Skip to content

ci(codeql): synchronize action version#98

Merged
stacknil merged 1 commit into
mainfrom
stacknil/codeql-action-4-37
Jul 12, 2026
Merged

ci(codeql): synchronize action version#98
stacknil merged 1 commit into
mainfrom
stacknil/codeql-action-4-37

Conversation

@stacknil

Copy link
Copy Markdown
Owner

Summary

  • synchronize CodeQL init and analyze actions on v4.37.0
  • use the peeled v4.37.0 commit SHA for both steps
  • replaces the two failing split Dependabot PRs for CodeQL action init/analyze

Validation

  • git ls-remote https://github.com/github/codeql-action.git 'refs/tags/v4.37.0^{}'
  • actionlint across .github/workflows/*.yml
  • git diff --check
  • privacy/security string scan on touched workflow

Notes

The previous split Dependabot PRs failed because CodeQL loaded configuration for one action version while the other step ran a different version.

@stacknil

Copy link
Copy Markdown
Owner Author

Final maintainer review before merge:

  • Design decision: keep CodeQL action pinning by commit SHA, but move both init and analyze to the same peeled v4.37.0 commit.
  • Main risk: a future split Dependabot PR can reintroduce an init/analyze mismatch; this PR fixes the current mismatch without changing build/test logic.
  • Compatibility impact: CI behavior is unchanged except the CodeQL bundle/action version update; CI, CodeQL, Repo Sentinel, and parser fuzz smoke all passed.
  • Rollback path: revert this single workflow commit to return both CodeQL steps to v4.36.2.

@stacknil stacknil merged commit 419c8ff into main Jul 12, 2026
11 checks passed
@stacknil stacknil deleted the stacknil/codeql-action-4-37 branch July 12, 2026 05:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant