Add CodeQL analysis workflow configuration

[i-am-that-guy]

Summary by CodeRabbit

• Chores
  • Added automated code quality and security scanning infrastructure to the development pipeline. This helps maintain code standards and identify potential vulnerabilities in the codebase.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow file was added to enable CodeQL Advanced security scanning. The workflow runs on pushes to main, pull requests to main, and a schedule. It configures CodeQL analysis for JavaScript/TypeScript with automatic build mode detection and includes fallback logic for manual build scenarios.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow \\.github/workflows/codeql.yml	New CodeQL Advanced workflow for automated security analysis on main branch events and schedule. Configures matrix with JavaScript/TypeScript language, initializes CodeQL tooling, and runs analysis with guidance for custom queries and manual build fallback.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify workflow trigger conditions (push to main, PRs) align with security scanning requirements
• Confirm CodeQL matrix language selection and build-mode configuration are correct
• Review permissions granted to the CodeQL analysis job for appropriateness
• Validate the manual build mode fallback path and placeholder logic

Poem

🐰 Hops onto stage with a flourish

A workflow's born to scan the code,
With CodeQL lighting up the load,
Security checks on every shove,
JavaScript flows through tunnels above,
Now bugs won't hide—they'll flee in fear! 🔒

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Add CodeQL analysis workflow configuration' directly and accurately describes the main change: adding a new CodeQL workflow file at .github/workflows/codeql.yml for automated code analysis.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codeql-workflow

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 923329f and d20f719.

📒 Files selected for processing (1)

• .github/workflows/codeql.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Cloudflare Pages

🔇 Additional comments (5)

.github/workflows/codeql.yml (5)

1-20: Configuration is well-structured and follows GitHub recommendations.

The workflow triggers, metadata, and inline comments provide clear guidance. CodeQL Action v4 is the current recommended version (released October 7, 2025), and this workflow correctly uses it.

---

22-40: Permissions and runner configuration are sound.

The permission model aligns with GitHub's requirements for advanced setup. The conditional runner selection for Swift is future-proof and won't cause issues even though the current matrix only includes JavaScript/TypeScript.

---

42-55: Matrix configuration correctly targets JavaScript/TypeScript with appropriate build mode.

The build-mode: none is suitable for interpreted languages, and the extensive inline documentation supports future language additions.

---

56-94: Initialization and manual build logic are correctly structured.

The checkout and init steps follow best practices. The manual build step (lines 85–94) includes a placeholder with exit 1—this is intentional and requires developers to provide actual build commands if they enable manual mode for any language.

---

96-99: Analysis step is correctly configured.

Uses the latest CodeQL Action v4 and properly parameterizes the category based on the matrix language.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying coc-admin with    Cloudflare Pages

Latest commit:	d20f719
Status:	✅  Deploy successful!
Preview URL:	https://f6f0cc4c.coc-admin.pages.dev
Branch Preview URL:	https://codeql-workflow.coc-admin.pages.dev

View logs

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.