🔖 Feature description

Summary:

I propose adding a GitHub CodeQL workflow to the following KubeSlice repositories:

• kubeslice/kubeslice-controller
• kubeslice/worker-operator
• kubeslice/kubeslice-cli

🎤 Pitch

• CodeQL is GitHub’s static analysis engine that can help detect security vulnerabilities, code quality issues, and maintainability problems early in the development process.
• By integrating it into the CI pipeline, we can automatically scan new pull requests and master branch updates.
• This aligns with our goal of enhancing testing and automation across the KubeSlice ecosystem.

✌️ Solution

• Add a .github/workflows/codeql.yml workflow file to each repository.

• Configure it to run on:

  • Push events to the master branch.
  • Pull requests targeting master.
  • A weekly scheduled run for ongoing code health monitoring.

• Use the github/codeql-action with languages: ['go'] for optimal detection in our Go-based codebase.

Benefits:

• Early detection of potential security and quality issues.
• Improved code reliability and maintainability.
• Aligns with best practices for secure software development in open source projects.

Next Steps:
If approved, I can open PRs to add the CodeQL workflow in all three repositories mentioned above.

🔄️ Alternative

No response

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct