Run brakeman in GitHub Actions

[nschonni]

Try using GitHub and CodeQL for brakeman results

[Gargron]

FYI I already removed CodeClimate from the repository so you can remove its configuration file.

[nschonni]

FYI I already removed CodeClimate from the repository so you can remove its configuration file.

Thanks, I had dropped that one, but it created a bunch of issues, so I put it back in.
I've run into an issue with the sarif uploads to CodeQL not recogonizing the suppressions in breakman.ignore, so I may go back to the simpler approach

[nschonni]

@Gargron I deleted the config file again, but it looks like the application is still installed in the GitHub App Settings, since it's showing the failed hook results.

[nschonni]

Because of the unrelated CI failure on #24019, I figured it was a better idea to split out the bundler-audit to it's own job, that only runs when the Gemfile changes + on a regular schedule

[nschonni]

@Gargron is it easier if I restore the codeclimate file and just disable the last brakeman config?

[ClearlyClaire]

oops, sorry I missed that, and I'm actually surprised we've stopped running brakeman… when did that happen?

Is there a way we can have brakeman's results more prominent and readable, instead of having them buried in the Ruby Linting action logs?

[renchap]

Maybe with something like https://github.com/reviewdog/action-brakeman ?

[github-actions]

This pull request has merge conflicts that must be resolved before it can be merged.

[github-actions]

This pull request has resolved merge conflicts and is ready for review.

[nschonni]

oops, sorry I missed that, and I'm actually surprised we've stopped running brakeman… when did that happen?

When codeclimate was removed