CI: fix (CodeQL|yamllint) rules

Summary:
- run CodeQL on js/ts file edits.
- yamllint rule modified to respect my styling decision (1 space
  before comment).

Signed-off-by: Yongmin Hong <revi@omglol.email>

Test Plan: `arc lint`, wait for codeql run next time.

Reviewers: O1 revi & automations, revi

Reviewed By: O1 revi & automations, revi

Differential Revision: https://issuetracker.revi.xyz/D475

.github/workflows/codeql.yml

@@ -14,9 +14,16 @@ name: 'CodeQL'
 
 on:
   push:
-    branches: ['master']
+    branches:
+      - master
+    paths:
+      - '**.js'
+      - '**.jsx'
+      - '**.ts'
+      - '**.tsx'
   pull_request:
-    branches: ['master']
+    branches:
+      - master
   schedule:
     - cron: '45 21 * * 2'
 
@@ -46,8 +53,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - language: javascript-typescript
-            build-mode: none
           # CodeQL supports the following values keywords for 'language':
           # 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
           # Use `c-cpp` to analyze code written in C, C++ or both
@@ -59,6 +64,8 @@ jobs:
           # If you are analyzing a compiled language, you can modify the 'build-mode' for that
           # language to customize how your codebase is analyzed, see
           # https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+          - language: javascript-typescript
+            build-mode: none
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -67,8 +74,6 @@ jobs:
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
         with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
           # If you wish to specify custom queries, you can do so here or in a config file.
           # By default, queries listed here will override any specified in a config file.
           # Prefix the list here with "+" to use these queries and those in the config file.
@@ -76,6 +81,8 @@ jobs:
           # For more details on CodeQL's query packs, refer to:
           # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
           # queries: security-extended,security-and-quality
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
 
       # If the analyze step fails for one of the languages you are analyzing with
       # "We were unable to automatically build your code", modify the matrix above

.yamllint

@@ -9,10 +9,16 @@ extends: default
 ignore-from-file: .gitignore
 
 rules:
+  comments:
+    level: warning
+    min-spaces-from-content: 1
   comments-indentation: {}
   document-start:
     present: true
     level: warning
+  empty-lines:
+    max: 1
+    level: warning
   line-length:
     max: 80
     level: warning