Configure dependabot to ignore CodeQL action updates (#503)

makubacki · web-flow · commit 1682c61d0dbe · 2025-10-13T17:55:45.000-04:00
The CodeQL action is exclusively used in workflows synced from
mu_devops. Prevent dependabot from creating PRs for it in individual
repos.

Signed-off-by: Michael Kubacki &lt;michael.kubacki@microsoft.com&gt;
diff --git a/.sync/dependabot/actions-pip-submodules.yml b/.sync/dependabot/actions-pip-submodules.yml
@@ -54,7 +54,9 @@ updates:
       timezone: "America/Los_Angeles"
       time: "06:00"
     ignore:
+      # Ignore dependencies that are synced from mu_devops
       - dependency-name: "microsoft/mu_devops"
+      - dependency-name: "github/codeql-action"
     commit-message:
       prefix: "GitHub Action"
     labels:
diff --git a/.sync/dependabot/actions-pip.yml b/.sync/dependabot/actions-pip.yml
@@ -49,7 +49,9 @@ updates:
       timezone: "America/Los_Angeles"
       time: "06:00"
     ignore:
+      # Ignore dependencies that are synced from mu_devops
       - dependency-name: "microsoft/mu_devops"
+      - dependency-name: "github/codeql-action"
     commit-message:
       prefix: "GitHub Action"
     labels:
