From 9a544c385fdbae87b5bbeb096dee0eac72580bba Mon Sep 17 00:00:00 2001
From: Benjamen Meyer <bm_witness@yahoo.com>
Date: Fri, 24 Nov 2023 17:52:08 -0500
Subject: [PATCH] Bug Fix: codeql bundle needs to be downloaded

---
 .github/workflows/codeql.yml              | 6 ++++++
 .github/workflows/scorecards-analysis.yml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a6d75fe9ad..8cb2d7650f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,6 +25,12 @@ jobs:
         with:
           fetch-depth: 2
 
+      - name: Download benchmark bundle
+        env:
+           GH_TOKEN: ${{ github.token }}
+        run: |
+           gh release download -R octo-org/codeql-bundle --pattern 'codeql-bundle.tar.gz'
+
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index d118dc230a..537c01a657 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -27,6 +27,12 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Download benchmark bundle
+        env:
+           GH_TOKEN: ${{ github.token }}
+        run: |
+           gh release download -R octo-org/codeql-bundle --pattern 'codeql-bundle.tar.gz'
+
       - name: "Run analysis"
         uses: ossf/scorecard-action@v2.3.1
         with: