Skip to content

Automatically download latest version of CodeQL #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Automatically download latest version of CodeQL #66

wants to merge 1 commit into from
+1 −2

Conversation

@kevinbackhouse
Copy link
Collaborator

@kevinbackhouse kevinbackhouse commented Nov 7, 2025

It's going to be a nuisance if we have to keep updating the CodeQL version number in this file.

Copilot AI review requested due to automatic review settings November 7, 2025 21:46
Copilot AI reviewed Nov 7, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the CodeQL CLI installation in the Docker image to automatically use the latest version instead of a pinned version (2.23.0).

  • Removes the CODEQL_VERSION environment variable that pinned the version to 2.23.0
  • Changes the download URL to use /releases/latest/download/ instead of a specific version tag

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

release_tools/publish_docker.py
# Install CodeQL CLI
ENV CODEQL_VERSION=2.23.0
RUN curl -Ls -o /tmp/codeql.zip https://github.com/github/codeql-cli-binaries/releases/download/v$CODEQL_VERSION/codeql-linux64.zip \\
RUN curl -Ls -o /tmp/codeql.zip https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip \\
Copy link

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using /releases/latest/download/ instead of a pinned version can lead to reproducibility and stability issues. Docker images built at different times may use different CodeQL CLI versions, potentially causing:

  1. Inconsistent behavior across deployments
  2. Unexpected breaking changes
  3. Difficulty troubleshooting issues

Consider either:

  • Keeping a pinned version (e.g., v2.23.0) for reproducible builds
  • Adding a mechanism to explicitly update the version through configuration rather than automatically pulling the latest
  • Documenting why automatic updates are preferred over version pinning

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@m-y-mo m-y-mo Awaiting requested review from m-y-mo m-y-mo is a code owner

@p- p- Awaiting requested review from p- p- is a code owner

@JarLob JarLob Awaiting requested review from JarLob JarLob is a code owner

@sylwia-budzynska sylwia-budzynska Awaiting requested review from sylwia-budzynska sylwia-budzynska is a code owner

@Kwstubbs Kwstubbs Awaiting requested review from Kwstubbs Kwstubbs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kevinbackhouse