chore: update codeql action to also run for actions

[Skarlso]

Problem Statement

What is the problem you're trying to solve?

Related Issue

Fixes #...

Proposed Changes

How do you like to solve the issue and why?

Format

Please ensure that your PR follows the following format for the title:

feat(scope): add new feature
fix(scope): fix bug
docs(scope): update documentation
chore(scope): update build tool or dependencies
ref(scope): refactor code
clean(scope): provider cleanup
test(scope): add tests
perf(scope): improve performance
desig(scope): improve design

Where scope is optionally one of:

• charts
• release
• testing
• security
• templating

Checklist

• I have read the contribution guidelines
• All commits are signed with git commit --signoff
• My changes have reasonable test coverage
• All tests pass with make test
• I ensured my PR is ready for review with make reviewable

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[Skarlso]

Nice, the run succeeded https://github.com/external-secrets/external-secrets/actions/runs/17967131953/job/51101771871?pr=5360

[Skarlso]

Here is the list of checks executed by codeql: https://codeql.github.com/codeql-query-help/actions/

[Skarlso]

/lgtm

[Skarlso]

/lgtm

[eso-lgtm]

✅ LGTM by @Skarlso (maintainer)

[Skarlso]

/lgtm

[eso-lgtm]

✅ LGTM by @Skarlso (maintainer)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[webstradev]

/lgtm

[eso-lgtm]

@webstradev You must be a member of one of the required reviewer roles to use /lgtm.

Required roles for this PR: ci-reviewers

[jakobmoellerdev]

/lgtm

[eso-lgtm]

✅ LGTM by @jakobmoellerdev (maintainer)

[Skarlso]

For now that's just a label. :D so it doesn't make the PR mergable. :)

[webstradev]

For now that's just a label. :D so it doesn't make the PR mergable. :)

yeah most likely maintainers will not use lgtm much as they can just approve, but it's more aimed at reviewers for their respective tracks (supporting the new contributor ladder)

[jakobmoellerdev]

My 2 cents: I hate that we do not have /approve but have /lgtm, this is really inconsistent :D