Pin github actions to SHA

Signed-off-by: yubiuser <github@yubiuser.dev>
This commit is contained in:
yubiuser
2025-08-27 21:31:58 +02:00
parent 1b92ff4535
commit 5442e00a8f
8 changed files with 31 additions and 31 deletions
+6 -6
View File
@@ -58,7 +58,7 @@ jobs:
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
- name: Install dependencies
run: |
@@ -85,7 +85,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
@@ -108,14 +108,14 @@ jobs:
./build.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
with:
category: "/language:${{matrix.language}}"
upload: failure-only # upload only in case of failure, otherwise upload later after filtering
output: codeql-results
- name: Filter SARIF
uses: advanced-security/filter-sarif@v1
uses: advanced-security/filter-sarif@bc96d9fb9338c5b48cc440b1b4d0a350b26a20db #v1.0.0
with:
# filter out third-party dependencies
patterns: |
@@ -134,13 +134,13 @@ jobs:
output: codeql-results/cpp.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
uses: github/codeql-action/upload-sarif@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
with:
sarif_file: codeql-results/cpp.sarif
- name: Upload CodeQL results as an artifact
if: success() || failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
with:
name: codeql-results
path: codeql-results