Skip to content

Add daily CodeQL security scanning workflow#2946

Merged
pelikhan merged 3 commits intomainfrom
copilot/update-codeql-action-schedule
Nov 1, 2025
Merged

Add daily CodeQL security scanning workflow#2946
pelikhan merged 3 commits intomainfrom
copilot/update-codeql-action-schedule

Conversation

Copy link
Contributor

Copilot AI commented Nov 1, 2025
edited
Loading

Adds CodeQL security analysis running on a daily schedule rather than on every push to reduce CI overhead.

Changes

  • Created .github/workflows/codeql.yml with daily cron schedule (6:00 AM UTC)
  • Scans Go and JavaScript using matrix strategy with security-and-quality queries
  • Includes workflow_dispatch for manual runs
  • CI workflow (.github/workflows/ci.yml) remains unchanged for fast push/PR feedback

Configuration

on:
  schedule:
    - cron: '0 6 * * *'
  workflow_dispatch:

permissions:
  actions: read
  contents: read
  security-events: write

The workflow builds Go code before analysis and runs both languages in parallel via matrix strategy.

Original prompt

Change the codeql action to run daily for actions check instead of on every push (you may need to split the action in two files)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI and others added 2 commits November 1, 2025 16:57
@pelikhan
Initial plan for CodeQL action configuration
cfddb93 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
@pelikhan
Add CodeQL security analysis workflow with daily schedule
f5a50dc 
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Update CodeQL action to run daily Add daily CodeQL security scanning workflow Nov 1, 2025
Copilot AI requested a review from pelikhan November 1, 2025 17:03
@pelikhan pelikhan marked this pull request as ready for review November 1, 2025 17:09
Copilot AI review requested due to automatic review settings November 1, 2025 17:09
@pelikhan pelikhan merged commit 574003c into main Nov 1, 2025
6 checks passed
@pelikhan pelikhan deleted the copilot/update-codeql-action-schedule branch November 1, 2025 17:09
Copilot AI reviewed Nov 1, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces CodeQL security analysis and refactors the changeset workflow lock file timestamp checking. The changes include adding a new scheduled security scanning workflow and migrating shell-based file timestamp validation to JavaScript for improved error handling.

  • Added CodeQL workflow for automated security scanning of Go and JavaScript code
  • Refactored timestamp checking in changeset workflow from shell script to JavaScript implementation

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/codeql.yml New workflow for daily CodeQL security analysis of Go and JavaScript code
.github/workflows/changeset.lock.yml Replaced shell-based timestamp checking with JavaScript implementation using actions/github-script for better error handling and logging

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Nov 2, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pelikhan pelikhan Awaiting requested review from pelikhan

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pelikhan