From f2d4daf545702eefe35e848be16db7de4cb8cc01 Mon Sep 17 00:00:00 2001 From: dm00000 Date: Mon, 30 Mar 2026 22:40:45 -0400 Subject: [PATCH 1/4] GHA version pinning --- .github/workflows/codacy-analysis.yml | 6 +++--- .github/workflows/codeql-analysis.yml | 10 ++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml index dde4707..111d8f9 100644 --- a/.github/workflows/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -27,7 +27,7 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} @@ -41,7 +41,7 @@ jobs: # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v4 + uses: codacy/codacy-analysis-cli-action@9e45d0be1fc80fd2d86048032610422fdbcc6068 # pinned from codacy/codacy-analysis-cli-action@v4 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -70,7 +70,7 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v4 + uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 with: sarif_file: sarif-runs/ category: codacy diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 20bc3c1..c3d518a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -30,11 +30,12 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -43,9 +44,10 @@ jobs: # Python is an interpreted language so Autobuild is a no-op, but keeping # it here means the workflow works if compiled languages are added later. - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/init@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 with: category: "/language:${{ matrix.language }}" + From ea1cb34fa1d51e4a700ac7b39868409ca8556c45 Mon Sep 17 00:00:00 2001 From: dm00000 Date: Mon, 30 Mar 2026 22:47:10 -0400 Subject: [PATCH 2/4] fixed C+P error --- .github/workflows/codeql-analysis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c3d518a..76210e0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,10 +44,12 @@ jobs: # Python is an interpreted language so Autobuild is a no-op, but keeping # it here means the workflow works if compiled languages are added later. - name: Autobuild - uses: github/codeql-action/init@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 + uses: github/codeql-action/autobuild@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 with: category: "/language:${{ matrix.language }}" + + \ No newline at end of file From 0c287253cba21a6515c37f0626354377a08617ac Mon Sep 17 00:00:00 2001 From: dm00000 Date: Mon, 30 Mar 2026 22:50:44 -0400 Subject: [PATCH 3/4] Clean up blank lines in codeql-analysis.yml Removed unnecessary blank lines in CodeQL workflow. --- .github/workflows/codeql-analysis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 76210e0..edcb45a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -50,6 +50,3 @@ jobs: uses: github/codeql-action/analyze@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 with: category: "/language:${{ matrix.language }}" - - - \ No newline at end of file From 83e973dd298b1b66eeeb9ea5166bee2821f6b87c Mon Sep 17 00:00:00 2001 From: dm00000 Date: Mon, 30 Mar 2026 22:54:12 -0400 Subject: [PATCH 4/4] Update .github/workflows/codacy-analysis.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/codacy-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml index 111d8f9..ff088d3 100644 --- a/.github/workflows/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -70,7 +70,7 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v3.35.1 + uses: github/codeql-action/upload-sarif@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # pinned to github/codeql-action/upload-sarif v3.35.1 (intentionally using v3.x instead of v4.x) with: sarif_file: sarif-runs/ category: codacy