From 7ea7bfc0ee2c50f1337a5ab131a1daae5e7d67d7 Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Sun, 14 Jun 2026 02:15:22 +0100
Subject: [PATCH] fix(ci): add language: actions to codeql.yml matrix (WF020)

Adds the actions extractor alongside javascript-typescript so GitHub
Actions workflow YAML is scanned for CI/CD weaknesses (injection,
permission issues). Fixes Hypatia WF020 codeql_missing_actions_language.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/codeql.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9e32d15..a17c615 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,6 +32,8 @@ jobs:
         include:
           - language: javascript-typescript
             build-mode: none
+          - language: actions
+            build-mode: none
 
     steps:
       - name: Checkout