From 9580b7e6d5476eec292e45457c5db7f50ec27866 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 23 Sep 2024 12:09:39 -0700
Subject: [PATCH 1/2] Avoid uploading eslint sarif for dependabot PR

Dependabot does not have `security-events: write` permission.s
---
 .github/workflows/pr-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index c9ea2dbb42..82a57a4663 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Upload sarif
         uses: github/codeql-action/upload-sarif@v3
         # Only upload SARIF for the latest version of Node.js
-        if: "always() && matrix.node-types-version == 'current'"
+        if: "always() && matrix.node-types-version == 'current' && !startsWith(github.head_ref, 'dependabot/')"
         with:
           sarif_file: eslint.sarif
           category: eslint

From 6225a95822b60309e4b8d0ef4c2be093e584d203 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 23 Sep 2024 12:20:21 -0700
Subject: [PATCH 2/2] Don't upload during cancelled jobs

---
 .github/workflows/pr-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index 82a57a4663..f1cbf0c5db 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Upload sarif
         uses: github/codeql-action/upload-sarif@v3
         # Only upload SARIF for the latest version of Node.js
-        if: "always() && matrix.node-types-version == 'current' && !startsWith(github.head_ref, 'dependabot/')"
+        if: "!cancelled() && matrix.node-types-version == 'current' && !startsWith(github.head_ref, 'dependabot/')"
         with:
           sarif_file: eslint.sarif
           category: eslint