fix(scanner): match bare sudo versions without pN suffix (#376) #183

	name: CodeQL

	on:
	push:
	branches:
	- main
	paths:
	- "Sources/**"
	- "macOSdbApp/**"
	- "Package.swift"
	- "Package.resolved"

	concurrency:
	group: "codeql-${{ github.ref }}"
	cancel-in-progress: false

	defaults:
	run:
	shell: bash -xeuo pipefail {0}

	permissions: {}

	jobs:
	analyze:
	name: Analyze (Swift)
	runs-on: macos-26
	permissions:
	contents: read
	security-events: write # required to upload SARIF results
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	persist-credentials: false

	- name: Initialize CodeQL
	uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	languages: swift
	build-mode: manual

	- name: Build
	run: \|
	xcodebuild \
	-project macOSdb.xcodeproj \
	-scheme macOSdb \
	-destination 'generic/platform=macOS' \
	-configuration Debug \
	CODE_SIGN_IDENTITY="" \
	CODE_SIGNING_REQUIRED=NO \
	CODE_SIGNING_ALLOWED=NO \
	EXCLUDED_ARCHS=x86_64 \
	build

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
	with:
	category: "/language:swift"

Provide feedback