🚀 Release: beta → master #6

	name: "CodeQL Security Scan"

	on:
	push:
	branches: [ "master" ]
	pull_request:
	branches: [ "master" ]
	schedule:
	- cron: "0 3 * * 1" # Weekly scan (Monday 3 AM UTC)

	concurrency:
	group: codeql-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	actions: read
	contents: read
	security-events: write

	jobs:
	analyze:
	name: Analyze (CodeQL)
	runs-on: ubuntu-latest
	timeout-minutes: 20

	strategy:
	fail-fast: false
	matrix:
	language: [ "javascript" ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Initialize CodeQL (official queries only)
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality

	# Install dependencies (required for accurate analysis)
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20

	- name: Install dependencies
	run: npm ci

	# Build project (VERY IMPORTANT for TypeScript)
	- name: Build project
	run: npm run build \|\| echo "No build step"

	# Run CodeQL analysis
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v4

Provide feedback