From 852a20343133dfa34d2eaf4cd8dfdb9bb7e92a92 Mon Sep 17 00:00:00 2001
From: stuckvgn <stuckvgn@users.noreply.github.com>
Date: Mon, 16 Mar 2026 15:04:50 +0530
Subject: [PATCH] fix: add CodeQL workflow scanning only Actions language

The default CodeQL setup was configured to scan javascript-typescript,
but this repo contains only markdown and YAML files (no JS/TS source
code). CodeQL failed with "not any written in JavaScript/TypeScript."

Replace default setup with an explicit workflow that scans only the
"actions" language (GitHub Actions YAML files), which is what the
repo actually contains.
---
 .github/workflows/codeql.yml | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..1cc6583
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "17 4 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["actions"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:${{ matrix.language }}"