Add nightly CodeQL CLI update workflow#58
Merged
data-douser merged 6 commits intomainfrom Feb 19, 2026
Merged
Conversation
Detect new CodeQL CLI releases and create a PR with updated version files, rebuilt dependencies, and passing build/tests.
Contributor
Dependency ReviewThe following issues were found:
License Issues.github/workflows/update-codeql.yml
OpenSSF Scorecard
Scanned Files
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request introduces an automated GitHub Actions workflow to detect new CodeQL CLI releases and create pull requests with the necessary version updates. The workflow runs nightly via cron schedule and can also be triggered manually, checking the latest CodeQL CLI version from github/codeql-cli-binaries and orchestrating version updates across multiple files if a newer version is detected.
Changes:
- Added a new workflow with two jobs: one to detect new CodeQL CLI versions and another to perform the update, build, test, and create a pull request
- The workflow updates
.codeql-version, package.json files, and codeql-pack.yml files, regenerates the lockfile, and validates changes through the full build-and-test suite - Includes comprehensive inline documentation and job summaries for observability
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
Contributor
|
@data-douser I've opened a new pull request, #60, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
* Initial plan * Add validation for empty latest_tag in update-codeql workflow Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
data-douser
commented
Feb 19, 2026
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
Comment on lines
+57
to
+61
| if [ -z "${latest_tag}" ]; then | ||
| echo "❌ ERROR: Failed to determine latest CodeQL CLI release. 'gh release list' returned no results or no release is marked as latest." >&2 | ||
| echo "update_needed=false" >> $GITHUB_OUTPUT | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
This validation check is redundant. The same condition ([ -z "${latest_tag}" ]) was already checked at lines 49-53, and the workflow exits with exit 1 if true. This second check at lines 57-61 will never execute because if latest_tag is empty, the script would have already exited at line 52. Remove this duplicate validation block.
Suggested change
| if [ -z "${latest_tag}" ]; then | |
| echo "❌ ERROR: Failed to determine latest CodeQL CLI release. 'gh release list' returned no results or no release is marked as latest." >&2 | |
| echo "update_needed=false" >> $GITHUB_OUTPUT | |
| exit 1 | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of Changes
This pull request introduces a new GitHub Actions workflow to automate the process of updating the CodeQL CLI dependency. The workflow detects new releases, updates relevant files, runs build and tests, and creates a pull request with the changes. This streamlines dependency management and ensures the project stays up-to-date with the latest CodeQL CLI releases.
Outline of Changes
Automation for CodeQL CLI updates:
.github/workflows/update-codeql.ymlworkflow to automatically detect new CodeQL CLI releases, update version-bearing files, install dependencies, run build and tests, and create a pull request for the upgrade.detect-update(checks for new CodeQL CLI versions and determines if an update is needed) andcreate-pr(performs the update, builds, tests, and creates a PR if an update is detected)..codeql-version,package.json, andcodeql-pack.ymlfiles to the latest CodeQL CLI version, and regeneratespackage-lock.jsonas part of the automated update process.