fix(egress): repair learn/enforce flow — operator toggle + CLI approve/deny/enforce #1654
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeQL | |
| on: | |
| push: | |
| branches: [main, dev] | |
| pull_request: | |
| branches: [main, dev] | |
| schedule: | |
| - cron: "30 5 * * 1" # Monday 05:30 UTC | |
| permissions: | |
| contents: read | |
| jobs: | |
| analyze: | |
| name: Analyze (${{ matrix.language }}) | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| security-events: write # CodeQL uploads SARIF results | |
| actions: read # read workflow run metadata for the Actions pack | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # CodeQL Rust support reached GA in CodeQL CLI 2.23.3 (late 2025). | |
| # We run Rust alongside the JS/TS + Actions packs to cover the | |
| # whole repo. `cargo-deny` (deny.toml) + `cargo-audit` (Rust | |
| # Supply-Chain Gate in ci.yml) + Dependabot weekly cargo | |
| # updates remain in place as defense-in-depth. | |
| language: [javascript-typescript, actions, rust] | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 | |
| with: | |
| languages: ${{ matrix.language }} | |
| config-file: ./.github/codeql-config.yml | |
| queries: security-and-quality | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4 | |
| with: | |
| category: "/language:${{ matrix.language }}" |