deactivate codeql run on dependabot commits

Author: infeo

.github/workflows/codeql-analysis.yml

@@ -13,7 +13,8 @@ jobs:
   analyse:
     name: Analyse
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    # dependeabot has on push events only read-only access, but codeql requires write access
+    if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
     steps:
     - uses: actions/checkout@v4
       with: