feat: Add logging for extractor archive size and improve CodeQL installation error handling

[GeekMasher]

This pull request introduces improvements to the installation workflow for CodeQL and adds logging for extractor archive sizes. The most significant change is the addition of a fallback installation method using the GitHub CLI if the standard CodeQL installation fails. Additionally, the Docker image is updated to include the CodeQL extension for the GitHub CLI.

CodeQL Installation Workflow:

• Added a fallback mechanism to install CodeQL using the GitHub CLI (gh codeql set-version) if the standard installation fails, improving robustness and reliability of the setup process.
• Updated the Dockerfile to install the CodeQL extension for the GitHub CLI, ensuring the CLI fallback works in containerized environments.

Logging and Diagnostics:

• Added logging of the extractor archive size (in MB and bytes) after download, and a warning if size information is unavailable, to aid in diagnostics and monitoring.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA dc77a05.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/docker/login-action	184bdaa0721073962dff0199f1fb9940f07167d1	🟢 5.6	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 16 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 6 Found 3/5 approved changesets -- score normalized to 6 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities ⚠️ 0 10 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• .github/workflows/build.yml

[Copilot]

Pull Request Overview

This PR improves the robustness of CodeQL installation by adding a fallback mechanism and enhances diagnostics with extractor archive size logging. The changes add error handling resilience to the CodeQL setup process and provide better visibility into download operations.

• Added fallback CodeQL installation using GitHub CLI when standard installation fails
• Enhanced logging with extractor archive size information for better diagnostics
• Updated Docker image to include CodeQL extension for GitHub CLI support

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
src/main.rs	Implements fallback CodeQL installation using GitHub CLI when standard installation fails
src/extractors.rs	Adds logging of extractor archive size in MB and bytes with warning for unavailable size info
Dockerfile	Installs CodeQL extension for GitHub CLI to support fallback installation method

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}