fix(ci): add android CodeQL security shard

Add a manual Android CodeQL security shard scoped to app production sources. Verified with profile=android-security on Blacksmith in 4m22s.
2026-05-06 07:20:43 +00:00 · 2026-04-27 12:32:55 -07:00
parent 4cd68fafbb
commit 74eccd42d8
2 changed files with 55 additions and 0 deletions
--- a/.github/codeql/codeql-android-critical-security.yml
+++ b/.github/codeql/codeql-android-critical-security.yml
@@ -0,0 +1,21 @@
+name: openclaw-codeql-android-critical-security
+
+disable-default-queries: true
+
+queries:
+  - uses: security-extended
+
+paths:
+  - apps/android/app/src/main
+
+paths-ignore:
+  - "**/.gradle"
+  - "**/build"
+  - "**/node_modules"
+  - "**/coverage"
+  - "**/*.generated.*"
+  - "**/*Test.kt"
+  - "**/*Test.java"
+  - "**/*Benchmark.kt"
+  - apps/android/app/src/test
+  - apps/android/benchmark