Conversation
There was a problem hiding this comment.
Pull request overview
Adds a GitHub Actions workflow to run CodeQL “Advanced” analysis on the stg branch to enable code scanning.
Changes:
- Introduces a
.github/workflows/codeql.ymlworkflow for CodeQL scanning. - Configures a language matrix (currently Python) and runs CodeQL init/analyze steps.
- Sets workflow triggers for
push,pull_request(bothstg), and a weekly cron schedule.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - language: python | ||
| build-mode: none |
There was a problem hiding this comment.
YAML indentation for the matrix.include list is invalid: the - language: python item is at the same indentation level as include:. This will break parsing of the matrix configuration. Indent the list item(s) under include: (and keep build-mode aligned under the list item).
| - language: python | |
| build-mode: none | |
| - language: python | |
| build-mode: none |
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 |
There was a problem hiding this comment.
YAML indentation for steps is invalid: list items under steps: must be indented beneath it (e.g., steps: then - name: ...). As written, the workflow will fail to load due to malformed YAML. Indent all - name: step entries under steps: consistently.
No description provided.