Introduce Github CodeQL

[skonefal]

No description provided.

[cursor]

PR Summary

Low Risk
Low risk: adds a new GitHub Actions workflow for CodeQL analysis only, affecting CI runtime/permissions but not application code or runtime behavior.

Overview
Adds a new .github/workflows/codeql.yml workflow to run CodeQL Advanced code scanning on pushes to main and on a weekly cron.

The job analyzes actions and javascript-typescript with build-mode: none, checks out the repo, initializes CodeQL, and uploads results using the required security-events permission.

^{Reviewed by Cursor Bugbot for commit 239a9f1. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Missing pull_request trigger defeats proactive security scanning
  • Added the missing CodeQL pull_request trigger for main so PRs are scanned before merge.

Or push these changes by commenting:

@cursor push 3dbb80f0cf

Preview (3dbb80f0cf)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -14,6 +14,8 @@
 on:
   push:
     branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
   schedule:
     - cron: '23 5 * * 1'

_{You can send follow-ups to the cloud agent here.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 239a9f1. Configure here.}

[bh2smith]

Seems Legit