⬆️🪝 update pre-commit hooks #188

	name: "CodeQL"

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]
	schedule:
	- cron: "15 21 * * 6"

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	env:
	CMAKE_BUILD_PARALLEL_LEVEL: 3
	Z3_VERSION: 4.11.2

	jobs:
	analyze:
	name: Analyze ${{ matrix.language }}
	runs-on: ubuntu-latest
	permissions:
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language: ["cpp", "python"]

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	submodules: recursive
	fetch-depth: 0

	- name: Install Z3
	uses: cda-tum/setup-z3@v1
	with:
	version: ${{ env.Z3_VERSION }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: ${{ matrix.language }}
	config-file: .github/codeql-config.yml

	- if: matrix.language == 'cpp'
	name: Configure CMake
	run: cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DBUILD_QUSAT_TESTS=ON -DBINDINGS=ON

	- if: matrix.language == 'cpp'
	name: Build
	run: cmake --build build

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2
	with:
	upload: False
	output: sarif-results

	- name: filter-sarif
	uses: advanced-security/filter-sarif@main
	with:
	patterns: \|
	-/extern/
	input: sarif-results/${{ matrix.language }}.sarif
	output: sarif-results/${{ matrix.language }}.sarif

	- name: Upload SARIF
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: sarif-results/${{ matrix.language }}.sarif

Provide feedback