From 929c7a611217e6daf62bbfc4f1bff711ad94e298 Mon Sep 17 00:00:00 2001 From: Pierre Jochem Date: Tue, 23 Jun 2026 14:24:26 +0200 Subject: [PATCH 1/2] ci: remove CodeQL workflow CodeQL cannot analyze this project: the Kotlin extractor caps at Kotlin < 2.3.30 (this repo is on 2.4.0), so manual/autobuild fails with KotlinVersionTooRecent, while build-mode: none does not support Kotlin and sees no source. With no Java sources present there is nothing CodeQL can process, so the workflow only ever fails. Remove it until the CodeQL Kotlin extractor supports 2.4.0. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/codeql.yml | 41 ------------------------------------ 1 file changed, 41 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 06c5b35..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: CodeQL - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - schedule: - - cron: "27 4 * * 1" # weekly, Monday 04:27 UTC - -concurrency: - group: codeql-${{ github.ref }} - cancel-in-progress: true - -jobs: - analyze: - runs-on: ubuntu-latest - # Dependabot PRs run with a read-only token (security-events: write and - # packages: read are denied), so CodeQL upload + mirror-api resolution - # fail. Merged code is still scanned via the push + schedule triggers. - if: github.actor != 'dependabot[bot]' - permissions: - contents: read - security-events: write - steps: - - uses: actions/checkout@v7 - - # build-mode: none extracts source without compiling. Avoids CodeQL's - # Kotlin extractor, which only supports Kotlin < 2.3.30 (this project is - # on 2.4.0) and otherwise fails compileKotlin with KotlinVersionTooRecent. - # No build means no mirror-api resolution, so packages: read is unneeded. - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: java-kotlin - build-mode: none - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - with: - category: "/language:java-kotlin" From 0c101ea13ab42124e1f3500648cbacf5ad991c79 Mon Sep 17 00:00:00 2001 From: Pierre Jochem Date: Tue, 23 Jun 2026 14:24:26 +0200 Subject: [PATCH 2/2] ci: remove CodeQL workflow --- .github/workflows/codeql.yml | 41 ------------------------------------ 1 file changed, 41 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 06c5b35..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: CodeQL - -on: - push: - branches: [main, master] - pull_request: - branches: [main, master] - schedule: - - cron: "27 4 * * 1" # weekly, Monday 04:27 UTC - -concurrency: - group: codeql-${{ github.ref }} - cancel-in-progress: true - -jobs: - analyze: - runs-on: ubuntu-latest - # Dependabot PRs run with a read-only token (security-events: write and - # packages: read are denied), so CodeQL upload + mirror-api resolution - # fail. Merged code is still scanned via the push + schedule triggers. - if: github.actor != 'dependabot[bot]' - permissions: - contents: read - security-events: write - steps: - - uses: actions/checkout@v7 - - # build-mode: none extracts source without compiling. Avoids CodeQL's - # Kotlin extractor, which only supports Kotlin < 2.3.30 (this project is - # on 2.4.0) and otherwise fails compileKotlin with KotlinVersionTooRecent. - # No build means no mirror-api resolution, so packages: read is unneeded. - - name: Initialize CodeQL - uses: github/codeql-action/init@v4 - with: - languages: java-kotlin - build-mode: none - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4 - with: - category: "/language:java-kotlin"