feat: Implement CodeQL CLI download and installation via GitHub CLI

GeekMasher · GeekMasher · commit 6614ecb9fa52 · 2025-09-12T10:18:14.000+01:00
diff --git a/action.Dockerfile b/action.Dockerfile
@@ -1,8 +1,3 @@
 FROM ghcr.io/advanced-security/codeql-extractor-action:v0.1.0
 
-ARG INPUT_TOKEN
-
-RUN export GH_TOKEN=$INPUT_TOKEN && \
-    gh extensions install github/gh-codeql
-
 ENTRYPOINT [ "codeql-extractor-action" ]
diff --git a/src/codeql.rs b/src/codeql.rs
@@ -0,0 +1,37 @@
+use anyhow::{Result, Context};
+use ghastoolkit::CodeQL;
+
+/// Download the CodeQL CLI using the GitHub CLI
+pub async fn gh_codeql_download(codeql_version: &str)-> Result<String> {
+
+    log::info!("Downloading CodeQL Extension for GitHub CLI...");
+    tokio::process::Command::new("gh")
+        .args(&["extensions", "install", "github/gh-codeql"])
+        .status()
+        .await
+        .context("Failed to execute `gh extensions install github/gh-codeql` command")?;
+
+    log::info!("Setting CodeQL version to {codeql_version}...");
+    tokio::process::Command::new("gh")
+        .args(&["codeql", "set-version", codeql_version])
+        .status()
+        .await
+        .context("Failed to execute `gh codeql set-version` command")?;
+
+    log::info!("Install CodeQL stub...");
+    tokio::process::Command::new("gh")
+        .args(&["codeql", "install-stub"])
+        .status()
+        .await
+        .context("Failed to execute `gh codeql install-stub` command")?;
+
+    let codeql = CodeQL::new().await;
+    if codeql.is_installed().await {
+        log::info!("CodeQL CLI installed successfully via GitHub CLI");
+    } else {
+        log::error!("CodeQL CLI installation via GitHub CLI failed");
+        return Err(anyhow::anyhow!("CodeQL CLI installation failed"));
+    }
+
+    Ok("/usr/local/bin/codeql".to_string())
+}
diff --git a/src/main.rs b/src/main.rs
@@ -6,10 +6,13 @@ use ghastoolkit::prelude::*;
 use log::{debug, info};
 
 mod action;
+mod codeql;
 mod extractors;
 
 use action::{AUTHORS, Action, BANNER, VERSION};
 
+use crate::codeql::gh_codeql_download;
+
 #[tokio::main]
 async fn main() -> Result<()> {
     let mut action = Action::init()?;
@@ -46,11 +49,14 @@ async fn main() -> Result<()> {
             log::warn!("Failed to install CodeQL: {error:?}");
             log::info!("Attempting to install CodeQL using GitHub CLI...");
 
-            tokio::process::Command::new("gh")
-                .args(&["codeql", "set-version", codeql_version.into()])
-                .status()
+            let location = gh_codeql_download(codeql_version).await
+                .context("Failed to download CodeQL using GitHub CLI")?;
+            
+            codeql = CodeQL::init()
+                .path(location)
+                .build()
                 .await
-                .context("Failed to execute `gh codeql set-version` command")?;
+                .context("Failed to create CodeQL instance after GitHub CLI installation")?;
         }
 
         log::info!("CodeQL installed");
