Skip to content

Remove CodeQL from local check.sh gate#225

Merged
alexkroman merged 3 commits into
mainfrom
claude/confident-ramanujan-hed2j4
Jun 17, 2026
Merged

Remove CodeQL from local check.sh gate#225
alexkroman merged 3 commits into
mainfrom
claude/confident-ramanujan-hed2j4

Conversation

@alexkroman

@alexkroman alexkroman commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator

Summary

Remove the CodeQL security analysis step from the local check.sh gate and update documentation accordingly. CodeQL is now exclusively run in CI via codeql.yml, eliminating redundant local execution and significantly improving local development speed.

Changes

  • scripts/check.sh: Removed the CodeQL gate execution block that conditionally ran scripts/codeql_gate.py. Replaced with a comment explaining that CodeQL is CI-only and directing users to the manual reproduction command if needed.
  • AGENTS.md: Updated the authoritative gate documentation to remove CodeQL from the ordered list of checks, reflecting that it no longer runs locally.

Rationale

CodeQL is the slowest gate (~minutes) and was already being enforced in CI by codeql.yml, which runs the same security and quality suites and uploads results to GitHub's code-scanning/quality tabs. The CI workflow (ci.yml) never actually ran the local CodeQL step either (hosted runners lack CodeQL on PATH), so removing it from the local gate loses no CI coverage while keeping check.sh fast for developers. The same analysis can still be reproduced locally via uv run python scripts/codeql_gate.py if needed.

https://claude.ai/code/session_01TSGokAz8uYHj5PnWfYh8LP

@alexkroman alexkroman enabled auto-merge June 17, 2026 18:46
@claude
Drop CodeQL from check.sh (enforced by codeql.yml)
a4fc7fc 
CodeQL is the slowest gate (~minutes) and depends on nothing else in the
local pipeline. It was already enforced independently by the codeql.yml
workflow, and ci.yml's check job never ran it anyway (no codeql on the
hosted runner's PATH, so the step self-skipped there). Removing it from
check.sh therefore loses no CI coverage and roughly halves the local gate
wall-clock (~165s -> ~83s on a 4-core box).

scripts/codeql_gate.py is kept so a code-scanning alert can still be
reproduced locally on demand.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TSGokAz8uYHj5PnWfYh8LP
@alexkroman alexkroman force-pushed the claude/confident-ramanujan-hed2j4 branch from 65da3d8 to a4fc7fc Compare June 17, 2026 20:20
@alexkroman alexkroman added this pull request to the merge queue Jun 17, 2026
@alexkroman alexkroman removed this pull request from the merge queue due to a manual request Jun 17, 2026
@alexkroman alexkroman enabled auto-merge June 17, 2026 20:55
@alexkroman alexkroman added this pull request to the merge queue Jun 17, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jun 17, 2026
@alexkroman alexkroman added this pull request to the merge queue Jun 17, 2026
Merged via the queue into main with commit e65e909 Jun 17, 2026
19 checks passed
@alexkroman alexkroman deleted the claude/confident-ramanujan-hed2j4 branch June 17, 2026 21:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alexkroman @claude