From ec9eefd496f50d0f6197be15f424519b310e1ddf Mon Sep 17 00:00:00 2001
From: Tao Zhang <zhangt@microsoft.com>
Date: Wed, 17 Dec 2025 18:39:09 +0000
Subject: [PATCH 1/3] add weekly schedule to CodeQL workflow

---
 .github/workflows/codeql.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..28e4b4d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,8 @@
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '0 0 * * 0'
+

From 19db376476d91a87ff02189289d36628f5a1463a Mon Sep 17 00:00:00 2001
From: Tao Zhang <zhangt@microsoft.com>
Date: Wed, 17 Dec 2025 18:48:07 +0000
Subject: [PATCH 2/3] Fix bug

---
 .github/workflows/codeql.yml | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 28e4b4d..cc24920 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,8 +1,38 @@
+name: CodeQL Weekly Scan
+
 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
   schedule:
-    - cron: '0 0 * * 0'
+    - cron: '0 0 * * 0' # Weekly on Sundays at midnight
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
 
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

From b76fdb6041de45daf40fe7ed30ffbd8ce709800e Mon Sep 17 00:00:00 2001
From: Tao Zhang <zhangt@microsoft.com>
Date: Wed, 17 Dec 2025 18:54:21 +0000
Subject: [PATCH 3/3] Remove recursive submodule scan

---
 .github/workflows/codeql.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cc24920..d3b802c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,8 +26,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          submodules: recursive
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3