ci: add CodeQL workflow

[nanotaboada]

This change is 

Summary by CodeRabbit

• Chores
  • Automated code quality analysis workflow added. Runs on code pushes, pull requests, and scheduled intervals to continuously monitor code integrity.

[coderabbitai]

Warning

Rate limit exceeded

@nanotaboada has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 2 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1f78688a-82e3-4703-838d-9f2c416289bf

📥 Commits

Reviewing files that changed from the base of the PR and between 54b3308 and 8976d94.

📒 Files selected for processing (1)

• README.md

Walkthrough

Introduces a new GitHub Actions workflow for automated CodeQL Advanced analysis that triggers on pushes and pull requests to the master branch and runs on a schedule. The workflow analyzes code in "actions" and "python" languages using the CodeQL initialization and analysis steps with appropriate permissions.

Changes

Cohort / File(s)	Summary
CodeQL Workflow Configuration .github/workflows/codeql.yml	New GitHub Actions workflow defining CodeQL Advanced analysis with matrix strategy for multiple languages (actions, python), scheduled and event-driven triggers on master branch, and security-related permissions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore(ci): switch to default setup for CodeQL scanning #333: Modifies CI code-scanning configuration by replacing Codacy workflow with CodeQL setup, addressing similar static analysis automation concerns.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits format with 'ci:' prefix, is descriptive and specific about adding a CodeQL workflow, and is well under 80 characters at 23 characters.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci/codeql-workflow

• 🛠️ sync documentation: Commit on current branch
• 🛠️ sync documentation: Create PR
• 🛠️ enforce http error handling: Commit on current branch
• 🛠️ enforce http error handling: Create PR
• 🛠️ idiomatic review: Commit on current branch
• 🛠️ idiomatic review: Create PR
• 🛠️ verify api contract: Commit on current branch
• 🛠️ verify api contract: Create PR

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (289dcb2) to head (8976d94).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #518   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines          110       110           
=========================================
  Hits           110       110           

Components	Coverage Δ
Services	100.00% <ø> (ø)
Routes	100.00% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud