Skip to content

ci: add CodeQL workflow (fix PR block — 3 configurations not found)#986

Closed
kungfuk3nnyyy wants to merge 2 commits into
mainfrom
fix/add-codeql-workflow
Closed

ci: add CodeQL workflow (fix PR block — 3 configurations not found)#986
kungfuk3nnyyy wants to merge 2 commits into
mainfrom
fix/add-codeql-workflow

Conversation

@kungfuk3nnyyy

@kungfuk3nnyyy kungfuk3nnyyy commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Summary

Every PR was blocked by "Code scanning results / CodeQL — 3 configurations not found" because branch protection expects CodeQL results for javascript-typescript, java-kotlin, and actions on each PR branch, but no workflow existed to produce them.

Adds .github/workflows/codeql.yml that runs all 3 language configurations on push to main, on PRs targeting main, and on a weekly schedule (Monday 08:00 UTC).

Test plan

  • This PR itself should pass the CodeQL check once CI runs
  • Future Dependabot PRs should no longer show "configurations not found"

🤖 Generated with Claude Code

@kungfuk3nnyyy @claude
ci: add CodeQL workflow for JS/TS, Kotlin, and Actions
10418f5 
PRs were blocked by "3 configurations not found" because branch
protection expects CodeQL results (javascript-typescript, java-kotlin,
actions) but no workflow existed to produce them on PR branches.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

🔒 Security Reviewer Gate

This PR touches security-sensitive files. Before merging, complete the checklist in the PR description:

  • patchwork shadow-scan --since 30d output included
  • Error messages match spec in documents/error-messages.md
  • patchwork recipe audit-env run on any affected recipes
  • At least one reviewer with security context has approved

This comment is posted automatically when security-sensitive paths are modified.

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Shadow-scan results

Scanned: 0 runs
Reclassified: 0

No runs to scan.

Full output available as artifact shadow-scan-986

@kungfuk3nnyyy @claude
revert: remove codeql.yml — default setup is already enabled
7dffb8f 
The repo uses GitHub's CodeQL default setup (Security settings).
Advanced workflow conflicts with it: "analyses from advanced
configurations cannot be processed when the default setup is enabled".
Default setup already runs on PRs; no workflow needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kungfuk3nnyyy

kungfuk3nnyyy commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator Author

Removing — repo uses CodeQL default setup which conflicts with a workflow-based approach. Fix is to disable default setup in GitHub Security settings instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security-review-required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kungfuk3nnyyy