Refactor CodeQL workflow to enable analysis for JavaScript and exclude Python files, adding language detection overrides in .gitattributes

paulanunes85 · paulanunes85 · commit d5280193fba5 · 2025-05-15T12:26:37.000-03:00
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,13 @@
+# Language detection overrides for GitHub
+
+# Mark Markdown files as detectable (documentation)
+*.md linguist-detectable=true
+*.html linguist-detectable=true
+
+# Exclude Python from language detection
+*.py linguist-generated=true
+*.py linguist-detectable=false
+
+# Documentation repository
+docs/ linguist-documentation=false
+*.md linguist-documentation=false 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,19 +1,55 @@
-name: "Disable CodeQL Analysis"
+name: "CodeQL Analysis"
 
-# This workflow is intentionally disabled for this documentation repository
-# This file exists to prevent GitHub from automatically enabling CodeQL
+# This workflow explicitly excludes Python analysis for this documentation repository
 
 on:
-  # Don't run automatically - set to manual only
-  workflow_dispatch:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * 0'  # Run once a week
 
 jobs:
-  no-analysis:
-    name: No CodeQL Analysis
+  analyze:
+    name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection to explicitly exclude Python
+        language: [ 'javascript' ]  # Only include JavaScript if needed
+
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+    - name: Checkout repository
+      uses: actions/checkout@v4
       
-      - name: Skip Analysis
-        run: echo "CodeQL Analysis intentionally disabled for this documentation repository" 
+    # Explicitly exclude Python files
+    - name: Setup Python exclusion
+      run: |
+        echo "# Language detection overrides" > .gitattributes
+        echo "*.py linguist-generated=true" >> .gitattributes
+        echo "*.md linguist-detectable=true" >> .gitattributes
+        echo "*.html linguist-detectable=true" >> .gitattributes
+        git add .gitattributes
+        git config --global user.name "GitHub Actions"
+        git config --global user.email "actions@github.com"
+        git commit -m "Add gitattributes to help language detection" || echo "No changes to commit"
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/codeql-config.yml
+        # Skip Python extraction
+        tools: '!python'
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{ matrix.language }}" 
