From 92e708f17fd9a134dadec55a5cef714353e4ddac Mon Sep 17 00:00:00 2001
From: Ho Ngoc Hai <hongochai10@icloud.com>
Date: Wed, 15 Apr 2026 09:39:11 +0700
Subject: [PATCH] fix(ci): target master branch in security.yml and codeql.yml

Both workflow files referenced 'main' branch for push/PR triggers, but
the repo default branch is 'master'. This caused security scanning and
CodeQL analysis to never trigger on pushes to the default branch.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/codeql.yml   | 4 ++--
 .github/workflows/security.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3461871..3ff7430 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,9 +2,9 @@ name: CodeQL Analysis
 
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
   schedule:
     # Run weekly on Monday at 06:17 UTC — off-peak to avoid :00/:30 congestion
     - cron: "17 6 * * 1"
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 9dea7d7..8e54752 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -2,9 +2,9 @@ name: Security Scanning
 
 on:
   push:
-    branches: [main]
+    branches: [master]
   pull_request:
-    branches: [main]
+    branches: [master]
   schedule:
     # Run daily at 05:43 UTC — catch new CVEs early
     - cron: "43 5 * * *"