Support target upgrade version in update-codeql.yml workflow

[data-douser]

This pull request enhances the update-codeql.yml GitHub Actions workflow by allowing manual selection of the target CodeQL CLI version, in addition to the existing automatic nightly update. The workflow now accepts an optional input for specifying a desired version and validates its existence before proceeding.

Manual version selection and validation:

• Added a new target_version input to the workflow, allowing users to specify a desired CodeQL CLI version when manually triggering the workflow. (.github/workflows/update-codeql.yml)
• Updated the job logic to use the specified target_version if provided, including validation to ensure the version exists in the github/codeql-cli-binaries releases. If not provided, the workflow continues to fetch the latest release as before. (.github/workflows/update-codeql.yml)
• Improved output messages to reflect whether a manual or automatic version is being used, and clarified error handling for missing or invalid versions. (.github/workflows/update-codeql.yml)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[Copilot]

Pull request overview

Enhances the update-codeql.yml GitHub Actions workflow to allow manually selecting a target CodeQL CLI version (in addition to the existing nightly “latest” update flow), with validation against github/codeql-cli-binaries releases.

Changes:

• Adds a workflow_dispatch input (target_version) to optionally specify a CodeQL CLI version.
• Updates the “detect latest version” step to use the provided target version when set, and validate it exists as a release.
• Adjusts logging/output wording to reflect “target” vs “latest” selection.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

.github/workflows/update-codeql.yml:86

• latest_clean / latest_version are now used to mean the selected target version (which may be manually specified and not actually the latest). This is a bit misleading for downstream steps and summaries—consider renaming the variables/outputs to target_version/desired_version (or similar), or emit an additional output alongside latest_version to disambiguate when a manual version was provided.

          echo "Current CodeQL CLI version: ${current_version}"
          echo "Target CodeQL CLI version: ${latest_clean}"

          if [ "${latest_clean}" != "${current_version}" ]; then
            echo "✅ Update available: ${current_version} → ${latest_clean}"
            echo "update_needed=true" >> $GITHUB_OUTPUT
            echo "current_version=${current_version}" >> $GITHUB_OUTPUT
            echo "latest_version=${latest_clean}" >> $GITHUB_OUTPUT
            echo "version=v${latest_clean}" >> $GITHUB_OUTPUT