From 439f4cf1e88d04de71041c1c7de0aec0b4e76ebc Mon Sep 17 00:00:00 2001
From: MHSanaei <ho3ein.sanaei@gmail.com>
Date: Sat, 9 May 2026 17:56:16 +0200
Subject: [PATCH] Build frontend for CodeQL; remove release analyze job

In the CodeQL workflow, add Node.js setup and a frontend build step for the Go matrix so vite emits web/dist before CodeQL's Go autobuild (the Go binary uses //go:embed all:dist and web/dist is .gitignored). In the release workflow, remove the separate Go analyze job (gofmt, go vet, staticcheck, tests) and drop its dependency from build jobs to simplify the release pipeline.
---
 .github/workflows/codeql.yml  | 18 +++++++++++++++
 .github/workflows/release.yml | 43 ++---------------------------------
 2 files changed, 20 insertions(+), 41 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3c0aadd6..6b397b61 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,6 +35,24 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v6
 
+      # The Go binary embeds web/dist/ via //go:embed all:dist (web/web.go).
+      # web/dist/ is .gitignored, so CodeQL's autobuild for Go will fail with
+      # "pattern all:dist: no matching files found" unless vite emits it first.
+      - name: Setup Node.js
+        if: matrix.language == 'go'
+        uses: actions/setup-node@v6
+        with:
+          node-version: '22'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Build frontend bundle
+        if: matrix.language == 'go'
+        run: |
+          npm ci
+          npm run build
+        working-directory: frontend
+
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a3fe93cd..0b031967 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,45 +21,7 @@ on:
   pull_request:
 
 jobs:
-  analyze:
-    name: Analyze Go code
-    permissions:
-      contents: read
-    runs-on: ubuntu-latest
-    timeout-minutes: 20
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      - name: Set up Go
-        uses: actions/setup-go@v6
-        with:
-          go-version-file: go.mod
-          cache: true
-
-      - name: Check formatting
-        run: |
-          unformatted=$(gofmt -l .)
-          if [ -n "$unformatted" ]; then
-            echo "These files are not gofmt-formatted:"
-            echo "$unformatted"
-            exit 1
-          fi
-
-      - name: Run go vet
-        run: go vet ./...
-
-      - name: Run staticcheck
-        uses: dominikh/staticcheck-action@v1
-        with:
-          version: "latest"
-          install-go: false
-
-      - name: Run tests
-        run: go test -race -shuffle=on ./...
-
   build:
-    needs: analyze
     permissions:
       contents: write
     strategy:
@@ -88,7 +50,7 @@ jobs:
       # at compile time. web/dist/ is .gitignored, so on a fresh CI
       # checkout it doesn't exist until vite emits it.
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '22'
           cache: 'npm'
@@ -208,7 +170,6 @@ jobs:
   # =================================
   build-windows:
     name: Build for Windows
-    needs: analyze
     permissions:
       contents: write
     strategy:
@@ -230,7 +191,7 @@ jobs:
       # Linux job above. This step is identical except npm runs on the
       # Windows runner here.
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: '22'
           cache: 'npm'