Files
Charon/.github/workflows/codeql.yml
GitHub Actions 6dd26ac5d7 fix: downgrade actions/checkout from v6.0.1 to v4.2.2
Checkout v6.0.1 was released yesterday (Dec 2, 2025) and is causing CI
failures across all workflows. The v6 release requires minimum GitHub
Actions Runner v2.329.0 for Docker container scenarios and likely has
edge cases causing failures.

Downgrading to v4.2.2 (stable release from Oct 2024) to restore CI
stability. Can re-evaluate v6 after it matures.

Affects 16 checkout action references across 12 workflow files:
- quality-checks.yml
- waf-integration.yml
- docker-publish.yml
- codecov-upload.yml
- codeql.yml
- benchmark.yml
- docs.yml
- release-goreleaser.yml
- auto-versioning.yml
- docker-lint.yml
- auto-changelog.yml
- renovate.yml
2025-12-03 14:47:05 +00:00

54 lines
1.5 KiB
YAML

name: CodeQL - Analyze
on:
push:
branches: [ main, development, 'feature/**' ]
pull_request:
branches: [ main, development ]
schedule:
- cron: '0 3 * * 1'
permissions:
contents: read
security-events: write
actions: read
pull-requests: read
jobs:
analyze:
name: CodeQL analysis (${{ matrix.language }})
runs-on: ubuntu-latest
# Skip forked PRs where CPMP_TOKEN lacks security-events permissions
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.fork == false
permissions:
contents: read
security-events: write
actions: read
pull-requests: read
strategy:
fail-fast: false
matrix:
language: [ 'go', 'javascript-typescript' ]
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Initialize CodeQL
uses: github/codeql-action/init@fe4161a26a8629af62121b670040955b330f9af2 # v4
with:
languages: ${{ matrix.language }}
- name: Setup Go
if: matrix.language == 'go'
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: '1.25.5'
- name: Autobuild
uses: github/codeql-action/autobuild@fe4161a26a8629af62121b670040955b330f9af2 # v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@fe4161a26a8629af62121b670040955b330f9af2 # v4
with:
category: "/language:${{ matrix.language }}"