👷 update semgrep workflow to use paths-filter for improved file chang…

…e detection

.github/workflows/semgrep.yml

@@ -2,14 +2,7 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [master]
-    paths-ignore:
-      - "**/*.md"
-      - "**/*.txt"
-      - "**/.editorconfig"
-      - "**/*.runsettings"
-      - "**/typos.toml"
-      - ".github/**"
-      - "!.github/workflows/semgrep.yml"
+
   push:
     branches:
     - main
@@ -40,5 +33,24 @@ jobs:
     container:
       image: returntocorp/semgrep
     steps:
-    - uses: actions/[email protected]
-    - run: semgrep ci
+    - name: 'Checkout Repository'
+      uses: actions/[email protected]
+    - name: "Check for changed files"
+      uses: dorny/paths-filter@v3
+      id: filter
+      with:
+        predicate-quantifier: 'every'
+        filters: |
+          code:
+            - "!**/*.md"
+            - "!**/*.txt"
+            - "!**/.editorconfig"
+            - "!**/*.runsettings"
+            - "!**/typos.toml"
+            - "!.github/**"
+          workflow:
+            - ".github/workflows/semgrep.yml"
+
+    - name: 'Run Semgrep'
+      if: steps.filter.outputs.code == 'true' || steps.filter.outputs.workflow == 'true'
+      run: semgrep ci