Also download OS-specific zip files while we're at it.
There are two files in `codeql-win64.zip` called `codeql/codeql` and
`codeql/codeql.exe`. Because of the order they were put into the zip,
they come out in the order `codeql/codeql.exe` followed by
`codeql/codeql`, and something on Windows thinks that the second file
has the same name as the first. It's because it's trying to emulate
linux and running `codeql/codeql` could run either one of them. We need
to make sure we definitely have the `.exe` file, so we explicitly
extract it again afterwards. This workaround is already used in some
other places. The order that the zip file is made in has now been fixed
so this shouldn't be a problem for future releases, so this workaround
can be removed in future.
When a PR is labelled with 'ready-for-docs-review',
this workflow comments on the PR to notify the GitHub CodeQL docs team.
Runs on `pull_request_target` events so it can write comments to the PR.
Since this runs in the context of the base repo, it must not check out the PR
or use untrusted data from the event payload.
Turns out gofmt doesn't actually return 1 when it finds problems, only when it finds source files which don't compile (all of which are now excluded).
This also fixes existing overlooked inconsistencies as a result of this mistake.
https://github.com/github/codeql-go/pull/184 added a regression test for the non-termination it was fixing. The fix hasn't made it into Code Scanning yet, so for the time being it will fail with precisely that non-termination when analysing the regression tests.
