Add CodeQL analysis workflow configuration

[jusuchin85]

This pull request adds a new GitHub Actions workflow for advanced CodeQL analysis. The workflow enables automated security scanning for multiple languages on push, pull request, and scheduled events. It provides guidance for customizing language analysis and build logic.

[Copilot]

Pull request overview

This PR adds a CodeQL Advanced workflow configuration for automated security scanning of the repository. CodeQL is GitHub's code analysis engine that helps identify security vulnerabilities and code quality issues. However, the workflow configuration is incomplete and will not function in its current state.

Changes:

• Added .github/workflows/codeql.yml with CodeQL analysis configuration including permissions, triggers (push, pull_request, scheduled), and analysis steps

Comments suppressed due to low confidence (3)

.github/workflows/codeql.yml:10

• The comment on line 8 states "We have attempted to detect the languages in your repository" but no languages have been defined in the matrix below. This comment is misleading since the workflow is incomplete and won't function without language configuration. Either remove or update this comment to reflect that languages need to be manually configured.

# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.

.github/workflows/codeql.yml:53

• The matrix.include section is incomplete - no languages are defined. This workflow will fail because matrix.language is referenced in multiple places (line 24, 30, 68, 97) but no languages are specified in the matrix configuration.

For this JavaScript/HTML project, you should add a language configuration. Add the following after line 45:

• language: javascript-typescript
  build-mode: none

This will enable CodeQL analysis for the JavaScript code in your index.html file.

        include:
        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'rust', 'swift'
        # Use `c-cpp` to analyze code written in C, C++ or both
        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages

.github/workflows/codeql.yml:69

• The workflow references matrix.build-mode on line 69, but build-mode is not defined in the matrix configuration. This will cause the CodeQL initialization to fail or behave unexpectedly. You need to explicitly define build-mode for each language in the matrix.include section.

        build-mode: ${{ matrix.build-mode }}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@jusuchin85 I've opened a new pull request, #10, to work on those changes. Once the pull request is ready, I'll request review from you.