github
diff --git a/‎lib/analyze-action.js‎
Lines changed: 26 additions & 1 deletion b/‎lib/analyze-action.js‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎lib/init-action-post.js‎
Lines changed: 26 additions & 1 deletion b/‎lib/init-action-post.js‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎lib/init-action.js‎
Lines changed: 26 additions & 1 deletion b/‎lib/init-action.js‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎lib/upload-lib.js‎
Lines changed: 26 additions & 1 deletion b/‎lib/upload-lib.js‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎lib/upload-sarif-action.js‎
Lines changed: 26 additions & 1 deletion b/‎lib/upload-sarif-action.js‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎src/setup-codeql.ts‎
Lines changed: 43 additions & 0 deletions b/‎src/setup-codeql.ts‎
Lines changed: 43 additions & 0 deletions
@@ -33,8 +33,11 @@ export enum ToolsSource {
 }
 
 export const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
+const CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing";
+const CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies";
 
 const CODEQL_BUNDLE_VERSION_ALIAS: string[] = ["linked", "latest"];
+const CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"];
 
 function getCodeQLBundleExtension(
   compressionMethod: tar.CompressionMethod,
@@ -277,6 +280,7 @@ export async function getCodeQLSource(
   if (
     toolsInput &&
     !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) &&
+    !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) &&
     !toolsInput.startsWith("http")
   ) {
     logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
@@ -331,6 +335,13 @@ export async function getCodeQLSource(
    */
   let url: string | undefined;
 
+  if (
+    toolsInput !== undefined &&
+    CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)
+  ) {
+    toolsInput = await getNightlyToolsUrl(logger);
+  }
+
   if (forceShippedTools) {
     cliVersion = defaults.cliVersion;
     tagName = defaults.bundleVersion;
@@ -771,3 +782,35 @@ async function useZstdBundle(
 function getTempExtractionDir(tempDir: string) {
   return path.join(tempDir, uuidV4());
 }
+
+/**
+ * Get the URL of the latest nightly CodeQL bundle.
+ */
+async function getNightlyToolsUrl(logger: Logger) {
+  const zstdAvailability = await tar.isZstdAvailable(logger);
+  // The nightly is guaranteed to have a zstd bundle
+  const compressionMethod = (await useZstdBundle(
+    CODEQL_VERSION_ZSTD_BUNDLE,
+    zstdAvailability.available,
+  ))
+    ? "zstd"
+    : "gzip";
+
+  // Since nightlies are prereleases, we can't just download the latest release
+  // on the repository. So instead we need to find the latest pre-release
+  // version and construct the download URL from that.
+  const release = await api.getApiClient().rest.repos.listReleases({
+    owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER,
+    repo: CODEQL_NIGHTLIES_REPOSITORY_NAME,
+    per_page: 1,
+    page: 1,
+    prerelease: true,
+  });
+
+  const latestRelease = release.data[0];
+  if (!latestRelease) {
+    throw new Error("Could not find latest nightly release.");
+  }
+
+  return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`;
+}