ci: pin the codeql action to SHAs

It's a follow-up to https://github.com/systemd/systemd/pull/21316. Judging by https://github.com/evverx/systemd/pull/36, Dependabot supports their release cycle
2025-03-12 08:58:20 +03:00 · 2021-11-13 21:22:09 +00:00 · 2021-11-13 21:22:09 +00:00 · e44a47d186
commit e44a47d186
parent e7a966915d
1 changed files with 3 additions and 3 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -29,14 +29,14 @@ jobs:
      uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@5581e08a65fc3811c3ac78939dd59e7a8adbf003
      with:
        languages: ${{ matrix.language }}

    - run: sudo -E .github/workflows/unit_tests.sh SETUP

    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@5581e08a65fc3811c3ac78939dd59e7a8adbf003

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@5581e08a65fc3811c3ac78939dd59e7a8adbf003