From 1d795a5db42ade269b318ed71f37b4c0365102fd Mon Sep 17 00:00:00 2001
From: Daniel Roe <daniel@roe.dev>
Date: Wed, 18 Dec 2024 09:58:20 +0000
Subject: [PATCH] ci: analyse github actions with codeql (#30293)

---
 .github/codeql/codeql-config.yml | 10 ----------
 .github/workflows/ci.yml         |  8 +++++---
 2 files changed, 5 insertions(+), 13 deletions(-)
 delete mode 100644 .github/codeql/codeql-config.yml

diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml
deleted file mode 100644
index 1ab482ad65..0000000000
--- a/.github/codeql/codeql-config.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-paths:
- - 'packages/*/dist/**'
- - 'packages/nuxt/bin/**'
- - 'packages/schema/schema/**'
-paths-ignore:
- - 'test/**'
- - '**/*.test.js'
- - '**/*.test.ts'
- - '**/*.test.tsx'
- - '**/__tests__/**'
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5fe6772524..0caa7e46bb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -69,6 +69,9 @@ jobs:
   codeql:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    strategy:
+      matrix:
+        language: ['javascript-typescript', 'actions']
     permissions:
       actions: read
       contents: read
@@ -90,13 +93,12 @@ jobs:
             - '**/*.spec.ts'
             - '**/*.test.ts'
             - '**/__snapshots__/**'
-          languages: javascript-typescript
-          queries: +security-and-quality
+          languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
-          category: "/language:javascript-typescript"
+          category: "/language:${{ matrix.language }}"
 
   typecheck:
     runs-on: ${{ matrix.os }}