sdforge 0.3.1

Multi-protocol SDK framework with unified macro configuration
# CodeQL 静态安全分析(GitHub 原生,跨语言自动检测)。
# 触发: push 到主分支 / PR / 每周二定时全量扫描
# 无需额外 secret:使用自动注入的 GITHUB_TOKEN。
name: CodeQL

on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]
  schedule:
    - cron: "37 4 * * 2" # 每周二 04:37 UTC(避开整点)

permissions:
  contents: read
  security-events: write # 上传 SARIF 到 Security 标签页

concurrency:
  group: codeql-${{ github.ref }}
  cancel-in-progress: true

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      actions: read
      contents: read
    strategy:
      fail-fast: false
    steps:
      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4

      # 不传 languages → CodeQL 自动检测仓库语言
      - name: Initialize CodeQL
        uses: github/codeql-action/init@dd903d2e4f5405488e5ef1422510ee31c8b32357  # v3

      - name: Autobuild
        uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e  # v3

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e  # v3
        with:
          category: "/language:autodetect"