Merge pull request #8 from danielnovais-tech/copilot/fix-codeql-workflow-and-docs

fix: apply PR #2 review feedback - CodeQL auto-detection, docs accuracy

Author: danielnovais-tech

.github/dependabot.yml

@@ -70,6 +70,7 @@ updates:
       - "docker"
     commit-message:
       prefix: "chore"
+      prefix-development: "chore"
       include: "scope"
 
   # Go dependencies (if go.mod exists)
@@ -85,4 +86,5 @@ updates:
       - "golang"
     commit-message:
       prefix: "chore"
+      prefix-development: "chore"
       include: "scope"

.github/pull_request_template.md

@@ -68,4 +68,4 @@ Relates to #
 
 <!-- @mencione revisores específicos, se houver -->
 
-@
+@reviewer-username

.github/workflows/ci.yml

@@ -116,7 +116,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.21.x'
 
       - name: Build
         run: go build -v ./...

.github/workflows/codeql.yml

@@ -23,28 +23,17 @@ jobs:
     name: Analyze Code
     runs-on: ubuntu-latest
 
-    strategy:
-      fail-fast: false
-      matrix:
-        # Define languages to analyze
-        # Supported: 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'
-        language: ['javascript', 'python']
-    
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
-        with:
-          languages: ${{ matrix.language }}
-          # If you want to specify queries, uncomment below
-          # queries: security-and-quality
+        # Languages are automatically detected based on repository contents
+        # Supported: 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:${{matrix.language}}"

docs/AUTOMATION.md

@@ -96,10 +96,10 @@ PR Opened
 
 **What it does**:
 - Scans code for security vulnerabilities
-- Analyzes JavaScript and Python code
+- Automatically detects and analyzes supported languages in the repository
 - Reports findings to Security tab
 
-**Languages**: JavaScript, Python (automatically detected)
+**Languages**: Automatically detected (supports C++, C#, Go, Java, JavaScript, Python, Ruby, Swift)
 
 **Permissions**: `actions: read`, `contents: read`, `security-events: write`
 
@@ -116,7 +116,7 @@ PR Opened
 - `bugfix`: fix, bug, resolve, correct, patch, repair
 - `documentation`: docs, documentation, readme, guide, comment
 - `refactor`: refactor, cleanup, restructure, optimize, improve
-- `dependencies`: dependency, dependencies, dependabot, upgrade
+- `dependencies`: dependency, dependencies, dependabot, upgrade, update package
 - `ci`: ci, workflow, github actions, pipeline, automation
 - `security`: security, vulnerability, cve, exploit
 - `breaking-change`: breaking change, breaking, major version
@@ -153,14 +153,14 @@ Applied by the auto-label workflow based on PR content:
 
 | Label | Description | Keywords |
 |-------|-------------|----------|
-| `enhancement` | New features or improvements | feat, feature, add, implement |
-| `bugfix` | Bug fixes | fix, bug, resolve, correct |
-| `documentation` | Documentation changes | docs, documentation, readme |
-| `refactor` | Code refactoring | refactor, cleanup, restructure |
-| `dependencies` | Dependency updates | dependency, dependabot, upgrade |
-| `ci` | CI/CD changes | ci, workflow, github actions |
-| `security` | Security-related changes | security, vulnerability, cve |
-| `breaking-change` | Breaking changes | breaking change, major version |
+| `enhancement` | New features or improvements | feat, feature, add, implement, enhance, new |
+| `bugfix` | Bug fixes | fix, bug, resolve, correct, patch, repair |
+| `documentation` | Documentation changes | docs, documentation, readme, guide, comment |
+| `refactor` | Code refactoring | refactor, cleanup, restructure, optimize, improve |
+| `dependencies` | Dependency updates | dependency, dependencies, dependabot, upgrade, update package |
+| `ci` | CI/CD changes | ci, workflow, github actions, pipeline, automation |
+| `security` | Security-related changes | security, vulnerability, cve, exploit |
+| `breaking-change` | Breaking changes | breaking change, breaking, major version |
 | `size/XS` to `size/XL` | PR size indicator | Automatically calculated |
 
 ### Manual Labels