From 257b3d3fc8c43360913681efccc21bc2f00429bc Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 12 May 2026 15:46:28 +0100 Subject: [PATCH] Enable only `code-scanning` --- CHANGELOG.md | 2 +- lib/init-action.js | 6 ++++-- src/analyses.test.ts | 16 +++++++++------- src/analyses.ts | 12 +++++++++--- 4 files changed, 23 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index db23331b5..a5270ebc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -- An error is now thrown if multiple inputs are provided for the GitHub-internal `analysis-kinds` input. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://github.com/github/codeql-action/pull/3892) +- If multiple inputs are provided for the GitHub-internal `analysis-kinds` input, only `code-scanning` will be enabled. The `analysis-kinds` input is experimental, for GitHub-internal use only, and may change without notice at any time. [#3892](https://github.com/github/codeql-action/pull/3892) ## 4.35.4 - 07 May 2026 diff --git a/lib/init-action.js b/lib/init-action.js index c6f67eec4..5cdc800db 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87589,9 +87589,11 @@ async function getAnalysisKinds(logger, features, skipCache = false) { } } if (!isInTestMode() && analysisKinds.length > 1 && !await features.getValue("allow_multiple_analysis_kinds" /* AllowMultipleAnalysisKinds */)) { - throw new ConfigurationError( - "The `analysis-kinds` input is experimental and for GitHub-internal use only. Its behaviour may change at any time or be removed entirely. Specifying multiple values as input is no longer supported." + logger.error( + "The `analysis-kinds` input is experimental and for GitHub-internal use only. Its behaviour may change at any time or be removed entirely. Specifying multiple values as input is no longer supported. Continuing with only `analysis-kinds: code-scanning`." ); + cachedAnalysisKinds = ["code-scanning" /* CodeScanning */]; + return cachedAnalysisKinds; } cachedAnalysisKinds = analysisKinds; return cachedAnalysisKinds; diff --git a/src/analyses.test.ts b/src/analyses.test.ts index 02df6134c..57848ebd3 100644 --- a/src/analyses.test.ts +++ b/src/analyses.test.ts @@ -16,7 +16,7 @@ import { } from "./analyses"; import { EnvVar } from "./environment"; import { getRunnerLogger } from "./logging"; -import { createFeatures, setupTests } from "./testing-utils"; +import { createFeatures, RecordingLogger, setupTests } from "./testing-utils"; import { AssessmentPayload } from "./upload-lib/types"; import { ConfigurationError } from "./util"; @@ -70,19 +70,21 @@ test.serial( ); test.serial( - "getAnalysisKinds - throws for multiple analysis kinds outside of test mode", + "getAnalysisKinds - only use `code-scanning` for multiple analysis kinds outside of test mode", async (t) => { process.env[EnvVar.TEST_MODE] = "false"; const features = createFeatures([]); + const logger = new RecordingLogger(); const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput"); requiredInputStub .withArgs("analysis-kinds") .returns("code-scanning,code-quality"); - await t.throwsAsync( - getAnalysisKinds(getRunnerLogger(true), features, true), - { - instanceOf: ConfigurationError, - }, + const result = await getAnalysisKinds(logger, features, true); + t.deepEqual(result, [AnalysisKind.CodeScanning]); + t.assert( + logger.hasMessage( + "Continuing with only `analysis-kinds: code-scanning`.", + ), ); }, ); diff --git a/src/analyses.ts b/src/analyses.ts index 69247ab78..a2dd5e8db 100644 --- a/src/analyses.ts +++ b/src/analyses.ts @@ -122,17 +122,23 @@ export async function getAnalysisKinds( } } - // Throw an error if we have multiple inputs for `analysis-kinds` outside of test mode. + // Log an error if we have multiple inputs for `analysis-kinds` outside of test mode, + // and enable only `code-scanning`. if ( !isInTestMode() && analysisKinds.length > 1 && !(await features.getValue(Feature.AllowMultipleAnalysisKinds)) ) { - throw new ConfigurationError( + logger.error( "The `analysis-kinds` input is experimental and for GitHub-internal use only. " + "Its behaviour may change at any time or be removed entirely. " + - "Specifying multiple values as input is no longer supported.", + "Specifying multiple values as input is no longer supported. " + + "Continuing with only `analysis-kinds: code-scanning`.", ); + + // Only enable Code Scanning. + cachedAnalysisKinds = [AnalysisKind.CodeScanning]; + return cachedAnalysisKinds; } // Cache the analysis kinds and return them.