chore(deps): update github/codeql-action action to v3.25.12 #154

	name: Static Code Analysis

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	workflow_dispatch:

	permissions:
	contents: none

	jobs:
	scan-build:
	name: Run Clang Analyzer
	runs-on: ubuntu-24.04
	permissions:
	contents: read
	security-events: write
	env:
	CXX: clang++-18
	CCC_CXX: clang++-18
	DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
	SCANBUILD_DIR: /tmp/scanbuild
	steps:
	- name: Check out code
	uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

	- name: Install dependencies
	uses: ./.github/actions/install-dependencies

	- name: Run analysis
	run: \|
	scan-build-17 cmake -B build
	scan-build-17 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build
	continue-on-error: true
	id: scanbuild

	- name: Merge SARIF reports
	run: sarif-multitool merge "${{ env.SCANBUILD_DIR }}/" --recurse --output-directory=/tmp --output-file=scan-build.sarif

	- name: Upload scan results
	uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
	with:
	sarif_file: /tmp/scan-build.sarif
	category: scanbuild
	continue-on-error: true

	- name: Set exit code
	run: exit 1
	if: steps.scanbuild.outcome == 'failure'

Provide feedback