Group codeql-action Dependabot bumps to keep init/autobuild/analyze in sync

The workflow pins all three codeql-action steps to the same commit SHA, but
Dependabot was opening separate PRs per action path, so merging just one
broke CI with a CodeQL config-version mismatch.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This commit is contained in:
John Kerl 2026-07-09 15:11:46 -04:00
parent ed9a61702c
commit aa831d0b89

View file

@ -10,6 +10,13 @@ updates:
directory: "/"
schedule:
interval: "daily"
groups:
# The codeql-analysis.yml workflow pins init/autobuild/analyze to the
# same commit SHA, so they must be bumped together or CI breaks with a
# CodeQL config-version mismatch.
codeql-action:
patterns:
- "github/codeql-action/*"
# Maintain dependencies for Go
- package-ecosystem: "gomod"