go/.gh-actions/workflows/codeql-push.yml

# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "CodeQL: Push"

on:
  push:
    branches: [dev, main]

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: go

      - name: Autobuild
        uses: github/codeql-action/autobuild@v4

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
          category: "/language:go"
ci: revert to ubuntu-latest runners Self-hosted runners need environment parity work (ARM64, root user, SDK tools). Keep self-hosted for future local-llm integration tasks. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-02-02 22:07:13 +00:00			`# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push`
			`name: "CodeQL: Push"`

			`on:`
			`push:`
			`branches: [dev, main]`

			`jobs:`
			`analyze:`
			`name: Analyze`
			`runs-on: ubuntu-latest`
			`permissions:`
			`actions: read`
			`contents: read`
			`security-events: write`

			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v6`

			`- name: Initialize CodeQL`
			`uses: github/codeql-action/init@v4`
			`with:`
			`languages: go`

			`- name: Autobuild`
			`uses: github/codeql-action/autobuild@v4`

			`- name: Perform CodeQL Analysis`
			`uses: github/codeql-action/analyze@v4`
			`with:`
			`category: "/language:go"`