Skip to content

Add validation for empty latest_tag in CodeQL update workflow#60

Merged
data-douser merged 3 commits intodd/test-release-workflow/2from
copilot/sub-pr-58
Feb 19, 2026
Merged

Add validation for empty latest_tag in CodeQL update workflow#60
data-douser merged 3 commits intodd/test-release-workflow/2from
copilot/sub-pr-58

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Feb 19, 2026

The workflow's detect-update job fetches the latest CodeQL CLI release but doesn't validate the result. If the GitHub API returns no release marked as isLatest, the empty latest_tag propagates through version comparison and output variables, causing cryptic failures in downstream update steps.

Changes:

  • Added empty string check after gh release list API call
  • Fail fast with explicit error message when no latest release found
  • Write errors to stderr and exit with code 1

Example:

# Get latest release from codeql-cli-binaries
latest_tag=$(gh release list --repo github/codeql-cli-binaries --json 'tagName,isLatest' --jq '.[] | select(.isLatest == true) | .tagName')

# Validate that we found a latest release
if [ -z "${latest_tag}" ]; then
  echo "❌ Error: Could not determine latest CodeQL CLI version from github/codeql-cli-binaries" >&2
  echo "No release marked as 'latest' was found. This may indicate an API issue or repository change." >&2
  exit 1
fi

latest_clean="${latest_tag#v}"

This prevents the workflow from proceeding with empty version strings that would cause update steps to fail with unclear error messages.


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix issues in nightly CodeQL CLI update workflow Add validation for empty latest_tag in CodeQL update workflow Feb 19, 2026
@data-douser data-douser marked this pull request as ready for review February 19, 2026 03:34
@data-douser data-douser requested review from a team, data-douser and enyil as code owners February 19, 2026 03:34
@data-douser data-douser merged commit 8edf080 into dd/test-release-workflow/2 Feb 19, 2026
1 check passed
@data-douser data-douser deleted the copilot/sub-pr-58 branch February 19, 2026 03:34
data-douser added a commit that referenced this pull request Feb 19, 2026
* Add nightly CodeQL CLI update workflow

Detect new CodeQL CLI releases and create a PR with updated
version files, rebuilt dependencies, and passing build/tests.

* Update update-codeql.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

* Update .github/workflows/update-codeql.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

* Add validation for empty latest_tag in CodeQL update workflow (#60)

* Initial plan

* Add validation for empty latest_tag in update-codeql workflow

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>

* Apply suggestion from @data-douser

Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>

---------

Signed-off-by: Nathan Randall <70299490+data-douser@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants