From ff19f88323257f5f4ba69a1494810912c37ac0f2 Mon Sep 17 00:00:00 2001
From: Kurdistan Tech Ministry <info@pezkuwichain.io>
Date: Sun, 22 Feb 2026 16:42:11 +0300
Subject: [PATCH] ci: run CodeQL on self-hosted runner (push only, not PRs)

---
 .github/workflows/security.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 25bb464..5e88618 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -33,8 +33,8 @@ env:
 jobs:
   codeql:
     name: CodeQL Analysis
-    runs-on: ubuntu-latest
-    continue-on-error: true  # CodeQL OOM on large Android projects with 7GB runner limit
+    runs-on: [self-hosted, wallet]
+    if: github.event_name == 'push'  # Only run on push, not PRs (self-hosted security)
 
     steps:
       - name: Checkout