Skip to content

Change CodeQL bundle download format to .tar.zst#13826

Open
oscarsj wants to merge 1 commit intoactions:mainfrom
oscarsj:patch-1
Open

Change CodeQL bundle download format to .tar.zst#13826
oscarsj wants to merge 1 commit intoactions:mainfrom
oscarsj:patch-1

Conversation

@oscarsj
Copy link

@oscarsj oscarsj commented Mar 19, 2026

Updated download link for CodeQL bundle to use .tar.zst format.
We are seeing toolcache miss and requests to donwload CodeQL latest version despite the fact that the version requested is the same as the version installed. Checking the codeql-action download we see that the action tries to download a .tar.zst in all platform (but windows), so this change is needed to install the proper version (.tar.zst) in Ubuntu.
This is the codeql-action code that checks the existence of the pre-installed bundle:

        const expectedExtension = process.env['RUNNER_OS'] === 'Windows' ? '.tar.gz' : '.tar.zst';
        if (!toolsUrl.endsWith(expectedExtension)) {
          core.setFailed(
            `Expected the tools URL to be a ${expectedExtension} file, but found ${toolsUrl}.`
          );
        }

Description

Bug fixing

Related issue:

Check list

  • Related issue / work item is attached
  • Tests are written (if applicable)
  • Documentation is updated (if applicable)
  • Changes are tested and related VM images are successfully generated

@oscarsj
Change CodeQL bundle download format to .tar.zst
de6e672 
Updated download link for CodeQL bundle to use .tar.zst format.
Copilot AI review requested due to automatic review settings March 19, 2026 16:03
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Ubuntu image build to download the CodeQL bundle in the .tar.zst format so that the preinstalled toolcache matches what codeql-action expects on non-Windows runners, avoiding unnecessary toolcache misses and re-downloads.

Changes:

  • Switch CodeQL bundle download artifact from .tar.gz to .tar.zst for Ubuntu.
Comments suppressed due to low confidence (1)

images/ubuntu/scripts/build/install-codeql-bundle.sh:37

  • The download URL was switched to a .tar.zst archive, but the script still unpacks using tar -xzf (gzip). This will fail at build time / leave the toolcache empty. Update the extraction step to use zstd support (e.g., tar --zstd ... or unzstd pipe) and ensure the required zstd tooling is available on the image before this runs.
codeql_archive=$(download_with_retry "https://github.com/github/codeql-action/releases/download/$bundle_tag_name/codeql-bundle-linux64.tar.zst")

codeql_toolcache_path="$AGENT_TOOLSDIRECTORY/CodeQL/$bundle_version/x64"
mkdir -p "$codeql_toolcache_path"

images/ubuntu/scripts/build/install-codeql-bundle.sh
Comment on lines 31 to 32
# Note that this is the all-platforms CodeQL bundle, to support scenarios where customers run
# different operating systems within containers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oscarsj