Skip to content

ci: add centralized CodeQL workflow and README badge#208

Merged
cuioss-oliver merged 1 commit into
mainfrom
chore/codeql
Jul 7, 2026
Merged

ci: add centralized CodeQL workflow and README badge#208
cuioss-oliver merged 1 commit into
mainfrom
chore/codeql

Conversation

@cuioss-oliver

Copy link
Copy Markdown
Collaborator

Summary

Instruments CodeQL scanning and surfaces its status, mirroring cui-http PR #82 (F-16).

  • .github/workflows/codeql.yml — delegates to the cuioss-organization reusable CodeQL workflow (reusable-codeql.yml @ v0.7.0, the same pinned ref this repo already uses for maven.yml/release.yml). Triggers on push/PR to main and a weekly schedule. languages: java, build-mode: none (source analysis — no Maven build needed for this zero-dependency library). The reusable workflow fixes the query suite to +security-and-quality org-wide.
  • README badge — adds a CodeQL status badge to the Status section, in the existing badge style, next to the Maven CI badge.

Verification

  • Confirmed cuioss/cuioss-organization/.github/workflows/reusable-codeql.yml exists at the pinned v0.7.0 SHA.
  • YAML/AsciiDoc-only change; no sources touched.

Add .github/workflows/codeql.yml delegating to the cuioss-organization reusable
CodeQL workflow (reusable-codeql.yml @ v0.7.0), matching the other centralized
security/CI workflows in this repo. Runs on push/PR to main and weekly; languages
java, build-mode none (source analysis, no build needed for this zero-dependency
library).

Add a CodeQL status badge to the README Status section, in the existing badge style
and next to the Maven CI badge (mirrors cui-http PR #82, F-16).

Co-Authored-By: Claude <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@cuioss-oliver, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 11 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1e63bb3b-f13a-48be-a4b3-db53bf46313f

📥 Commits

Reviewing files that changed from the base of the PR and between 1932c08 and 6c888ca.

📒 Files selected for processing (2)
  • .github/workflows/codeql.yml
  • README.adoc
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/codeql

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds a CodeQL workflow badge to the status section of the README.adoc file. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@cuioss-oliver cuioss-oliver merged commit 7a45327 into main Jul 7, 2026
22 checks passed
@cuioss-oliver cuioss-oliver deleted the chore/codeql branch July 7, 2026 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants