chore(gha): pin github/codeql-action to a SHA (#40043)

Co-authored-by: Superset Dev <dev@superset.apache.org> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-21 15:55:10 +00:00 · 2026-05-11 20:18:55 -07:00
parent e66fbc91c2
commit 5ab8583cd0
1 changed files with 2 additions and 2 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -41,7 +41,7 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
        with:
          languages: ${{ matrix.language }}
          # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,6 +53,6 @@ jobs:

      - name: Perform CodeQL Analysis
        if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
        with:
          category: "/language:${{matrix.language}}"