Add github-codeql-tools repository property support for tools input

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com> Agent-Logs-Url: https://github.com/github/codeql-action/sessions/24ef386a-5e4a-4630-b138-747d6c5729da
2026-05-01 19:30:49 +00:00 · 2026-03-23 17:30:23 +00:00
parent 5909f491f0
commit e74c1eea4a
19 changed files with 372 additions and 96 deletions
@@ -105069,6 +105069,7 @@ var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
  RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay";
  RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
  RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
+  RepositoryPropertyName2["TOOLS"] = "github-codeql-tools";
  return RepositoryPropertyName2;
 })(RepositoryPropertyName || {});
 var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set(
@@ -105658,7 +105659,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
  }
  return void 0;
 }
-async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) {
+async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger, toolsInputFromRepositoryProperty = false) {
  if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) {
    logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
    const compressionMethod2 = inferCompressionMethod(toolsInput);
@@ -105726,11 +105727,17 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    const allowToolcacheValueFF = await features.getValue(
      "allow_toolcache_input" /* AllowToolcacheInput */
    );
-    const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
+    const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
    if (allowToolcacheValue) {
-      logger.info(
-        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
-      );
+      if (toolsInputFromRepositoryProperty) {
+        logger.info(
+          `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
+        );
+      } else {
+        logger.info(
+          `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
+        );
+      }
      latestToolcacheVersion = getLatestToolcacheVersion(logger);
      if (latestToolcacheVersion) {
        cliVersion2 = latestToolcacheVersion;
@@ -105738,9 +105745,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    }
    if (latestToolcacheVersion === void 0) {
      if (allowToolcacheValue) {
-        logger.info(
-          `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
-        );
+        if (toolsInputFromRepositoryProperty) {
+          logger.info(
+            `Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
+          );
+        } else {
+          logger.info(
+            `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
+          );
+        }
      } else {
        if (allowToolcacheValueFF) {
          logger.warning(
@@ -105963,7 +105976,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) {
  }
  return cliVersion2;
 }
-async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
+async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
  if (!await isBinaryAccessible("tar", logger)) {
    throw new ConfigurationError(
      "Could not find tar in PATH, so unable to extract CodeQL bundle."
@@ -105977,7 +105990,8 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
    variant,
    zstdAvailability.available,
    features,
-    logger
+    logger,
+    toolsInputFromRepositoryProperty
  );
  let codeqlFolder;
  let toolsVersion = source.toolsVersion;
@@ -106100,7 +106114,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
 var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
 var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
 var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
+async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
  try {
    const {
      codeqlFolder,
@@ -106115,7 +106129,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
      variant,
      defaultCliVersion,
      features,
-      logger
+      logger,
+      toolsInputFromRepositoryProperty
    );
    logger.debug(
      `Bundle download status report: ${JSON.stringify(
@@ -106703,7 +106718,7 @@ async function getJobRunUuidSarifOptions(codeql) {
 }

 // src/init.ts
-async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
+async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
  logger.startGroup("Setup CodeQL tools");
  const {
    codeql,
@@ -106719,7 +106734,8 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
    defaultCliVersion,
    features,
    logger,
-    true
+    true,
+    toolsInputFromRepositoryProperty
  );
  await codeql.printVersion();
  logger.endGroup();