Bump sigs.k8s.io/release-utils from 0.9.0 to 0.10.0 (#1443) #3692

	name: "CodeQL"

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	schedule:
	- cron: '32 8 * * 2'

	jobs:
	analyze:
	name: Analyze
	runs-on: ubuntu-latest

	permissions:
	actions: read
	contents: read
	security-events: write

	strategy:
	fail-fast: false
	matrix:
	language:
	- 'go'

	steps:
	- name: Checkout repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Filter paths
	uses: dorny/paths-filter@v3
	id: changes
	with:
	filters: \|
	gocode:
	- 'pkg/**'
	- 'cmd/**'

	- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
	with:
	go-version-file: 'go.mod'

	# Initializes the CodeQL tools for scanning.
	- name: Initialize CodeQL
	if: steps.changes.outputs.gocode == 'true'
	uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
	with:
	languages: '${{ matrix.language }}'

	- name: Build
	if: steps.changes.outputs.gocode == 'true'
	run: \|
	make build

	- name: Perform CodeQL Analysis
	if: steps.changes.outputs.gocode == 'true'
	uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8

Provide feedback