René's URL Explorer Experiment


Title: Add feature for forcing the `nightly` bundle in `dynamic` workflows by mbg · Pull Request #3484 · github/codeql-action · GitHub

Open Graph Title: Add feature for forcing the `nightly` bundle in `dynamic` workflows by mbg · Pull Request #3484 · github/codeql-action

X Title: Add feature for forcing the `nightly` bundle in `dynamic` workflows by mbg · Pull Request #3484 · github/codeql-action

Description: Adds a Feature which, when enabled, and the workflow was triggered by a dynamic event forces getCodeQLSource to pick the latest, nightly release. Some drive-by improvements and observations: I added a couple of comments to better document getCodeQLSource. While writing those, I noticed that the !toolsInput.startsWith("http") check would probably cause problems if a file happened to have a path that starts with http. Probably not a very likely problem, but could be tricky to troubleshoot if it happens. We could improve this by performing more explicit checks for http:// and https:// or whether the suspected file exists locally or not. Outside of the scope of this PR though. I added a unit test for tools: nightly which didn't seem to exist. While doing that, I noticed that getNightlyToolsUrl seems to assume that the nightly tag is codeql-bundle- followed by a semver, but this is no longer the case for nightly releases. There's a fallback logic which handles this fine, but we should probably update this to expect the date-based tags. Risk assessment For internal use only. Please select the risk level of this change: Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. Which use cases does this change impact? Workflow types: Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...). Products: Code Scanning - The changes impact analyses when analysis-kinds: code-scanning. Code Quality - The changes impact analyses when analysis-kinds: code-quality. CCR - The changes impact analyses for Copilot Code Reviews. Environments: Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency. How did/will you validate this change? Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files). End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks). If something goes wrong after this change is released, what are the mitigation and rollback strategies? Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags. How will you know if something goes wrong after this change is released? Telemetry - I rely on existing telemetry or have made changes to the telemetry. Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. Alerts - New or existing monitors will trip if something goes wrong with this change. Are there any special considerations for merging or releasing this change? No special considerations - This change can be merged at any time. Merge / deployment checklist Confirm this change is backwards compatible with existing workflows. Consider adding a changelog entry for this change. Confirm the readme and docs have been updated if necessary.

Open Graph Description: Adds a Feature which, when enabled, and the workflow was triggered by a dynamic event forces getCodeQLSource to pick the latest, nightly release. Some drive-by improvements and observations: I add...

X Description: Adds a Feature which, when enabled, and the workflow was triggered by a dynamic event forces getCodeQLSource to pick the latest, nightly release. Some drive-by improvements and observations: I add...

Opengraph URL: https://github.com/github/codeql-action/pull/3484

X: @github

direct link

Domain: github.com

route-pattern/:user_id/:repository/pull/:id/files(.:format)
route-controllerpull_requests
route-actionfiles
fetch-noncev2:a357d23d-690e-b838-9c9b-4dc3737e5599
current-catalog-service-hashae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b
request-idC62A:CC9F1:E6F36A:1452E53:6A4CAED4
html-safe-noncec17f05d268c1b29ea1935534a8284233fbad0eed5537efda72df313bb5250b74
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDNjJBOkNDOUYxOkU2RjM2QToxNDUyRTUzOjZBNENBRUQ0IiwidmlzaXRvcl9pZCI6IjY1MDA3MTk5MDM3OTk4MTU4OTIiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac92d1675c436bbcdd4ca2f1ecec7ec28d057bc8423de613d85ce9cf9944862ba1
hovercard-subject-tagpull_request:3287265521
github-keyboard-shortcutsrepository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///pull_requests/show/files
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/github/codeql-action/pull/3484/files
twitter:imagehttps://avatars.githubusercontent.com/u/278086?s=400&v=4
twitter:cardsummary_large_image
og:imagehttps://avatars.githubusercontent.com/u/278086?s=400&v=4
og:image:altAdds a Feature which, when enabled, and the workflow was triggered by a dynamic event forces getCodeQLSource to pick the latest, nightly release. Some drive-by improvements and observations: I add...
og:site_nameGitHub
og:typeobject
hostnamegithub.com
expected-hostnamegithub.com
None3d11bb817438277de2a940854450e83a7d32b6aeb5014e9e6b00a6423900251c
turbo-cache-controlno-preview
diff-viewunified
go-importgithub.com/github/codeql-action git https://github.com/github/codeql-action.git
octolytics-dimension-user_id9919
octolytics-dimension-user_logingithub
octolytics-dimension-repository_id259445878
octolytics-dimension-repository_nwogithub/codeql-action
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id259445878
octolytics-dimension-repository_network_root_nwogithub/codeql-action
turbo-body-classeslogged-out env-production page-responsive full-width
disable-turbotrue
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
releaseae90d426644ca15e89bacceb72e51f4e9dbf85f7
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/github/codeql-action/pull/3484/files#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3484%2Ffiles
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fgithub%2Fcodeql-action%2Fpull%2F3484%2Ffiles
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fpull_requests%2Fshow%2Ffiles&source=header-repo&source_repo=github%2Fcodeql-action
Reloadhttps://github.com/github/codeql-action/pull/3484/files
Reloadhttps://github.com/github/codeql-action/pull/3484/files
Reloadhttps://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
github https://github.com/github
codeql-actionhttps://github.com/github/codeql-action
Notifications https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Fork 470 https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Star 1.6k https://github.com/login?return_to=%2Fgithub%2Fcodeql-action
Code https://github.com/github/codeql-action
Issues 156 https://github.com/github/codeql-action/issues
Pull requests 27 https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality 2 https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Code https://github.com/github/codeql-action
Issues https://github.com/github/codeql-action/issues
Pull requests https://github.com/github/codeql-action/pulls
Actions https://github.com/github/codeql-action/actions
Models https://github.com/github/codeql-action/models
Security and quality https://github.com/github/codeql-action/security
Insights https://github.com/github/codeql-action/pulse
Sign up for GitHub https://github.com/signup?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
terms of servicehttps://docs.github.com/terms
privacy statementhttps://docs.github.com/privacy
Sign inhttps://github.com/login?return_to=%2Fgithub%2Fcodeql-action%2Fissues%2Fnew%2Fchoose
mbghttps://github.com/mbg
mainhttps://github.com/github/codeql-action/tree/main
mbg/cli/force-nightlyhttps://github.com/github/codeql-action/tree/mbg/cli/force-nightly
Conversation 15 https://github.com/github/codeql-action/pull/3484
Findings https://github.com/github/codeql-action/pull/3484/findings
Commits 11 https://github.com/github/codeql-action/pull/3484/commits
Checks 251 https://github.com/github/codeql-action/pull/3484/checks
Files changed https://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
Add feature for forcing the nightly bundle in dynamic workflows https://github.com/github/codeql-action/pull/3484/files#top
Show all changes 11 commits https://github.com/github/codeql-action/pull/3484/files
34d43db Add `ForceNightly` feature mbg Feb 15, 2026 https://github.com/github/codeql-action/pull/3484/commits/34d43db4c6306018914b50edfddf5a85c760d8ed
817d568 Improve docs in `setup-codeql` mbg Feb 15, 2026 https://github.com/github/codeql-action/pull/3484/commits/817d568ca00ecf6ab45fe58f9a2fabab0815be84
466a4f0 Add unit test for `tools: nightly` mbg Feb 15, 2026 https://github.com/github/codeql-action/pull/3484/commits/466a4f00eb612b2af75149e4cb03a47eac705b9c
d5f0374 Force `nightly` bundle when FF is enabled mbg Feb 15, 2026 https://github.com/github/codeql-action/pull/3484/commits/d5f0374a1f31bffc753a6ab5b56d9de935c74ec9
a61e3cb Add integration test mbg Feb 15, 2026 https://github.com/github/codeql-action/pull/3484/commits/a61e3cb9f2c4b91de690400d49beb2a09e3920be
8b734d3 Improve variable names and comments mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/8b734d3bc2f0f9afb51c200eb4a311cc6ea5782e
73f5a29 Complete JSDoc mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/73f5a299602884ccaa1a2f0c5e7706dc00a8bc1e
e6a312a Allow `addNoLanguageDiagnostic` to be used without a `Config` mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/e6a312a771d49a9a7983df76ad0347cfb53530fd
e315c6f Add diagnostic when a nightly release is forced mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/e315c6fd3b548c667efed3fa4303e6e4600796aa
f8c75d3 Change diagnostic level to `note` mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/f8c75d3f32959b4d941a1f12d3abf8f63dcf7f08
ac74c28 Use `init` in new check workflow mbg Feb 16, 2026 https://github.com/github/codeql-action/pull/3484/commits/ac74c2835a29f57ec69bb70be693b2428f9f6365
Clear filters https://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
__bundle-from-nightly.yml https://github.com/github/codeql-action/pull/3484/files#diff-54e60b62d2156609f7c934f7e79461843a470c6b84d3c6dd7303a611745b4c36
analyze-action-post.js https://github.com/github/codeql-action/pull/3484/files#diff-911c5662a35b2dddfb65aeded5d3fbb4305c867e2f8988eb1d75bee9208593ab
analyze-action.js https://github.com/github/codeql-action/pull/3484/files#diff-4926d6bcb92a4de805ceb8d280f31c24cffa2445b3a36cc658e5032a0910ed15
autobuild-action.js https://github.com/github/codeql-action/pull/3484/files#diff-850bbbd46e929f29c34c186fb38aebfc228803ab6191e6a668027042620c4f30
init-action-post.js https://github.com/github/codeql-action/pull/3484/files#diff-08750c194e36e3925a63362bbc1a7207690bd44add665b7c357e9d8b1861a4e6
init-action.js https://github.com/github/codeql-action/pull/3484/files#diff-bd9b22d62f144e71ae32a07c7c5151e30b31cd76d22303745df64c9886d81342
resolve-environment-action.js https://github.com/github/codeql-action/pull/3484/files#diff-46abfbca7ce31021720a31a005df69b4d2001e8f6211629198bd996ca1624d8b
setup-codeql-action.js https://github.com/github/codeql-action/pull/3484/files#diff-48a1e0d5f2fd249f221a7fcf67cd08518a435c0710722fa28b51fa40703e39ea
start-proxy-action-post.js https://github.com/github/codeql-action/pull/3484/files#diff-097051c7f12bb5167c369a2967376b55951a4d4d95b6f9dd4e0caf70fbd89dbf
start-proxy-action.js https://github.com/github/codeql-action/pull/3484/files#diff-9ef3265f6cc827943cc3edade4225dacb911ccb9d6891b38d0e744208d0dbe99
upload-lib.js https://github.com/github/codeql-action/pull/3484/files#diff-8ea2623264a4246323c551f1b018e163d8ea00c2fed5c4f4ead1c5b9d036cfd6
upload-sarif-action-post.js https://github.com/github/codeql-action/pull/3484/files#diff-83f37f8420ffb4c89a3f6a74854bdc504b93edd5e0f7dbd73772d8f8c1f4d11e
upload-sarif-action.js https://github.com/github/codeql-action/pull/3484/files#diff-5d3767541163ba07f1a1928ef585f505845a68d6a46a26fb68fa41e19786111b
bundle-from-nightly.yml https://github.com/github/codeql-action/pull/3484/files#diff-85cbc4b0bd788b060693016491e5928eca4529cfd62579bc6df1fc2689c77415
diagnostics.ts https://github.com/github/codeql-action/pull/3484/files#diff-da8cc70370d67b4c482d5cf755fb7f45697844107dd73ccf7f5b54162703f63c
feature-flags.ts https://github.com/github/codeql-action/pull/3484/files#diff-d6ca7464724b1fe6094ce0912d338e79983058d9acda8717c0469d40f1ae3dbd
setup-codeql.test.ts https://github.com/github/codeql-action/pull/3484/files#diff-f306d28dd1b1b19631643393e111cbf6e6dad30ad83d9eca67f08a64e5e8c324
setup-codeql.ts https://github.com/github/codeql-action/pull/3484/files#diff-1cfeb61aadfc528c554a41781d61b9aea3ea35902cc52b2e1b0ba8d49eb6cda1
testing-utils.ts https://github.com/github/codeql-action/pull/3484/files#diff-b5e75f890eca9e7fbfff472427b39ce0f5628833109b50e7b2d165729bd8c124
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
.github/workflows/__bundle-from-nightly.ymlhttps://github.com/github/codeql-action/pull/3484/files#diff-54e60b62d2156609f7c934f7e79461843a470c6b84d3c6dd7303a611745b4c36
View file https://github.com/github/codeql-action/blob/ac74c2835a29f57ec69bb70be693b2428f9f6365/.github/workflows/__bundle-from-nightly.yml
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
lib/analyze-action-post.jshttps://github.com/github/codeql-action/pull/3484/files#diff-911c5662a35b2dddfb65aeded5d3fbb4305c867e2f8988eb1d75bee9208593ab
View file https://github.com/github/codeql-action/blob/ac74c2835a29f57ec69bb70be693b2428f9f6365/lib/analyze-action-post.js
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
lib/analyze-action.jshttps://github.com/github/codeql-action/pull/3484/files#diff-4926d6bcb92a4de805ceb8d280f31c24cffa2445b3a36cc658e5032a0910ed15
View file https://github.com/github/codeql-action/blob/ac74c2835a29f57ec69bb70be693b2428f9f6365/lib/analyze-action.js
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
https://github.com/github/codeql-action/blob/main/CODEOWNERS#L1
lib/autobuild-action.jshttps://github.com/github/codeql-action/pull/3484/files#diff-850bbbd46e929f29c34c186fb38aebfc228803ab6191e6a668027042620c4f30
View file https://github.com/github/codeql-action/blob/ac74c2835a29f57ec69bb70be693b2428f9f6365/lib/autobuild-action.js
Open in desktop https://desktop.github.com
how customized files appear on GitHubhttps://docs.github.com/github/administering-a-repository/customizing-how-changed-files-appear-on-github
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
Please reload this pagehttps://github.com/github/codeql-action/pull/3484/files
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.