Query pack actions-security-and-quality cannot be found

[dpogue]

As announced yesterday here: https://github.blog/changelog/2024-12-17-find-and-fix-actions-workflows-vulnerabilities-with-codeql-public-preview/

I've updated a workflow in one of my repositories to include actions in the codeql init step:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1dadcb7..e541f11 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3
         with:
-          languages: javascript
+          languages: javascript, actions
           queries: security-and-quality

The run fails with an error:

A fatal error occurred: Query pack actions-security-and-quality cannot be found. Check the spelling of the pack.

Error: Encountered a fatal error while running "/opt/hostedtoolcache/CodeQL/2.20.0/x64/codeql/codeql database init --force-overwrite --db-cluster /home/runner/work/_temp/codeql_databases --source-root=/home/runner/work/reponame/reponame --extractor-include-aliases --language=javascript --language=actions --search-path /home/runner/work/_actions/github/codeql-action/v3/actions-extractor --codescanning-config=/home/runner/work/_temp/user-config.yaml --calculate-language-specific-baseline --sublanguage-file-coverage". Exit code was 2 and error was: A fatal error occurred: Query pack actions-security-and-quality cannot be found. Check the spelling of the pack. See the logs for more details.

[aeisenberg]

Thanks for calling this out. We'll be addressing this shortly.

[ericcornelissen]

I'm not running into this anymore at least as of https://github.com/github/codeql-action/releases/tag/v3.28.1