Skip to content

ci: set up CodeQL analysis #403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sjinks merged 2 commits into from
Jul 21, 2025
Merged

ci: set up CodeQL analysis #403

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d6f7acc
ci: set up CodeQL analysis
sjinks Jul 19, 2025
3e932c9
fix: remove path filters
sjinks Jul 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: CodeQL Analysis

on:
push:
branches:
- main
pull_request:
branches:
- main
Comment on lines +6 to +9
Copy link

Copilot AI Jul 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow triggers on pushes to 'main' branch, but the PR description mentions 'develop' branch. This inconsistency should be resolved to match the intended target branch.

Suggested change
- main
pull_request:
branches:
- main
- develop
pull_request:
branches:
- develop

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Jul 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request trigger targets 'main' branch, but the PR description indicates 'develop' branch should be the target. This mismatch needs to be corrected.

Suggested change
- main
- develop

Copilot uses AI. Check for mistakes.
schedule:
- cron: '1 1 * * 3'

permissions:
contents: read

jobs:
analyze:
name: Static Code Analysis with CodeQL
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language:
- actions
Copy link

Copilot AI Jul 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The language matrix only includes 'actions' which analyzes GitHub Actions workflows. If this repository contains other programming languages (JavaScript, Python, Java, etc.), they should also be included in the matrix for comprehensive code analysis.

Suggested change
- actions
- actions
- javascript
- python
- java

Copilot uses AI. Check for mistakes.
steps:
- name: Checkout repository
uses: actions/[email protected]

- name: Initialize CodeQL
uses: github/codeql-action/[email protected]
with:
languages: ${{ matrix.language }}

- name: Perform CodeQL Analysis
uses: github/codeql-action/[email protected]
with:
category: "/language:${{matrix.language}}"
Loading