Add some instructions on how to regenerate required checks

CONTRIBUTING.md

@@ -72,6 +72,26 @@ Here are a few things you can do that will increase the likelihood of your pull
 
     Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
 
+## Keeping the PR checks up to date (requires admin access)
+
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
+
+To regenerate the PR jobs for the action:
+
+1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):
+
+    ```sh
+    SHA= ####
+    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --compact-output --raw-output '[.["check_runs"] | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" | not)]')"
+    CHECKS="$(echo $CHECKS  | sed -E 's|\].*\[|,|g')" # Because the gh command is paginated, the results are multiple arrays
+    echo "{\"contexts\": ${CHECKS}}" > checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
+    ````
+
+2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
+
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)