From 5857325eae2e67fa10c9ef0c4f13f62532e87fa0 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Thu, 1 May 2025 15:44:22 -0400
Subject: [PATCH 1/3] Add Microsoft to trusted actions owner

---
 actions/ql/lib/ext/config/trusted_actions_owner.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/actions/ql/lib/ext/config/trusted_actions_owner.yml b/actions/ql/lib/ext/config/trusted_actions_owner.yml
index 676c931e50cf..bc6d8b0431ed 100644
--- a/actions/ql/lib/ext/config/trusted_actions_owner.yml
+++ b/actions/ql/lib/ext/config/trusted_actions_owner.yml
@@ -6,3 +6,5 @@ extensions:
       - ["actions"]
       - ["github"]
       - ["advanced-security"]
+      - ["microsoft"]
+      - ["azure"]

From 3ea80e9999ef756951b483b841b509c6e2be4a64 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Thu, 1 May 2025 15:48:49 -0400
Subject: [PATCH 2/3] Adding Microsoft NuGet

---
 actions/ql/lib/ext/config/trusted_actions_owner.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/actions/ql/lib/ext/config/trusted_actions_owner.yml b/actions/ql/lib/ext/config/trusted_actions_owner.yml
index bc6d8b0431ed..7c503d739f02 100644
--- a/actions/ql/lib/ext/config/trusted_actions_owner.yml
+++ b/actions/ql/lib/ext/config/trusted_actions_owner.yml
@@ -8,3 +8,4 @@ extensions:
       - ["advanced-security"]
       - ["microsoft"]
       - ["azure"]
+      - ["NuGet"]

From c1459da6477a9929cf6c4ca0ebe741227a4072e5 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Thu, 1 May 2025 16:08:21 -0400
Subject: [PATCH 3/3] Create changelog
 2025-05-01-microsoft-trusted-actions-publishers.md

---
 .../2025-05-01-microsoft-trusted-actions-publishers.md         | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md

diff --git a/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md b/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md
new file mode 100644
index 000000000000..c9fa4c7a64ea
--- /dev/null
+++ b/actions/ql/lib/change-notes/2025-05-01-microsoft-trusted-actions-publishers.md
@@ -0,0 +1,3 @@
+### Minor Analysis Improvements
+
+* Added trust for Microsoft owned GitHub Actions publishers `microsoft`,`azure`, and `NuGet` to the default `trustedActionsOwnerDataModel` extensible predicate model used by the `actions/unpinned-tag` query.