Skip to content

Group github/codeql-action bumps into a single dependabot PR#1028

Merged
dfoulks1 merged 1 commit into
apache:mainfrom
potiuk:group-codeql-action-dependabot
Jul 10, 2026
Merged

Group github/codeql-action bumps into a single dependabot PR#1028
dfoulks1 merged 1 commit into
apache:mainfrom
potiuk:group-codeql-action-dependabot

Conversation

@potiuk

@potiuk potiuk commented Jul 10, 2026

Copy link
Copy Markdown
Member

The codeql-action init/autobuild/analyze steps must all run the same version. When dependabot split the 4.36.2 -> 4.36.3 bump into three per-sub-action PRs (#1023, #1024, #1025), each caused a version mismatch that failed the Analyze jobs, and they had to be consolidated by hand into #1023.

This adds a dependabot groups entry matching github/codeql-action* on the /.github/workflows github-actions block, so future codeql-action bumps land in a single PR that moves all steps together.

The codeql-action init/autobuild/analyze steps must all run the same
version. When dependabot split the 4.36.2 -> 4.36.3 bump into three
per-sub-action PRs (apache#1023, apache#1024, apache#1025), each caused a version mismatch
that failed the Analyze jobs; they had to be consolidated by hand.

Add a dependabot group matching github/codeql-action* so future bumps
land in one PR that moves all steps together.

Generated-by: Claude Opus 4.8 (1M context)
@potiuk potiuk requested review from dfoulks1, ppkarwasz and raboof and removed request for dfoulks1 and ppkarwasz July 10, 2026 10:20

@dfoulks1 dfoulks1 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants