This adds a new CodeQL configuration to the riak-ruby-client reposito…

…ry. It ensures that PR's against the master branch are scanned for security using the CodeQL config file in the new repository spreedly/spreedly-codeql.

Risk: (Low)
Tracking: SEC-317

This change affects the tests performed with core, not the code of core itself. It was tested in it's own branch during this process to ensure that Code Scanning for Ruby and Javascript were completed.

.github/workflows/codeql.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        config-file: spreedly/spreedly-codeql/configuration/default-codeql-config.yml@main
+        external-repository-token: ${{ secrets.INFRASTRUCTURE_PACKAGE_PAT }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"