Bump github/codeql-action from 2.1.37 to 2.1.38

.github/workflows/analyze.yml

@@ -23,25 +23,25 @@ jobs:
     runs-on: 'ubuntu-latest'
     steps:
       - name: Checkout
-        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c'
+        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c' # 3.3.0
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of sonar analysis
 
       - name: Set up Java
-        uses: 'actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b'
+        uses: 'actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b' # 3.9.0
         with:
           distribution: 'temurin'
           java-version: 11
 
       - name: Cache SonarQube packages
-        uses: 'actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12'
+        uses: 'actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12' # 3.2.3
         with:
           path: '~/.sonar/cache'
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
 
       - name: Cache Maven packages
-        uses: 'actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12'
+        uses: 'actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12' # 3.2.3
         with:
           path: '~/.m2/repository'
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -58,19 +58,19 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c'
+        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c' # 3.3.0
         with:
           # We must fetch at least the immediate parents so that if this is a pull request then we can check out the head.
           fetch-depth: 2
 
       - name: Initialize CodeQL
-        uses: 'github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394'
+        uses: 'github/codeql-action/init@515828d97454b8354517688ddc5b48402b723750' # 2.1.38
         with:
           languages: 'java'
           queries: 'security-and-quality'
 
       - name: Autobuild
-        uses: 'github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394'
+        uses: 'github/codeql-action/autobuild@515828d97454b8354517688ddc5b48402b723750' # 2.1.38
 
       - name: Perform CodeQL Analysis
-        uses: 'github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394'
+        uses: 'github/codeql-action/analyze@515828d97454b8354517688ddc5b48402b723750' # 2.1.38

.github/workflows/build.yml

@@ -20,10 +20,10 @@ jobs:
         java: ['8', '11', '17', '19']
     steps:
       - name: Checkout repository
-        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c'
+        uses: 'actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c' # 3.3.0
 
       - name: Set up Java ${{ matrix.java }}
-        uses: 'actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b'
+        uses: 'actions/setup-java@1df8dbefe2a8cbc99770194893dd902763bee34b' # 3.9.0
         with:
           distribution: 'temurin'
           java-version: ${{ matrix.java }}

CHANGELOG.md

@@ -15,6 +15,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Internal
 
+- Comment GitHub actions with version (#287).
 - Bump actions/cache from 3.2.2 to 3.2.3 (#284).
+- Bump github/codeql-action from 2.1.37 to 2.1.38 (#286)
 
 ### Thanks