Context
PR #22 review (comment) flagged ambiguity in the CodeQL workflow comment about the weekly scheduled run.
The wording can be interpreted as dependency-style monitoring, which is not the intent. The schedule exists to re-run static analysis with updated CodeQL queries/engines and newly disclosed patterns, even when repository code has not changed.
Implementation Plan
- Update comment text in
.github/workflows/codeql.yml to explicitly state why the weekly run exists
- Keep explanation concise and avoid vague terms like "drift"
- Ensure trigger comments align with actual workflow behavior (
pull_request, push, schedule)
- No workflow runtime logic changes (comment/documentation-only change)
- No changelog entry needed
Context
PR #22 review (comment) flagged ambiguity in the CodeQL workflow comment about the weekly scheduled run.
The wording can be interpreted as dependency-style monitoring, which is not the intent. The schedule exists to re-run static analysis with updated CodeQL queries/engines and newly disclosed patterns, even when repository code has not changed.
Implementation Plan
.github/workflows/codeql.ymlto explicitly state why the weekly run existspull_request,push,schedule)