamMorrowDrums merged 2 commits intogithub:mainfrom
kaovilai:fix-codescan-fork
Dec 23, 2025
Merged

fix: Skip CodeQL scanning on forked repositories#873
SamMorrowDrums merged 2 commits intogithub:mainfrom
kaovilai:fix-codescan-fork

Conversation

@kaovilai
Copy link
Contributor

@kaovilai kaovilai commented Aug 13, 2025

Summary

Adds a condition to the CodeQL workflow to only run on the main repository, preventing failures on forks.

Problem

The CodeQL code scanning workflow fails on forked repositories because:

  • Forks don't have security-events: write permission to upload results
  • The workflow uses internal GitHub secrets (GITHUB_REGISTRIES_PROXY) not available in forks
  • It references internal GitHub CodeQL packs that may not be accessible from forks

Solution

Added an if condition to the analyze job to only run when github.repository == 'github/github-mcp-server'

This ensures the workflow:

  • ✅ Runs on the main repository as intended
  • ✅ Skips execution on forks, preventing unnecessary failures
  • ✅ Still allows forks to run other workflows that don't require special permissions

🤖 Generated with Claude Code

@kaovilai @claude
fix: Skip CodeQL scanning on forked repositories
5ef3b68 
The CodeQL workflow requires security-events write permission and access
to internal GitHub registries/packs that aren't available in forks.
Adding a condition to only run on the main repository prevents workflow
failures in forked repositories.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
Copilot AI review requested due to automatic review settings August 13, 2025 18:34
@kaovilai kaovilai requested a review from a team as a code owner August 13, 2025 18:34
Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes CodeQL workflow failures on forked repositories by adding a repository check condition. The workflow will now only execute on the main repository, preventing permission and access issues that occur when forks attempt to run security scanning.

Key changes:

  • Added conditional execution to skip CodeQL analysis on forks
  • Prevents failures related to missing security permissions and internal resources on forked repositories

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

SamMorrowDrums
SamMorrowDrums reviewed Dec 23, 2025
View reviewed changes
Copy link
Collaborator

@SamMorrowDrums SamMorrowDrums left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution, I think it's reasonable.

@SamMorrowDrums SamMorrowDrums merged commit 1f38172 into github:main Dec 23, 2025
10 checks passed
@github-actions github-actions bot mentioned this pull request Jan 5, 2026
Closed
Copilot AI mentioned this pull request Jan 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@SamMorrowDrums SamMorrowDrums SamMorrowDrums approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kaovilai @SamMorrowDrums