Skip to content

fix: replace default CodeQL setup with Actions-only scan#6

Merged
stuckvgn merged 1 commit intomainfrom
fix/codeql-language-config
Mar 17, 2026
Merged

fix: replace default CodeQL setup with Actions-only scan#6
stuckvgn merged 1 commit intomainfrom
fix/codeql-language-config

Conversation

@stuckvgn
Copy link
Contributor

@stuckvgn stuckvgn commented Mar 16, 2026

Summary

  • CodeQL default setup was auto-configured to scan javascript-typescript, but this repo contains only markdown and YAML configuration files -- no JS/TS source code
  • Error: CodeQL detected code written in GitHub Actions, but not any written in JavaScript/TypeScript
  • Disabled the broken default setup via API and added an explicit workflow that scans only the actions language (GitHub Actions YAML files)

What changed

  • Disabled CodeQL default setup (was misconfigured for javascript-typescript)
  • Added .github/workflows/codeql.yml configured to scan only actions language
  • Runs on push/PR to main and weekly schedule

Test plan

  • Verify the new CodeQL workflow passes on merge to main
  • Confirm no more "configuration error" status on the repo's code scanning page

@stuckvgn
fix: add CodeQL workflow scanning only Actions language
852a203 
The default CodeQL setup was configured to scan javascript-typescript,
but this repo contains only markdown and YAML files (no JS/TS source
code). CodeQL failed with "not any written in JavaScript/TypeScript."

Replace default setup with an explicit workflow that scans only the
"actions" language (GitHub Actions YAML files), which is what the
repo actually contains.
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 16, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@stuckvgn stuckvgn merged commit 1bccf57 into main Mar 17, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stuckvgn