From 83a1583efc7507bb9933b73064bf6a3fd099343a Mon Sep 17 00:00:00 2001
From: hyperpolymath <6759885+hyperpolymath@users.noreply.github.com>
Date: Sun, 31 May 2026 11:37:20 +0100
Subject: [PATCH] =?UTF-8?q?ci(codeql):=20cron=20weekly=E2=86=92monthly=20(?=
 =?UTF-8?q?cut=203,=20standards#233=20Option=20B)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Per owner-decision Option B on hyperpolymath/standards#233 (2026-05-30):
move scheduled CodeQL from weekly (`'0 6 * * 1'`) to monthly
(`'0 6 1 * *'`). Same shape as canonical caller-template change
in hyperpolymath/standards#286.

## Why

- ~85% Actions-minute savings on scheduled CodeQL (12 runs/yr vs 52).
- Bounded 30-day CVE-detection floor.
- PR-trigger runs (push + pull_request) unchanged — every PR still gets
  CodeQL coverage.

## Sweep

Part of estate-wide sweep tracked at hyperpolymath/standards#288.

Refs hyperpolymath/standards#233
Refs hyperpolymath/standards#288
Refs hyperpolymath/standards#286

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 1aa0293..cdce9bd 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -7,7 +7,7 @@ on:
   pull_request:
     branches: [main, master]
   schedule:
-    - cron: '0 6 * * 1'
+    - cron: '0 6 1 * *'
 
 # Estate guardrail: cancel superseded runs so re-pushes / rebased PR
 # updates do not pile up queued runs against the shared account-wide