Update CodeQL workflow

Signed-off-by: Ian Lewis <[email protected]>

Author: Ian Lewis

.github/workflows/codeql-analysis.yml

@@ -18,21 +18,21 @@ on:
       # If more paths are added here, then they must be added to the paths
       # of codeql-analysis-noop.yml.
       - "**/*.yml"
-      - '**/*.md'
+      - "**/*.md"
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [main]
     paths-ignore:
       - "**/*.yml"
-      - '**/*.md'
+      - "**/*.md"
   schedule:
     - cron: "21 0 * * 2"
 
 permissions: read-all
 
 jobs:
-  analyze:
-    name: Analyze
+  analyze-matrix:
+    name: Analyze Matrix
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -79,3 +79,19 @@ jobs:
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@b398f525a5587552e573b247ac661067fafa920b # tag=v2.1.22
+
+  # NOTE: Checks that the matrix job above completes successfully.
+  # This is necessary because the matrix strategy generates new jobs with
+  # different names and throws off the required checks on protected
+  # branches which are set by job name.
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    needs: [analyze-matrix]
+    if: ${{ always() }}
+    env:
+      ANALYZE_RESULT: ${{ needs.analyze-matrix.result }}
+    steps:
+      - run: |
+          # exit 0 if checks were successful.
+          [ "${ANALYZE_RESULT}" == "success" ]