Merge pull request #525 from JaskRendix/fix-code-ql #267

	name: CI

	concurrency:
	cancel-in-progress: true
	group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master

	jobs:
	test:
	uses: ppizarror/workflow-actions/.github/workflows/test_python.yml@master
	strategy:
	matrix:
	python: [ 3.9, '3.10', '3.11', '3.12', '3.13' ]
	with:
	env-vars: \|
	SDL_AUDIODRIVER=disk
	SDL_VIDEODRIVER=dummy
	install-extras: test
	os: ubuntu-latest
	python-version: ${{ matrix.python }}

	codeql:
	uses: ppizarror/workflow-actions/.github/workflows/codeql.yml@master
	with:
	language: python

	security:
	name: Bandit + Semgrep
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v6

	- name: Set up Python
	uses: actions/setup-python@v6
	with:
	python-version: '3.12'

	- name: Install security tools
	run: \|
	python -m pip install --upgrade pip
	pip install bandit semgrep

	- name: Run Bandit
	run: \|
	bandit -r . -ll --exclude ./test,./tests
	continue-on-error: true

	- name: Run Semgrep
	run: \|
	semgrep --config p/ci .

	ruff:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v6
	- name: Set up Python
	uses: actions/setup-python@v6
	with:
	python-version: '3.9'
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install ruff
	- name: Run Ruff
	run: ruff check .

Provide feedback