Sec CodeQL #55

	name: Sec CodeQL

	on:
	push:
	branches: [dev, main]
	paths:
	- "Cargo.toml"
	- "Cargo.lock"
	- "src/**"
	- "crates/**"
	- ".github/codeql/**"
	- ".github/workflows/sec-codeql.yml"
	pull_request:
	branches: [dev, main]
	paths:
	- "Cargo.toml"
	- "Cargo.lock"
	- "src/**"
	- "crates/**"
	- ".github/codeql/**"
	- ".github/workflows/sec-codeql.yml"
	merge_group:
	branches: [dev, main]
	schedule:
	- cron: "0 6 * * 1" # Weekly Monday 6am UTC
	workflow_dispatch:

	concurrency:
	group: codeql-${{ github.event.pull_request.number \|\| github.ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read
	security-events: write
	actions: read

	env:
	GIT_CONFIG_COUNT: "1"
	GIT_CONFIG_KEY_0: core.hooksPath
	GIT_CONFIG_VALUE_0: /dev/null


	jobs:
	codeql:
	name: CodeQL Analysis
	runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner]
	timeout-minutes: 30
	steps:
	- name: Checkout repository
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: Initialize CodeQL
	uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
	with:
	languages: rust
	config-file: ./.github/codeql/codeql-config.yml
	queries: security-and-quality

	- name: Set up Rust
	uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
	with:
	toolchain: 1.92.0

	- name: Build
	run: cargo build --workspace --all-targets --locked

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
	with:
	category: "/language:rust"

Provide feedback