The action codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b is not allowed in OpenZeppelin/openzeppelin-contracts because all actions must be from a repository owned by OpenZeppelin, created by GitHub, or match one of the patterns: changesets/action@*, codecov/codecov-action@*, codespell-project/actions-codespell@*, crytic/slither-action@*, docker://rhysd/actionlint:*, foundry-rs/foundry-toolchain@*, getsentry/action-github-app-token@*.