Create CodeQL workflow for Rust analysis

[unclesp1d3r]

Add CodeQL workflow for security analysis of Rust code.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Summary by CodeRabbit

• Chores
  • Introduced a backup CI workflow that runs automated static analysis on the Rust codebase for pushes, pull requests, scheduled, and manual runs.
  • Executes on Linux runners and integrates with repository security reporting.
  • No user-facing changes; application behavior and APIs remain unchanged.
  • No installation or configuration required for users.

Walkthrough

Introduces a new GitHub Actions workflow backup file to run CodeQL analysis for a Rust project, triggered on pushes, pull requests to main, weekly schedule, and manual dispatch. It sets permissions, uses Ubuntu 22.04, configures Rust 1.90, initializes CodeQL for Rust, autobuilds, and runs analysis.

Changes

Cohort / File(s)	Summary of Changes
CI / CodeQL Workflow .github/workflows/codeql.yml.bak	Added a backup GitHub Actions workflow named “CodeQL” for Rust: defines triggers (push, PR to main, schedule, manual), sets permissions, runs on ubuntu-22.04, checks out code, sets Rust toolchain (dtolnay/rust-toolchain@1.90), initializes CodeQL (language: rust), autobuilds, and analyzes.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant GH as GitHub
    participant Runner as Actions Runner (ubuntu-22.04)
    participant Repo as Repository
    participant CodeQL as CodeQL

    Dev->>GH: Push / PR to main • Schedule • Manual dispatch
    GH-->>Runner: Trigger "CodeQL" workflow
    Runner->>Repo: actions/checkout
    Runner->>Runner: Setup Rust (dtolnay/rust-toolchain@1.90)
    Runner->>CodeQL: Initialize analysis (language: rust)
    Runner->>Runner: Autobuild project
    Runner->>CodeQL: Perform analysis
    CodeQL-->>GH: Upload security events (security-events: write)

    note over Runner,CodeQL: New workflow executes static analysis for Rust

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I hopped through CI fields at night,
A carrot cursor finds each byte—
CodeQL stars align in rust,
Secrets safe, we build with trust.
Pipelines purr, alerts take flight,
My whiskers twitch: green checks alight. 🥕✨

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch unclesp1d3r-patch-2

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e90130d and cbdf531.

📒 Files selected for processing (1)

• .github/workflows/codeql.yml.bak (1 hunks)

---

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.