ci: remove drift codeql.yml and enable GitHub-managed default setup#187
ci: remove drift codeql.yml and enable GitHub-managed default setup#187don-petry wants to merge 3 commits into
Conversation
Per ci-standards §2, CodeQL should use GitHub-managed default setup rather than a per-repo workflow file. The inline codeql.yml is now drift — default setup has been enabled via the API (state=configured, query_suite=default). Closes #168 Co-authored-by: don-petry <don-petry@users.noreply.github.com>
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 55 minutes and 43 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Hey @don-petry — this PR is ready for your review. It enables GitHub-managed CodeQL default setup (as required by ci-standards §2) and removes the drift |
|
There was a problem hiding this comment.
Pull request overview
This PR migrates CodeQL scanning from a repository-managed workflow to GitHub-managed CodeQL default setup to align with the org CI standards and avoid duplicated runs.
Changes:
- Removed the per-repo CodeQL workflow (
.github/workflows/codeql.yml) so CodeQL runs only via GitHub-managed default setup. - Relies on enabling CodeQL default setup via repository settings/API (
state=configured,query_suite=default) as described in the PR.
Automated review — APPROVEDRisk: LOW SummaryThis PR deletes a per-repo CodeQL workflow file that has become redundant drift now that GitHub-managed default setup is active. All CI checks pass (CodeQL, SonarCloud, build, tests), GitHub-managed CodeQL is confirmed running via the separate status check, and language coverage is unchanged. The triage escalation was caused by a triage-tier crash, not a genuine security signal. FindingsInfo
CI statusAll CI checks pass (CodeQL, SonarCloud, build, tests). Reviewed by the don-petry PR-review cascade (triage: haiku 4.5 → deep: sonnet 4.6 + duck: gpt-5.4 → audit: opus 4.6). Reply with |



Summary
state=configured,query_suite=default).github/workflows/codeql.ymlworkflow file, which the CI standards (§2) classify as drift now that default setup is activeWhy
Per ci-standards §2, CodeQL must use GitHub-managed default setup, not an inline workflow file. The weekly compliance audit was flagging this repo with
codeql-default-setup-not-configuredbecause default setup had never been explicitly enabled, and the per-repocodeql.ymlis treated as drift.Closes #168
Generated with Claude Code