From 2ade3966d196550c62209f22cecb0b00467833f8 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Sun, 14 Jun 2026 12:37:17 +0000
Subject: [PATCH] ci: set CodeQL language matrix to actions (no JS/TS source in
 repo)

codeql.yml declared `javascript-typescript`, but the repo has no JS/TS source,
so the analyze job recorded zero results / failed "no source files" every run.
CodeQL's `actions` language scans the workflow files (present in every repo),
giving real SAST signal. Per the repo's Hypatia workflow_audit finding.

https://claude.ai/code/session_017TXizM5c1Yd9HWf7Y15YH2
---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 64a6a75..c21d00e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,7 +27,7 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - language: javascript-typescript
+          - language: actions
             build-mode: none
     steps:
       - name: Checkout