Skip to content

fix(ci): add language: actions to codeql.yml matrix (WF020)#27

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/gallant-shannon-82193p
Jun 14, 2026
Merged

fix(ci): add language: actions to codeql.yml matrix (WF020)#27
hyperpolymath merged 1 commit into
mainfrom
claude/gallant-shannon-82193p

Conversation

@hyperpolymath

@hyperpolymath hyperpolymath commented Jun 14, 2026

Copy link
Copy Markdown
Owner

What

Adds language: actions to the CodeQL matrix (WF020 fix).

Why

The actions extractor scans workflow YAML for CI/CD security weaknesses. Every repo with Actions workflows benefits. Fixes Hypatia WF020.

Change

    - language: javascript-typescript
      build-mode: none
    - language: actions        # added
      build-mode: none         # added

Verify-before-merge

  • actionlint clean
  • Commit signed (SSH key kVP7)
  • CI-config only — no content/license changes

@hyperpolymath @claude
fix(ci): add language: actions to codeql.yml matrix (WF020)
cfac283 
Adds the actions extractor alongside javascript-typescript so GitHub
Actions workflow YAML is scanned for CI/CD weaknesses (injection,
permission issues). Fixes Hypatia WF020 codeql_missing_actions_language.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@hyperpolymath hyperpolymath marked this pull request as ready for review June 14, 2026 01:15
@hyperpolymath hyperpolymath enabled auto-merge (rebase) June 14, 2026 01:16
@hyperpolymath hyperpolymath disabled auto-merge June 14, 2026 01:16
@hyperpolymath hyperpolymath merged commit 8cb55c9 into main Jun 14, 2026
10 of 11 checks passed
@hyperpolymath hyperpolymath deleted the claude/gallant-shannon-82193p branch June 14, 2026 01:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath