Error on GHES: Malformed tools url: Error: Malformed tools url: https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21. Bundle version could not be inferred. Bundle version could not be inferred

[rajbos]

I got the CodeQL workflow running on our Acceptance environment with GHES 3.6.3 last week, so now I wanted to replicate this on our Production environment. I synced the codeql-action using codeql-action-sync, configured the normal CodeQL workflow (language: javascript) and ran it. Then I got this error:

Error: Malformed tools url: https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21. Bundle version could not be inferred.

Checking the codeql-action repository on the appliance I found two releases with the CodeQL bundle name:

• SHA 421a1b3 = Bundles CodeQL CLI v2.12.1
• SHA ff3337e = Bundles CodeQL CLI v2.12.0

On our acceptance environment there was only SHA ff3337e = Bundles CodeQL CLI v2.12.0.
Deleting the oldest release does not help, same error.

Parts of the logs that give more information:

2023-02-06T14:16:10.6463471Z ##[group]Run github/codeql-action/init@v2
2023-02-06T14:16:10.6463677Z with:
2023-02-06T14:16:10.6463868Z   languages: javascript
2023-02-06T14:16:10.6464185Z   token: ***
2023-02-06T14:16:10.6464376Z   matrix: {
  "language": "javascript"
}

.................

2023-02-06T14:16:11.3309678Z ##[debug]Not running against github.com. Disabling all toggleable features.
2023-02-06T14:16:11.3310540Z ##[debug]Writing feature flags to /runner/_work/_temp/cached-feature-flags.json
2023-02-06T14:16:11.3371750Z ##[debug]Feature 'bypass_toolcache_enabled' undefined in API response, considering it disabled.
2023-02-06T14:16:11.3372484Z ##[debug]Feature 'bypass_toolcache_kotlin_swift_enabled' undefined in API response, considering it disabled.
2023-02-06T14:16:11.3373187Z ::group::Setup CodeQL tools
2023-02-06T14:16:11.3373410Z ##[group]Setup CodeQL tools
2023-02-06T14:16:11.3380950Z ##[debug]isExplicit: 2.12.1
2023-02-06T14:16:11.3381307Z ##[debug]explicit? true
2023-02-06T14:16:11.3383545Z ##[debug]checking cache: /opt/hostedtoolcache/CodeQL/2.12.1/x64
2023-02-06T14:16:11.3383936Z ##[debug]not found
2023-02-06T14:16:11.3384435Z ##[debug]Didn't find a version of the CodeQL tools in the toolcache with a version number exactly matching 2.12.1.
2023-02-06T14:16:11.3385168Z ##[debug]Found the following versions of the CodeQL tools in the toolcache: [].
2023-02-06T14:16:11.3385977Z ##[debug]Did not find exactly one version of the CodeQL tools starting with the requested version.
2023-02-06T14:16:11.3386948Z ##[debug]Bundle version 20230120 is not in SemVer format. Will treat it as pre-release 0.0.0-20230120.
2023-02-06T14:16:11.3388013Z ##[debug]Computed a fallback toolcache version number of 0.0.0-20230120 for CodeQL tools version 2.12.1.
2023-02-06T14:16:11.3388647Z ##[debug]isExplicit: 0.0.0-20230120
2023-02-06T14:16:11.3389007Z ##[debug]explicit? true
2023-02-06T14:16:11.3390091Z ##[debug]checking cache: /opt/hostedtoolcache/CodeQL/0.0.0-20230120/x64
2023-02-06T14:16:11.3390498Z ##[debug]not found
2023-02-06T14:16:11.3390854Z ##[debug]Did not find CodeQL tools version 2.12.1 in the toolcache.
2023-02-06T14:16:11.3391603Z ##[debug]Did not find any candidate pinned versions of the CodeQL tools in the toolcache.
2023-02-06T14:16:11.4046971Z Found CodeQL bundle in github/codeql-action on https://mycompany.com with URL https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21.
2023-02-06T14:16:11.4050679Z ##[debug]Providing an authorization token to download CodeQL tools.
2023-02-06T14:16:11.4051304Z Downloading CodeQL tools from https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21. This may take a while.
2023-02-06T14:16:11.4061289Z ##[debug]Downloading https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21
2023-02-06T14:16:11.4061958Z ##[debug]Destination /runner/_work/_temp/4574c267-0a87-456c-accb-0b201db46144
2023-02-06T14:16:14.2242935Z ##[debug]download complete
2023-02-06T14:16:14.2310317Z ##[debug]CodeQL bundle download to /runner/_work/_temp/4574c267-0a87-456c-accb-0b201db46144 complete.
2023-02-06T14:16:14.2310854Z ##[debug]Checking tar --version
2023-02-06T14:16:14.2430451Z ##[debug]tar (GNU tar) 1.30
2023-02-06T14:16:14.2430728Z ##[debug]Copyright (C) 2017 Free Software Foundation, Inc.
2023-02-06T14:16:14.2431072Z ##[debug]License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
2023-02-06T14:16:14.2431410Z ##[debug]This is free software: you are free to change and redistribute it.
2023-02-06T14:16:14.2431709Z ##[debug]There is NO WARRANTY, to the extent permitted by law.
2023-02-06T14:16:14.2432043Z ##[debug]
2023-02-06T14:16:14.2432252Z ##[debug]Written by John Gilmore and Jay Fenlason.
2023-02-06T14:16:14.2439890Z [command]/usr/bin/tar xz -v --warning=no-unknown-keyword --overwrite -C /runner/_work/_temp/a0c7bea0-a3da-408d-97f8-6695b79ca01d -f /runner/_work/_temp/4574c267-0a87-456c-accb-0b201db46144
2023-02-06T14:16:14.2536373Z codeql/
2023-02-06T14:16:14.2536634Z codeql/.codeqlmanifest.json
2023-02-06T14:16:14.2536869Z codeql/LICENSE.md
2023-02-06T14:16:14.2537389Z codeql/Open-Source-Notices/
2023-02-06T14:16:14.2537669Z codeql/Open-Source-Notices/NOTICES
2023-02-06T14:16:14.2537988Z codeql/Open-Source-Notices/ant-notice.txt
2023-02-06T14:16:14.2538293Z codeql/Open-Source-Notices/apache-2.0.txt

And after the entire file listing:

2023-02-06T14:16:22.7809112Z codeql/xml/COPYRIGHT
2023-02-06T14:16:22.7810507Z codeql/xml/LICENSE
2023-02-06T14:16:22.7811324Z codeql/xml/codeql-extractor.yml
2023-02-06T14:16:22.7811656Z codeql/xml/tools/
2023-02-06T14:16:22.7812105Z codeql/xml/tools/autobuild.cmd
2023-02-06T14:16:22.7812497Z codeql/xml/tools/autobuild.sh
2023-02-06T14:16:22.7813116Z codeql/xml/tools/index-files.cmd
2023-02-06T14:16:22.7813601Z codeql/xml/tools/index-files.sh
2023-02-06T14:16:22.7813910Z codeql/xml/tools/xml-extractor.jar
2023-02-06T14:16:22.7951523Z codeql/xml/xml.dbscheme
2023-02-06T14:16:22.7967741Z ##[error]Error: Malformed tools url: https://mycompany.com/api/v3/repos/github/codeql-action/releases/assets/21. Bundle version could not be inferred
2023-02-06T14:16:22.7969984Z ##[error]Unable to download and extract CodeQL CLI
2023-02-06T14:16:22.7997927Z Error: Unable to download and extract CodeQL CLI
2023-02-06T14:16:22.7998654Z     at setupCodeQL (/runner/_work/_actions/github/codeql-action/v2/lib/codeql.js:131:15)
2023-02-06T14:16:22.7999028Z     at runMicrotasks (<anonymous>)
2023-02-06T14:16:22.7999418Z     at processTicksAndRejections (node:internal/process/task_queues:96:5)
2023-02-06T14:16:22.7999981Z     at async initCodeQL (/runner/_work/_actions/github/codeql-action/v2/lib/init.js:46:76)
2023-02-06T14:16:22.8000818Z     at async run (/runner/_work/_actions/github/codeql-action/v2/lib/init-action.js:125:34)
2023-02-06T14:16:22.8001419Z     at async runWrapper (/runner/_work/_actions/github/codeql-action/v2/lib/init-action.js:208:9)
2023-02-06T14:16:22.8003253Z ##[debug]Sending status report: {"workflow_run_id":50458,"workflow_name":"CodeQL","job_name":"analyze","analysis_key":".github/workflows/codeql-analysis.yml:analyze","commit_oid":"b332ca619e41ddf2ae640fa113f004c2b2e5ee7f","ref":"refs/heads/master","action_name":"init","action_ref":"v2","action_oid":"unknown","started_at":"2023-02-06T14:16:10.910Z","action_started_at":"2023-02-06T14:16:10.910Z","status":"aborted","testing_environment":"","runner_os":"Linux","action_version":"2.2.1","cause":"Unable to download and extract CodeQL CLI","completed_at":"2023-02-06T14:16:22.797Z","matrix_vars":"{\n  \"language\": \"javascript\"\n}","runner_arch":"X64"}
2023-02-06T14:16:22.9272067Z ##[debug]Node Action run completed with exit code 1
2023-02-06T14:16:22.9275550Z ##[debug]CODEQL_ACTION_VERSION='2.2.1'
2023-02-06T14:16:22.9275873Z ##[debug]CODEQL_ACTION_FEATURE_SARIF_COMBINE='true'
2023-02-06T14:16:22.9276169Z ##[debug]CODEQL_ACTION_FEATURE_WILL_UPLOAD='true'
2023-02-06T14:16:22.9276451Z ##[debug]CODEQL_ACTION_WARNED_ABOUT_VERSION='true'
2023-02-06T14:16:22.9276786Z ##[debug]CODEQL_ACTION_ANALYSIS_KEY='.github/workflows/codeql-analysis.yml:analyze'
2023-02-06T14:16:22.9277103Z ##[debug]CODEQL_WORKFLOW_STARTED_AT='2023-02-06T14:16:10.910Z'

Any help is welcome 😄 .

[aibaars]

This will probably be fixed by #1517

[rajbos]

I've tested based on info from @aibaars and I can confirm that using @henrymercer/fix/not-all-bundle-urls-contain-tag works as expected on our GHES instance.

[henrymercer]

@rajbos The relevant PR has now been released. If you resync the CodeQL Action using the CodeQL Action sync tool you should be able to revert to using github/codeql-action/init@v2.

[rajbos]

Awesome! Will retest tomorrow 👍

[rajbos]

Resynced and tested on 2 environments with multiple repos and I can confirm it works. Thanks for the fast fix 👍 .