From 43189a7854a4ba66fa30b3da55d7c8e63a244ffe Mon Sep 17 00:00:00 2001
From: Justin Hutchings <jhutchings1@users.noreply.github.com>
Date: Tue, 28 Jul 2020 21:42:21 -0700
Subject: [PATCH] Add pull request events to CodeQL action

This will validate pull requests from forks to ensure that changes don't end up impacting you negatively.
---
 .github/workflows/codeql.yml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 0a1df293..25c5fe9b 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,9 +2,13 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches: [master, ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
   schedule:
-    - cron: '0 0 * * 0'
-
+    - cron: '0 15 * * 2'
+      
 jobs:
   CodeQL-Build:
 
@@ -17,6 +21,15 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL