Skip to content

Re-enable CodeQL with configuration file to limit workflow triggers #3337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Re-enable CodeQL with configuration file to limit workflow triggers #3337

wants to merge 3 commits into from
+75 −0

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jul 31, 2025
edited
Loading

This PR re-enables CodeQL security analysis with proper configuration to prevent workflows from running on every push to any branch, which was clogging up the CI/CD pipeline.

Changes Made

CodeQL Workflow (.github/workflows/codeql.yml)

  • Limited triggers: Only runs on pull requests to main and pushes to main branch
  • Weekly security scans: Scheduled runs every Monday at 5:15 AM UTC for ongoing security monitoring
  • Multi-language support: Analyzes both JavaScript/TypeScript and Rust code using matrix strategy
  • Proper permissions: Configured with minimal required permissions for security scanning

CodeQL Configuration (.github/codeql/codeql-config.yml)

  • Security-focused queries: Uses security-and-quality query suites for comprehensive analysis
  • Optimized paths: Focuses analysis on src and examples directories
  • Efficient exclusions: Ignores build artifacts, dependencies, and generated files to reduce noise:
    • node_modules, dist, target directories
    • Generated TypeScript/JavaScript files
    • Documentation and asset directories

Benefits

  • Reduces CI load: Eliminates CodeQL runs on feature branch pushes
  • Maintains security: Ensures all code reaching main is analyzed
  • Comprehensive coverage: Supports both primary languages in the repository
  • Performance optimized: Excludes unnecessary files from analysis

The configuration follows GitHub's best practices and uses the latest CodeQL action versions for optimal performance and security.

Fixes #3336.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI changed the title [WIP] Re-enable CodeQL with yaml configuration file Re-enable CodeQL with configuration file to limit workflow triggers Jul 31, 2025
@Copilot Copilot AI requested a review from lastmjs July 31, 2025 19:31
Copilot finished work on behalf of lastmjs July 31, 2025 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lastmjs lastmjs Awaiting requested review from lastmjs

At least 1 approving review is required to merge this pull request.

Assignees

@lastmjs lastmjs

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Re-enable CodeQL with yaml configuration file
2 participants
@Copilot @lastmjs