From 397c0202a297275fa37775b5e9d393ae2ca820f7 Mon Sep 17 00:00:00 2001 From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com> Date: Sun, 31 May 2026 12:13:01 +0100 Subject: [PATCH] =?UTF-8?q?ci(codeql):=20cron=20weekly=E2=86=92monthly=20(?= =?UTF-8?q?cut=203,=20standards#233=20Option=20B)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per owner-decision Option B on hyperpolymath/standards#233 (2026-05-30): move scheduled CodeQL from weekly (`'0 6 * * 1'`) to monthly (`'0 6 1 * *'`). Same shape as canonical caller-template change in hyperpolymath/standards#286. ## Why - ~85% Actions-minute savings on scheduled CodeQL (12 runs/yr vs 52). - Bounded 30-day CVE-detection floor. - PR-trigger runs (push + pull_request) unchanged — every PR still gets CodeQL coverage. ## Sweep Part of estate-wide sweep tracked at hyperpolymath/standards#288. Refs hyperpolymath/standards#233 Refs hyperpolymath/standards#288 Refs hyperpolymath/standards#286 Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/codeql.yml | 2 +- ada-ecosystem/ada-loom-registry/.github/workflows/codeql.yml | 2 +- .../rattlescript/affinescript/.github/workflows/codeql.yml | 2 +- asdf-augmenters/asdf-control-tower/.github/workflows/codeql.yml | 2 +- .../plugins/casket-ssg/.github/workflows/codeql.yml | 2 +- .../plugins/hashicorp/.github/workflows/codeql.yml | 2 +- .../plugins/openlitespeed/.github/workflows/codeql.yml | 2 +- .../asdf-security-plugin/.github/workflows/codeql.yml | 2 +- cadre-tea-router/.github/workflows/codeql.yml | 2 +- czech-file-knife/.github/workflows/codeql.yml | 2 +- deno-ecosystem/.github/workflows/codeql.yml | 2 +- devkit-risc-v/.github/workflows/codeql.yml | 2 +- dnfinition/.github/workflows/codeql.yml | 2 +- iser-tools/anvomidaviser/.github/workflows/codeql.yml | 2 +- iser-tools/betlangiser/.github/workflows/codeql.yml | 2 +- iser-tools/otpiser/.github/workflows/codeql.yml | 2 +- rescript-ecosystem/cadre-router/.github/workflows/codeql.yml | 2 +- .../idaptik-rescript13-staging/.github/workflows/codeql.yml | 2 +- .../packages/bindings/openapi/.github/workflows/codeql.yml | 2 +- .../packages/bindings/tauri/.github/workflows/codeql.yml | 2 +- .../packages/core/early-return/.github/workflows/codeql.yml | 2 +- .../packages/core/poly-core/.github/workflows/codeql.yml | 2 +- .../packages/core/runtime-tools/.github/workflows/codeql.yml | 2 +- .../packages/ffi/zig-ffi/.github/workflows/codeql.yml | 2 +- .../packages/tooling/alib-codemods/.github/workflows/codeql.yml | 2 +- .../tooling/alib-for-rescript/.github/workflows/codeql.yml | 2 +- .../packages/tooling/create-poly/.github/workflows/codeql.yml | 2 +- rescript-ecosystem/rescript-tea/.github/workflows/codeql.yml | 2 +- rescript-ecosystem/rescript-vite/.github/workflows/codeql.yml | 2 +- riscv-guix-buildsys/.github/workflows/codeql.yml | 2 +- scaffoldia/.github/workflows/codeql.yml | 2 +- techstack-enforcer/.github/workflows/codeql.yml | 2 +- v-ecosystem/v-benchmarks/.github/workflows/codeql.yml | 2 +- v-ecosystem/v-grpc/.github/workflows/codeql.yml | 2 +- v-ecosystem/v-telemetry/.github/workflows/codeql.yml | 2 +- .../v_api_interfaces/v_grpc/.github/workflows/codeql.yml | 2 +- .../v_api_interfaces/v_rest/.github/workflows/codeql.yml | 2 +- 37 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 438fe5d9..90415a98 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' # Estate guardrail: cancel superseded runs so re-pushes / rebased PR # updates do not pile up queued runs against the shared account-wide diff --git a/ada-ecosystem/ada-loom-registry/.github/workflows/codeql.yml b/ada-ecosystem/ada-loom-registry/.github/workflows/codeql.yml index 5148cf4c..3e1a7920 100644 --- a/ada-ecosystem/ada-loom-registry/.github/workflows/codeql.yml +++ b/ada-ecosystem/ada-loom-registry/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/affinescript-ecosystem/rattlescript/affinescript/.github/workflows/codeql.yml b/affinescript-ecosystem/rattlescript/affinescript/.github/workflows/codeql.yml index 6551e6c7..c72b1522 100644 --- a/affinescript-ecosystem/rattlescript/affinescript/.github/workflows/codeql.yml +++ b/affinescript-ecosystem/rattlescript/affinescript/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/asdf-augmenters/asdf-control-tower/.github/workflows/codeql.yml b/asdf-augmenters/asdf-control-tower/.github/workflows/codeql.yml index a2a0bd7b..4018ffe7 100644 --- a/asdf-augmenters/asdf-control-tower/.github/workflows/codeql.yml +++ b/asdf-augmenters/asdf-control-tower/.github/workflows/codeql.yml @@ -6,7 +6,7 @@ on: pull_request: branches: [main] schedule: - - cron: "0 6 * * 1" + - cron: "0 6 1 * *" permissions: read-all jobs: analyze: diff --git a/asdf-augmenters/asdf-plugin-collection/plugins/casket-ssg/.github/workflows/codeql.yml b/asdf-augmenters/asdf-plugin-collection/plugins/casket-ssg/.github/workflows/codeql.yml index 35dd2051..e97d5c03 100644 --- a/asdf-augmenters/asdf-plugin-collection/plugins/casket-ssg/.github/workflows/codeql.yml +++ b/asdf-augmenters/asdf-plugin-collection/plugins/casket-ssg/.github/workflows/codeql.yml @@ -6,7 +6,7 @@ on: pull_request: branches: [main] schedule: - - cron: "0 6 * * 1" + - cron: "0 6 1 * *" permissions: read-all jobs: analyze: diff --git a/asdf-augmenters/asdf-plugin-collection/plugins/hashicorp/.github/workflows/codeql.yml b/asdf-augmenters/asdf-plugin-collection/plugins/hashicorp/.github/workflows/codeql.yml index 35dd2051..e97d5c03 100644 --- a/asdf-augmenters/asdf-plugin-collection/plugins/hashicorp/.github/workflows/codeql.yml +++ b/asdf-augmenters/asdf-plugin-collection/plugins/hashicorp/.github/workflows/codeql.yml @@ -6,7 +6,7 @@ on: pull_request: branches: [main] schedule: - - cron: "0 6 * * 1" + - cron: "0 6 1 * *" permissions: read-all jobs: analyze: diff --git a/asdf-augmenters/asdf-plugin-collection/plugins/openlitespeed/.github/workflows/codeql.yml b/asdf-augmenters/asdf-plugin-collection/plugins/openlitespeed/.github/workflows/codeql.yml index 61d95da9..e1493d17 100644 --- a/asdf-augmenters/asdf-plugin-collection/plugins/openlitespeed/.github/workflows/codeql.yml +++ b/asdf-augmenters/asdf-plugin-collection/plugins/openlitespeed/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/asdf-augmenters/asdf-security-plugin/.github/workflows/codeql.yml b/asdf-augmenters/asdf-security-plugin/.github/workflows/codeql.yml index 61d95da9..e1493d17 100644 --- a/asdf-augmenters/asdf-security-plugin/.github/workflows/codeql.yml +++ b/asdf-augmenters/asdf-security-plugin/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/cadre-tea-router/.github/workflows/codeql.yml b/cadre-tea-router/.github/workflows/codeql.yml index 5148cf4c..3e1a7920 100644 --- a/cadre-tea-router/.github/workflows/codeql.yml +++ b/cadre-tea-router/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/czech-file-knife/.github/workflows/codeql.yml b/czech-file-knife/.github/workflows/codeql.yml index e79557f2..86ca2596 100644 --- a/czech-file-knife/.github/workflows/codeql.yml +++ b/czech-file-knife/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/deno-ecosystem/.github/workflows/codeql.yml b/deno-ecosystem/.github/workflows/codeql.yml index 3575cd97..018b181a 100644 --- a/deno-ecosystem/.github/workflows/codeql.yml +++ b/deno-ecosystem/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/devkit-risc-v/.github/workflows/codeql.yml b/devkit-risc-v/.github/workflows/codeql.yml index 5148cf4c..3e1a7920 100644 --- a/devkit-risc-v/.github/workflows/codeql.yml +++ b/devkit-risc-v/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/dnfinition/.github/workflows/codeql.yml b/dnfinition/.github/workflows/codeql.yml index 23e01793..9f53ead4 100644 --- a/dnfinition/.github/workflows/codeql.yml +++ b/dnfinition/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/iser-tools/anvomidaviser/.github/workflows/codeql.yml b/iser-tools/anvomidaviser/.github/workflows/codeql.yml index e152a864..02861a95 100644 --- a/iser-tools/anvomidaviser/.github/workflows/codeql.yml +++ b/iser-tools/anvomidaviser/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/iser-tools/betlangiser/.github/workflows/codeql.yml b/iser-tools/betlangiser/.github/workflows/codeql.yml index e152a864..02861a95 100644 --- a/iser-tools/betlangiser/.github/workflows/codeql.yml +++ b/iser-tools/betlangiser/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/iser-tools/otpiser/.github/workflows/codeql.yml b/iser-tools/otpiser/.github/workflows/codeql.yml index e152a864..02861a95 100644 --- a/iser-tools/otpiser/.github/workflows/codeql.yml +++ b/iser-tools/otpiser/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/rescript-ecosystem/cadre-router/.github/workflows/codeql.yml b/rescript-ecosystem/cadre-router/.github/workflows/codeql.yml index 3575cd97..018b181a 100644 --- a/rescript-ecosystem/cadre-router/.github/workflows/codeql.yml +++ b/rescript-ecosystem/cadre-router/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/idaptik-rescript13-staging/.github/workflows/codeql.yml b/rescript-ecosystem/idaptik-rescript13-staging/.github/workflows/codeql.yml index f0d675a4..46d187b2 100644 --- a/rescript-ecosystem/idaptik-rescript13-staging/.github/workflows/codeql.yml +++ b/rescript-ecosystem/idaptik-rescript13-staging/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/rescript-ecosystem/packages/bindings/openapi/.github/workflows/codeql.yml b/rescript-ecosystem/packages/bindings/openapi/.github/workflows/codeql.yml index 62387ade..50918d6c 100644 --- a/rescript-ecosystem/packages/bindings/openapi/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/bindings/openapi/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/bindings/tauri/.github/workflows/codeql.yml b/rescript-ecosystem/packages/bindings/tauri/.github/workflows/codeql.yml index 61d95da9..e1493d17 100644 --- a/rescript-ecosystem/packages/bindings/tauri/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/bindings/tauri/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/core/early-return/.github/workflows/codeql.yml b/rescript-ecosystem/packages/core/early-return/.github/workflows/codeql.yml index 61d95da9..e1493d17 100644 --- a/rescript-ecosystem/packages/core/early-return/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/core/early-return/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/core/poly-core/.github/workflows/codeql.yml b/rescript-ecosystem/packages/core/poly-core/.github/workflows/codeql.yml index 3575cd97..018b181a 100644 --- a/rescript-ecosystem/packages/core/poly-core/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/core/poly-core/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/core/runtime-tools/.github/workflows/codeql.yml b/rescript-ecosystem/packages/core/runtime-tools/.github/workflows/codeql.yml index 61d95da9..e1493d17 100644 --- a/rescript-ecosystem/packages/core/runtime-tools/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/core/runtime-tools/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/ffi/zig-ffi/.github/workflows/codeql.yml b/rescript-ecosystem/packages/ffi/zig-ffi/.github/workflows/codeql.yml index dd59c36b..e0c928c3 100644 --- a/rescript-ecosystem/packages/ffi/zig-ffi/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/ffi/zig-ffi/.github/workflows/codeql.yml @@ -6,7 +6,7 @@ on: pull_request: branches: [main] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all jobs: analyze: diff --git a/rescript-ecosystem/packages/tooling/alib-codemods/.github/workflows/codeql.yml b/rescript-ecosystem/packages/tooling/alib-codemods/.github/workflows/codeql.yml index 5148cf4c..3e1a7920 100644 --- a/rescript-ecosystem/packages/tooling/alib-codemods/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/tooling/alib-codemods/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/tooling/alib-for-rescript/.github/workflows/codeql.yml b/rescript-ecosystem/packages/tooling/alib-for-rescript/.github/workflows/codeql.yml index 5148cf4c..3e1a7920 100644 --- a/rescript-ecosystem/packages/tooling/alib-for-rescript/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/tooling/alib-for-rescript/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/packages/tooling/create-poly/.github/workflows/codeql.yml b/rescript-ecosystem/packages/tooling/create-poly/.github/workflows/codeql.yml index 3575cd97..018b181a 100644 --- a/rescript-ecosystem/packages/tooling/create-poly/.github/workflows/codeql.yml +++ b/rescript-ecosystem/packages/tooling/create-poly/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/rescript-ecosystem/rescript-tea/.github/workflows/codeql.yml b/rescript-ecosystem/rescript-tea/.github/workflows/codeql.yml index e152a864..02861a95 100644 --- a/rescript-ecosystem/rescript-tea/.github/workflows/codeql.yml +++ b/rescript-ecosystem/rescript-tea/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/rescript-ecosystem/rescript-vite/.github/workflows/codeql.yml b/rescript-ecosystem/rescript-vite/.github/workflows/codeql.yml index cb440519..7eebb3c3 100644 --- a/rescript-ecosystem/rescript-vite/.github/workflows/codeql.yml +++ b/rescript-ecosystem/rescript-vite/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/riscv-guix-buildsys/.github/workflows/codeql.yml b/riscv-guix-buildsys/.github/workflows/codeql.yml index 3575cd97..018b181a 100644 --- a/riscv-guix-buildsys/.github/workflows/codeql.yml +++ b/riscv-guix-buildsys/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/scaffoldia/.github/workflows/codeql.yml b/scaffoldia/.github/workflows/codeql.yml index 6368f078..7b01965e 100644 --- a/scaffoldia/.github/workflows/codeql.yml +++ b/scaffoldia/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/techstack-enforcer/.github/workflows/codeql.yml b/techstack-enforcer/.github/workflows/codeql.yml index 7f6e34dd..c42eddcf 100644 --- a/techstack-enforcer/.github/workflows/codeql.yml +++ b/techstack-enforcer/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/v-ecosystem/v-benchmarks/.github/workflows/codeql.yml b/v-ecosystem/v-benchmarks/.github/workflows/codeql.yml index cb440519..7eebb3c3 100644 --- a/v-ecosystem/v-benchmarks/.github/workflows/codeql.yml +++ b/v-ecosystem/v-benchmarks/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/v-ecosystem/v-grpc/.github/workflows/codeql.yml b/v-ecosystem/v-grpc/.github/workflows/codeql.yml index e152a864..02861a95 100644 --- a/v-ecosystem/v-grpc/.github/workflows/codeql.yml +++ b/v-ecosystem/v-grpc/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: contents: read diff --git a/v-ecosystem/v-telemetry/.github/workflows/codeql.yml b/v-ecosystem/v-telemetry/.github/workflows/codeql.yml index cb440519..7eebb3c3 100644 --- a/v-ecosystem/v-telemetry/.github/workflows/codeql.yml +++ b/v-ecosystem/v-telemetry/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/v-ecosystem/v_api_interfaces/v_grpc/.github/workflows/codeql.yml b/v-ecosystem/v_api_interfaces/v_grpc/.github/workflows/codeql.yml index cb440519..7eebb3c3 100644 --- a/v-ecosystem/v_api_interfaces/v_grpc/.github/workflows/codeql.yml +++ b/v-ecosystem/v_api_interfaces/v_grpc/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all diff --git a/v-ecosystem/v_api_interfaces/v_rest/.github/workflows/codeql.yml b/v-ecosystem/v_api_interfaces/v_rest/.github/workflows/codeql.yml index cb440519..7eebb3c3 100644 --- a/v-ecosystem/v_api_interfaces/v_rest/.github/workflows/codeql.yml +++ b/v-ecosystem/v_api_interfaces/v_rest/.github/workflows/codeql.yml @@ -7,7 +7,7 @@ on: pull_request: branches: [main, master] schedule: - - cron: '0 6 * * 1' + - cron: '0 6 1 * *' permissions: read-all