use fetch-codeql action

2026-04-25 00:35:20 +02:00 · 2022-11-03 13:49:15 +01:00
parent 3159b3d9a1
commit 83a8b1afb8
2 changed files with 20 additions and 18 deletions
--- a/.github/actions/fetch-codeql/action.yml
+++ b/.github/actions/fetch-codeql/action.yml
@@ -1,14 +1,22 @@
 name: Fetch CodeQL
 description: Fetches the latest version of CodeQL
+
+inputs:
+  channel:
+    description: 'The CodeQL channel to use'
+    required: false
+    default: 'nightly'
+
 runs:
  using: composite
  steps:
    - name: Fetch CodeQL
      shell: bash
-      run: |
-        gh extension install github/gh-codeql
-        gh codeql set-channel nightly
-        gh codeql version
-        gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
      env:
        GITHUB_TOKEN: ${{ github.token }}
+        CHANNEL: ${{ inputs.channel }}
+      run: |
+        gh extension install github/gh-codeql
+        gh codeql set-channel $CHANNEL
+        gh codeql version
+        gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
--- a/.github/workflows/compile-queries.yml
+++ b/.github/workflows/compile-queries.yml
@@ -33,25 +33,19 @@ jobs:
          restore-keys: |
            codeql-stable-compile-${{ env.merge-base }}
            codeql-stable-compile-
-      - name: install codeql
-        run: gh extension install github/gh-codeql
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup CodeQL
+        uses: ./.github/actions/fetch-codeql
+        with:
+          channel: 'release'
      - name: check formatting
-        run: gh codeql query format */ql/{src,lib,test}/**/*.{qll,ql} --check-only
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query format */ql/{src,lib,test}/**/*.{qll,ql} --check-only
      - name: compile queries - check-only
        # run with --check-only if running in a PR (github.sha != main)
        if : ${{ github.sha != steps.merge-base.outputs.merge-base }}
        shell: bash
-        run: gh codeql query compile -j0 */ql/src --keep-going --warnings=error --check-only
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query compile -j0 */ql/src --keep-going --warnings=error --check-only
      - name: compile queries - full
        # do full compile if running on main - this populates the cache
        if : ${{ github.sha == steps.merge-base.outputs.merge-base }}
        shell: bash
-        run: gh codeql query compile -j0 */ql/src --keep-going --warnings=error
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query compile -j0 */ql/src --keep-going --warnings=error