From ea4070d4570bfdd36adb345be5d011e25f29d590 Mon Sep 17 00:00:00 2001
From: "Mr. Walls" <reactive-firewall@users.noreply.github.com>
Date: Thu, 31 Jul 2025 12:01:58 -0700
Subject: [PATCH] [FEATURE] add flak8-cq to codeql-analysis.yml

Signed-off-by: Mr. Walls <reactive-firewall@users.noreply.github.com>
---
 .github/workflows/codeql-analysis.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d243379..66aab91 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master, stable ]
+    branches: [ master, stable, feature-flake8-87 ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ stable ]
@@ -21,7 +21,7 @@ on:
     - cron: '17 5 * * 1'
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions: {}
 
 jobs:
   analyze:
@@ -71,6 +71,13 @@ jobs:
     #- run: |
     #   make bootstrap
     #   make release
+    - name: Flake8 Scan
+      uses: reactive-firewall/flake8-cq@5a4f0f0e90a5c94b3f0fa1e659f2ec565b76be35  # v1.6a0
+      with:  # optional arguments
+        config: '.flake8.ini'
+        match: '**/*.py'
+        publish-artifacts: false
+      if: ${{ success() }}
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3