feat: enabled CodeQL

.github/config/codeql.yaml

@@ -0,0 +1,8 @@
+# ref:
+# for `javascript-typescript` codeql-suites: https://github.com/github/codeql/tree/main/javascript/ql/src/codeql-suites
+# for `actions` codeql-suites: https://github.com/github/codeql/tree/main/actions/ql/src/codeql-suites
+
+name: "CodeQL configurations"
+
+queries:
+  - uses: security-and-quality

.github/workflows/backend.yaml

@@ -13,7 +13,7 @@ env:
   RAPID_API_KEY: ${{ secrets.RAPID_API_KEY }}
 
 jobs:
-  image_build_and_push:
+  build-and-ship:
     name: Build & Ship OCI image
     runs-on: ubuntu-24.04
 

.github/workflows/build.yaml

@@ -11,67 +11,49 @@
   workflow_dispatch:
 
 jobs:
-  build_and_test:
-    name: Build
+  build-apps:
+    name: Build Apps
     runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
       - name: Setup node.js environment
         uses: actions/setup-node@v4
         with:
           node-version: 20.9.0
 
       - name: Filter Path
         uses: dorny/paths-filter@v3
         id: filter
         with:
           filters: '.github/config/paths-filter.yaml'
         # https://github.com/dorny/paths-filter
 
       # Run only for Backend
-      - name: Install dependencies
-        if: steps.filter.outputs.api == 'true'
-        working-directory: ./api-server
-        run: |
-          npm ci
-
-      - name: Run Jest
-        if: steps.filter.outputs.api == 'true'
-        working-directory: ./api-server
-        run: |
-          npx jest
-
       - name: Install pack
         if: steps.filter.outputs.api == 'true'
         uses: buildpacks/github-actions/setup-pack@v5.8.6
 
       - name: Build Express App
         if: steps.filter.outputs.api == 'true'
         run: |
           pack build ghcr.io/hwakabh/gh-pages-api:local \
             --builder gcr.io/buildpacks/builder:latest \
             --path ./api-server/
 
       # Run only for Frontend
       - name: Install dependencies
         if: steps.filter.outputs.ui == 'true'
         working-directory: ./web-frontend
         run: |
           npm ci
 
-      - name: Run Vitest for compoenent testings
-        if: steps.filter.outputs.ui == 'true'
-        working-directory: ./web-frontend
-        run: |
-          npx vitest run
-
       - name: Build Vite App
         if: steps.filter.outputs.ui == 'true'
         working-directory: ./web-frontend
         env:
           VITE_API_ENDPOINT: ${{ secrets.VITE_API_ENDPOINT }}
         run: |
           npx vite build

.github/workflows/codeql.yaml

@@ -0,0 +1,36 @@
+name: CodeQL
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-24.04
+
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed
+        language:
+          - 'javascript-typescript'
+          - 'actions'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          config-file: ./.github/config/codeql.yaml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/frontend.yaml

@@ -9,7 +9,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  build:
+  build-and-deploy:
     name: Build Vue app and Deploy
     runs-on: ubuntu-24.04
     steps:

.github/workflows/git-pr-release.yaml

@@ -7,7 +7,7 @@ on:
   workflow_dispatch:
 
 jobs:
-  git_pr_release:
+  git-pr-release:
     name: git-pr-release
     runs-on: ubuntu-24.04
 

.github/workflows/tests.yaml

@@ -0,0 +1,62 @@
+name: Tests CI
+
+on:
+  pull_request:
+    # triggered only when PR created with its target to main
+    branches:
+      - 'main'
+    paths:
+      - 'api-server/**'
+      - 'web-frontend/**'
+  workflow_dispatch:
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-24.04
+
+    permissions:
+      issues: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Filter Path
+        uses: dorny/paths-filter@v3
+        id: filter
+        with:
+          filters: '.github/config/paths-filter.yaml'
+        # https://github.com/dorny/paths-filter
+
+      - name: Setup node.js environment
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.9.0
+
+      # Run only for Backend
+      - name: Install dependencies
+        if: steps.filter.outputs.api == 'true'
+        working-directory: ./api-server
+        run: |
+          npm ci
+
+      - name: Run Jest
+        if: steps.filter.outputs.api == 'true'
+        working-directory: ./api-server
+        run: |
+          npx jest
+
+      # Run only for Frontend
+      - name: Install dependencies
+        if: steps.filter.outputs.ui == 'true'
+        working-directory: ./web-frontend
+        run: |
+          npm ci
+
+      - name: Run Vitest for compoenent testings
+        if: steps.filter.outputs.ui == 'true'
+        working-directory: ./web-frontend
+        run: |
+          npx vitest run

.github/workflows/triage-issues.yaml

@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 jobs:
-  triage_issue:
+  triage-issue:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout

.github/workflows/triage-pull-requests.yaml

@@ -9,7 +9,7 @@ permissions:
   pull-requests: write
 
 jobs:
-  triage_pr:
+  triage-pr:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout