add full_scan for tmp-branch

Author: LuoPengcheng12138

.github/workflows/codeql.yml

@@ -13,24 +13,17 @@ name: "CodeQL Advanced"
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ "main", "Add-security-analysis-workflow-configuration" ]
   pull_request:
     branches: [ "main" ]
   schedule:
     - cron: '42 22 * * 5'
-  workflow_dispatch:
-    inputs:
-      full_scan:
-        description: "Run full repository scan (ignores incremental baseline)"
-        required: false
-        default: "false"
-        type: choice
-        options: ["false", "true"]
 
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
-    if: github.event_name != 'workflow_dispatch' || (github.event_name == 'workflow_dispatch' && inputs.full_scan != 'true')
+    # Incremental scan on main and PRs; full scan handled by analyze-full job for specific branch
+    if: github.ref != 'refs/heads/Add-security-analysis-workflow-configuration'
     # Runner size impacts CodeQL analysis time. To learn more, please see:
     #   - https://gh.io/recommended-hardware-resources-for-running-codeql
     #   - https://gh.io/supported-runners-and-hardware-resources
@@ -113,7 +106,8 @@ jobs:
 
   analyze-full:
     name: Full Scan (${{ matrix.language }})
-    if: github.event_name == 'workflow_dispatch' && inputs.full_scan == 'true'
+    # Full repository scan when working on the dedicated security branch
+    if: github.ref == 'refs/heads/Add-security-analysis-workflow-configuration'
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:
       security-events: write