Create codeql.yml #146

	name: CI

	on:
	push:
	pull_request:
	schedule:
	- cron: 0 5 * * 1

	env:
	GO_VERSION: 1.23.5

	jobs:
	build-amd64:
	name: Build (${{ matrix.platform }} ${{ matrix.architecture }})

	runs-on: ubuntu-24.04

	strategy:
	matrix:
	platform:
	- noble
	- jammy
	- bookworm
	- rhel9
	architecture:
	- amd64

	steps:
	- uses: actions/checkout@v4

	- uses: ./extras/github/build-action
	with:
	platform: ${{ matrix.platform }}
	architecture: ${{ matrix.architecture }}
	go-version: ${{ env.GO_VERSION }}

	build-arm64:
	name: Build (${{ matrix.platform }} ${{ matrix.architecture }})

	runs-on: ubuntu-24.04-arm

	strategy:
	matrix:
	platform:
	- noble
	- jammy
	- bookworm
	- rhel9
	architecture:
	- arm64

	steps:
	- uses: actions/checkout@v4

	- uses: ./extras/github/build-action
	with:
	platform: ${{ matrix.platform }}
	architecture: ${{ matrix.architecture }}
	go-version: ${{ env.GO_VERSION }}

	release:
	needs:
	- build-amd64
	- build-arm64

	if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}

	name: Release

	runs-on: ubuntu-24.04

	steps:
	- uses: actions/checkout@v4

	- uses: actions/download-artifact@v4
	with:
	path: artifacts

	# Beware 'Settings' > 'Actions' > 'General' > 'Workflow permissions' >
	# 'Read and write permissions' is required for this to work.
	- shell: bash
	run: \|
	gh release create \
	"$GITHUB_REF_NAME" \
	--title "$GITHUB_REF_NAME" \
	$(find ./artifacts/--artifacts -type f -maxdepth 1)
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback