zeroclaw/.github/workflows/codeql.yml

name: CodeQL Analysis

on:
    schedule:
        - cron: "0 6,18 * * *" # Twice daily at 6am and 6pm UTC
    workflow_dispatch:

concurrency:
    group: codeql-${{ github.ref }}
    cancel-in-progress: true

permissions:
    contents: read
    security-events: write
    actions: read

jobs:
    codeql:
        name: CodeQL Analysis
        runs-on: blacksmith-2vcpu-ubuntu-2404
        timeout-minutes: 30
        steps:
            - name: Checkout repository
              uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

            - name: Initialize CodeQL
              uses: github/codeql-action/init@v4
              with:
                  languages: rust

            - name: Set up Rust
              uses: dtolnay/rust-toolchain@stable

            - name: Build
              run: cargo build --workspace --all-targets

            - name: Perform CodeQL Analysis
              uses: github/codeql-action/analyze@v4