chore(deps): update https://gitea.t000-n.de/t.behrendt/actions action to v0.2.2

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://gitea.t000-n.de/t.behrendt/actions](https://gitea.t000-n.de/t.behrendt/actions) | action | minor | `0.1.5` → `0.2.1` |

---

### Release Notes

<details>
<summary>t.behrendt/actions (https://gitea.t000-n.de/t.behrendt/actions)</summary>

### [`v0.2.1`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.2.0...0.2.1)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.2.0...0.2.1)

### [`v0.2.0`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.7...0.2.0)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.7...0.2.0)

### [`v0.1.7`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.6...0.1.7)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.6...0.1.7)

### [`v0.1.6`](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.5...0.1.6)

[Compare Source](https://gitea.t000-n.de/t.behrendt/actions/compare/0.1.5...0.1.6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjQiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImFjdGlvbiIsImRlcHMiXX0=-->

Reviewed-on: #16
Reviewed-by: t.behrendt <t.behrendt@noreply.localhost>
Co-authored-by: Renovate Bot <renovate@t00n.de>
Co-committed-by: Renovate Bot <renovate@t00n.de>

.gitea/workflows/cd.yaml

@@ -13,15 +13,16 @@ jobs:
     name: Release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Increment tag
         id: tag
-        uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@af46017d0af5fd6af4425f8e6961f14280a1acd1 # 0.1.26
+        uses: https://gitea.t000-n.de/t.behrendt/conventional-semantic-git-tag-increment@41b7e04221df8a033bec841d40a097b76e5f67ff # 0.1.29
         with:
           token: ${{ secrets.GITEA_TOKEN }}
+          prerelease: ${{ github.event_name == 'workflow_dispatch' }}
       - name: Push tag
-        uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@1b8fe65eda1ea0a7586a5fd552ef8f4a639b154f # 0.1.3
+        uses: https://gitea.t000-n.de/t.behrendt/actions/release-git-tag@f386e2570df6a796ba0a69865c89ea0c1a7109ab # 0.2.2
         with:
           tag: ${{ steps.tag.outputs.new-tag }}

tas-upload-sarif/action.yml

@@ -1,23 +1,23 @@
-name: 'TAS Upload SARIF'
-description: 'Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false'
+name: "TAS Upload SARIF"
+description: "Upload a SARIF report to TAS (Tea Advanced Security) and fail the job if gating returns allowed: false"
 inputs:
   tas-base-url:
-    description: 'Base URL of the TAS API (e.g. https://tas.example.com)'
+    description: "Base URL of the TAS API (e.g. https://tas.example.com)"
     required: true
   sarif-file:
-    description: 'Path to the SARIF report file (JSON)'
+    description: "Path to the SARIF report file (JSON)"
     required: true
   owner:
-    description: 'Repository owner (default: GitHub repository owner)'
+    description: "Repository owner (default: GitHub repository owner)"
     required: false
   repo:
-    description: 'Repository name (default: GitHub repository name)'
+    description: "Repository name (default: GitHub repository name)"
     required: false
   branch:
-    description: 'Branch name (default: current ref name, e.g. main)'
+    description: "Branch name (default: current ref name, e.g. main)"
     required: false
 runs:
-  using: 'composite'
+  using: "composite"
   steps:
     - name: Upload SARIF to TAS and gate
       shell: bash
@@ -29,7 +29,10 @@ runs:
         SARIF_FILE: ${{ inputs.sarif-file }}
       run: |
         BASE_URL="${BASE_URL%/}"
-        URL="${BASE_URL}/repos/${OWNER}/${REPO}/branches/${BRANCH}/reports"
+        OWNER_ENC=$(jq -rn --arg x "$OWNER" '$x | @uri')
+        REPO_ENC=$(jq -rn --arg x "$REPO" '$x | @uri')
+        BRANCH_ENC=$(jq -rn --arg x "$BRANCH" '$x | @uri')
+        URL="${BASE_URL}/repos/${OWNER_ENC}/${REPO_ENC}/branches/${BRANCH_ENC}/reports"
         echo "Uploading SARIF to TAS: $URL"
 
         if [[ ! -f "$SARIF_FILE" ]]; then