From 1b5b12c3e6212d79884ae328c5710d4c9d2c2d8c Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Thu, 24 Apr 2025 11:52:25 -0700
Subject: [PATCH] tools: ignore test directory in CodeQL scans

Scanning the test directory results in many false positives about
hard-coded credentials. We want the code scan for
user-exectuable code and possibly our tools, but not generally
for tests. Ignore the test directory in CodeQL scans. A long list
of false positives makes it harder to interpret the result of CodeQL
runs.

PR-URL: https://github.com/nodejs/node/pull/57978
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 .github/workflows/codeql.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 115db2ef35c..6031c1a552d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -7,6 +7,9 @@ on:
 permissions:
   contents: read
 
+paths-to-ignore:
+  - test
+
 jobs:
   analyze:
     name: Analyze