From 5ef3b686ed6fa95828806a09249eb351163bd5dd Mon Sep 17 00:00:00 2001
From: Tiger Kaovilai <passawit.kaovilai@gmail.com>
Date: Wed, 13 Aug 2025 13:33:35 -0500
Subject: [PATCH] fix: Skip CodeQL scanning on forked repositories
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The CodeQL workflow requires security-events write permission and access
to internal GitHub registries/packs that aren't available in forks.
Adding a condition to only run on the main repository prevents workflow
failures in forked repositories.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/code-scanning.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml
index 83d2c30be..7e27b13a7 100644
--- a/.github/workflows/code-scanning.yml
+++ b/.github/workflows/code-scanning.yml
@@ -14,6 +14,8 @@ env:
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
+    # Only run on the main repository, not on forks
+    if: github.repository == 'github/github-mcp-server'
     runs-on: ${{ fromJSON(matrix.runner) }}
     permissions:
       actions: read