From 4c11218c67c98959b8eafdb92fefdc12d11ea6bf Mon Sep 17 00:00:00 2001
From: Ryan Foster <ryan@obsproject.com>
Date: Thu, 26 Mar 2026 23:59:43 -0400
Subject: [PATCH] CI: Pin github/codeql-action/upload-sarif to commit hash

The v3 tag currently points to v3.34.1 which is
https://github.com/github/codeql-action/commit/ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3.

https://github.com/github/codeql-action/releases/tag/v3.34.1
---
 .github/actions/windows-analysis/action.yaml | 2 +-
 .github/workflows/analyze-project.yaml       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/actions/windows-analysis/action.yaml b/.github/actions/windows-analysis/action.yaml
index d61570bf9..21117b348 100644
--- a/.github/actions/windows-analysis/action.yaml
+++ b/.github/actions/windows-analysis/action.yaml
@@ -84,7 +84,7 @@ runs:
           ${{ github.workspace }}/analysis.plog.sarif
 
     - name: Upload PVS-Studio Report
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3
       with:
         sarif_file: "${{ github.workspace }}/analysis.plog.sarif"
         category: 'PVS-Studio (Windows)'
diff --git a/.github/workflows/analyze-project.yaml b/.github/workflows/analyze-project.yaml
index 65bfc3652..f6166b8a8 100644
--- a/.github/workflows/analyze-project.yaml
+++ b/.github/workflows/analyze-project.yaml
@@ -129,7 +129,7 @@ jobs:
           popd
 
       - name: Upload SARIF report files 📦
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3
         with:
           sarif_file: "${{ github.workspace }}/analytics/merged.sarif"
           category: 'clang-analyze (macOS Apple Silicon)'