Refactor CodeQL analysis workflow to correctly set GitHub base and reference variables

fernandomatsuosantos · fernandomatsuosantos · commit fe3f489c1b83 · 2025-07-23T14:48:02.000-03:00
diff --git a/.github/workflows/test-code-scanning-only-changed-projects.yml b/.github/workflows/test-code-scanning-only-changed-projects.yml
@@ -3,9 +3,12 @@ name: codeql-wrapper-monorepo-only-changed-files
 
 # Trigger workflow
 on:
+  push:
+    branches:
+      - main
   pull_request:
   workflow_dispatch:
-  push:
+
 jobs:
   codeql-analysis:
     name: codeql-wrapper-monorepo-pr
diff --git a/circle_ci/codeql_analysis_pr.yml b/circle_ci/codeql_analysis_pr.yml
@@ -25,15 +25,15 @@ jobs:
           name: Run CodeQL Analysis
           command: |
             export GITHUB_TOKEN=${PAT} # Set PAT as environment variable in CircleCI project settings
-            #export GITHUB_BASE_REF=<< pipeline.event.github.pull_request.base.ref >>
-            #export GITHUB_REF=refs/pull/<< pipeline.event.github.pull_request.number >>/merge
+            export GITHUB_BASE_REF=<< pipeline.event.github.pull_request.base.ref >>
+            export GITHUB_REF=refs/pull/<< pipeline.event.github.pull_request.number >>/merge
             curl -s -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user
-            printenv
             codeql-wrapper --verbose analyze ./monorepo \
               --monorepo \
               --upload-sarif \
               --only-changed-files \
-              --max-workers 1
+              --base-ref origin/"$GITHUB_BASE_REF" \
+              --ref "$GITHUB_REF"
 
 workflows:
   version: 2
