fix: add actions language to CodeQL scan

[Schmarvinius]

Add actions Language Support to CodeQL Scan

Bug Fix

🐛 Extended the CodeQL security scan to also analyze GitHub Actions workflows (the actions language), in addition to the existing java-kotlin analysis. Previously, only java-kotlin was hardcoded; now the scan runs as a matrix job for both languages.

Changes

• .github/actions/scan-with-codeql/action.yml: Added a new required language input parameter. Made Java setup, Maven setup, @sap/cds-dk installation, and Java build steps conditional on language == 'java-kotlin'. Replaced hardcoded java-kotlin references in the CodeQL init and analyze steps with ${{ inputs.language }}, and set build-mode dynamically (manual for java-kotlin, none otherwise).

• .github/workflows/pipeline.yml: Updated the codeql job to use a matrix strategy over [java-kotlin, actions] with fail-fast: false. The job name now reflects the current matrix language. Added language: ${{ matrix.language }} to the scan-with-codeql action inputs.

• 🔄 Regenerate and Update Summary

PR Bot Information

Version: 1.20.51

• Correlation ID: c275a6ec-2ea3-4820-ba7c-1c86a0303735
• File Content Strategy: Full file content
• Summary Prompt: Default Prompt
• Event Trigger: pull_request.opened
• Output Template: Default Template
• LLM: anthropic--claude-4.6-sonnet

[hyperspace-insights]

The PR correctly adds matrix-based CodeQL scanning for both java-kotlin and actions languages, but all four if conditions in the composite action are missing the required ${{ }} expression delimiters — in composite actions, bare expressions like inputs.language == 'java-kotlin' are not evaluated as booleans and will cause the conditional steps to behave incorrectly at runtime.

PR Bot Information

Version: 1.20.51

• Correlation ID: c275a6ec-2ea3-4820-ba7c-1c86a0303735
• File Content Strategy: Full file content
• Event Trigger: pull_request.opened
• Agent Instructions:
  • CLAUDE.md
• LLM: anthropic--claude-4.6-sonnet