Build(deps): Bump github/codeql-action from 3.27.9 to 3.28.0 (#236) #903

	name: Haskell Dockerfile Linter

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]
	types: [opened, reopened, synchronize]
	schedule:
	- cron: '0 0 * * *'

	### Ensures that only one CI task per branch/environment will run at a time ###
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	hadolint:
	name: Hadolint Scanning
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	actions: read
	contents: read

	steps:
	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Run hadolint
	uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
	with:
	dockerfile: ./Dockerfile
	format: sarif
	output-file: hadolint-results.sarif
	no-fail: true

	- name: Upload analysis results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
	if: always()
	with:
	sarif_file: hadolint-results.sarif
	wait-for-processing: true

Provide feedback