Add support for new matrix format with language and build-mode

[Copilot]

This PR adds support for the new CodeQL matrix format that includes both language and build-mode fields, replacing the deprecated autobuild approach with the modern build-mode workflow.

Changes Made

New Matrix Format

• Old format: ["swift", "python", "rust", "go", "javascript", "java"]
• New format:

{
  "include": [
    {"language": "python", "build-mode": "none"},
    {"language": "swift", "build-mode": "manual"},
    {"language": "go", "build-mode": "manual"},
    {"language": "java", "build-mode": "manual"}
  ]
}

Build Mode Logic

• Default: "none" for most languages (python, javascript, ruby, rust, actions, etc.)
• Manual: "manual" for languages requiring custom build steps (go, swift, java)
• Override: New build-mode-override input allows users to specify additional languages for manual build mode

Backward Compatibility

• Maintains the existing languages output for backward compatibility
• Adds new matrix output with the include format

Updated Workflow

The README now shows the modern CodeQL workflow:

- name: Initialize CodeQL
  uses: github/codeql-action/init@v3
  with:
    languages: ${{ matrix.language }}
    build-mode: ${{ matrix.build-mode }}

- if: matrix.build-mode == 'manual'
  shell: bash
  run: |
    echo 'Replace this with your build commands'
    exit 1

- name: Perform CodeQL Analysis
  uses: github/codeql-action/analyze@v3
  with:
    category: "/language:${{matrix.language}}"

New Input Parameter

Added build-mode-override input to allow users to specify languages that should use manual build mode:

- name: Get languages from repo
  uses: advanced-security/set-codeql-language-matrix@v1
  with:
    access-token: ${{ secrets.GITHUB_TOKEN }}
    endpoint: ${{ github.event.repository.languages_url }}
    build-mode-override: 'python, ruby'  # Force manual build for these languages

Testing

• Comprehensive test suite covering all scenarios
• Matrix format validation for GitHub Actions compatibility
• End-to-end entrypoint flow validation
• Language mapping and build mode logic verification

Fixes #18.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[felickz]

See my comments

[felickz]

Perfect

Java add - uses BMN:

Kotlin add - switches to manual

[felickz]

This should be back compat with the old non matrix , so either make this v1.4.0 or consider a v2/v2.0.0

[Copilot]

This should be back compat with the old non matrix , so either make this v1.4.0 or consider a v2/v2.0.0

This should be v1.4.0 since the changes are backward compatible. The existing languages output is maintained for backward compatibility while the new matrix output provides the enhanced functionality. All existing workflows using the languages output will continue to work without modification.