Skip to content

build(ci): move all codeql-action refs to v4 together#331

Merged
Yambr merged 1 commit into
mainfrom
chore/codeql-action-v4
Jul 1, 2026
Merged

build(ci): move all codeql-action refs to v4 together#331
Yambr merged 1 commit into
mainfrom
chore/codeql-action-v4

Conversation

@Yambr

@Yambr Yambr commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Supersedes #329, which bumped only codeql-action/init and failed at run time: Loaded a configuration file for version '4.36.2', but running version '3.36.2'. All four codeql-action refs (init/autobuild/analyze in codeql.yml, upload-sarif ×2 in security.yml) move to the same pinned v4 SHA (8aad20d1…, the one #329 resolved). CodeQL Action v3 is deprecated December 2026.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated security-related GitHub Actions to newer versions for CodeQL analysis and SARIF uploads.
    • Kept the existing workflow behavior, scan settings, and file paths unchanged.

A partial init-only bump fails at run time (config v4 vs running v3);
init/autobuild/analyze/upload-sarif move to the same pinned v4 SHA.
CodeQL Action v3 is deprecated December 2026.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 8e6e720e-1b22-4a54-abeb-1239c6608bec

📥 Commits

Reviewing files that changed from the base of the PR and between 8bb6eb6 and a0a0eb7.

📒 Files selected for processing (2)
  • .github/workflows/codeql.yml
  • .github/workflows/security.yml

Walkthrough

This PR updates pinned commit SHAs for the github/codeql-action used in GitHub Actions workflows, upgrading init, autobuild, analyze, and upload-sarif steps from v3 hashes to v4.36.2 hashes in codeql.yml and security.yml.

Changes

CodeQL Action Version Pin Update

Layer / File(s) Summary
Pin CodeQL action to v4.36.2
.github/workflows/codeql.yml, .github/workflows/security.yml
Replaces v3 commit SHA pins with v4.36.2 SHAs for init, autobuild, analyze, and both upload-sarif (CRITICAL/HIGH) steps; step configuration, conditionals, and paths remain unchanged.

Estimated code review effort: 1 (Trivial) | ~3 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: updating all CodeQL action references to the v4 SHA together.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/codeql-action-v4

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Yambr Yambr merged commit 4d891a7 into main Jul 1, 2026
22 checks passed
@Yambr Yambr deleted the chore/codeql-action-v4 branch July 1, 2026 23:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant