From 9208f7ff8c5f1f2e6dcdcaa3dc0993c41a0f9cd5 Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ismo@ivuorinen.net>
Date: Tue, 25 Nov 2025 23:28:03 +0200
Subject: [PATCH] ci: improve workflow determinism and security scanning

- Add --language=shellspec flag to tree-sitter parse for deterministic grammar selection
- Add C++ language to CodeQL analysis to scan src/scanner.c for security issues

Addresses PR #1 review comments from CodeRabbit.
---
 .github/workflows/codeql.yml | 2 +-
 .github/workflows/test.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8d55cdf..aa3547c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -24,7 +24,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['actions,javascript'] # Add languages used in your actions
+        language: ['actions,javascript', 'cpp'] # Add languages used in your actions
 
     steps:
       - name: Checkout repository
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 20d6336..bb6ee4b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -140,7 +140,7 @@ jobs:
           End
           EOF
 
-          npx tree-sitter parse test_sample.shellspec --quiet || {
+          npx tree-sitter parse --language=shellspec test_sample.shellspec --quiet || {
             echo "❌ Parser failed on sample ShellSpec code"
             exit 1
           }