ci: pin github/codeql-action references to commit SHA (#22458)

Replace the three remaining tag-pinned references to github/codeql-action@v4.35.5 in qa-codeql.yml with their resolved commit SHA (9e0d7b8d25671d64c341c19c0152d693099fb5ba). Tag pinning allows an upstream tag to be silently retargeted at a new commit; SHA pinning removes that risk and brings these three references in line with the rest of the repo's actions, which are already SHA-pinned. Co-authored-by: Agent <279763771+playpen-agent@users.noreply.github.com>
2026-06-18 03:19:51 +03:00 · 2026-05-19 18:26:57 +02:00
parent bc3c12aec0
commit 397e8ff8c4
1 changed files with 3 additions and 3 deletions
@@ -28,10 +28,10 @@ jobs:
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4.35.5
+        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
        with:
          languages: ${{ matrix.language }}
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v4.35.5
+        uses: github/codeql-action/autobuild@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4.35.5
+        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5