Bump github/codeql-action from 4.36.1 to 4.36.2

ktsaou · ktsaou · commit 4d81eb84b391 · 2026-06-10T22:09:53.000+03:00
Apply the Dependabot group update from PR #6 directly on main: dependabot branches cannot receive the CODACY_API_TOKEN secret, so the coverage upload check can never pass there. Same handling as PR #2, #3, and #5 (SOW-0012).
diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml
@@ -124,7 +124,7 @@ jobs:
 
       - name: Upload Codacy SARIF to code scanning
         if: always() && hashFiles('codacy.sarif') != '' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: codacy.sarif
           category: codacy-local
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -149,7 +149,7 @@ jobs:
             git
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build_mode }}
@@ -165,6 +165,6 @@ jobs:
         run: ${{ matrix.build_command }}
 
       - name: Analyze
-        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           category: ${{ matrix.category }}
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -202,7 +202,7 @@ jobs:
 
       - name: Upload gosec SARIF
         if: always() && hashFiles(format('{0}/gosec.sarif', matrix.module)) != '' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: ${{ matrix.module }}/gosec.sarif
           category: gosec/${{ matrix.module }}
diff --git a/.github/workflows/supply-chain-security.yml b/.github/workflows/supply-chain-security.yml
@@ -54,7 +54,7 @@ jobs:
 
       - name: Upload Semgrep SARIF
         if: always() && hashFiles('semgrep.sarif') != '' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: semgrep.sarif
           category: semgrep
@@ -95,7 +95,7 @@ jobs:
 
       - name: Upload OSV SARIF
         if: always() && hashFiles('osv.sarif') != ''
-        uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
+        uses: github/codeql-action/upload-sarif@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
         with:
           sarif_file: osv.sarif
           category: osv-scanner
