dbnexus 0.3.1

An enterprise-grade database abstraction layer for Rust with built-in permission control and connection pooling
Documentation
# CodeQL 语义级安全扫描
# Docs: https://docs.github.com/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
name: "CodeQL Security Scan"

on:
  push:
    branches:
      - main
      - master
      - "feature/**"
      - "release/**"
  pull_request:
    branches:
      - main
      - master
  schedule:
    # 每周一 09:00 UTC+8 定时扫描
    - cron: "0 1 * * 1"

permissions:
  contents: read
  security-events: write
  actions: read

# 避免并发运行
concurrency:
  group: codeql-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analyze:
    name: Analyze (Rust)
    runs-on: ubuntu-latest
    timeout-minutes: 30

    strategy:
      fail-fast: false
      matrix:
        # CodeQL 对 Rust 的支持从 CodeQL 2.14.6 开始
        language: ["rust"]

    steps:
      - name: Checkout repository
        uses: actions/checkout@v7
        with:
          fetch-depth: 0

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy, rustfmt

      - name: Cache Cargo registry
        uses: actions/cache@v6
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
            target
          key: ${{ runner.os }}-codeql-cargo-${{ hashFiles('**/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-codeql-cargo-

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: ${{ matrix.language }}
          # 使用默认的安全查询套件
          queries: +security-extended
          build-mode: autobuild

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
          category: "/language:${{ matrix.language }}"