Review SCM files and security updates (#6) #22

	# SPDX-License-Identifier: MIT OR AGPL-3.0-or-later
	# SPDX-FileCopyrightText: 2025 Jonathan D.A. Jewell
	#
	# CodeQL Security Analysis for rescript-tea
	# Analyzes JavaScript output from ReScript compilation

	name: "CodeQL"

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: '35 3 * * 5'

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	packages: read
	actions: read
	contents: read

	strategy:
	fail-fast: false
	matrix:
	language: [javascript-typescript]

	steps:
	- name: Checkout repository
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

	- name: Initialize CodeQL
	uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
	with:
	languages: ${{ matrix.language }}

	- name: Setup Node.js
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
	with:
	node-version: 20.x
	cache: 'npm'

	- name: Install dependencies
	run: npm ci

	- name: Build ReScript
	run: npm run build

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
	with:
	category: "/language:${{ matrix.language }}"

Provide feedback