chore(deps): update github/codeql-action digest to 192325c

[KubeArchitectBot]

This PR contains the following updates:

Package	Type	Update	Change
github/codeql-action	action	digest	d3678e2 -> 192325c

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updates the pinned commit SHA for the github/codeql-action/upload-sarif step in .github/workflows/mega-linter.yml. No other changes to the workflow logic, conditions, or inputs.

Changes

Cohort / File(s)	Summary
GitHub Actions workflow pin update .github/workflows/mega-linter.yml	Replaced upload-sarif action SHA from d3678e2... to 192325c8...; if condition and sarif_file input unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Update github/codeql-action digest to ee117c9 #185 — Also updates the pinned commit for github/codeql-action/upload-sarif in the same workflow step.
• chore(deps): update github/codeql-action digest to f1f6e5f #296 — Similar digest update for the upload-sarif action in .github/workflows/mega-linter.yml.
• chore(deps): update github/codeql-action digest to 3c3833e #290 — Changes the upload-sarif action revision in the same “Upload MegaLinter scan results” step.

Suggested reviewers

• RelativeSure

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly follows conventional commit style by indicating a chore on dependencies and specifies exactly what is being updated—the github/codeql-action digest to the new commit hash—accurately capturing the main change in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A hop, a hash, a tiny shift—
I twitch my nose at version drift.
Sarif sails on fresher seas,
Pins aligned with gentle ease.
Thump-thump! The linter’s chore complete,
Carrots earned for tidy feat. 🥕

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/workflows-github-codeql-action-digest

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/mega-linter.yml (1)

140-141: Use always() instead of success() || failure() for step gating.

always() also runs on “cancelled” outcomes and is the idiomatic expression.

Apply:

-      - name: Upload MegaLinter scan results to GitHub Security tab
-        if: success() || failure()
+      - name: Upload MegaLinter scan results to GitHub Security tab
+        if: always()

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 375df5b and 0ac92fd.

📒 Files selected for processing (1)

• .github/workflows/mega-linter.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: MegaLinter
• GitHub Check: run-megalinter

🔇 Additional comments (2)

.github/workflows/mega-linter.yml (2)

139-144: LGTM: Updated CodeQL upload-sarif digest; permissions are correct for code scanning.

• Pinned to a v3 commit digest; v3 is the supported major.
• security-events: write is set, which is required for uploading SARIF.

References: GitHub’s CodeQL Action docs note v3 as current and the need for security-events: write. (github.com)

---

141-144: Confirm SARIF report path and existence before running duplicate-check
The script failed because megalinter-reports/megalinter-report.sarif wasn’t found—ensure MegaLinter actually generates the SARIF at that location (or adjust the path) and then rerun the duplicate-(tool,category) check.