Skip to content

fix: Skip CodeQL scanning on forked repositories #873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Skip CodeQL scanning on forked repositories #873

wants to merge 1 commit into from

Conversation

kaovilai
Copy link

Summary

Adds a condition to the CodeQL workflow to only run on the main repository, preventing failures on forks.

Problem

The CodeQL code scanning workflow fails on forked repositories because:

  • Forks don't have security-events: write permission to upload results
  • The workflow uses internal GitHub secrets (GITHUB_REGISTRIES_PROXY) not available in forks
  • It references internal GitHub CodeQL packs that may not be accessible from forks

Solution

Added an if condition to the analyze job to only run when github.repository == 'github/github-mcp-server'

This ensures the workflow:

  • ✅ Runs on the main repository as intended
  • ✅ Skips execution on forks, preventing unnecessary failures
  • ✅ Still allows forks to run other workflows that don't require special permissions

🤖 Generated with Claude Code

@kaovilai @claude
fix: Skip CodeQL scanning on forked repositories
5ef3b68 
The CodeQL workflow requires security-events write permission and access
to internal GitHub registries/packs that aren't available in forks.
Adding a condition to only run on the main repository prevents workflow
failures in forked repositories.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@Copilot Copilot AI review requested due to automatic review settings August 13, 2025 18:34
@kaovilai kaovilai requested a review from a team as a code owner August 13, 2025 18:34
Copilot
Copilot AI reviewed Aug 13, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes CodeQL workflow failures on forked repositories by adding a repository check condition. The workflow will now only execute on the main repository, preventing permission and access issues that occur when forks attempt to run security scanning.

Key changes:

  • Added conditional execution to skip CodeQL analysis on forks
  • Prevents failures related to missing security permissions and internal resources on forked repositories

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kaovilai