From 2522ece8da8165c57c2eca082da2a1f1b0b228f1 Mon Sep 17 00:00:00 2001 From: "mendral-app[bot]" <233154221+mendral-app[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 18:40:46 -0700 Subject: [PATCH] ci: add custom CodeQL workflow excluding java-kotlin The default CodeQL setup includes java-kotlin language scanning but the repository has no Java/Kotlin code, causing 25+ consecutive weekly failures since December 2025. This custom workflow replaces the default setup and only scans languages actually present in the repo: c-cpp, csharp, go, javascript-typescript, python, ruby, rust, and swift. Note: The default CodeQL setup must still be disabled in repository settings (Settings > Code security > CodeQL) for this custom workflow to take effect. --- .github/workflows/codeql.yml | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000..f30c932f6b4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,49 @@ +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '17 6 * * 1' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + security-events: write + packages: read + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: + - c-cpp + - csharp + - go + - javascript-typescript + - python + - ruby + - rust + - swift + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/language:${{ matrix.language }}"