From e3fcf4e8b6827bab74b0b6c22e20be94bca792ce Mon Sep 17 00:00:00 2001
From: Constantinos Xanthopoulos <xanthopoulos.c@gmail.com>
Date: Wed, 17 May 2023 23:53:12 -0500
Subject: [PATCH 1/2] Update codeql-analysis to run on .github

---
 .github/workflows/codeql-analysis.yml | 88 +++++++++++++++++----------
 1 file changed, 56 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 886d230cc..96e468ed9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -6,56 +6,80 @@ on:
   pull_request:
     branches: [master, develop]
   schedule:
-    #        ┌───────────── minute (0 - 59)
-    #        │  ┌───────────── hour (0 - 23)
-    #        │  │ ┌───────────── day of the month (1 - 31)
-    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
-    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
-    #        │  │ │ │ │
-    #        │  │ │ │ │
-    #        │  │ │ │ │
-    #        *  * * * *
-    - cron: '30 1 * * 0'
+    - cron: 30 1 * * 0 # Runs every Sunday 1:30 am UTC
 
 jobs:
-  CodeQL-Build:
-    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+  CodeQL-Javascript:
     runs-on: ubuntu-latest
-
     permissions:
-      # required for all workflows
       security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-      # only required for workflows in private repositories
-      actions: read
-      contents: read
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: javascript
 
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
+  CodeQL-Python-dot-github:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      # Initializes the CodeQL tools for scanning.
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        id: setup-python
+        with:
+          python-version: '3.10'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          if [ -f ${{ github.workspace }}/.github/scripts/requirements.txt ];
+          then pip install -r ${{ github.workspace }}/.github/scripts/requirements.txt;
+          fi
+          # Set the `CODEQL-PYTHON` environment variable to the Python executable
+          # that includes the dependencies
+          echo "CODEQL_PYTHON=${{ steps.setup-python.outputs.python-path }}" >> $GITHUB_ENV
+
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
-        # Override language selection by uncommenting this and choosing your languages
         with:
-          languages: javascript, python
+          languages: python
+          setup-python-dependencies: false
+          source-root: .github/
 
-      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below).
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
 
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+  CodeQL-Python-rest:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following
-      #    three lines and modify them (or add more) to build your code if your
-      #    project uses a compiled language
+      - name: Find Python files outside the .github folder
+        id: find_files
+        run: |
+          python_files=$(find ${{ github.workspace }} -name "*.py" -type f -not -path '*/\.*' | wc -l)
+          echo "python_files=${python_files}" >> $GITHUB_OUTPUT
+          echo "$python_files Python files were found outside the .github folder."
 
-      #- run: |
-      #     make bootstrap
-      #     make release
+      - name: Initialize CodeQL
+        if: ${{ steps.find_files.outputs.python_files != '0' }}
+        uses: github/codeql-action/init@v2
+        with:
+          languages: python
 
       - name: Perform CodeQL Analysis
+        if: ${{ steps.find_files.outputs.python_files != '0' }}
         uses: github/codeql-action/analyze@v2

From da4f38447773a5de5aff125952b08f14e49adb6f Mon Sep 17 00:00:00 2001
From: Constantinos Xanthopoulos <xanthopoulos.c@gmail.com>
Date: Thu, 18 May 2023 13:25:42 -0500
Subject: [PATCH 2/2] Update .github/workflows/codeql-analysis.yml

Co-authored-by: David Leal <halfpacho@gmail.com>
---
 .github/workflows/codeql-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 96e468ed9..64ac90a5e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -15,7 +15,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2