Conversation
There was a problem hiding this comment.
Pull request overview
Adds CodeQL code scanning to the repository CI surface area and exposes its status via a README badge.
Changes:
- Add a new GitHub Actions workflow to run CodeQL on pushes to
main, PRs targetingmain, and on a weekly schedule. - Add a CodeQL workflow badge to
README.md.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| README.md | Adds a CodeQL Actions badge pointing at the new workflow. |
| .github/workflows/codeql.yml | Introduces a CodeQL analysis workflow with a language matrix (JS/TS + Actions) and scheduled runs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| name: Analyze | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| security-events: write |
There was a problem hiding this comment.
The job-level permissions block only grants security-events: write. In GitHub Actions, specifying permissions overrides the defaults and can remove contents: read, which actions/checkout (and CodeQL initialization) typically needs. Consider adding explicit contents: read (and actions: read when scanning actions workflows) to avoid permission-related failures, especially on orgs that default GITHUB_TOKEN to restricted scopes.
| security-events: write | |
| security-events: write | |
| contents: read | |
| actions: read |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Benchmark
Details
| Benchmark suite | Current: 68910fa | Previous: 762661e | Ratio |
|---|---|---|---|
commit_parsing/100 |
17233 ns/iter (± 636) |
17580 ns/iter (± 90) |
0.98 |
commit_parsing/1000 |
175006 ns/iter (± 1052) |
176880 ns/iter (± 7053) |
0.99 |
commit_parsing/10000 |
1820445 ns/iter (± 26918) |
1830338 ns/iter (± 62121) |
0.99 |
changelog/build_50 |
8194 ns/iter (± 47) |
8025 ns/iter (± 90) |
1.02 |
changelog/build_500 |
71121 ns/iter (± 215) |
69954 ns/iter (± 632) |
1.02 |
version_files/toml_read |
8394 ns/iter (± 115) |
8565 ns/iter (± 93) |
0.98 |
version_files/toml_write |
130349 ns/iter (± 14251) |
135231 ns/iter (± 11762) |
0.96 |
version_files/json_read |
5343 ns/iter (± 66) |
5323 ns/iter (± 47) |
1.00 |
version_files/json_write |
132811 ns/iter (± 12835) |
171342 ns/iter (± 16242) |
0.78 |
version_files/xml_read |
5119 ns/iter (± 90) |
5129 ns/iter (± 163) |
1.00 |
version_files/xml_write |
138882 ns/iter (± 27022) |
130863 ns/iter (± 30015) |
1.06 |
version_files/gradle_read |
5050 ns/iter (± 20) |
5005 ns/iter (± 61) |
1.01 |
version_files/gradle_write |
126764 ns/iter (± 13511) |
133530 ns/iter (± 9646) |
0.95 |
config_loading/single |
10192 ns/iter (± 472) |
10100 ns/iter (± 764) |
1.01 |
config_loading/mono_10 |
15209 ns/iter (± 136) |
15259 ns/iter (± 494) |
1.00 |
config_loading/mono_50 |
39019 ns/iter (± 463) |
39255 ns/iter (± 377) |
0.99 |
This comment was automatically generated by workflow using github-action-benchmark.
Add explicit CodeQL analysis workflow running on push to main, PRs, and weekly schedule. Add CodeQL badge to README.