chore(deps): update ubuntu:24.04 docker digest to d4f6f70 #253

	name: Static Code Analysis

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	workflow_dispatch:

	permissions:
	contents: none

	jobs:
	scan-build:
	name: Run Clang Analyzer
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	security-events: write
	env:
	CXX: clang++-18
	CCC_CXX: clang++-18
	DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
	SCANBUILD_DIR: /tmp/scanbuild
	steps:
	- name: Check out code
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- name: Install dependencies
	uses: ./.github/actions/install-dependencies

	- name: Run analysis
	run: \|
	scan-build-17 cmake -B build
	scan-build-17 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build
	continue-on-error: true
	id: scanbuild

	- name: Merge SARIF reports
	run: sarif-multitool merge "${{ env.SCANBUILD_DIR }}/" --recurse --output-directory=/tmp --output-file=scan-build.sarif

	- name: Upload scan results
	uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
	with:
	sarif_file: /tmp/scan-build.sarif
	category: scanbuild
	continue-on-error: true

	- name: Set exit code
	run: exit 1
	if: steps.scanbuild.outcome == 'failure'

Provide feedback