added workflows #962

	name: "CodeQL"

	on:
	push:
	pull_request:
	schedule:
	- cron: '0 0 * * 0'
	permissions: read-all
	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: [ 'cpp' ]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- run: \|
	export CC=/usr/bin/clang
	export CXX=/usr/bin/clang++
	mkdir build/
	cd build/
	cmake -DCMAKE_BUILD_TYPE=Release ..
	cmake --build . --config Release
	cd -

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: ${{ matrix.language }}
	queries: security-extended,security-and-quality

	- run: \|
	cd build/
	find src/CMakeFiles/vm-manager.dir/ -iname *.o \|xargs rm
	cmake --build . --config Release

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	upload: False
	output: sarif-results

	- name: Filter SARIF
	uses: advanced-security/filter-sarif@v1
	with:
	patterns: \|
	-build/:
	-src/services/protos/gens/:
	input: sarif-results/cpp.sarif
	output: sarif-results/cpp-filtered.sarif

	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: sarif-results/cpp-filtered.sarif

	- run: \|
	mkdir sarif-report
	cp sarif-results/cpp-filtered.sarif sarif-report/

	- name: Generate Security Report
	uses: rsdmike/github-security-report-action@v3.0.4
	with:
	token: ${{ secrets.github_token }}
	sarifReportDir: sarif-report
	template: report

	- name: artifacts
	uses: actions/upload-artifact@v4
	with:
	name: sarif-results
	path: \|
	sarif-results
	report.pdf

Provide feedback