From 0a98714a8d9f316c211ca980e19b44060da8dabc Mon Sep 17 00:00:00 2001
From: Christoph Blecker <cblecker@redhat.com>
Date: Mon, 4 Sep 2023 12:41:34 -0700
Subject: [PATCH] Add workflow to allow dismissing specific alerts

---
 .github/workflows/codeql-analysis.yml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8f4d96f2c11..7155bce23b7 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -2,11 +2,9 @@ name: "CodeQL"
 
 on:
   push:
-    tags:
-      - v*
-    branches:
-      - master
+    branches: [master]
   pull_request:
+    branches: [master]
   schedule:
     - cron: '20 0 * * 6'
 
@@ -51,11 +49,23 @@ jobs:
       uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
+        packs: "codeql/${{ matrix.language }}-queries:AlertSuppression.ql"
 
     - name: Autobuild
       uses: github/codeql-action/autobuild@v2
 
     - name: Perform CodeQL Analysis
+      id: analyze
       uses: github/codeql-action/analyze@v2
       with:
         category: "/language:${{matrix.language}}"
+        output: sarif-results
+
+    - name: Dismiss alerts
+      if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+      uses: advanced-security/dismiss-alerts@v1
+      with:
+        sarif-id: ${{ steps.analyze.outputs.sarif-id }}
+        sarif-file: sarif-results/${{ matrix.language }}.sarif
+      env:
+        GITHUB_TOKEN: ${{ github.token }}