Fix warnings in CodeQL workflow

Recent CodeQL builds have produced the warning: >1 issue was detected with this workflow: git checkout HEAD^2 is no longer >necessary. Please remove this step as Code Scanning recommends analyzing the >merge commit for best results. See also: https://docs.github.com/en/[email protected]/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow#warning-git-checkout-head2-is-no-longer-necessary
Yubico · Mar 15, 2021 · 58597d9 · 58597d9
1 parent 5b1b08e
commit 58597d9
Showing 1 changed file with 1 addition and 9 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -14,19 +14,11 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+
     - uses: actions/setup-java@v1
       with:
         java-version: '11'
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1