feat+fix: move codeql to its own workflow

i think it's better practice, it should slightly improve linux qt6 build times and i noticed ccache? is messing up with it because alerts get randomly fixed

Signed-off-by: DioEgizio <83089242+DioEgizio@users.noreply.github.com>

1 files changed, 35 insertions, 0 deletions

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..0cd1f6e4
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,35 @@
+name: "CodeQL Code Scanning"
+
+on: [ push, pull_request, workflow_dispatch ]
+
+jobs:
+  CodeQL:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          config-file: ./.github/codeql/codeql-config.yml
+          queries: security-and-quality
+          languages: cpp, java
+
+      - name: Install Dependencies
+        run:  
+          sudo apt-get -y update
+
+          sudo apt-get -y install ninja-build extra-cmake-modules scdoc qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5core5a libqt5network5 libqt5gui5
+
+      - name: Configure and Build
+        run: |
+          cmake -S . -B build -DCMAKE_INSTALL_PREFIX=/usr -DLauncher_QT_VERSION_MAJOR=5 -G Ninja
+
+          cmake --build build
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2