Add code coverage uploads, CodeQL scanning, and dependency graph submission

Author: gwynne

.github/workflows/test.yml

@@ -51,13 +51,21 @@ jobs:
                             -enableThreadSanitizer YES \
                             -enableCodeCoverage YES \
                             -disablePackageRepositoryCache \
+                            -resultBundlePath "${GITHUB_WORKSPACE}" \
                             -destination "${DESTINATION}" |
             xcbeautify --is-ci --quiet --renderer github-actions 
+      - name: Upload coverage data
+        uses: codecov/codecov-action@v3
+        with:
+          swift: true
+          verbose: true
+          xcode: true
+          xcode_archive_path: ${{ github.workspace }}
 
   linux:
     if: ${{ !(github.event.pull_request.draft || false) }}
     strategy:
-      fail-fast: false
+      fail-fast: falsex
       matrix:
         swift-image:
           - swift:5.9-jammy
@@ -72,7 +80,7 @@ jobs:
       - name: Install xcbeautify
         run: |
           DEBIAN_FRONTEND=noninteractive apt-get update
-          DEBIAN_FRONTEND=noninteractive apt-get install -y xz-utils curl
+          DEBIAN_FRONTEND=noninteractive apt-get install -y curl
           curl -fsSLO 'https://github.com/tuist/xcbeautify/releases/download/1.0.1/xcbeautify-1.0.1-x86_64-unknown-linux-gnu.tar.xz'
           tar -x -J -f xcbeautify-1.0.1-x86_64-unknown-linux-gnu.tar.xz
       - name: Run tests
@@ -81,3 +89,42 @@ jobs:
           set -o pipefail && \
             swift test --sanitize=thread --enable-code-coverage |
             ./xcbeautify --is-ci --quiet --renderer github-actions
+      - name: Upload coverage data
+        uses: vapor/[email protected]
+
+  codeql:
+    if: ${{ !(github.event.pull_request.draft || false) }}
+    name: CodeQL Analysis
+    runs-on: ubuntu-latest
+    container:
+      image: swift:5.9-jammy
+    permissions: { actions: write, contents: read, security-events: write }
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Mark repo safe
+        run: |
+          git config --global --add safe.directory "${GITHUB_WORKSPACE}"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with: { languages: swift }
+      - name: Perform build
+        run: swift build
+      - name: Run CodeQL analyze
+        uses: github/codeql-action/analyze@v2
+
+  dependency-graph:
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    container: swift:jammy
+    permissions:
+      contents: write
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up dependencies
+        run: |
+          git config --global --add safe.directory "${GITHUB_WORKSPACE}"
+          apt-get update && apt-get install -y curl
+      - name: Submit dependency graph
+        uses: vapor-community/[email protected]