fix(workflows): merge yml files (#53)

* fix(workflows): merge yml files

* removes redundant steps and improves sequencing.
* Updates to codeql-action/analyze@v4
* chore(workflow): Move typecheck to first job
* chore(workflow): optimize steps in analyze job

---------

Signed-off-by: Bryan Dady <[email protected]>

Author: bcdady

.github/workflows/codeql.yml

@@ -1,58 +1,75 @@
-name: "CodeQL Security Scanning"
+name: 'CodeQL Security Scanning'
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ['main']
   pull_request:
-    branches: [ "main" ]
+    branches: ['main']
   schedule:
-    - cron: '30 1 * * 1'  # Weekly on Mondays at 1:30 AM UTC
+    - cron: '30 1 * * 1' # Weekly on Mondays at 1:30 AM UTC
 
 jobs:
+  yarn:
+    name: Check package.json and yarn.lock consistency
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'yarn'
+
+      # Verify lockfile is up-to-date
+      - name: Check yarn.lock consistency
+        run: |
+          echo "Running immutable install to verify yarn.lock..."
+          if ! yarn install --immutable; then
+            echo "::error::yarn.lock is out of sync with package.json. Run 'yarn install' locally and commit the updated yarn.lock"
+            exit 1
+          fi
+
+      # Run typecheck to catch type errors early
+      - name: Type check
+        run: yarn typecheck
+
   analyze:
     name: Analyze Code
+    needs: yarn
     runs-on: ubuntu-latest
-    timeout-minutes: 360
     permissions:
       security-events: write
       packages: read
       actions: read
       contents: read
 
     strategy:
-      fail-fast: false
+      fail-fast: true
       matrix:
         include:
-        - language: javascript-typescript
-          build-mode: autobuild
-    
+          - language: javascript-typescript
+            build-mode: autobuild
+
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        queries: +security-and-quality
-
-    - name: Setup Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '22'
-        cache: 'yarn'
-
-    - name: Install dependencies and build
-      run: |
-        yarn install
-        yarn build
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
-        upload: true
-        ram: 6144  # Increase memory for large codebases
-        threads: 2 # Number of threads to use for analysis
-        add-snippets: true  # Include code snippets in the results
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          queries: +security-and-quality
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'yarn'
+
+      - name: Install dependencies
+        run: yarn install --immutable
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: '/language:${{matrix.language}}'