chore(deps): bump codeql-action init/autobuild together and group actions

The 4.36.2->4.36.3 bump was split by Dependabot into three separate PRs
(init, autobuild, analyze), each of which fails CodeQL with "Loaded a
configuration file for version '4.36.2', but running version '4.36.3'"
because all three steps must run the same version.

Bump init and autobuild to match the analyze bump on this branch, and add
a Dependabot group so all github-actions updates come as a single PR going
forward, preventing this class of failure.

Signed-off-by: Terry Howe <terrylhowe@gmail.com>
dependabot/github_actions/main/github/codeql-action/analyze-4.36.3
Terry Howe 4 days ago
parent 1a1814a29f
commit f144d818cf
No known key found for this signature in database

@ -37,3 +37,10 @@ updates:
directory: "/"
schedule:
interval: "daily"
groups:
# Group all GitHub Actions updates into a single PR so multi-path
# actions (e.g. github/codeql-action init/autobuild/analyze) bump
# together and don't fail CI on a version mismatch.
actions:
patterns:
- "*"

@ -48,7 +48,7 @@ jobs:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pinv4.36.2
uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@ -59,7 +59,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pinv4.36.2
uses: github/codeql-action/autobuild@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # pinv4.36.3
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

Loading…
Cancel
Save