ci: update CodeQL workflow

sebthom · sebthom · commit 6a452a429064 · 2025-11-14T12:04:01.000+01:00
Also scan GHA workflow files. Disable javascript scans which make the
job fail as no checked-in files are found.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -2,13 +2,13 @@
 name: CodeQL
 
 on:  # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows
+  schedule:
+    # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule
+    - cron: "30 18 * * 1"  # Mondays 18:30 UTC
   push:
     branches: [ "main" ]
     paths-ignore:
     - '**/*.md'
-    - '.github/*.yml'
-    - '.github/workflows/build.yml'
-    - '.github/workflows/licensecheck.yml'
     - '**/.project'
     - '**/.settings/*.prefs'
     - '.gitignore'
@@ -18,9 +18,6 @@ on:  # https://docs.github.com/en/actions/reference/workflows-and-actions/events
     branches: [ "main" ]
     paths-ignore:
     - '**/*.md'
-    - '.github/*.yml'
-    - '.github/workflows/build.yml'
-    - '.github/workflows/licensecheck.yml'
     - '**/.project'
     - '**/.settings/*.prefs'
     - '.gitignore'
@@ -36,15 +33,23 @@ jobs:
   analyze:
   ###########################################################
 
+    concurrency:
+      group: codeql-${{ github.workflow }}-${{ github.ref }}-${{ matrix.language }}
+      cancel-in-progress: true
+
     strategy:
       fail-fast: false
       matrix:
         include:
         # build-mode: https://github.com/github/codeql-action#build-modes
-        - language: java-kotlin
+        - language: actions
           build-mode: none
-        - language: javascript-typescript
+        - language: java-kotlin
           build-mode: none
+        # avoid build error: "CodeQL detected code written in Java/Kotlin, GitHub Actions, C/C++ and Python, 
+        # but not any written in JavaScript/TypeScript."
+        #- language: javascript-typescript
+        #  build-mode: none
         - language: python
           build-mode: none
 
@@ -79,9 +84,9 @@ jobs:
 
 
     # CodeQL executes https://github.com/ferstl/depgraph-maven-plugin
-    - name: "Install: JDK 25 for Maven ☕"
+    - name: "Install: JDK 25 for Maven/Tycho ☕"
       uses: actions/setup-java@v5  # https://github.com/actions/setup-java
-      if: ${{ matrix.language }} == 'java'
+      if: matrix.language == 'java'
       with:
         distribution: temurin
         java-version: 25
