CodeQL #16

	name: CodeQL

	on:
	pull_request:
	branches:
	- main
	- ft/main/**
	push:
	branches:
	- main
	- ft/main/**
	schedule:
	- cron: "45 6 * * 3"

	permissions: read-all

	jobs:
	check_changes:
	name: Deduce required tests from code changes
	if: ${{ github.event_name == 'pull_request' }}
	runs-on: ubuntu-latest
	outputs:
	go-changes: ${{ steps.go-changes.outputs.src }}
	steps:
	- name: Check code changes
	uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
	id: go-changes
	with:
	filters: \|
	src:
	- .github/workflows/lint-codeql.yaml
	- '*/.go'
	- 'go.mod'
	- 'go.sum'

	analyze:
	needs: check_changes
	if: ${{ needs.check_changes.outputs.go-changes == 'true' \|\| github.event_name != 'pull_request' }}
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	steps:
	- name: Checkout repo
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	persist-credentials: false
	fetch-depth: 1
	- name: Initialize CodeQL
	uses: github/codeql-action/init@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9
	with:
	languages: go
	debug: true
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9

Provide feedback