From 58597d9333585afd42221eb07332d7f02fa106c2 Mon Sep 17 00:00:00 2001
From: Emil Lundberg <emil@yubico.com>
Date: Mon, 15 Mar 2021 14:25:37 +0100
Subject: [PATCH] Fix warnings in CodeQL workflow

Recent CodeQL builds have produced the warning:

>1 issue was detected with this workflow: git checkout HEAD^2 is no longer
>necessary. Please remove this step as Code Scanning recommends analyzing the
>merge commit for best results.

See also:
https://docs.github.com/en/enterprise-server@3.0/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow#warning-git-checkout-head2-is-no-longer-necessary
---
 .github/workflows/codeql-analysis.yml | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 7fe0964b7..167a4e8c4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,19 +14,11 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+
     - uses: actions/setup-java@v1
       with:
         java-version: '11'
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1