fix(ci): add macOS CodeQL security shard

Add a manual macOS CodeQL security shard scoped to app sources. Verified with profile=macos-security on Blacksmith in 16m55s.
2026-05-06 06:20:43 +00:00 · 2026-04-27 13:40:34 -07:00
parent b6be422306
commit 36b5e34fc0
2 changed files with 50 additions and 0 deletions
--- a/.github/codeql/codeql-macos-critical-security.yml
+++ b/.github/codeql/codeql-macos-critical-security.yml
@@ -0,0 +1,17 @@
+name: openclaw-codeql-macos-critical-security
+
+disable-default-queries: true
+
+queries:
+  - uses: security-extended
+
+paths:
+  - apps/macos/Sources
+
+paths-ignore:
+  - "**/.build"
+  - "**/.build/**"
+  - "**/DerivedData"
+  - "**/DerivedData/**"
+  - "**/*.generated.swift"
+  - "**/*Tests.swift"