From 927c58f190091d8073439f8db7f27e45c2c3d559 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 2 Jun 2026 14:02:06 +0000 Subject: [PATCH] ci(codeql): scan GitHub Actions workflows instead of absent JS/TS The CodeQL javascript-typescript analysis failed with a configuration error ("Only found JavaScript or TypeScript files that were empty or contained syntax errors" / "could not process any code"). The repository has no JS/TS source -- the estate language policy bans TypeScript and only JSON config files exist -- so the extractor sees no code and the job errors out. Switch the analysis language to `actions`, which scans the GitHub Actions workflow YAML that does exist in this repo, turning a broken job into a meaningful security check. --- .github/workflows/codeql.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d1ed260..f609b3e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,12 @@ jobs: fail-fast: false matrix: include: - - language: javascript-typescript + # The repository contains no JavaScript/TypeScript source (the estate + # language policy bans TS; only JSON config files exist), so the + # javascript-typescript extractor errored with "no source code seen". + # CodeQL's GitHub Actions analysis scans the workflow YAML that does + # exist here, keeping this a meaningful security check. + - language: actions build-mode: none steps: