From 36a3a81253b6186134115645c10beacc04e1e53b Mon Sep 17 00:00:00 2001
From: Rohit Kumar <rohitdhankhar7347@gmail.com>
Date: Fri, 6 Mar 2026 19:17:45 +0530
Subject: [PATCH 1/2] ci: add workflow_dispatch for manual execution

---
 .github/workflows/build.yaml          | 1 +
 .github/workflows/cppcheck.yml        | 2 +-
 .github/workflows/static-analysis.yml | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 3ace447ca..d7bd2db04 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -7,6 +7,7 @@ on:
   pull_request:
     branches:
     - '**'
+  workflow_dispatch:
 
 jobs:
   build-linux-run-tests:
diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml
index 770d5a1af..e8003b744 100644
--- a/.github/workflows/cppcheck.yml
+++ b/.github/workflows/cppcheck.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches:
       - '**'
-
+  workflow_dispatch:
 jobs:
   cppcheck:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
index ccfd0f528..015d07053 100644
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -5,7 +5,7 @@ on:
     branches: [ master, 2.0.x ]
   pull_request:
     branches: [ master, 2.0.x ]
-
+  workflow_dispatch:
 jobs:
   analyze:
     name: Analyze

From 7243bf2c5972af7e71accd9c2652b70500fffbe4 Mon Sep 17 00:00:00 2001
From: Rohit Kumar <rohitdhankhar7347@gmail.com>
Date: Fri, 6 Mar 2026 20:14:00 +0530
Subject: [PATCH 2/2] docs: add instructions for CodeQL Advanced Security
 configuration

---
 README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/README.md b/README.md
index 83fa75593..708d96c33 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,25 @@ See the "COPYING", "LICENCE", and "NOTICE" files for legal
 information. The license is the same as for CUPS, for a maximum of
 compatibility.
 
+---
+
+## DEVELOPMENT AND CI/CD
+
+### CodeQL Static Analysis Configuration
+
+This repository uses a custom GitHub Actions workflow for CodeQL static analysis located at `.github/workflows/static-analysis.yml`. To ensure accurate analysis and avoid conflicts with GitHub's default settings, the following repository configurations are required:
+
+1. **Enable Advanced Setup**:
+   - Go to **Settings** -> **Code security and analysis**.
+   - Under **Code scanning**, locate **CodeQL analysis**.
+   - If "Default" is enabled, click the three dots (...) and select **Switch to advanced**.
+2. **Disable Default Setup**: 
+   - The "Default" setup must be disabled for the custom workflow to upload results successfully.
+3. **Custom Workflow Dependencies**:
+   - Our custom workflow is designed to install specific project dependencies and perform a manual build before the analysis. This ensures that CodeQL has a complete build graph for the C sources in this repository.
+
+*Note: If the Default setup is active, GitHub may reject the results uploaded by the manual workflow, causing the CI job to fail.*
+
 ## LINKS
 
 ### cups-filters