From f019d3405ed24ad8e94ef6c1797c5ff36e84be51 Mon Sep 17 00:00:00 2001
From: Saagar Patel <saagar210@gmail.com>
Date: Tue, 21 Apr 2026 13:29:31 +0200
Subject: [PATCH] ci(repo): fix CodeQL workflow - Rust needs build-mode none
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two bugs introduced by the original CodeQL workflow in Wave 3 (#30),
each caught on first master run after merge:

1. Rust matrix used build-mode: manual. CodeQL's Rust support does
   not accept manual mode — the init step hard-fails with
   'A fatal error occurred: Rust does not support the manual build
   mode. Please try using one of the following build modes instead:
   none.' Fix: use build-mode: none. Also drop the now-unused
   'Build Rust (manual mode)' + 'Install Rust' steps.

2. JS matrix passed cache: 'pnpm' to actions/setup-node. With
   build-mode: none we never run pnpm install, so the cache
   post-step tries to save a cache from a nonexistent path and fails
   with 'Path(s) specified in the action for caching do(es) not
   exist'. Fix: drop the cache param for CodeQL (we don't install
   anything).

Also drop the pnpm/action-setup step — unused after the cache
removal.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/codeql.yml | 30 ++++++------------------------
 1 file changed, 6 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 065a343..2d3c59c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -28,30 +28,21 @@ jobs:
           - language: javascript-typescript
             build-mode: none
           - language: rust
-            build-mode: manual
+            # Rust support in CodeQL only accepts build-mode: none at this time;
+            # the extractor runs from source without a project-specific build step.
+            build-mode: none
     steps:
       - name: Checkout
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
 
-      - name: Setup pnpm
-        if: matrix.language == 'javascript-typescript'
-        uses: pnpm/action-setup@c5ba7f7862a0f64c1b1a05fbac13e0b8e86ba08c
-        with:
-          version: 10.28.1
-
       - name: Setup Node.js
         if: matrix.language == 'javascript-typescript'
         uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
         with:
           node-version: "20"
-          cache: "pnpm"
-          cache-dependency-path: pnpm-lock.yaml
-
-      - name: Install Rust
-        if: matrix.language == 'rust'
-        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
-        with:
-          toolchain: stable
+          # Deliberately no `cache: "pnpm"` here: build-mode: none does not run
+          # `pnpm install`, so a cache-save step at teardown fails with "Path(s)
+          # specified ... do(es) not exist".
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@865f5f5c36632f18690a3d569fa0a764f2da0c3e
@@ -60,15 +51,6 @@ jobs:
           build-mode: ${{ matrix.build-mode }}
           queries: security-extended
 
-      - name: Build Rust (manual mode)
-        if: matrix.language == 'rust'
-        working-directory: src-tauri
-        # CodeQL's manual build mode needs compilation to extract Rust code.
-        # Skip the Tauri lib context requirement by building just cargo crates
-        # relevant to analysis.
-        run: |
-          cargo build --all-targets --locked || cargo build --locked
-
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@865f5f5c36632f18690a3d569fa0a764f2da0c3e
         with: