From e19730eaff03420e28040657ea53af4f4a6a6df4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 10:22:05 +0000
Subject: [PATCH 1/2] Initial plan


From c49e36109239833e607a5993a3ebf2d15e9d9384 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 24 Mar 2026 10:26:43 +0000
Subject: [PATCH 2/2] ci: fix codeql workflow permissions, build conditions,
 and trigger types

Co-authored-by: jcardozo-eth <131674798+jcardozo-eth@users.noreply.github.com>
Agent-Logs-Url: https://github.com/eth-library/data-archive-models/sessions/178884cc-90b0-481d-bddd-a7b6bbd99c7e
---
 .github/workflows/codeql.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 30573fa..061339f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -5,6 +5,7 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+    types: [opened, synchronize, reopened]
   schedule:
     - cron: "30 6 * * 1" # Weekly Monday 06:30 UTC
   workflow_dispatch:
@@ -18,8 +19,9 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
-      security-events: write
+      actions: read
       contents: read
+      security-events: write
       packages: read
 
     strategy:
@@ -44,14 +46,15 @@ jobs:
           build-mode: ${{ matrix.build-mode }}
 
       - name: Setup Java
-        if: matrix.language == 'java-kotlin'
+        if: matrix.build-mode == 'manual'
         uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: '21'
+          cache: maven
 
       - name: Build Java with Maven
-        if: matrix.language == 'java-kotlin'
+        if: matrix.build-mode == 'manual'
         run: mvn --settings ci/mvn_settings.xml --batch-mode compile -DskipTests
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}