From 2a0d8dad89c224ec9be811ed1d5171b18139300c Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 24 Apr 2025 06:19:48 -0500
Subject: [PATCH 1/3] PYTHON-5348 Run GitHub Actions Scan as Part of Python
 Release

---
 .github/workflows/release-python.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index efdd846b1..8bcf5452e 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -61,14 +61,20 @@ jobs:
     with:
       ref: ${{ needs.pre-publish.outputs.version }}
 
-  static-scan:
+  static-python:
     needs: [pre-publish]
     uses: ./.github/workflows/codeql-python.yml
     with:
       ref: ${{ needs.pre-publish.outputs.version }}
 
+  static-actions:
+    needs: [pre-publish]
+    uses: ./.github/workflows/codeql-actions.yml
+    with:
+      ref: ${{ needs.pre-publish.outputs.version }}
+
   publish:
-    needs: [build-dist, static-scan]
+    needs: [build-dist, static-python]
     name: Upload release to PyPI
     runs-on: ubuntu-latest
     environment: release-python

From eb8ca1f721a9deeb357899f8a46f27c63093b171 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 24 Apr 2025 06:21:41 -0500
Subject: [PATCH 2/3] fix action call

---
 .github/workflows/codeql-actions.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/codeql-actions.yml b/.github/workflows/codeql-actions.yml
index fecb95d02..fc511334c 100644
--- a/.github/workflows/codeql-actions.yml
+++ b/.github/workflows/codeql-actions.yml
@@ -10,6 +10,11 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '17 10 * * 2'
+  workflow_call:
+    inputs:
+      ref:
+        required: true
+        type: string
 
 jobs:
   analyze-python:
@@ -27,6 +32,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         fetch-depth: 0
+        ref: ${{ inputs.ref }}
         persist-credentials: false
 
     # Initializes the CodeQL tools for scanning.

From 66e5c0c293c78f4010f9204840da8d48af146de3 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Thu, 24 Apr 2025 06:31:19 -0500
Subject: [PATCH 3/3] fix prereqs

---
 .github/workflows/release-python.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index 8bcf5452e..0e650e6ee 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -74,7 +74,7 @@ jobs:
       ref: ${{ needs.pre-publish.outputs.version }}
 
   publish:
-    needs: [build-dist, static-python]
+    needs: [build-dist, static-python, static-actions]
     name: Upload release to PyPI
     runs-on: ubuntu-latest
     environment: release-python