use fetch-codeql action

erik-krogh · erik-krogh · commit 83a8b1afb879 · 2022-11-03T13:49:15.000+01:00
diff --git a/.github/actions/fetch-codeql/action.yml b/.github/actions/fetch-codeql/action.yml
@@ -1,14 +1,22 @@
 name: Fetch CodeQL
 description: Fetches the latest version of CodeQL
+
+inputs:
+  channel:
+    description: 'The CodeQL channel to use'
+    required: false
+    default: 'nightly'
+
 runs:
   using: composite
   steps:
     - name: Fetch CodeQL
       shell: bash
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+        CHANNEL: ${{ inputs.channel }}
       run: |
         gh extension install github/gh-codeql
-        gh codeql set-channel nightly
+        gh codeql set-channel $CHANNEL
         gh codeql version
         gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/compile-queries.yml b/.github/workflows/compile-queries.yml
@@ -33,25 +33,19 @@ jobs:
           restore-keys: |
             codeql-stable-compile-${{ env.merge-base }}
             codeql-stable-compile-
-      - name: install codeql
-        run: gh extension install github/gh-codeql
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup CodeQL
+        uses: ./.github/actions/fetch-codeql
+        with:
+          channel: 'release'
       - name: check formatting
-        run: gh codeql query format */ql/{src,lib,test}/**/*.{qll,ql} --check-only
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query format */ql/{src,lib,test}/**/*.{qll,ql} --check-only
       - name: compile queries - check-only
         # run with --check-only if running in a PR (github.sha != main)
         if : ${{ github.sha != steps.merge-base.outputs.merge-base }}
         shell: bash
-        run: gh codeql query compile -j0 */ql/src --keep-going --warnings=error --check-only
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query compile -j0 */ql/src --keep-going --warnings=error --check-only
       - name: compile queries - full
         # do full compile if running on main - this populates the cache
         if : ${{ github.sha == steps.merge-base.outputs.merge-base }}
         shell: bash
-        run: gh codeql query compile -j0 */ql/src --keep-going --warnings=error
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: codeql query compile -j0 */ql/src --keep-going --warnings=error
