Code QL analysis should be done on correct commit (#6638)

* Only run CodeQL on important branches and when pushing to master

* Scan the merge commit directly

Author: aznhassan

.github/workflows/codeql.yml

@@ -2,7 +2,10 @@ name: "Code scanning - action"
 
 on:
   push:
+    branches: [ 'master', 'stable*', 'v[0-9]*' ]
   pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
   schedule:
     - cron: '0 19 * * 0'
 
@@ -18,15 +21,6 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@main
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL