Fix CodeQL workflow to analyze Python instead of Java

[Copilot]

CodeQL job 55932978418 failed attempting to auto-detect a Java build in this Python/Rust project (ref: 605d839).

Changes

• Created .github/workflows/codeql.yml with Python language configuration
• Removed autobuild step that was triggering Java detection
• Added explicit Python dependency installation:

  - name: Install dependencies
    run: |
      python -m pip install --upgrade pip
      if [ -f requirements.txt ]; then python -m pip install -r requirements.txt; fi
      python -m pip install -e . || true

The workflow now correctly analyzes Python code with proper security-events permissions and runs on push/PR/weekly schedule.

Original prompt

Job 55932978418 failed because CodeQL attempted to auto-detect a Java build and failed: "ERROR: Could not detect a suitable build command for the source checkout." The repository is a Python project (pytest-language-server), so the CodeQL workflow should analyze Python rather than Java. The failing workflow file is dynamic/github-code-scanning/codeql (ref: 605d839).

Required changes (make a PR that updates the workflow file):

1. Update the CodeQL init step to analyze Python instead of Java. Replace any languages: java / languages: java-kotl entries with languages: python.

2. Remove (or comment out) the CodeQL autobuild step that calls github/codeql-action/autobuild@v2. This autobuild step attempts to detect and run a Java build and fails for this Python repo.

3. Add an explicit manual build/install step for Python dependencies. Add a step like:

- name: Install dependencies
  run: |
    python -m pip install --upgrade pip
    if [ -f requirements.txt ]; then python -m pip install -r requirements.txt; fi
    python -m pip install -e . || true

This is robust: it installs requirements if present and tries to install the package in editable mode; it will not fail the job if editable install is unnecessary.

4. Keep other CodeQL configuration (queries, upload) unchanged.

Please create a PR that updates dynamic/github-code-scanning/codeql accordingly, with a concise commit message and PR title: "Configure CodeQL workflow for Python and remove Java autobuild". Reference the failing job id 55932978418 and the ref 605d839 in the PR description.

If the repository already requires a different install command (e.g., Poetry), the PR can be adjusted after review. The goal is to stop CodeQL from attempting the Java autobuild and to provide explicit Python install steps so analysis can proceed.

This pull request was created as a result of the following prompt from Copilot chat.

Job 55932978418 failed because CodeQL attempted to auto-detect a Java build and failed: "ERROR: Could not detect a suitable build command for the source checkout." The repository is a Python project (pytest-language-server), so the CodeQL workflow should analyze Python rather than Java. The failing workflow file is dynamic/github-code-scanning/codeql (ref: 605d839).

Required changes (make a PR that updates the workflow file):

1. Update the CodeQL init step to analyze Python instead of Java. Replace any languages: java / languages: java-kotl entries with languages: python.

2. Remove (or comment out) the CodeQL autobuild step that calls github/codeql-action/autobuild@v2. This autobuild step attempts to detect and run a Java build and fails for this Python repo.

3. Add an explicit manual build/install step for Python dependencies. Add a step like:

- name: Install dependencies
  run: |
    python -m pip install --upgrade pip
    if [ -f requirements.txt ]; then python -m pip install -r requirements.txt; fi
    python -m pip install -e . || true

This is robust: it installs requirements if present and tries to install the package in editable mode; it will not fail the job if editable install is unnecessary.

4. Keep other CodeQL configuration (queries, upload) unchanged.

Please create a PR that updates dynamic/github-code-scanning/codeql accordingly, with a concise commit message and PR title: "Configure CodeQL workflow for Python and remove Java autobuild". Reference the failing job id 55932978418 and the ref 605d839 in the PR description.

If the repository already requires a different install command (e.g., Poetry), the PR can be adjusted after review. The goal is to stop CodeQL from attempting the Java autobuild and to provide explicit Python install steps so analysis can proceed.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	5.*.*	🟢 6.2	Details Check Score Reason Maintained ⚠️ 1 2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1 Code-Review 🟢 10 all changesets reviewed Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 9 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during GetBranch(releases/v5): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 8 SAST tool detected but not run on all commits
actions/actions/setup-python	5.*.*	🟢 5.7	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 9 security policy file detected SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities ⚠️ 2 8 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches
actions/github/codeql-action/analyze	3.*.*	Unknown	Unknown
actions/github/codeql-action/init	3.*.*	Unknown	Unknown

Scanned Files

• .github/workflows/codeql.yml