Bump github/codeql-action from 4.35.2 to 4.35.3 #96

	name: CI

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	permissions:
	contents: read
	actions: read

	jobs:
	build:
	runs-on: ubuntu-latest
	name: Build and Validate
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0
	persist-credentials: false

	- name: Lint Dockerfile
	uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 # v3.3.0
	with:
	dockerfile: .devcontainer/Dockerfile

	- name: Check for secrets
	uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

	- name: Build Docker image
	run: \|
	docker build -t dev-template:latest .devcontainer/

	test:
	runs-on: ubuntu-latest
	name: Test Devcontainer
	needs: build
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	persist-credentials: false

	- name: Test devcontainer functionality
	uses: devcontainers/ci@b63b30de439b47a52267f241112c5b453b673db5 # v0.3
	with:
	push: never
	runCmd: \|
	# Test basic tools are available
	which python3 \|\| echo "python3 is missing"
	which node \|\| echo "node is missing"
	which npm \|\| echo "npm is missing"
	which gh \|\| echo "gh is missing"
	which opencode \|\| echo "opencode is missing"
	# Test essential packages
	python3 --version
	node --version
	npm --version
	gh --version
	opencode --version
	curl --version \| head -1
	jq --version

Provide feedback