Fix toolcache behavior when downloading bundle from another repo

src/setup-codeql.ts

@@ -663,14 +663,17 @@ export async function downloadCodeQL(
   }
 
   // Try to compute the CLI version for this bundle
-  const cliVersion: string | undefined =
-    maybeCliVersion ||
-    (variant === util.GitHubVariant.DOTCOM &&
-      (await tryFindCliVersionDotcomOnly(
-        `codeql-bundle-${bundleVersion}`,
-        logger
-      ))) ||
-    undefined;
+  if (
+    maybeCliVersion === undefined &&
+    variant === util.GitHubVariant.DOTCOM &&
+    codeqlURL.includes(`/${CODEQL_DEFAULT_ACTION_REPOSITORY}/`)
+  ) {
+    maybeCliVersion = await tryFindCliVersionDotcomOnly(
+      `codeql-bundle-${bundleVersion}`,
+      logger
+    );
+  }
+
   // Include both the CLI version and the bundle version in the toolcache version number. That way
   // if the user requests the same URL again, we can get it from the cache without having to call
   // any of the Releases API.
@@ -680,12 +683,11 @@ export async function downloadCodeQL(
   // CLI release. In principle, it should be enough to just check that the CLI version isn't a
   // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
   // and we don't want these nightlies to override stable CLI versions in the toolcache.
-  const toolcacheVersion =
-    cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
-      ? `${cliVersion}-${bundleVersion}`
-      : convertToSemVer(bundleVersion, logger);
+  const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
+    ? `${maybeCliVersion}-${bundleVersion}`
+    : convertToSemVer(bundleVersion, logger);
   return {
-    toolsVersion: cliVersion || toolcacheVersion,
+    toolsVersion: maybeCliVersion ?? toolcacheVersion,
     codeqlFolder: await toolcache.cacheDir(
       codeqlExtracted,
       "CodeQL",