Add CodeQL analysis workflow configuration#2
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
This PR adds a GitHub Actions workflow to enable CodeQL security analysis for the bQuery.js repository. The workflow runs on push/PR events to main and development branches, plus a weekly scheduled scan every Saturday at 01:23 UTC.
Changes:
- Added CodeQL Advanced workflow with matrix strategy for analyzing
actionsandjavascript-typescriptlanguages - Configured automated security scanning with appropriate permissions and build modes
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # - https://gh.io/supported-runners-and-hardware-resources | ||
| # - https://gh.io/using-larger-runners (GitHub.com only) | ||
| # Consider using larger runners or machines with greater resources for possible analysis time improvements. | ||
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} |
There was a problem hiding this comment.
The conditional runner selection includes a check for Swift language, but this repository doesn't use Swift based on the matrix configuration (only 'actions' and 'javascript-typescript' are specified). This conditional can be simplified to just 'ubuntu-latest' since Swift is not in the language matrix.
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | |
| runs-on: ubuntu-latest |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This pull request introduces a new GitHub Actions workflow to enable advanced CodeQL code scanning for security and quality analysis. The workflow is set up to analyze multiple languages and is scheduled to run on pushes, pull requests, and on a weekly cron schedule.
CI/CD and Security Improvements:
.github/workflows/codeql.ymlto set up CodeQL analysis foractionsandjavascript-typescriptlanguages, including scheduled and event-based triggers, and configuration for build modes and runner environments.