Add repository GitHub Actions for CI, publishing, Pages, and CodeQL

[Copilot]

This PR adds the missing GitHub Actions setup for bQuery/ui, using bQuery/bQuery as the reference and adapting it to this repository’s actual scripts and release flow. It introduces a minimal workflow set for CI, npm publishing, GitHub Pages docs deployment, and CodeQL scanning.

• CI workflow

  • Adds .github/workflows/test.yml
  • Runs the repository’s existing Bun-based install, typecheck, test, and package build steps
  • Triggers on pushes and PRs to the main development branches

• Publish + docs deployment

  • Adds .github/workflows/npm-publish.yml
  • Builds and verifies the package on main
  • Builds VitePress docs and uploads them for GitHub Pages deployment
  • Publishes to npm only on GitHub release creation

• Code scanning

  • Adds .github/workflows/codeql.yml
  • Enables CodeQL analysis for:
    • GitHub Actions definitions
    • JavaScript/TypeScript sources

• Repository-specific adaptation

  • Uses Bun setup and bun install --frozen-lockfile
  • Maps the workflows to this repo’s existing commands instead of copying unrelated automation from the reference repo

- name: Setup Bun
  uses: oven-sh/setup-bun@v2
  with:
    bun-version: '1.3.7'

- name: Install dependencies
  run: bun install --frozen-lockfile

- name: Type-check
  run: bun run lint:types

- name: Run tests
  run: bun test

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[Copilot]

Pull request overview

Adds a baseline GitHub Actions setup for the @bquery/ui repo to run CI checks, publish releases to npm, deploy VitePress docs to GitHub Pages, and enable CodeQL scanning.

Changes:

• Add CI workflow to install with Bun, typecheck, test, and build on pushes/PRs.
• Add publish + Pages workflow to build/verify on main, deploy docs to Pages, and publish to npm on release creation.
• Add CodeQL workflow for Actions + JS/TS analysis on pushes/PRs and a scheduled run.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
.github/workflows/test.yml	CI workflow using Bun to typecheck, test, and build.
.github/workflows/npm-publish.yml	Build/verify, docs build + Pages deploy, and npm publish on release.
.github/workflows/codeql.yml	CodeQL configuration for Actions and JS/TS scanning.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The workflow description says CI should trigger on the main development branches, but push.branches: ['**'] will run on every branch. Consider restricting push to main/development (or removing the branches filter entirely if you truly want all branches) to match the intended behavior and reduce unnecessary CI runs.

[Copilot]

build-docs and deploy-pages run independently of the main build job, so docs can be deployed even if typecheck/tests/build fail. Consider making build-docs depend on build (or re-running the same verification steps in build-docs) so Pages only deploys from a verified commit.

[Copilot]

VitePress is currently configured with base: '/' (see docs/.vitepress/config.ts), but GitHub Pages for a project repo is typically served under /<repo>/. As-is, the deployed docs are likely to have broken asset and link paths. Consider updating the docs base (or making it conditional for CI) to match the Pages subpath used by this repo.

Suggested change

	- run: bun run build:docs
	- run: bun run build:docs
	env:
	DOCS_BASE: "/${{ github.event.repository.name }}/"

[Copilot]

runs-on uses a template expression that checks for swift, but the matrix only includes actions and javascript-typescript, so the conditional is dead code. Consider simplifying to ubuntu-latest to reduce noise and avoid confusion when maintaining the workflow.

Suggested change

	runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
	runs-on: ubuntu-latest