From f2d3fa6b44a09e960e80768cb26fab89b36437c9 Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Sun, 31 May 2026 08:18:52 +0100
Subject: [PATCH] =?UTF-8?q?ci(codeql):=20cron=20weekly=E2=86=92monthly=20(?=
 =?UTF-8?q?cut=203,=20standards#233=20Option=20B)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per owner-decision Option B on hyperpolymath/standards#233 (2026-05-30):
move scheduled CodeQL from weekly (`'0 6 * * 1'`) to monthly
(`'0 6 1 * *'`). Same shape as canonical caller-template change
in hyperpolymath/standards#286.

## Why

- ~85% Actions-minute savings on scheduled CodeQL (12 runs/yr vs 52).
- Bounded 30-day CVE-detection floor.
- PR-trigger runs (push + pull_request) unchanged — every PR still gets
  CodeQL coverage.

## Sweep

Part of estate-wide sweep tracked at hyperpolymath/standards#288.

Refs hyperpolymath/standards#233
Refs hyperpolymath/standards#288
Refs hyperpolymath/standards#286

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/codeql.yml                                | 2 +-
 czech-file-knife/.github/workflows/codeql.yml               | 2 +-
 emergency-button/.github/workflows/codeql.yml               | 2 +-
 monitoring/systems-observatory/.github/workflows/codeql.yml | 2 +-
 nano-aider/.github/workflows/codeql.yml                     | 2 +-
 personal-sysadmin/.github/workflows/codeql.yml              | 2 +-
 total-update/.github/workflows/codeql.yml                   | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 129188ed..7e551e22 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions:
   contents: read
diff --git a/czech-file-knife/.github/workflows/codeql.yml b/czech-file-knife/.github/workflows/codeql.yml
index e79557f2..86ca2596 100644
--- a/czech-file-knife/.github/workflows/codeql.yml
+++ b/czech-file-knife/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all
 
diff --git a/emergency-button/.github/workflows/codeql.yml b/emergency-button/.github/workflows/codeql.yml
index 50b98c88..91b7e419 100644
--- a/emergency-button/.github/workflows/codeql.yml
+++ b/emergency-button/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all
 
diff --git a/monitoring/systems-observatory/.github/workflows/codeql.yml b/monitoring/systems-observatory/.github/workflows/codeql.yml
index dfcf777c..7568caea 100644
--- a/monitoring/systems-observatory/.github/workflows/codeql.yml
+++ b/monitoring/systems-observatory/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all
 
diff --git a/nano-aider/.github/workflows/codeql.yml b/nano-aider/.github/workflows/codeql.yml
index 23e01793..9f53ead4 100644
--- a/nano-aider/.github/workflows/codeql.yml
+++ b/nano-aider/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all
 
diff --git a/personal-sysadmin/.github/workflows/codeql.yml b/personal-sysadmin/.github/workflows/codeql.yml
index 11a9a142..05a1143e 100644
--- a/personal-sysadmin/.github/workflows/codeql.yml
+++ b/personal-sysadmin/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all
 
diff --git a/total-update/.github/workflows/codeql.yml b/total-update/.github/workflows/codeql.yml
index 23e01793..9f53ead4 100644
--- a/total-update/.github/workflows/codeql.yml
+++ b/total-update/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 permissions: read-all