From 6e0a80fcde3dfd79fe2b804c3b8e2a654c51493e Mon Sep 17 00:00:00 2001 From: Chisanan232 Date: Fri, 19 Jun 2026 13:47:56 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20(ci):=20run=20CodeQL=20on=20push?= =?UTF-8?q?=20to=20master=20(default-branch=20coverage)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit python-sdk recorded 0 CodeQL analyses on master, leaving the code-scanning dashboard empty with no scheduled scan. Add a CodeQL workflow mirroring go-sdk's codeql.yml: analysis+upload on push to master and a weekly schedule, while keeping PR runs. Uses Python build-mode:none (no build step needed for interpreted analysis). Refs AAASM-3434 Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/codeql.yml | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..ade9fcf --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,47 @@ +name: CodeQL + +on: + pull_request: + paths-ignore: + - "**/*.md" + - "docs/**" + - "LICENSE" + push: + paths-ignore: + - "**/*.md" + - "docs/**" + - "LICENSE" + branches: + - master + schedule: + - cron: "0 3 * * 1" + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + security-events: write + actions: read + +jobs: + analyze: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + with: + submodules: recursive + + - name: Initialize CodeQL + uses: github/codeql-action/init@65216971a11ded447a6b76263d5a144519e5eee1 # codeql-bundle-v2.25.2 + with: + languages: python + build-mode: none + + - name: Analyze + uses: github/codeql-action/analyze@65216971a11ded447a6b76263d5a144519e5eee1 # codeql-bundle-v2.25.2 + with: + category: "/language:python"