Skip to content

Add CodeQL analysis workflow configuration#6

Merged
aeiwz merged 1 commit intomainfrom
aeiwz-patch-3
Dec 23, 2025
Merged

Add CodeQL analysis workflow configuration#6
aeiwz merged 1 commit intomainfrom
aeiwz-patch-3

Conversation

@aeiwz
Copy link
Owner

@aeiwz aeiwz commented Dec 23, 2025

No description provided.

Copilot AI review requested due to automatic review settings December 23, 2025 04:18
@aeiwz aeiwz merged commit 1e82cef into main Dec 23, 2025
4 of 6 checks passed
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a GitHub Actions workflow for CodeQL Advanced security analysis to automatically scan the repository for vulnerabilities and security issues. The workflow runs on pushes and pull requests to main, as well as on a weekly schedule.

Key Changes:

  • Configures CodeQL analysis for Python and GitHub Actions languages
  • Sets up automated scanning on push, pull request, and weekly schedule (Sundays at 20:40 UTC)
  • Uses CodeQL v4 actions with appropriate permissions for security event reporting

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +46 to +49
- language: actions
build-mode: none
- language: python
build-mode: none
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The language matrix is incomplete. The repository contains TypeScript/JavaScript code in the docs directory (Next.js documentation site with TypeScript, React, and MDX files), but only Python and actions languages are configured. Consider adding javascript-typescript to the matrix to analyze the TypeScript/React code in the docs folder.

Copilot uses AI. Check for mistakes.
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The runner configuration checks for Swift language but Swift is not included in the language matrix. This conditional will never be true since only 'actions' and 'python' are in the matrix. Consider removing this Swift-specific logic or adding Swift to the matrix if needed, or simply use 'ubuntu-latest' unconditionally since both current languages use it.

Suggested change
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
runs-on: ubuntu-latest

Copilot uses AI. Check for mistakes.
Comment on lines +91 to +96
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The manual build step will always fail with exit code 1 when triggered. This step is designed to be a placeholder that must be replaced with actual build commands if manual build mode is used. However, since both languages in the matrix (actions and python) use build-mode: none, this step will never execute. If manual build mode is added in the future, this placeholder should be replaced with actual build commands or removed entirely.

Suggested change
echo 'If you are using a "manual" build mode for one or more of the' \
'languages you are analyzing, replace this with the commands to build' \
'your code, for example:'
echo ' make bootstrap'
echo ' make release'
exit 1
echo 'No manual build steps have been configured for build-mode "manual".'
echo 'If you are using a "manual" build mode for one or more of the'
echo 'languages you are analyzing, replace this step with the commands to build'
echo 'your code, for example:'
echo ' make bootstrap'
echo ' make release'

Copilot uses AI. Check for mistakes.
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{matrix.language}}"
Copy link

Copilot AI Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing space in the template expression. The category value should have a space after the colon for consistency with GitHub Actions conventions. Change ${{matrix.language}} to ${{ matrix.language }} to follow standard formatting practices.

Suggested change
category: "/language:${{matrix.language}}"
category: "/language:${{ matrix.language }}"

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant