Skip to content

CodeQL Action fails to handle multi_select repository properties (expects string, gets array) #3555

New issue
New issue
Open
#3557
Open
CodeQL Action fails to handle multi_select repository properties (expects string, gets array)#3555
#3557
Assignees
mbg
@john-latham

Description

@john-latham
john-latham
opened on Mar 6, 2026

Description

When an organization defines a custom repository property with value_type: multi_select, the Initialize CodeQL step logs a warning and fails to load repository properties entirely:

##[warning]Failed to load repository properties: Encountered an error while trying to determine repository properties: Error: Expected repository property 'products' to have a string value, but got: {"property_name":"products","value":["scan"]}

This occurs because the action expects all repository property values to be strings, but the GitHub API correctly returns multi_select properties as arrays of strings.

Steps to reproduce

  1. Create an org-level custom property with value_type: multi_select (e.g. products)
  2. Set a value on a repository (e.g. ["scan"])
  3. Run CodeQL default setup on that repository — the Initialize CodeQL step will log the above warning

Expected behaviour

The action should handle multi_select property values (arrays of strings) without erroring. It could either:

  • Treat each element as a separate value to match against, or
  • Skip property-based filtering for multi_select properties rather than failing entirely

Actual behaviour

The action throws Expected repository property 'products' to have a string value and skips all repository property-based configuration, even for properties that are not the multi_select one.

Impact

  • CodeQL analysis still runs and completes successfully (the warning is non-fatal)
  • However, any org-level policy that would be selected based on repository properties is not applied
  • The warning is noise in logs and may be mistaken for a failure

Environment

  • github/codeql-action: v4 (default setup, auto-generated workflow)
  • Repository property type: multi_select (GitHub org custom properties API)
  • Language analysed: javascript-typescript, actions

Workaround

None available at the repository or organisation level without either:

  • Changing the property type to single_select (breaks repos that legitimately have multiple values), or
  • Removing the property value from the repository (loses classification metadata)

The fix needs to be in the action itself to handle array-valued properties.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions