From 4b2baa07f6f5de73519846e8cb721ffb8c5f895b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 03:00:39 +0000
Subject: [PATCH 1/2] Initial plan


From bb960194c784d211d70d0e34c243ea3d97378f0b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Feb 2026 03:05:30 +0000
Subject: [PATCH 2/2] Add validation for empty latest_tag in update-codeql
 workflow

Co-authored-by: data-douser <70299490+data-douser@users.noreply.github.com>
---
 .github/workflows/update-codeql.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/update-codeql.yml b/.github/workflows/update-codeql.yml
index 10d93a30..6747c423 100644
--- a/.github/workflows/update-codeql.yml
+++ b/.github/workflows/update-codeql.yml
@@ -44,6 +44,14 @@ jobs:
 
           # Get latest release from codeql-cli-binaries
           latest_tag=$(gh release list --repo github/codeql-cli-binaries --json 'tagName,isLatest' --jq '.[] | select(.isLatest == true) | .tagName')
+
+          # Validate that we found a latest release
+          if [ -z "${latest_tag}" ]; then
+            echo "❌ Error: Could not determine latest CodeQL CLI version from github/codeql-cli-binaries" >&2
+            echo "No release marked as 'latest' was found. This may indicate an API issue or repository change." >&2
+            exit 1
+          fi
+
           latest_clean="${latest_tag#v}"
 
           echo "Current CodeQL CLI version: ${current_version}"