name: CodeQL on: push: branches: [main, dev] paths: - 'src/**' - 'packages/**' - 'agent-teams-controller/**' - 'mcp-server/**' - 'scripts/**' - '.github/workflows/**' - '.github/codeql/**' - 'package.json' - 'pnpm-lock.yaml' - 'pnpm-workspace.yaml' - 'tsconfig*.json' pull_request: paths: - 'src/**' - 'packages/**' - 'agent-teams-controller/**' - 'mcp-server/**' - 'scripts/**' - '.github/workflows/**' - '.github/codeql/**' - 'package.json' - 'pnpm-lock.yaml' - 'pnpm-workspace.yaml' - 'tsconfig*.json' schedule: - cron: '34 3 * * 1' permissions: contents: read jobs: analyze: name: Analyze (${{ matrix.language }}) runs-on: ubuntu-latest timeout-minutes: 45 permissions: actions: read contents: read security-events: write strategy: fail-fast: false matrix: language: - actions - javascript-typescript steps: - name: Checkout repository uses: actions/checkout@v6 - name: Initialize CodeQL uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 with: category: /language:${{ matrix.language }}