Merge pull request #223 from advanced-security/copilot-setup-steps

felickz · web-flow · commit f693b3d2f34a · 2025-09-08T12:29:54.000-04:00
Create copilot-setup-steps.yml to install gh codeql
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -47,6 +47,9 @@ jobs:
 
           tar -zxf extractor-iac.tar.gz
 
+          chmod +x extractor-pack/tools/*.sh
+          chmod +x extractor-pack/tools/**/*          
+
       - uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
         if: steps.extractor-changes.outputs.src == 'true'
 
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
@@ -0,0 +1,57 @@
+---
+name: "Copilot Setup Steps"
+
+# Automatically run the setup steps when they are changed to allow for
+# easy validation, and manual testing through the repository's Actions tab
+on:
+  workflow_dispatch: {}
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  # The job MUST be called `copilot-setup-steps` or it will not be picked up
+  # by Copilot.
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+
+    # Set the permissions to the lowest permissions possible needed for your
+    # steps. Copilot will be given its own token for its operations.
+    permissions:
+      # If you want to clone the repository as part of your setup steps, for
+      # example to install dependencies, you'll need the `contents: read`
+      # permission. If you don't clone the repository in your setup steps,
+      # Copilot will do this for you automatically after the steps complete.
+      contents: read
+
+    # You can define any steps you want, and they will run before the agent
+    # starts. If you do not check out your code, Copilot will do this for you.
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+
+      - name: Install GitHub CLI CodeQL extension
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Install GitHub CLI (should already be available in ubuntu-latest)
+          gh --version
+
+          # Install CodeQL CLI extension
+          gh extension install github/gh-codeql
+
+          # Set CodeQL to latest version
+          gh codeql set-version latest
+
+          # Verify the extension is installed and working
+          gh codeql version
+
+          # Install packs
+          (cd ./ql/src/ && gh codeql pack install)
+          (cd ./ql/lib/ && gh codeql pack install)
+          (cd ./ql/test/ && gh codeql pack install)
