From dd1433ef3727fb0eb470309a856ddc02a92cef7c Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Fri, 12 Apr 2024 07:16:52 -0400
Subject: [PATCH] Revert "Less CI"

This reverts commit 8f8d3862e2251424b19a70666402b881d3b0f09e.
---
 .github/workflows/cifuzz.yml | 29 +++++++++++++++
 .github/workflows/codeql.yml | 70 ++++++++++++++++++++++++++++++++++++
 2 files changed, 99 insertions(+)
 create mode 100644 .github/workflows/cifuzz.yml
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 00000000000..101d7d77db8
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,29 @@
+name: CIFuzz
+
+permissions:
+  contents: read
+  # implicitly all other scopes not listed become none
+
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'botan'
+        dry-run: false
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'botan'
+        fuzz-seconds: 180
+        dry-run: false
+    - name: Upload Crash
+      uses: actions/upload-artifact@v4
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000000..fe6e0d69789
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,70 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["master"]
+  schedule:
+    # runs every day at 4:23 AM UTC
+    - cron: "23 4 * * *"
+
+permissions:
+  contents: read
+
+jobs:
+  codeql_cpp:
+    name: C++
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Build Agent
+        uses: ./.github/actions/setup-build-agent
+        with:
+          target: codeql
+          cache-key: linux-gcc-x86_64-codeql
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+          config-file: ./src/configs/codeql.yml
+
+      - name: Build Library
+        run: ./src/scripts/ci_build.py codeql
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: cpp
+
+  codeql_py:
+    name: Python
+    runs-on: ubuntu-22.04
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: python
+          config-file: ./src/configs/codeql.yml
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: python