chore(deps): update github/codeql-action action to v3.28.0 (#170) #454

	name: Static Code Analysis

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	workflow_dispatch:

	permissions:
	contents: none

	jobs:
	scan-build:
	name: Run Clang Analyzer
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	env:
	CC: clang-18
	CXX: clang++-18
	CCC_CC: clang-18
	CCC_CXX: clang++-18
	DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
	SCANBUILD_DIR: /tmp/scanbuild
	steps:
	- name: Check out code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install dependencies
	uses: ./.github/actions/install-dependencies

	- name: Run analysis
	run: \|
	scan-build-18 cmake -B build
	scan-build-18 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build
	continue-on-error: true
	id: scanbuild

	- name: Merge reports
	run: \|
	pip install sarif-tools
	sarif copy --output /tmp/merged.sarif "${SCANBUILD_DIR}/*/.sarif"
	jq 'del(.runs[].conversion)' /tmp/merged.sarif > /tmp/scan-build.sarif
	if [ $(jq '[.runs[].results \| length] \| add' /tmp/scan-build.sarif) -gt 0 ]; then
	exit 1
	fi
	exit 0
	id: merge
	continue-on-error: true

	- name: Upload scan results
	uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
	with:
	sarif_file: /tmp/scan-build.sarif
	category: scanbuild
	continue-on-error: true

	- name: Set exit code
	run: exit 1
	if: steps.scanbuild.outcome == 'failure' \|\| steps.merge.outcome == 'failure'

Provide feedback