restrict forbid autogrowth setting to committable resources #657

	name: "Code Scanning - Action"

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: '30 1 * * 0'

	jobs:
	CodeQL-Build:
	# CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
	runs-on: ubuntu-latest

	permissions:
	# required for all workflows
	security-events: write

	# only required for workflows in private repositories
	actions: read
	contents: read

	steps:
	- name: Setup Node.js
	uses: actions/setup-node@v5
	with:
	node-version: 22
	- name: Checkout repository
	uses: actions/checkout@v5
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	queries: security-extended
	languages: javascript

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v4

Provide feedback