From 9f12a7678c76c899070bd6a3d33d95bbe7d3bd45 Mon Sep 17 00:00:00 2001
From: 0xdx2 <xuedamon2@gmail.com>
Date: Wed, 10 Dec 2025 21:48:18 +0800
Subject: [PATCH] feat(ci): add codeql to scanner code  (#1076)

---
 .github/workflows/ci.yml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ed5571d3..9f1778da 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -169,3 +169,39 @@ jobs:
           name: e2e-test-logs-${{ github.run_number }}
           path: /tmp/rustfs.log
           retention-days: 3
+  analyze:
+    name: Analyze Rust
+    needs: skip-check
+    if: needs.skip-check.outputs.should_skip != 'true'
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+      contents: read
+    
+    strategy:
+      fail-fast: false
+      matrix: 
+        language: [ rust ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v4
+        with:
+          languages: ${{ matrix.language }}
+          ram: 6000
+          threads: 2
+          db-location: /home/runner/work/codeql_dbs
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v4
+        with:
+          category: "/language:${{ matrix.language }}"
+          ram: 6000
+          threads: 2
+      - uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif