From 69668d3e77332864bf7bcfcace43686e96d9268b Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 23 Sep 2024 12:09:39 -0700
Subject: [PATCH] Avoid uploading eslint sarif for dependabot PR

Dependabot does not have `security-events: write` permission.s
---
 .github/workflows/pr-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index c9ea2dbb42..664a81697a 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Upload sarif
         uses: github/codeql-action/upload-sarif@v3
         # Only upload SARIF for the latest version of Node.js
-        if: "always() && matrix.node-types-version == 'current'"
+        if: "always() && matrix.node-types-version == 'current' && startsWith(github.head_ref, 'dependabot/')"
         with:
           sarif_file: eslint.sarif
           category: eslint