From 0158d059462e1a5c5c64c4d1355366c32dcabfba Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Mar 2026 17:17:07 +0100 Subject: [PATCH 01/38] Make "feature not enabled" reason more specific --- lib/init-action.js | 19 ++++++++++--------- src/config-utils.test.ts | 32 ++++++++++++++++---------------- src/config-utils.ts | 24 ++++++++++++------------ src/overlay/diagnostics.ts | 8 ++++++-- 4 files changed, 44 insertions(+), 39 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 9b81fc7b8..7b9939082 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106388,9 +106388,9 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ }; -async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, codeScanningConfig) { +async function getOverlayFeatureDisabledReason(features, codeql, languages, codeScanningConfig) { if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */, codeql)) { - return false; + return "overall-feature-not-enabled" /* OverallFeatureNotEnabled */; } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -106403,12 +106403,15 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code enableForCodeScanningOnly = true; continue; } - return false; + return "language-not-enabled" /* LanguageNotEnabled */; } if (enableForCodeScanningOnly) { - return codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; + const isCodeScanningOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; + if (!isCodeScanningOnly) { + return "non-default-queries" /* NonDefaultQueries */; + } } - return true; + return void 0; } function runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks) { const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES; @@ -106469,12 +106472,12 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b ); overlayDatabaseMode = "none" /* None */; disabledReason = "disabled-by-repository-property" /* DisabledByRepositoryProperty */; - } else if (await isOverlayAnalysisFeatureEnabled( + } else if ((disabledReason = await getOverlayFeatureDisabledReason( features, codeql, languages, codeScanningConfig - )) { + )) === void 0) { const performResourceChecks = !await features.getValue( "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, codeql @@ -106520,8 +106523,6 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` ); } - } else { - disabledReason = "feature-not-enabled" /* FeatureNotEnabled */; } const disabledResult = (reason) => ({ overlayDatabaseMode: "none" /* None */, diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 6f780b29b..a0b58cad1 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1151,7 +1151,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1460,7 +1460,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1481,7 +1481,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1502,7 +1502,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1523,7 +1523,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1538,7 +1538,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1553,7 +1553,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1568,7 +1568,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); @@ -1757,7 +1757,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1778,7 +1778,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1799,7 +1799,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1820,7 +1820,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1835,7 +1835,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1850,7 +1850,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1865,7 +1865,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); @@ -2057,7 +2057,7 @@ for (const language in KnownLanguage) { { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.FeatureNotEnabled, + disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); } diff --git a/src/config-utils.ts b/src/config-utils.ts index 14274a723..459a49485 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -653,14 +653,14 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record = { swift: Feature.OverlayAnalysisCodeScanningSwift, }; -async function isOverlayAnalysisFeatureEnabled( +async function getOverlayFeatureDisabledReason( features: FeatureEnablement, codeql: CodeQL, languages: Language[], codeScanningConfig: UserConfig, -): Promise { +): Promise { if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) { - return false; + return OverlayDisabledReason.OverallFeatureNotEnabled; } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -677,20 +677,22 @@ async function isOverlayAnalysisFeatureEnabled( enableForCodeScanningOnly = true; continue; } - return false; + return OverlayDisabledReason.LanguageNotEnabled; } if (enableForCodeScanningOnly) { // A code-scanning configuration runs only the (default) code-scanning suite // if the default queries are not disabled, and no packs, queries, or // query-filters are specified. - return ( + const isCodeScanningOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === undefined && codeScanningConfig.queries === undefined && - codeScanningConfig["query-filters"] === undefined - ); + codeScanningConfig["query-filters"] === undefined; + if (!isCodeScanningOnly) { + return OverlayDisabledReason.NonDefaultQueries; + } } - return true; + return undefined; } /** Checks if the runner has enough disk space for overlay analysis. */ @@ -837,12 +839,12 @@ export async function getOverlayDatabaseMode( overlayDatabaseMode = OverlayDatabaseMode.None; disabledReason = OverlayDisabledReason.DisabledByRepositoryProperty; } else if ( - await isOverlayAnalysisFeatureEnabled( + (disabledReason = await getOverlayFeatureDisabledReason( features, codeql, languages, codeScanningConfig, - ) + )) === undefined ) { const performResourceChecks = !(await features.getValue( Feature.OverlayAnalysisSkipResourceChecks, @@ -903,8 +905,6 @@ export async function getOverlayDatabaseMode( "with caching because we are analyzing the default branch.", ); } - } else { - disabledReason = OverlayDisabledReason.FeatureNotEnabled; } const disabledResult = (reason: OverlayDisabledReason | undefined) => ({ diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index abf3c24a7..ec2fdabb0 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -12,8 +12,12 @@ import { RepositoryPropertyName } from "../feature-flags/properties"; export enum OverlayDisabledReason { /** Overlay analysis was disabled by a repository property. */ DisabledByRepositoryProperty = "disabled-by-repository-property", - /** Overlay analysis feature was not enabled. */ - FeatureNotEnabled = "feature-not-enabled", + /** The top-level overlay analysis feature flag is not enabled. */ + OverallFeatureNotEnabled = "overall-feature-not-enabled", + /** Overlay analysis is not enabled for one or more of the configured languages. */ + LanguageNotEnabled = "language-not-enabled", + /** Overlay analysis is restricted to code-scanning-only configs but the config uses custom queries or packs. */ + NonDefaultQueries = "non-default-queries", /** The build mode is incompatible with overlay analysis. */ IncompatibleBuildMode = "incompatible-build-mode", /** The CodeQL CLI version is too old to support overlay analysis. */ From 9f77ff18bb6f0ace92e068bb5d4a32dc73e9a02e Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Mar 2026 17:21:59 +0100 Subject: [PATCH 02/38] Make "insufficient resources" reason more specific --- lib/init-action.js | 15 ++++++++------- src/config-utils.test.ts | 16 ++++++++-------- src/config-utils.ts | 17 +++++++++-------- src/overlay/diagnostics.ts | 6 ++++-- 4 files changed, 29 insertions(+), 25 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 7b9939082..40276cc1b 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106447,14 +106447,14 @@ async function runnerHasSufficientMemory(codeql, ramInput, logger) { ); return true; } -async function runnerSupportsOverlayAnalysis(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { +async function getResourceDisabledReason(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return false; + return "insufficient-disk-space" /* InsufficientDiskSpace */; } if (!await runnerHasSufficientMemory(codeql, ramInput, logger)) { - return false; + return "insufficient-memory" /* InsufficientMemory */; } - return true; + return void 0; } async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) { let overlayDatabaseMode = "none" /* None */; @@ -106489,15 +106489,16 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */ ); const diskUsage = performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : void 0; - if (performResourceChecks && !await runnerSupportsOverlayAnalysis( + let resourceDisabledReason; + if (performResourceChecks && (resourceDisabledReason = await getResourceDisabledReason( codeql, diskUsage, ramInput, logger, useV2ResourceChecks - )) { + )) !== void 0) { overlayDatabaseMode = "none" /* None */; - disabledReason = "insufficient-resources" /* InsufficientResources */; + disabledReason = resourceDisabledReason; } else if (checkOverlayStatus && diskUsage === void 0) { logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.` diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index a0b58cad1..ac7303086 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1234,7 +1234,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1253,7 +1253,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1298,7 +1298,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1342,7 +1342,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1361,7 +1361,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientMemory, }, ); @@ -1638,7 +1638,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1679,7 +1679,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1698,7 +1698,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientResources, + disabledReason: OverlayDisabledReason.InsufficientMemory, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index 459a49485..9f3aaa9e8 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -759,20 +759,20 @@ async function runnerHasSufficientMemory( * Checks if the runner supports overlay analysis based on available disk space * and the maximum memory CodeQL will be allowed to use. */ -async function runnerSupportsOverlayAnalysis( +async function getResourceDisabledReason( codeql: CodeQL, diskUsage: DiskUsage | undefined, ramInput: string | undefined, logger: Logger, useV2ResourceChecks: boolean, -): Promise { +): Promise { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return false; + return OverlayDisabledReason.InsufficientDiskSpace; } if (!(await runnerHasSufficientMemory(codeql, ramInput, logger))) { - return false; + return OverlayDisabledReason.InsufficientMemory; } - return true; + return undefined; } /** @@ -860,18 +860,19 @@ export async function getOverlayDatabaseMode( performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : undefined; + let resourceDisabledReason: OverlayDisabledReason | undefined; if ( performResourceChecks && - !(await runnerSupportsOverlayAnalysis( + (resourceDisabledReason = await getResourceDisabledReason( codeql, diskUsage, ramInput, logger, useV2ResourceChecks, - )) + )) !== undefined ) { overlayDatabaseMode = OverlayDatabaseMode.None; - disabledReason = OverlayDisabledReason.InsufficientResources; + disabledReason = resourceDisabledReason; } else if (checkOverlayStatus && diskUsage === undefined) { logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`, diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index ec2fdabb0..3c20f1049 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -24,8 +24,10 @@ export enum OverlayDisabledReason { IncompatibleCodeQl = "incompatible-codeql", /** The Git version could not be determined or is too old. */ IncompatibleGit = "incompatible-git", - /** The runner does not have enough disk space or memory. */ - InsufficientResources = "insufficient-resources", + /** The runner does not have enough disk space to perform overlay analysis. */ + InsufficientDiskSpace = "insufficient-disk-space", + /** The runner does not have enough memory to perform overlay analysis. */ + InsufficientMemory = "insufficient-memory", /** The source root is not inside a git repository. */ NoGitRoot = "no-git-root", /** Overlay analysis was skipped because it previously failed with similar hardware resources. */ From eddf33655d217c7c77cae50233f1388cd13b0973 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Mar 2026 17:22:36 +0100 Subject: [PATCH 03/38] Sort `OverlayDisabledReason` enum --- src/overlay/diagnostics.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index 3c20f1049..56f2bf8db 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -12,12 +12,6 @@ import { RepositoryPropertyName } from "../feature-flags/properties"; export enum OverlayDisabledReason { /** Overlay analysis was disabled by a repository property. */ DisabledByRepositoryProperty = "disabled-by-repository-property", - /** The top-level overlay analysis feature flag is not enabled. */ - OverallFeatureNotEnabled = "overall-feature-not-enabled", - /** Overlay analysis is not enabled for one or more of the configured languages. */ - LanguageNotEnabled = "language-not-enabled", - /** Overlay analysis is restricted to code-scanning-only configs but the config uses custom queries or packs. */ - NonDefaultQueries = "non-default-queries", /** The build mode is incompatible with overlay analysis. */ IncompatibleBuildMode = "incompatible-build-mode", /** The CodeQL CLI version is too old to support overlay analysis. */ @@ -28,8 +22,14 @@ export enum OverlayDisabledReason { InsufficientDiskSpace = "insufficient-disk-space", /** The runner does not have enough memory to perform overlay analysis. */ InsufficientMemory = "insufficient-memory", + /** Overlay analysis is not enabled for one or more of the configured languages. */ + LanguageNotEnabled = "language-not-enabled", /** The source root is not inside a git repository. */ NoGitRoot = "no-git-root", + /** Overlay analysis is restricted to code-scanning-only configs but the config uses custom queries or packs. */ + NonDefaultQueries = "non-default-queries", + /** The top-level overlay analysis feature flag is not enabled. */ + OverallFeatureNotEnabled = "overall-feature-not-enabled", /** Overlay analysis was skipped because it previously failed with similar hardware resources. */ SkippedDueToCachedStatus = "skipped-due-to-cached-status", /** Disk usage could not be determined during the overlay status check. */ From f654d61146ed01541285d09285501f51ac5b6c15 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Mar 2026 17:24:47 +0100 Subject: [PATCH 04/38] Add JSDoc --- src/config-utils.ts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/config-utils.ts b/src/config-utils.ts index 9f3aaa9e8..e9d9db6f7 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -653,6 +653,11 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record = { swift: Feature.OverlayAnalysisCodeScanningSwift, }; +/** + * Checks whether the overlay analysis feature is enabled for the given + * languages and configuration, returning the specific reason it is disabled, + * or `undefined` if it is enabled. + */ async function getOverlayFeatureDisabledReason( features: FeatureEnablement, codeql: CodeQL, @@ -756,8 +761,9 @@ async function runnerHasSufficientMemory( } /** - * Checks if the runner supports overlay analysis based on available disk space - * and the maximum memory CodeQL will be allowed to use. + * Checks if the runner has sufficient disk space and memory for overlay + * analysis, returning the specific reason if not, or `undefined` if resources + * are sufficient. */ async function getResourceDisabledReason( codeql: CodeQL, From 776fd85f8c0027b7fc8bbfca14cf3dcb0672da49 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 3 Mar 2026 18:48:23 +0100 Subject: [PATCH 05/38] Address review comments --- lib/init-action.js | 10 ++++++++-- src/config-utils.test.ts | 4 ++-- src/config-utils.ts | 19 ++++++++++--------- src/overlay/diagnostics.ts | 5 ++++- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 40276cc1b..c9ad04ec2 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106415,8 +106415,8 @@ async function getOverlayFeatureDisabledReason(features, codeql, languages, code } function runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks) { const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES; - if (diskUsage === void 0 || diskUsage.numAvailableBytes < minimumDiskSpaceBytes) { - const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); + if (diskUsage.numAvailableBytes < minimumDiskSpaceBytes) { + const diskSpaceMb = Math.round(diskUsage.numAvailableBytes / 1e6); const minimumDiskSpaceMb = Math.round(minimumDiskSpaceBytes / 1e6); logger.info( `Setting overlay database mode to ${"none" /* None */} due to insufficient disk space (${diskSpaceMb} MB, needed ${minimumDiskSpaceMb} MB).` @@ -106448,6 +106448,12 @@ async function runnerHasSufficientMemory(codeql, ramInput, logger) { return true; } async function getResourceDisabledReason(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { + if (diskUsage === void 0) { + logger.info( + `Unable to determine available disk space for overlay analysis. Setting overlay database mode to ${"none" /* None */}.` + ); + return "unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */; + } if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { return "insufficient-disk-space" /* InsufficientDiskSpace */; } diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index ac7303086..d5df03129 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1253,7 +1253,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientDiskSpace, + disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage, }, ); @@ -1679,7 +1679,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, - disabledReason: OverlayDisabledReason.InsufficientDiskSpace, + disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index e9d9db6f7..214361c95 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -702,21 +702,15 @@ async function getOverlayFeatureDisabledReason( /** Checks if the runner has enough disk space for overlay analysis. */ function runnerHasSufficientDiskSpace( - diskUsage: DiskUsage | undefined, + diskUsage: DiskUsage, logger: Logger, useV2ResourceChecks: boolean, ): boolean { const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES; - if ( - diskUsage === undefined || - diskUsage.numAvailableBytes < minimumDiskSpaceBytes - ) { - const diskSpaceMb = - diskUsage === undefined - ? 0 - : Math.round(diskUsage.numAvailableBytes / 1_000_000); + if (diskUsage.numAvailableBytes < minimumDiskSpaceBytes) { + const diskSpaceMb = Math.round(diskUsage.numAvailableBytes / 1_000_000); const minimumDiskSpaceMb = Math.round(minimumDiskSpaceBytes / 1_000_000); logger.info( `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + @@ -772,6 +766,13 @@ async function getResourceDisabledReason( logger: Logger, useV2ResourceChecks: boolean, ): Promise { + if (diskUsage === undefined) { + logger.info( + `Unable to determine available disk space for overlay analysis. ` + + `Setting overlay database mode to ${OverlayDatabaseMode.None}.`, + ); + return OverlayDisabledReason.UnableToDetermineDiskUsage; + } if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { return OverlayDisabledReason.InsufficientDiskSpace; } diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index 56f2bf8db..f3b0c0e29 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -26,7 +26,10 @@ export enum OverlayDisabledReason { LanguageNotEnabled = "language-not-enabled", /** The source root is not inside a git repository. */ NoGitRoot = "no-git-root", - /** Overlay analysis is restricted to code-scanning-only configs but the config uses custom queries or packs. */ + /** + * Overlay analysis is restricted to code-scanning-only configs but the config uses custom + * queries or packs, disables default queries, or specifies query filters. + */ NonDefaultQueries = "non-default-queries", /** The top-level overlay analysis feature flag is not enabled. */ OverallFeatureNotEnabled = "overall-feature-not-enabled", From b371ccd8eaf4fcfcfaca930844c96de5b6469cb2 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 13:53:12 +0100 Subject: [PATCH 06/38] Refactor `getOverlayDatabaseMode` and add new disablement reason --- lib/init-action.js | 183 +++++++++++++++---------- src/config-utils.test.ts | 1 + src/config-utils.ts | 269 +++++++++++++++++++++++-------------- src/overlay/diagnostics.ts | 2 + 4 files changed, 278 insertions(+), 177 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index c9ad04ec2..a86eaf676 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106388,9 +106388,12 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ }; -async function getOverlayFeatureDisabledReason(features, codeql, languages, codeScanningConfig) { +async function checkOverlayAnalysisFeatureEnabled(features, codeql, languages, codeScanningConfig) { if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */, codeql)) { - return "overall-feature-not-enabled" /* OverallFeatureNotEnabled */; + return { + enabled: false, + reason: "overall-feature-not-enabled" /* OverallFeatureNotEnabled */ + }; } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -106403,15 +106406,18 @@ async function getOverlayFeatureDisabledReason(features, codeql, languages, code enableForCodeScanningOnly = true; continue; } - return "language-not-enabled" /* LanguageNotEnabled */; + return { enabled: false, reason: "language-not-enabled" /* LanguageNotEnabled */ }; } if (enableForCodeScanningOnly) { const isCodeScanningOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; if (!isCodeScanningOnly) { - return "non-default-queries" /* NonDefaultQueries */; + return { + enabled: false, + reason: "non-default-queries" /* NonDefaultQueries */ + }; } } - return void 0; + return { enabled: true }; } function runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks) { const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES; @@ -106447,97 +106453,128 @@ async function runnerHasSufficientMemory(codeql, ramInput, logger) { ); return true; } -async function getResourceDisabledReason(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { - if (diskUsage === void 0) { - logger.info( - `Unable to determine available disk space for overlay analysis. Setting overlay database mode to ${"none" /* None */}.` - ); - return "unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */; - } +async function checkRunnerResources(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return "insufficient-disk-space" /* InsufficientDiskSpace */; + return { + sufficient: false, + reason: "insufficient-disk-space" /* InsufficientDiskSpace */ + }; } if (!await runnerHasSufficientMemory(codeql, ramInput, logger)) { - return "insufficient-memory" /* InsufficientMemory */; + return { + sufficient: false, + reason: "insufficient-memory" /* InsufficientMemory */ + }; } - return void 0; + return { sufficient: true }; } async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) { - let overlayDatabaseMode = "none" /* None */; - let useOverlayDatabaseCaching = false; - let disabledReason; + const disabledResult = (reason) => ({ + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false, + disabledReason: reason + }); const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; if (modeEnv === "overlay" /* Overlay */ || modeEnv === "overlay-base" /* OverlayBase */ || modeEnv === "none" /* None */) { - overlayDatabaseMode = modeEnv; logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.` + `Setting overlay database mode to ${modeEnv} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.` ); - } else if (repositoryProperties["github-codeql-disable-overlay" /* DISABLE_OVERLAY */] === true) { + return validateOverlayDatabaseMode( + modeEnv, + false, + codeql, + languages, + sourceRoot, + buildMode, + gitVersion, + logger + ); + } + if (repositoryProperties["github-codeql-disable-overlay" /* DISABLE_OVERLAY */] === true) { logger.info( `Setting overlay database mode to ${"none" /* None */} because the ${"github-codeql-disable-overlay" /* DISABLE_OVERLAY */} repository property is set to true.` ); - overlayDatabaseMode = "none" /* None */; - disabledReason = "disabled-by-repository-property" /* DisabledByRepositoryProperty */; - } else if ((disabledReason = await getOverlayFeatureDisabledReason( + return disabledResult("disabled-by-repository-property" /* DisabledByRepositoryProperty */); + } + const featureResult = await checkOverlayAnalysisFeatureEnabled( features, codeql, languages, codeScanningConfig - )) === void 0) { - const performResourceChecks = !await features.getValue( - "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, - codeql - ); - const useV2ResourceChecks = await features.getValue( - "overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */ - ); - const checkOverlayStatus = await features.getValue( - "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */ - ); - const diskUsage = performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : void 0; - let resourceDisabledReason; - if (performResourceChecks && (resourceDisabledReason = await getResourceDisabledReason( - codeql, - diskUsage, - ramInput, - logger, - useV2ResourceChecks - )) !== void 0) { - overlayDatabaseMode = "none" /* None */; - disabledReason = resourceDisabledReason; - } else if (checkOverlayStatus && diskUsage === void 0) { - logger.warning( - `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.` - ); - overlayDatabaseMode = "none" /* None */; - disabledReason = "unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */; - } else if (checkOverlayStatus && diskUsage && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) { - logger.info( - `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.` - ); - overlayDatabaseMode = "none" /* None */; - disabledReason = "skipped-due-to-cached-status" /* SkippedDueToCachedStatus */; - } else if (isAnalyzingPullRequest()) { - overlayDatabaseMode = "overlay" /* Overlay */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = "overlay-base" /* OverlayBase */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` - ); - } + ); + if (!featureResult.enabled) { + return disabledResult(featureResult.reason); } + const performResourceChecks = !await features.getValue( + "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, + codeql + ); + const useV2ResourceChecks = await features.getValue( + "overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */ + ); + const checkOverlayStatus = await features.getValue( + "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */ + ); + const diskUsage = performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : void 0; + if ((performResourceChecks || checkOverlayStatus) && diskUsage === void 0) { + logger.warning( + `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.` + ); + return disabledResult("unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */); + } + const resourceResult = performResourceChecks && diskUsage ? await checkRunnerResources( + codeql, + diskUsage, + ramInput, + logger, + useV2ResourceChecks + ) : { sufficient: true }; + if (!resourceResult.sufficient) { + return disabledResult(resourceResult.reason); + } + if (checkOverlayStatus && diskUsage && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) { + logger.info( + `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.` + ); + return disabledResult("skipped-due-to-cached-status" /* SkippedDueToCachedStatus */); + } + let overlayDatabaseMode; + if (isAnalyzingPullRequest()) { + overlayDatabaseMode = "overlay" /* Overlay */; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = "overlay-base" /* OverlayBase */; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` + ); + } else { + return disabledResult("not-pull-request-or-default-branch" /* NotPullRequestOrDefaultBranch */); + } + return validateOverlayDatabaseMode( + overlayDatabaseMode, + true, + codeql, + languages, + sourceRoot, + buildMode, + gitVersion, + logger + ); +} +async function validateOverlayDatabaseMode(overlayDatabaseMode, useOverlayDatabaseCaching, codeql, languages, sourceRoot, buildMode, gitVersion, logger) { const disabledResult = (reason) => ({ overlayDatabaseMode: "none" /* None */, useOverlayDatabaseCaching: false, disabledReason: reason }); if (overlayDatabaseMode === "none" /* None */) { - return disabledResult(disabledReason); + return { + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false, + disabledReason: void 0 + }; } if (buildMode !== "none" /* None */ && (await Promise.all( languages.map( @@ -106580,7 +106617,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b return { overlayDatabaseMode, useOverlayDatabaseCaching, - disabledReason + disabledReason: void 0 }; } function dbLocationOrDefault(dbLocation, tempDir) { diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index d5df03129..0708c3d08 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1165,6 +1165,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, + disabledReason: OverlayDisabledReason.NotPullRequestOrDefaultBranch, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index 214361c95..af1548eab 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -655,17 +655,21 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record = { /** * Checks whether the overlay analysis feature is enabled for the given - * languages and configuration, returning the specific reason it is disabled, - * or `undefined` if it is enabled. + * languages and configuration. */ -async function getOverlayFeatureDisabledReason( +async function checkOverlayAnalysisFeatureEnabled( features: FeatureEnablement, codeql: CodeQL, languages: Language[], codeScanningConfig: UserConfig, -): Promise { +): Promise< + { enabled: true } | { enabled: false; reason: OverlayDisabledReason } +> { if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) { - return OverlayDisabledReason.OverallFeatureNotEnabled; + return { + enabled: false, + reason: OverlayDisabledReason.OverallFeatureNotEnabled, + }; } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -682,7 +686,7 @@ async function getOverlayFeatureDisabledReason( enableForCodeScanningOnly = true; continue; } - return OverlayDisabledReason.LanguageNotEnabled; + return { enabled: false, reason: OverlayDisabledReason.LanguageNotEnabled }; } if (enableForCodeScanningOnly) { // A code-scanning configuration runs only the (default) code-scanning suite @@ -694,10 +698,13 @@ async function getOverlayFeatureDisabledReason( codeScanningConfig.queries === undefined && codeScanningConfig["query-filters"] === undefined; if (!isCodeScanningOnly) { - return OverlayDisabledReason.NonDefaultQueries; + return { + enabled: false, + reason: OverlayDisabledReason.NonDefaultQueries, + }; } } - return undefined; + return { enabled: true }; } /** Checks if the runner has enough disk space for overlay analysis. */ @@ -756,30 +763,30 @@ async function runnerHasSufficientMemory( /** * Checks if the runner has sufficient disk space and memory for overlay - * analysis, returning the specific reason if not, or `undefined` if resources - * are sufficient. + * analysis. */ -async function getResourceDisabledReason( +async function checkRunnerResources( codeql: CodeQL, - diskUsage: DiskUsage | undefined, + diskUsage: DiskUsage, ramInput: string | undefined, logger: Logger, useV2ResourceChecks: boolean, -): Promise { - if (diskUsage === undefined) { - logger.info( - `Unable to determine available disk space for overlay analysis. ` + - `Setting overlay database mode to ${OverlayDatabaseMode.None}.`, - ); - return OverlayDisabledReason.UnableToDetermineDiskUsage; - } +): Promise< + { sufficient: true } | { sufficient: false; reason: OverlayDisabledReason } +> { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return OverlayDisabledReason.InsufficientDiskSpace; + return { + sufficient: false, + reason: OverlayDisabledReason.InsufficientDiskSpace, + }; } if (!(await runnerHasSufficientMemory(codeql, ramInput, logger))) { - return OverlayDisabledReason.InsufficientMemory; + return { + sufficient: false, + reason: OverlayDisabledReason.InsufficientMemory, + }; } - return undefined; + return { sufficient: true }; } /** @@ -819,9 +826,11 @@ export async function getOverlayDatabaseMode( useOverlayDatabaseCaching: boolean; disabledReason: OverlayDisabledReason | undefined; }> { - let overlayDatabaseMode = OverlayDatabaseMode.None; - let useOverlayDatabaseCaching = false; - let disabledReason: OverlayDisabledReason | undefined; + const disabledResult = (reason: OverlayDisabledReason | undefined) => ({ + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + disabledReason: reason, + }); const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and @@ -831,98 +840,150 @@ export async function getOverlayDatabaseMode( modeEnv === OverlayDatabaseMode.OverlayBase || modeEnv === OverlayDatabaseMode.None ) { - overlayDatabaseMode = modeEnv; logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + + `Setting overlay database mode to ${modeEnv} ` + "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.", ); - } else if ( - repositoryProperties[RepositoryPropertyName.DISABLE_OVERLAY] === true - ) { + return validateOverlayDatabaseMode( + modeEnv, + false, + codeql, + languages, + sourceRoot, + buildMode, + gitVersion, + logger, + ); + } + + if (repositoryProperties[RepositoryPropertyName.DISABLE_OVERLAY] === true) { logger.info( `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + `because the ${RepositoryPropertyName.DISABLE_OVERLAY} repository property is set to true.`, ); - overlayDatabaseMode = OverlayDatabaseMode.None; - disabledReason = OverlayDisabledReason.DisabledByRepositoryProperty; - } else if ( - (disabledReason = await getOverlayFeatureDisabledReason( - features, - codeql, - languages, - codeScanningConfig, - )) === undefined - ) { - const performResourceChecks = !(await features.getValue( - Feature.OverlayAnalysisSkipResourceChecks, - codeql, - )); - const useV2ResourceChecks = await features.getValue( - Feature.OverlayAnalysisResourceChecksV2, - ); - const checkOverlayStatus = await features.getValue( - Feature.OverlayAnalysisStatusCheck, - ); - const diskUsage = - performResourceChecks || checkOverlayStatus - ? await checkDiskUsage(logger) - : undefined; - let resourceDisabledReason: OverlayDisabledReason | undefined; - if ( - performResourceChecks && - (resourceDisabledReason = await getResourceDisabledReason( - codeql, - diskUsage, - ramInput, - logger, - useV2ResourceChecks, - )) !== undefined - ) { - overlayDatabaseMode = OverlayDatabaseMode.None; - disabledReason = resourceDisabledReason; - } else if (checkOverlayStatus && diskUsage === undefined) { - logger.warning( - `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`, - ); - overlayDatabaseMode = OverlayDatabaseMode.None; - disabledReason = OverlayDisabledReason.UnableToDetermineDiskUsage; - } else if ( - checkOverlayStatus && - diskUsage && - (await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) - ) { - logger.info( - `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + - "because overlay analysis previously failed with this combination of languages, " + - "disk space, and CodeQL version.", - ); - overlayDatabaseMode = OverlayDatabaseMode.None; - disabledReason = OverlayDisabledReason.SkippedDueToCachedStatus; - } else if (isAnalyzingPullRequest()) { - overlayDatabaseMode = OverlayDatabaseMode.Overlay; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing a pull request.", - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing the default branch.", - ); - } + return disabledResult(OverlayDisabledReason.DisabledByRepositoryProperty); } - const disabledResult = (reason: OverlayDisabledReason | undefined) => ({ + const featureResult = await checkOverlayAnalysisFeatureEnabled( + features, + codeql, + languages, + codeScanningConfig, + ); + if (!featureResult.enabled) { + return disabledResult(featureResult.reason); + } + + const performResourceChecks = !(await features.getValue( + Feature.OverlayAnalysisSkipResourceChecks, + codeql, + )); + const useV2ResourceChecks = await features.getValue( + Feature.OverlayAnalysisResourceChecksV2, + ); + const checkOverlayStatus = await features.getValue( + Feature.OverlayAnalysisStatusCheck, + ); + const diskUsage = + performResourceChecks || checkOverlayStatus + ? await checkDiskUsage(logger) + : undefined; + if ( + (performResourceChecks || checkOverlayStatus) && + diskUsage === undefined + ) { + logger.warning( + `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`, + ); + return disabledResult(OverlayDisabledReason.UnableToDetermineDiskUsage); + } + const resourceResult = + performResourceChecks && diskUsage + ? await checkRunnerResources( + codeql, + diskUsage, + ramInput, + logger, + useV2ResourceChecks, + ) + : { sufficient: true as const }; + if (!resourceResult.sufficient) { + return disabledResult(resourceResult.reason); + } + if ( + checkOverlayStatus && + diskUsage && + (await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) + ) { + logger.info( + `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + + "because overlay analysis previously failed with this combination of languages, " + + "disk space, and CodeQL version.", + ); + return disabledResult(OverlayDisabledReason.SkippedDueToCachedStatus); + } + + let overlayDatabaseMode: OverlayDatabaseMode; + if (isAnalyzingPullRequest()) { + overlayDatabaseMode = OverlayDatabaseMode.Overlay; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + "with caching because we are analyzing a pull request.", + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + "with caching because we are analyzing the default branch.", + ); + } else { + return disabledResult(OverlayDisabledReason.NotPullRequestOrDefaultBranch); + } + + return validateOverlayDatabaseMode( + overlayDatabaseMode, + true, + codeql, + languages, + sourceRoot, + buildMode, + gitVersion, + logger, + ); +} + +/** + * Validates that the given overlay database mode is compatible with the current + * configuration (build mode, CodeQL version, git repository, git version). Returns + * the mode unchanged if all checks pass, or falls back to `None` with the + * appropriate disabled reason. + */ +async function validateOverlayDatabaseMode( + overlayDatabaseMode: OverlayDatabaseMode, + useOverlayDatabaseCaching: boolean, + codeql: CodeQL, + languages: Language[], + sourceRoot: string, + buildMode: BuildMode | undefined, + gitVersion: GitVersionInfo | undefined, + logger: Logger, +): Promise<{ + overlayDatabaseMode: OverlayDatabaseMode; + useOverlayDatabaseCaching: boolean; + disabledReason: OverlayDisabledReason | undefined; +}> { + const disabledResult = (reason: OverlayDisabledReason) => ({ overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, disabledReason: reason, }); if (overlayDatabaseMode === OverlayDatabaseMode.None) { - return disabledResult(disabledReason); + return { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + disabledReason: undefined, + }; } if ( @@ -983,7 +1044,7 @@ export async function getOverlayDatabaseMode( return { overlayDatabaseMode, useOverlayDatabaseCaching, - disabledReason, + disabledReason: undefined, }; } diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index f3b0c0e29..30121d1bb 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -31,6 +31,8 @@ export enum OverlayDisabledReason { * queries or packs, disables default queries, or specifies query filters. */ NonDefaultQueries = "non-default-queries", + /** We are not analyzing a pull request or the default branch. */ + NotPullRequestOrDefaultBranch = "not-pull-request-or-default-branch", /** The top-level overlay analysis feature flag is not enabled. */ OverallFeatureNotEnabled = "overall-feature-not-enabled", /** Overlay analysis was skipped because it previously failed with similar hardware resources. */ From d1c255c293cad54704d0f466c029477da4a0e569 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 13:55:29 +0100 Subject: [PATCH 07/38] Update `NonDefaultQueries` documentation --- src/overlay/diagnostics.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index 30121d1bb..1d3f21cda 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -27,8 +27,10 @@ export enum OverlayDisabledReason { /** The source root is not inside a git repository. */ NoGitRoot = "no-git-root", /** - * Overlay analysis is restricted to code-scanning-only configs but the config uses custom - * queries or packs, disables default queries, or specifies query filters. + * For one or more of the configured languages, overlay analysis is only + * enabled when using the default query suite, but the config customises the + * queries by disabling default queries, specifying custom queries or packs, + * or adding query filters. */ NonDefaultQueries = "non-default-queries", /** We are not analyzing a pull request or the default branch. */ From be20394012ed4c85da698fe7a0dca6c441514b7c Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 13:56:56 +0100 Subject: [PATCH 08/38] Rename to `usesDefaultQueriesOnly` --- lib/init-action.js | 4 ++-- src/config-utils.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index a86eaf676..3b186e6cc 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106409,8 +106409,8 @@ async function checkOverlayAnalysisFeatureEnabled(features, codeql, languages, c return { enabled: false, reason: "language-not-enabled" /* LanguageNotEnabled */ }; } if (enableForCodeScanningOnly) { - const isCodeScanningOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; - if (!isCodeScanningOnly) { + const usesDefaultQueriesOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; + if (!usesDefaultQueriesOnly) { return { enabled: false, reason: "non-default-queries" /* NonDefaultQueries */ diff --git a/src/config-utils.ts b/src/config-utils.ts index af1548eab..094f55a8a 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -692,12 +692,12 @@ async function checkOverlayAnalysisFeatureEnabled( // A code-scanning configuration runs only the (default) code-scanning suite // if the default queries are not disabled, and no packs, queries, or // query-filters are specified. - const isCodeScanningOnly = + const usesDefaultQueriesOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === undefined && codeScanningConfig.queries === undefined && codeScanningConfig["query-filters"] === undefined; - if (!isCodeScanningOnly) { + if (!usesDefaultQueriesOnly) { return { enabled: false, reason: OverlayDisabledReason.NonDefaultQueries, From 6a77217a467c0bd455197762fd06bf7ddc825ba0 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:26:10 +0100 Subject: [PATCH 09/38] Add disabled by env var disablement reason --- lib/init-action.js | 12 +++++------- src/config-utils.test.ts | 1 + src/config-utils.ts | 15 ++++++--------- src/overlay/diagnostics.ts | 2 ++ 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 3b186e6cc..0fa09f504 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106479,6 +106479,11 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b logger.info( `Setting overlay database mode to ${modeEnv} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.` ); + if (modeEnv === "none" /* None */) { + return disabledResult( + "disabled-by-environment-variable" /* DisabledByEnvironmentVariable */ + ); + } return validateOverlayDatabaseMode( modeEnv, false, @@ -106569,13 +106574,6 @@ async function validateOverlayDatabaseMode(overlayDatabaseMode, useOverlayDataba useOverlayDatabaseCaching: false, disabledReason: reason }); - if (overlayDatabaseMode === "none" /* None */) { - return { - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false, - disabledReason: void 0 - }; - } if (buildMode !== "none" /* None */ && (await Promise.all( languages.map( async (l) => l !== "go" /* go */ && // Workaround to allow overlay analysis for Go with any build diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 0708c3d08..e6ba04725 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1139,6 +1139,7 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, + disabledReason: OverlayDisabledReason.DisabledByEnvironmentVariable, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index 094f55a8a..30b415380 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -844,6 +844,11 @@ export async function getOverlayDatabaseMode( `Setting overlay database mode to ${modeEnv} ` + "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.", ); + if (modeEnv === OverlayDatabaseMode.None) { + return disabledResult( + OverlayDisabledReason.DisabledByEnvironmentVariable, + ); + } return validateOverlayDatabaseMode( modeEnv, false, @@ -959,7 +964,7 @@ export async function getOverlayDatabaseMode( * appropriate disabled reason. */ async function validateOverlayDatabaseMode( - overlayDatabaseMode: OverlayDatabaseMode, + overlayDatabaseMode: Exclude, useOverlayDatabaseCaching: boolean, codeql: CodeQL, languages: Language[], @@ -978,14 +983,6 @@ async function validateOverlayDatabaseMode( disabledReason: reason, }); - if (overlayDatabaseMode === OverlayDatabaseMode.None) { - return { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, - disabledReason: undefined, - }; - } - if ( buildMode !== BuildMode.None && ( diff --git a/src/overlay/diagnostics.ts b/src/overlay/diagnostics.ts index 1d3f21cda..6bc11a73f 100644 --- a/src/overlay/diagnostics.ts +++ b/src/overlay/diagnostics.ts @@ -10,6 +10,8 @@ import { RepositoryPropertyName } from "../feature-flags/properties"; /** Reason why overlay analysis was disabled. */ export enum OverlayDisabledReason { + /** Overlay analysis was disabled by the CODEQL_OVERLAY_DATABASE_MODE environment variable being set to "none". */ + DisabledByEnvironmentVariable = "disabled-by-environment-variable", /** Overlay analysis was disabled by a repository property. */ DisabledByRepositoryProperty = "disabled-by-repository-property", /** The build mode is incompatible with overlay analysis. */ From 5fa8dad095d7b12a67bc8df2fe8c5e36cb8c52ce Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:36:42 +0100 Subject: [PATCH 10/38] Use `Result`s for enablement return types --- lib/init-action.js | 103 ++++++++++++----------------- src/config-utils.test.ts | 93 ++++----------------------- src/config-utils.ts | 135 ++++++++++++++++----------------------- 3 files changed, 109 insertions(+), 222 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 0fa09f504..7ab924d66 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106390,10 +106390,7 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { }; async function checkOverlayAnalysisFeatureEnabled(features, codeql, languages, codeScanningConfig) { if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */, codeql)) { - return { - enabled: false, - reason: "overall-feature-not-enabled" /* OverallFeatureNotEnabled */ - }; + return new Failure("overall-feature-not-enabled" /* OverallFeatureNotEnabled */); } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -106406,18 +106403,15 @@ async function checkOverlayAnalysisFeatureEnabled(features, codeql, languages, c enableForCodeScanningOnly = true; continue; } - return { enabled: false, reason: "language-not-enabled" /* LanguageNotEnabled */ }; + return new Failure("language-not-enabled" /* LanguageNotEnabled */); } if (enableForCodeScanningOnly) { const usesDefaultQueriesOnly = codeScanningConfig["disable-default-queries"] !== true && codeScanningConfig.packs === void 0 && codeScanningConfig.queries === void 0 && codeScanningConfig["query-filters"] === void 0; if (!usesDefaultQueriesOnly) { - return { - enabled: false, - reason: "non-default-queries" /* NonDefaultQueries */ - }; + return new Failure("non-default-queries" /* NonDefaultQueries */); } } - return { enabled: true }; + return new Success(void 0); } function runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks) { const minimumDiskSpaceBytes = useV2ResourceChecks ? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES : OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES; @@ -106455,34 +106449,21 @@ async function runnerHasSufficientMemory(codeql, ramInput, logger) { } async function checkRunnerResources(codeql, diskUsage, ramInput, logger, useV2ResourceChecks) { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return { - sufficient: false, - reason: "insufficient-disk-space" /* InsufficientDiskSpace */ - }; + return new Failure("insufficient-disk-space" /* InsufficientDiskSpace */); } if (!await runnerHasSufficientMemory(codeql, ramInput, logger)) { - return { - sufficient: false, - reason: "insufficient-memory" /* InsufficientMemory */ - }; + return new Failure("insufficient-memory" /* InsufficientMemory */); } - return { sufficient: true }; + return new Success(void 0); } async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) { - const disabledResult = (reason) => ({ - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false, - disabledReason: reason - }); const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; if (modeEnv === "overlay" /* Overlay */ || modeEnv === "overlay-base" /* OverlayBase */ || modeEnv === "none" /* None */) { logger.info( `Setting overlay database mode to ${modeEnv} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.` ); if (modeEnv === "none" /* None */) { - return disabledResult( - "disabled-by-environment-variable" /* DisabledByEnvironmentVariable */ - ); + return new Failure("disabled-by-environment-variable" /* DisabledByEnvironmentVariable */); } return validateOverlayDatabaseMode( modeEnv, @@ -106499,7 +106480,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b logger.info( `Setting overlay database mode to ${"none" /* None */} because the ${"github-codeql-disable-overlay" /* DISABLE_OVERLAY */} repository property is set to true.` ); - return disabledResult("disabled-by-repository-property" /* DisabledByRepositoryProperty */); + return new Failure("disabled-by-repository-property" /* DisabledByRepositoryProperty */); } const featureResult = await checkOverlayAnalysisFeatureEnabled( features, @@ -106507,8 +106488,8 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b languages, codeScanningConfig ); - if (!featureResult.enabled) { - return disabledResult(featureResult.reason); + if (featureResult.isFailure()) { + return featureResult; } const performResourceChecks = !await features.getValue( "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, @@ -106525,7 +106506,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.` ); - return disabledResult("unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */); + return new Failure("unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */); } const resourceResult = performResourceChecks && diskUsage ? await checkRunnerResources( codeql, @@ -106533,15 +106514,15 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b ramInput, logger, useV2ResourceChecks - ) : { sufficient: true }; - if (!resourceResult.sufficient) { - return disabledResult(resourceResult.reason); + ) : new Success(void 0); + if (resourceResult.isFailure()) { + return resourceResult; } if (checkOverlayStatus && diskUsage && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) { logger.info( `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.` ); - return disabledResult("skipped-due-to-cached-status" /* SkippedDueToCachedStatus */); + return new Failure("skipped-due-to-cached-status" /* SkippedDueToCachedStatus */); } let overlayDatabaseMode; if (isAnalyzingPullRequest()) { @@ -106555,7 +106536,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` ); } else { - return disabledResult("not-pull-request-or-default-branch" /* NotPullRequestOrDefaultBranch */); + return new Failure("not-pull-request-or-default-branch" /* NotPullRequestOrDefaultBranch */); } return validateOverlayDatabaseMode( overlayDatabaseMode, @@ -106569,11 +106550,6 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b ); } async function validateOverlayDatabaseMode(overlayDatabaseMode, useOverlayDatabaseCaching, codeql, languages, sourceRoot, buildMode, gitVersion, logger) { - const disabledResult = (reason) => ({ - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false, - disabledReason: reason - }); if (buildMode !== "none" /* None */ && (await Promise.all( languages.map( async (l) => l !== "go" /* go */ && // Workaround to allow overlay analysis for Go with any build @@ -106586,37 +106562,36 @@ async function validateOverlayDatabaseMode(overlayDatabaseMode, useOverlayDataba logger.warning( `Cannot build an ${overlayDatabaseMode} database because build-mode is set to "${buildMode}" instead of "none". Falling back to creating a normal full database instead.` ); - return disabledResult("incompatible-build-mode" /* IncompatibleBuildMode */); + return new Failure("incompatible-build-mode" /* IncompatibleBuildMode */); } if (!await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION)) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. Falling back to creating a normal full database instead.` ); - return disabledResult("incompatible-codeql" /* IncompatibleCodeQl */); + return new Failure("incompatible-codeql" /* IncompatibleCodeQl */); } if (await getGitRoot(sourceRoot) === void 0) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because the source root "${sourceRoot}" is not inside a git repository. Falling back to creating a normal full database instead.` ); - return disabledResult("no-git-root" /* NoGitRoot */); + return new Failure("no-git-root" /* NoGitRoot */); } if (gitVersion === void 0) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because the Git version could not be determined. Falling back to creating a normal full database instead.` ); - return disabledResult("incompatible-git" /* IncompatibleGit */); + return new Failure("incompatible-git" /* IncompatibleGit */); } if (!gitVersion.isAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY)) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. Falling back to creating a normal full database instead.` ); - return disabledResult("incompatible-git" /* IncompatibleGit */); + return new Failure("incompatible-git" /* IncompatibleGit */); } - return { + return new Success({ overlayDatabaseMode, - useOverlayDatabaseCaching, - disabledReason: void 0 - }; + useOverlayDatabaseCaching + }); } function dbLocationOrDefault(dbLocation, tempDir) { return dbLocation || path9.resolve(tempDir, "codeql_databases"); @@ -106704,11 +106679,7 @@ async function initConfig(features, inputs) { } else { logger.debug(`Skipping check for generated files.`); } - const { - overlayDatabaseMode, - useOverlayDatabaseCaching, - disabledReason: overlayDisabledReason - } = await getOverlayDatabaseMode( + const overlayDatabaseModeResult = await getOverlayDatabaseMode( inputs.codeql, inputs.features, config.languages, @@ -106720,19 +106691,27 @@ async function initConfig(features, inputs) { gitVersion, logger ); - logger.info( - `Using overlay database mode: ${overlayDatabaseMode} ${useOverlayDatabaseCaching ? "with" : "without"} caching.` - ); - config.overlayDatabaseMode = overlayDatabaseMode; - config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; - if (overlayDisabledReason !== void 0) { + if (overlayDatabaseModeResult.isSuccess()) { + const { overlayDatabaseMode, useOverlayDatabaseCaching } = overlayDatabaseModeResult.value; + logger.info( + `Using overlay database mode: ${overlayDatabaseMode} ${useOverlayDatabaseCaching ? "with" : "without"} caching.` + ); + config.overlayDatabaseMode = overlayDatabaseMode; + config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; + } else { + const overlayDisabledReason = overlayDatabaseModeResult.value; + logger.info( + `Using overlay database mode: ${"none" /* None */} without caching.` + ); + config.overlayDatabaseMode = "none" /* None */; + config.useOverlayDatabaseCaching = false; await addOverlayDisablementDiagnostics( config, inputs.codeql, overlayDisabledReason ); } - if (overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis( + if (config.overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis( inputs.codeql, inputs.features, logger diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index e6ba04725..f00e1a40e 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -40,6 +40,8 @@ import { withTmpDir, BuildMode, DiskUsage, + Success, + Failure, } from "./util"; import * as util from "./util"; @@ -1017,11 +1019,14 @@ const getOverlayDatabaseModeMacro = test.macro({ t: ExecutionContext, _title: string, setupOverrides: Partial, - expected: { - overlayDatabaseMode: OverlayDatabaseMode; - useOverlayDatabaseCaching: boolean; - disabledReason?: OverlayDisabledReason; - }, + expected: + | { + overlayDatabaseMode: OverlayDatabaseMode; + useOverlayDatabaseCaching: boolean; + } + | { + disabledReason: OverlayDisabledReason; + }, ) => { return await withTmpDir(async (tempDir) => { const messages: LoggedMessage[] = []; @@ -1092,11 +1097,11 @@ const getOverlayDatabaseModeMacro = test.macro({ logger, ); - if (!("disabledReason" in expected)) { - expected.disabledReason = undefined; + if ("disabledReason" in expected) { + t.deepEqual(result, new Failure(expected.disabledReason)); + } else { + t.deepEqual(result, new Success(expected)); } - - t.deepEqual(result, expected); } finally { // Restore the original environment process.env = originalEnv; @@ -1137,8 +1142,6 @@ test( overlayDatabaseEnvVar: "none", }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.DisabledByEnvironmentVariable, }, ); @@ -1150,8 +1153,6 @@ test( overlayDatabaseEnvVar: "invalid-mode", }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1164,8 +1165,6 @@ test( features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript], }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NotPullRequestOrDefaultBranch, }, ); @@ -1234,8 +1233,6 @@ test( }, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1253,8 +1250,6 @@ test( diskUsage: undefined, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage, }, ); @@ -1298,8 +1293,6 @@ test( }, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1342,8 +1335,6 @@ test( }, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1361,8 +1352,6 @@ test( memoryFlagValue: 3072, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientMemory, }, ); @@ -1419,8 +1408,6 @@ test( shouldSkipOverlayAnalysisDueToCachedStatus: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.SkippedDueToCachedStatus, }, ); @@ -1439,8 +1426,6 @@ test( shouldSkipOverlayAnalysisDueToCachedStatus: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.SkippedDueToCachedStatus, }, ); @@ -1460,8 +1445,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1481,8 +1464,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1502,8 +1483,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1523,8 +1502,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1538,8 +1515,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1553,8 +1528,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1568,8 +1541,6 @@ test( isDefaultBranch: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); @@ -1638,8 +1609,6 @@ test( }, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientDiskSpace, }, ); @@ -1679,8 +1648,6 @@ test( diskUsage: undefined, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.UnableToDetermineDiskUsage, }, ); @@ -1698,8 +1665,6 @@ test( memoryFlagValue: 3072, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.InsufficientMemory, }, ); @@ -1757,8 +1722,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1778,8 +1741,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1799,8 +1760,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1820,8 +1779,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NonDefaultQueries, }, ); @@ -1835,8 +1792,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1850,8 +1805,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.OverallFeatureNotEnabled, }, ); @@ -1865,8 +1818,6 @@ test( isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); @@ -1919,8 +1870,6 @@ test( languages: [KnownLanguage.java], }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.IncompatibleBuildMode, }, ); @@ -1934,8 +1883,6 @@ test( languages: [KnownLanguage.java], }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.IncompatibleBuildMode, }, ); @@ -1948,8 +1895,6 @@ test( codeqlVersion: "2.14.0", }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.IncompatibleCodeQl, }, ); @@ -1962,8 +1907,6 @@ test( gitRoot: undefined, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.NoGitRoot, }, ); @@ -1976,8 +1919,6 @@ test( gitVersion: new GitVersionInfo("2.30.0", "2.30.0"), // Version below required 2.38.0 }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.IncompatibleGit, }, ); @@ -1990,8 +1931,6 @@ test( gitVersion: undefined, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.IncompatibleGit, }, ); @@ -2008,8 +1947,6 @@ test( }, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.DisabledByRepositoryProperty, }, ); @@ -2057,8 +1994,6 @@ for (const language in KnownLanguage) { isPullRequest: true, }, { - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, disabledReason: OverlayDisabledReason.LanguageNotEnabled, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index 30b415380..2fe9ce546 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -69,6 +69,9 @@ import { isInTestMode, joinAtMost, DiskUsage, + Result, + Success, + Failure, } from "./util"; /** @@ -662,14 +665,9 @@ async function checkOverlayAnalysisFeatureEnabled( codeql: CodeQL, languages: Language[], codeScanningConfig: UserConfig, -): Promise< - { enabled: true } | { enabled: false; reason: OverlayDisabledReason } -> { +): Promise> { if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) { - return { - enabled: false, - reason: OverlayDisabledReason.OverallFeatureNotEnabled, - }; + return new Failure(OverlayDisabledReason.OverallFeatureNotEnabled); } let enableForCodeScanningOnly = false; for (const language of languages) { @@ -686,7 +684,7 @@ async function checkOverlayAnalysisFeatureEnabled( enableForCodeScanningOnly = true; continue; } - return { enabled: false, reason: OverlayDisabledReason.LanguageNotEnabled }; + return new Failure(OverlayDisabledReason.LanguageNotEnabled); } if (enableForCodeScanningOnly) { // A code-scanning configuration runs only the (default) code-scanning suite @@ -698,13 +696,10 @@ async function checkOverlayAnalysisFeatureEnabled( codeScanningConfig.queries === undefined && codeScanningConfig["query-filters"] === undefined; if (!usesDefaultQueriesOnly) { - return { - enabled: false, - reason: OverlayDisabledReason.NonDefaultQueries, - }; + return new Failure(OverlayDisabledReason.NonDefaultQueries); } } - return { enabled: true }; + return new Success(undefined); } /** Checks if the runner has enough disk space for overlay analysis. */ @@ -771,22 +766,19 @@ async function checkRunnerResources( ramInput: string | undefined, logger: Logger, useV2ResourceChecks: boolean, -): Promise< - { sufficient: true } | { sufficient: false; reason: OverlayDisabledReason } -> { +): Promise> { if (!runnerHasSufficientDiskSpace(diskUsage, logger, useV2ResourceChecks)) { - return { - sufficient: false, - reason: OverlayDisabledReason.InsufficientDiskSpace, - }; + return new Failure(OverlayDisabledReason.InsufficientDiskSpace); } if (!(await runnerHasSufficientMemory(codeql, ramInput, logger))) { - return { - sufficient: false, - reason: OverlayDisabledReason.InsufficientMemory, - }; + return new Failure(OverlayDisabledReason.InsufficientMemory); } - return { sufficient: true }; + return new Success(undefined); +} + +interface OverlayParameters { + overlayDatabaseMode: Exclude; + useOverlayDatabaseCaching: boolean; } /** @@ -821,17 +813,7 @@ export async function getOverlayDatabaseMode( repositoryProperties: RepositoryProperties, gitVersion: GitVersionInfo | undefined, logger: Logger, -): Promise<{ - overlayDatabaseMode: OverlayDatabaseMode; - useOverlayDatabaseCaching: boolean; - disabledReason: OverlayDisabledReason | undefined; -}> { - const disabledResult = (reason: OverlayDisabledReason | undefined) => ({ - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, - disabledReason: reason, - }); - +): Promise> { const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and // treated as if the environment variable was not set. @@ -845,9 +827,7 @@ export async function getOverlayDatabaseMode( "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.", ); if (modeEnv === OverlayDatabaseMode.None) { - return disabledResult( - OverlayDisabledReason.DisabledByEnvironmentVariable, - ); + return new Failure(OverlayDisabledReason.DisabledByEnvironmentVariable); } return validateOverlayDatabaseMode( modeEnv, @@ -866,7 +846,7 @@ export async function getOverlayDatabaseMode( `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + `because the ${RepositoryPropertyName.DISABLE_OVERLAY} repository property is set to true.`, ); - return disabledResult(OverlayDisabledReason.DisabledByRepositoryProperty); + return new Failure(OverlayDisabledReason.DisabledByRepositoryProperty); } const featureResult = await checkOverlayAnalysisFeatureEnabled( @@ -875,8 +855,8 @@ export async function getOverlayDatabaseMode( languages, codeScanningConfig, ); - if (!featureResult.enabled) { - return disabledResult(featureResult.reason); + if (featureResult.isFailure()) { + return featureResult; } const performResourceChecks = !(await features.getValue( @@ -900,7 +880,7 @@ export async function getOverlayDatabaseMode( logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`, ); - return disabledResult(OverlayDisabledReason.UnableToDetermineDiskUsage); + return new Failure(OverlayDisabledReason.UnableToDetermineDiskUsage); } const resourceResult = performResourceChecks && diskUsage @@ -911,9 +891,9 @@ export async function getOverlayDatabaseMode( logger, useV2ResourceChecks, ) - : { sufficient: true as const }; - if (!resourceResult.sufficient) { - return disabledResult(resourceResult.reason); + : new Success(undefined); + if (resourceResult.isFailure()) { + return resourceResult; } if ( checkOverlayStatus && @@ -925,7 +905,7 @@ export async function getOverlayDatabaseMode( "because overlay analysis previously failed with this combination of languages, " + "disk space, and CodeQL version.", ); - return disabledResult(OverlayDisabledReason.SkippedDueToCachedStatus); + return new Failure(OverlayDisabledReason.SkippedDueToCachedStatus); } let overlayDatabaseMode: OverlayDatabaseMode; @@ -942,7 +922,7 @@ export async function getOverlayDatabaseMode( "with caching because we are analyzing the default branch.", ); } else { - return disabledResult(OverlayDisabledReason.NotPullRequestOrDefaultBranch); + return new Failure(OverlayDisabledReason.NotPullRequestOrDefaultBranch); } return validateOverlayDatabaseMode( @@ -972,17 +952,7 @@ async function validateOverlayDatabaseMode( buildMode: BuildMode | undefined, gitVersion: GitVersionInfo | undefined, logger: Logger, -): Promise<{ - overlayDatabaseMode: OverlayDatabaseMode; - useOverlayDatabaseCaching: boolean; - disabledReason: OverlayDisabledReason | undefined; -}> { - const disabledResult = (reason: OverlayDisabledReason) => ({ - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, - disabledReason: reason, - }); - +): Promise> { if ( buildMode !== BuildMode.None && ( @@ -1003,7 +973,7 @@ async function validateOverlayDatabaseMode( `build-mode is set to "${buildMode}" instead of "none". ` + "Falling back to creating a normal full database instead.", ); - return disabledResult(OverlayDisabledReason.IncompatibleBuildMode); + return new Failure(OverlayDisabledReason.IncompatibleBuildMode); } if (!(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION))) { logger.warning( @@ -1011,7 +981,7 @@ async function validateOverlayDatabaseMode( `the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. ` + "Falling back to creating a normal full database instead.", ); - return disabledResult(OverlayDisabledReason.IncompatibleCodeQl); + return new Failure(OverlayDisabledReason.IncompatibleCodeQl); } if ((await getGitRoot(sourceRoot)) === undefined) { logger.warning( @@ -1019,7 +989,7 @@ async function validateOverlayDatabaseMode( `the source root "${sourceRoot}" is not inside a git repository. ` + "Falling back to creating a normal full database instead.", ); - return disabledResult(OverlayDisabledReason.NoGitRoot); + return new Failure(OverlayDisabledReason.NoGitRoot); } if (gitVersion === undefined) { logger.warning( @@ -1027,7 +997,7 @@ async function validateOverlayDatabaseMode( "the Git version could not be determined. " + "Falling back to creating a normal full database instead.", ); - return disabledResult(OverlayDisabledReason.IncompatibleGit); + return new Failure(OverlayDisabledReason.IncompatibleGit); } if (!gitVersion.isAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY)) { logger.warning( @@ -1035,14 +1005,13 @@ async function validateOverlayDatabaseMode( `the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. ` + "Falling back to creating a normal full database instead.", ); - return disabledResult(OverlayDisabledReason.IncompatibleGit); + return new Failure(OverlayDisabledReason.IncompatibleGit); } - return { + return new Success({ overlayDatabaseMode, useOverlayDatabaseCaching, - disabledReason: undefined, - }; + }); } function dbLocationOrDefault( @@ -1188,11 +1157,7 @@ export async function initConfig( // and queries, which in turn depends on the user config and the augmentation // properties. So we need to calculate the overlay database mode after the // rest of the config has been populated. - const { - overlayDatabaseMode, - useOverlayDatabaseCaching, - disabledReason: overlayDisabledReason, - } = await getOverlayDatabaseMode( + const overlayDatabaseModeResult = await getOverlayDatabaseMode( inputs.codeql, inputs.features, config.languages, @@ -1204,14 +1169,22 @@ export async function initConfig( gitVersion, logger, ); - logger.info( - `Using overlay database mode: ${overlayDatabaseMode} ` + - `${useOverlayDatabaseCaching ? "with" : "without"} caching.`, - ); - config.overlayDatabaseMode = overlayDatabaseMode; - config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; - - if (overlayDisabledReason !== undefined) { + if (overlayDatabaseModeResult.isSuccess()) { + const { overlayDatabaseMode, useOverlayDatabaseCaching } = + overlayDatabaseModeResult.value; + logger.info( + `Using overlay database mode: ${overlayDatabaseMode} ` + + `${useOverlayDatabaseCaching ? "with" : "without"} caching.`, + ); + config.overlayDatabaseMode = overlayDatabaseMode; + config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; + } else { + const overlayDisabledReason = overlayDatabaseModeResult.value; + logger.info( + `Using overlay database mode: ${OverlayDatabaseMode.None} without caching.`, + ); + config.overlayDatabaseMode = OverlayDatabaseMode.None; + config.useOverlayDatabaseCaching = false; await addOverlayDisablementDiagnostics( config, inputs.codeql, @@ -1220,7 +1193,7 @@ export async function initConfig( } if ( - overlayDatabaseMode === OverlayDatabaseMode.Overlay || + config.overlayDatabaseMode === OverlayDatabaseMode.Overlay || (await shouldPerformDiffInformedAnalysis( inputs.codeql, inputs.features, From 4cd47adfe1f1d75037409c421f2a2125ad674e05 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:38:24 +0100 Subject: [PATCH 11/38] Address review comments --- lib/init-action.js | 9 +++++---- src/config-utils.ts | 15 +++++---------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 7ab924d66..eb3e7e81f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106501,14 +106501,15 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b const checkOverlayStatus = await features.getValue( "overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */ ); - const diskUsage = performResourceChecks || checkOverlayStatus ? await checkDiskUsage(logger) : void 0; - if ((performResourceChecks || checkOverlayStatus) && diskUsage === void 0) { + const needDiskUsage = performResourceChecks || checkOverlayStatus; + const diskUsage = needDiskUsage ? await checkDiskUsage(logger) : void 0; + if (needDiskUsage && diskUsage === void 0) { logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${"none" /* None */}.` ); return new Failure("unable-to-determine-disk-usage" /* UnableToDetermineDiskUsage */); } - const resourceResult = performResourceChecks && diskUsage ? await checkRunnerResources( + const resourceResult = performResourceChecks && diskUsage !== void 0 ? await checkRunnerResources( codeql, diskUsage, ramInput, @@ -106518,7 +106519,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b if (resourceResult.isFailure()) { return resourceResult; } - if (checkOverlayStatus && diskUsage && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) { + if (checkOverlayStatus && diskUsage !== void 0 && await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) { logger.info( `Setting overlay database mode to ${"none" /* None */} because overlay analysis previously failed with this combination of languages, disk space, and CodeQL version.` ); diff --git a/src/config-utils.ts b/src/config-utils.ts index 2fe9ce546..ac3df08f4 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -869,21 +869,16 @@ export async function getOverlayDatabaseMode( const checkOverlayStatus = await features.getValue( Feature.OverlayAnalysisStatusCheck, ); - const diskUsage = - performResourceChecks || checkOverlayStatus - ? await checkDiskUsage(logger) - : undefined; - if ( - (performResourceChecks || checkOverlayStatus) && - diskUsage === undefined - ) { + const needDiskUsage = performResourceChecks || checkOverlayStatus; + const diskUsage = needDiskUsage ? await checkDiskUsage(logger) : undefined; + if (needDiskUsage && diskUsage === undefined) { logger.warning( `Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`, ); return new Failure(OverlayDisabledReason.UnableToDetermineDiskUsage); } const resourceResult = - performResourceChecks && diskUsage + performResourceChecks && diskUsage !== undefined ? await checkRunnerResources( codeql, diskUsage, @@ -897,7 +892,7 @@ export async function getOverlayDatabaseMode( } if ( checkOverlayStatus && - diskUsage && + diskUsage !== undefined && (await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger)) ) { logger.info( From 7449e3294d5deeaabe2ebc8c7e114321e881de07 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:38:56 +0100 Subject: [PATCH 12/38] Rename to `EnabledOverlayConfig` --- src/config-utils.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/config-utils.ts b/src/config-utils.ts index ac3df08f4..1cce557b2 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -776,7 +776,7 @@ async function checkRunnerResources( return new Success(undefined); } -interface OverlayParameters { +interface EnabledOverlayConfig { overlayDatabaseMode: Exclude; useOverlayDatabaseCaching: boolean; } @@ -813,7 +813,7 @@ export async function getOverlayDatabaseMode( repositoryProperties: RepositoryProperties, gitVersion: GitVersionInfo | undefined, logger: Logger, -): Promise> { +): Promise> { const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and // treated as if the environment variable was not set. @@ -947,7 +947,7 @@ async function validateOverlayDatabaseMode( buildMode: BuildMode | undefined, gitVersion: GitVersionInfo | undefined, logger: Logger, -): Promise> { +): Promise> { if ( buildMode !== BuildMode.None && ( From 60a0e2bf96ea033de2c24ca4b1c8da7c5357aaa1 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:49:23 +0100 Subject: [PATCH 13/38] Update method naming and JSDoc --- lib/init-action.js | 4 +- src/config-utils.test.ts | 116 +++++++++++++++++++-------------------- src/config-utils.ts | 9 +-- 3 files changed, 65 insertions(+), 64 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index eb3e7e81f..077d0b383 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -106456,7 +106456,7 @@ async function checkRunnerResources(codeql, diskUsage, ramInput, logger, useV2Re } return new Success(void 0); } -async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) { +async function checkOverlayEnablement(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, repositoryProperties, gitVersion, logger) { const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; if (modeEnv === "overlay" /* Overlay */ || modeEnv === "overlay-base" /* OverlayBase */ || modeEnv === "none" /* None */) { logger.info( @@ -106680,7 +106680,7 @@ async function initConfig(features, inputs) { } else { logger.debug(`Skipping check for generated files.`); } - const overlayDatabaseModeResult = await getOverlayDatabaseMode( + const overlayDatabaseModeResult = await checkOverlayEnablement( inputs.codeql, inputs.features, config.languages, diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index f00e1a40e..a96f41e84 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1014,7 +1014,7 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = { repositoryProperties: {}, }; -const getOverlayDatabaseModeMacro = test.macro({ +const checkOverlayEnablementMacro = test.macro({ exec: async ( t: ExecutionContext, _title: string, @@ -1084,7 +1084,7 @@ const getOverlayDatabaseModeMacro = test.macro({ .stub(gitUtils, "isAnalyzingDefaultBranch") .resolves(setup.isDefaultBranch); - const result = await configUtils.getOverlayDatabaseMode( + const result = await configUtils.checkOverlayEnablement( codeql, features, setup.languages, @@ -1108,11 +1108,11 @@ const getOverlayDatabaseModeMacro = test.macro({ } }); }, - title: (_, title) => `getOverlayDatabaseMode: ${title}`, + title: (_, title) => `checkOverlayEnablement: ${title}`, }); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Environment variable override - Overlay", { overlayDatabaseEnvVar: "overlay", @@ -1124,7 +1124,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Environment variable override - OverlayBase", { overlayDatabaseEnvVar: "overlay-base", @@ -1136,7 +1136,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Environment variable override - None", { overlayDatabaseEnvVar: "none", @@ -1147,7 +1147,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Ignore invalid environment variable", { overlayDatabaseEnvVar: "invalid-mode", @@ -1158,7 +1158,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Ignore feature flag when analyzing non-default branch", { languages: [KnownLanguage.javascript], @@ -1170,7 +1170,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch when feature enabled", { languages: [KnownLanguage.javascript], @@ -1184,7 +1184,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch when feature enabled with custom analysis", { languages: [KnownLanguage.javascript], @@ -1201,7 +1201,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch when code-scanning feature enabled", { languages: [KnownLanguage.javascript], @@ -1218,7 +1218,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch if runner disk space is too low", { languages: [KnownLanguage.javascript], @@ -1238,7 +1238,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch if we can't determine runner disk space", { languages: [KnownLanguage.javascript], @@ -1255,7 +1255,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch if runner disk space is too low and skip resource checks flag is enabled", { languages: [KnownLanguage.javascript], @@ -1277,7 +1277,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch if runner disk space is below v2 limit and v2 resource checks enabled", { languages: [KnownLanguage.javascript], @@ -1298,7 +1298,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks enabled", { languages: [KnownLanguage.javascript], @@ -1320,7 +1320,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks not enabled", { languages: [KnownLanguage.javascript], @@ -1340,7 +1340,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch if memory flag is too low", { languages: [KnownLanguage.javascript], @@ -1357,7 +1357,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch if memory flag is too low but CodeQL >= 2.24.3", { languages: [KnownLanguage.javascript], @@ -1376,7 +1376,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay-base database on default branch if memory flag is too low and skip resource checks flag is enabled", { languages: [KnownLanguage.javascript], @@ -1395,7 +1395,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when cached status indicates previous failure", { languages: [KnownLanguage.javascript], @@ -1413,7 +1413,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when cached status indicates previous failure", { languages: [KnownLanguage.javascript], @@ -1431,7 +1431,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries", { languages: [KnownLanguage.javascript], @@ -1450,7 +1450,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when code-scanning feature enabled with packs", { languages: [KnownLanguage.javascript], @@ -1469,7 +1469,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when code-scanning feature enabled with queries", { languages: [KnownLanguage.javascript], @@ -1488,7 +1488,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when code-scanning feature enabled with query-filters", { languages: [KnownLanguage.javascript], @@ -1507,7 +1507,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when only language-specific feature enabled", { languages: [KnownLanguage.javascript], @@ -1520,7 +1520,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when only code-scanning feature enabled", { languages: [KnownLanguage.javascript], @@ -1533,7 +1533,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay-base database on default branch when language-specific feature disabled", { languages: [KnownLanguage.javascript], @@ -1546,7 +1546,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR when feature enabled", { languages: [KnownLanguage.javascript], @@ -1560,7 +1560,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR when feature enabled with custom analysis", { languages: [KnownLanguage.javascript], @@ -1577,7 +1577,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR when code-scanning feature enabled", { languages: [KnownLanguage.javascript], @@ -1594,7 +1594,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR if runner disk space is too low", { languages: [KnownLanguage.javascript], @@ -1614,7 +1614,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR if runner disk space is too low and skip resource checks flag is enabled", { languages: [KnownLanguage.javascript], @@ -1636,7 +1636,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR if we can't determine runner disk space", { languages: [KnownLanguage.javascript], @@ -1653,7 +1653,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR if memory flag is too low", { languages: [KnownLanguage.javascript], @@ -1670,7 +1670,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR if memory flag is too low but CodeQL >= 2.24.3", { languages: [KnownLanguage.javascript], @@ -1689,7 +1689,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay analysis on PR if memory flag is too low and skip resource checks flag is enabled", { languages: [KnownLanguage.javascript], @@ -1708,7 +1708,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries", { languages: [KnownLanguage.javascript], @@ -1727,7 +1727,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when code-scanning feature enabled with packs", { languages: [KnownLanguage.javascript], @@ -1746,7 +1746,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when code-scanning feature enabled with queries", { languages: [KnownLanguage.javascript], @@ -1765,7 +1765,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when code-scanning feature enabled with query-filters", { languages: [KnownLanguage.javascript], @@ -1784,7 +1784,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when only language-specific feature enabled", { languages: [KnownLanguage.javascript], @@ -1797,7 +1797,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when only code-scanning feature enabled", { languages: [KnownLanguage.javascript], @@ -1810,7 +1810,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay analysis on PR when language-specific feature disabled", { languages: [KnownLanguage.javascript], @@ -1823,7 +1823,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay PR analysis by env", { overlayDatabaseEnvVar: "overlay", @@ -1835,7 +1835,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay PR analysis by env on a runner with low disk space", { overlayDatabaseEnvVar: "overlay", @@ -1848,7 +1848,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay PR analysis by feature flag", { languages: [KnownLanguage.javascript], @@ -1862,7 +1862,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback due to autobuild with traced language", { overlayDatabaseEnvVar: "overlay", @@ -1875,7 +1875,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback due to no build mode with traced language", { overlayDatabaseEnvVar: "overlay", @@ -1888,7 +1888,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback due to old CodeQL version", { overlayDatabaseEnvVar: "overlay", @@ -1900,7 +1900,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback due to missing git root", { overlayDatabaseEnvVar: "overlay", @@ -1912,7 +1912,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback due to old git version", { overlayDatabaseEnvVar: "overlay", @@ -1924,7 +1924,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Fallback when git version cannot be determined", { overlayDatabaseEnvVar: "overlay", @@ -1936,7 +1936,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "No overlay when disabled via repository property", { languages: [KnownLanguage.javascript], @@ -1952,7 +1952,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Overlay not disabled when repository property is false", { languages: [KnownLanguage.javascript], @@ -1969,7 +1969,7 @@ test( ); test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, "Environment variable override takes precedence over repository property", { overlayDatabaseEnvVar: "overlay", @@ -1986,7 +1986,7 @@ test( // Exercise language-specific overlay analysis features code paths for (const language in KnownLanguage) { test( - getOverlayDatabaseModeMacro, + checkOverlayEnablementMacro, `Check default overlay analysis feature for ${language}`, { languages: [language], diff --git a/src/config-utils.ts b/src/config-utils.ts index 1cce557b2..b80586938 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -799,10 +799,11 @@ interface EnabledOverlayConfig { * For `Overlay` and `OverlayBase`, the function performs further checks and * reverts to `None` if any check should fail. * - * @returns An object containing the overlay database mode and whether the - * action should perform overlay-base database caching. + * @returns A `Success` containing the overlay database mode and whether the + * action should perform overlay-base database caching, or a `Failure` + * containing the reason why overlay analysis is disabled. */ -export async function getOverlayDatabaseMode( +export async function checkOverlayEnablement( codeql: CodeQL, features: FeatureEnablement, languages: Language[], @@ -1152,7 +1153,7 @@ export async function initConfig( // and queries, which in turn depends on the user config and the augmentation // properties. So we need to calculate the overlay database mode after the // rest of the config has been populated. - const overlayDatabaseModeResult = await getOverlayDatabaseMode( + const overlayDatabaseModeResult = await checkOverlayEnablement( inputs.codeql, inputs.features, config.languages, From 6d1c37ed8fb8237990223f659b2f48210559c35a Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 4 Mar 2026 17:58:13 +0100 Subject: [PATCH 14/38] Fix some tests that should be serial --- src/config-utils.test.ts | 323 ++++++++++++++++++++------------------- 1 file changed, 169 insertions(+), 154 deletions(-) diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index bb63fcf6e..06994c0ed 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -139,7 +139,7 @@ function mockListLanguages(languages: string[]) { sinon.stub(api, "getApiClient").value(() => client); } -test("load empty config", async (t) => { +test.serial("load empty config", async (t) => { return await withTmpDir(async (tempDir) => { const logger = getRunnerLogger(true); const languages = "javascript,python"; @@ -180,7 +180,7 @@ test("load empty config", async (t) => { }); }); -test("load code quality config", async (t) => { +test.serial("load code quality config", async (t) => { return await withTmpDir(async (tempDir) => { const logger = getRunnerLogger(true); const languages = "actions"; @@ -230,65 +230,68 @@ test("load code quality config", async (t) => { }); }); -test("initActionState doesn't throw if there are queries configured in the repository properties", async (t) => { - return await withTmpDir(async (tempDir) => { - const logger = getRunnerLogger(true); - const languages = "javascript"; +test.serial( + "initActionState doesn't throw if there are queries configured in the repository properties", + async (t) => { + return await withTmpDir(async (tempDir) => { + const logger = getRunnerLogger(true); + const languages = "javascript"; - const codeql = createStubCodeQL({ - async betterResolveLanguages() { - return { - extractors: { - javascript: [{ extractor_root: "" }], - }, - }; - }, + const codeql = createStubCodeQL({ + async betterResolveLanguages() { + return { + extractors: { + javascript: [{ extractor_root: "" }], + }, + }; + }, + }); + + // This should be ignored and no error should be thrown. + const repositoryProperties = { + "github-codeql-extra-queries": "+foo", + }; + + // Expected configuration for a CQ-only analysis. + const computedConfig: UserConfig = { + "disable-default-queries": true, + queries: [{ uses: "code-quality" }], + "query-filters": [], + }; + + const expectedConfig = createTestConfig({ + analysisKinds: [AnalysisKind.CodeQuality], + languages: [KnownLanguage.javascript], + codeQLCmd: codeql.getPath(), + computedConfig, + dbLocation: path.resolve(tempDir, "codeql_databases"), + debugArtifactName: "", + debugDatabaseName: "", + tempDir, + repositoryProperties, + }); + + await t.notThrowsAsync(async () => { + const config = await configUtils.initConfig( + createFeatures([]), + createTestInitConfigInputs({ + analysisKinds: [AnalysisKind.CodeQuality], + languagesInput: languages, + repository: { owner: "github", repo: "example" }, + tempDir, + codeql, + repositoryProperties, + logger, + }), + ); + + t.deepEqual(config, expectedConfig); + }); }); + }, +); - // This should be ignored and no error should be thrown. - const repositoryProperties = { - "github-codeql-extra-queries": "+foo", - }; - - // Expected configuration for a CQ-only analysis. - const computedConfig: UserConfig = { - "disable-default-queries": true, - queries: [{ uses: "code-quality" }], - "query-filters": [], - }; - - const expectedConfig = createTestConfig({ - analysisKinds: [AnalysisKind.CodeQuality], - languages: [KnownLanguage.javascript], - codeQLCmd: codeql.getPath(), - computedConfig, - dbLocation: path.resolve(tempDir, "codeql_databases"), - debugArtifactName: "", - debugDatabaseName: "", - tempDir, - repositoryProperties, - }); - - await t.notThrowsAsync(async () => { - const config = await configUtils.initConfig( - createFeatures([]), - createTestInitConfigInputs({ - analysisKinds: [AnalysisKind.CodeQuality], - languagesInput: languages, - repository: { owner: "github", repo: "example" }, - tempDir, - codeql, - repositoryProperties, - logger, - }), - ); - - t.deepEqual(config, expectedConfig); - }); - }); -}); - -test("loading a saved config produces the same config", async (t) => { +test.serial("loading a saved config produces the same config", async (t) => { return await withTmpDir(async (tempDir) => { const logger = getRunnerLogger(true); @@ -335,7 +338,7 @@ test("loading a saved config produces the same config", async (t) => { }); }); -test("loading config with version mismatch throws", async (t) => { +test.serial("loading config with version mismatch throws", async (t) => { return await withTmpDir(async (tempDir) => { const logger = getRunnerLogger(true); @@ -387,7 +390,7 @@ test("loading config with version mismatch throws", async (t) => { }); }); -test("load input outside of workspace", async (t) => { +test.serial("load input outside of workspace", async (t) => { return await withTmpDir(async (tempDir) => { try { await configUtils.initConfig( @@ -412,7 +415,7 @@ test("load input outside of workspace", async (t) => { }); }); -test("load non-local input with invalid repo syntax", async (t) => { +test.serial("load non-local input with invalid repo syntax", async (t) => { return await withTmpDir(async (tempDir) => { // no filename given, just a repo const configFile = "octo-org/codeql-config@main"; @@ -440,7 +443,7 @@ test("load non-local input with invalid repo syntax", async (t) => { }); }); -test("load non-existent input", async (t) => { +test.serial("load non-existent input", async (t) => { return await withTmpDir(async (tempDir) => { const languagesInput = "javascript"; const configFile = "input"; @@ -470,7 +473,7 @@ test("load non-existent input", async (t) => { }); }); -test("load non-empty input", async (t) => { +test.serial("load non-empty input", async (t) => { return await withTmpDir(async (tempDir) => { const codeql = createStubCodeQL({ async betterResolveLanguages() { @@ -541,18 +544,20 @@ test("load non-empty input", async (t) => { }); }); -test("Using config input and file together, config input should be used.", async (t) => { - return await withTmpDir(async (tempDir) => { - process.env["RUNNER_TEMP"] = tempDir; - process.env["GITHUB_WORKSPACE"] = tempDir; +test.serial( + "Using config input and file together, config input should be used.", + async (t) => { + return await withTmpDir(async (tempDir) => { + process.env["RUNNER_TEMP"] = tempDir; + process.env["GITHUB_WORKSPACE"] = tempDir; - const inputFileContents = ` + const inputFileContents = ` name: my config queries: - uses: ./foo_file`; - const configFilePath = createConfigFile(inputFileContents, tempDir); + const configFilePath = createConfigFile(inputFileContents, tempDir); - const configInput = ` + const configInput = ` name: my config queries: - uses: ./foo @@ -563,39 +568,40 @@ test("Using config input and file together, config input should be used.", async - c/d@1.2.3 `; - fs.mkdirSync(path.join(tempDir, "foo")); + fs.mkdirSync(path.join(tempDir, "foo")); - const codeql = createStubCodeQL({ - async betterResolveLanguages() { - return { - extractors: { - javascript: [{ extractor_root: "" }], - python: [{ extractor_root: "" }], - }, - }; - }, + const codeql = createStubCodeQL({ + async betterResolveLanguages() { + return { + extractors: { + javascript: [{ extractor_root: "" }], + python: [{ extractor_root: "" }], + }, + }; + }, + }); + + // Only JS, python packs will be ignored + const languagesInput = "javascript"; + + const config = await configUtils.initConfig( + createFeatures([]), + createTestInitConfigInputs({ + languagesInput, + configFile: configFilePath, + configInput, + tempDir, + codeql, + workspacePath: tempDir, + }), + ); + + t.deepEqual(config.originalUserInput, yaml.load(configInput)); }); + }, +); - // Only JS, python packs will be ignored - const languagesInput = "javascript"; - - const config = await configUtils.initConfig( - createFeatures([]), - createTestInitConfigInputs({ - languagesInput, - configFile: configFilePath, - configInput, - tempDir, - codeql, - workspacePath: tempDir, - }), - ); - - t.deepEqual(config.originalUserInput, yaml.load(configInput)); - }); -}); - -test("API client used when reading remote config", async (t) => { +test.serial("API client used when reading remote config", async (t) => { return await withTmpDir(async (tempDir) => { const codeql = createStubCodeQL({ async betterResolveLanguages() { @@ -644,34 +650,37 @@ test("API client used when reading remote config", async (t) => { }); }); -test("Remote config handles the case where a directory is provided", async (t) => { - return await withTmpDir(async (tempDir) => { - const dummyResponse = []; // directories are returned as arrays - mockGetContents(dummyResponse); +test.serial( + "Remote config handles the case where a directory is provided", + async (t) => { + return await withTmpDir(async (tempDir) => { + const dummyResponse = []; // directories are returned as arrays + mockGetContents(dummyResponse); - const repoReference = "octo-org/codeql-config/config.yaml@main"; - try { - await configUtils.initConfig( - createFeatures([]), - createTestInitConfigInputs({ - configFile: repoReference, - tempDir, - workspacePath: tempDir, - }), - ); - throw new Error("initConfig did not throw error"); - } catch (err) { - t.deepEqual( - err, - new ConfigurationError( - errorMessages.getConfigFileDirectoryGivenMessage(repoReference), - ), - ); - } - }); -}); + const repoReference = "octo-org/codeql-config/config.yaml@main"; + try { + await configUtils.initConfig( + createFeatures([]), + createTestInitConfigInputs({ + configFile: repoReference, + tempDir, + workspacePath: tempDir, + }), + ); + throw new Error("initConfig did not throw error"); + } catch (err) { + t.deepEqual( + err, + new ConfigurationError( + errorMessages.getConfigFileDirectoryGivenMessage(repoReference), + ), + ); + } + }); + }, +); -test("Invalid format of remote config handled correctly", async (t) => { +test.serial("Invalid format of remote config handled correctly", async (t) => { return await withTmpDir(async (tempDir) => { const dummyResponse = { // note no "content" property here @@ -700,7 +709,7 @@ test("Invalid format of remote config handled correctly", async (t) => { }); }); -test("No detected languages", async (t) => { +test.serial("No detected languages", async (t) => { return await withTmpDir(async (tempDir) => { mockListLanguages([]); const codeql = createStubCodeQL({ @@ -728,7 +737,7 @@ test("No detected languages", async (t) => { }); }); -test("Unknown languages", async (t) => { +test.serial("Unknown languages", async (t) => { return await withTmpDir(async (tempDir) => { const languagesInput = "rubbish,english"; @@ -755,7 +764,7 @@ test("Unknown languages", async (t) => { const mockLogger = getRunnerLogger(true); -test("no generateRegistries when registries is undefined", async (t) => { +test.serial("no generateRegistries when registries is undefined", async (t) => { return await withTmpDir(async (tmpDir) => { const registriesInput = undefined; const logger = getRunnerLogger(true); @@ -767,24 +776,27 @@ test("no generateRegistries when registries is undefined", async (t) => { }); }); -test("generateRegistries prefers original CODEQL_REGISTRIES_AUTH", async (t) => { - return await withTmpDir(async (tmpDir) => { - process.env.CODEQL_REGISTRIES_AUTH = "original"; - const registriesInput = yaml.dump([ - { - url: "http://ghcr.io", - packages: ["codeql/*", "codeql-testing/*"], - token: "not-a-token", - }, - ]); - const logger = getRunnerLogger(true); - const { registriesAuthTokens, qlconfigFile } = - await configUtils.generateRegistries(registriesInput, tmpDir, logger); +test.serial( + "generateRegistries prefers original CODEQL_REGISTRIES_AUTH", + async (t) => { + return await withTmpDir(async (tmpDir) => { + process.env.CODEQL_REGISTRIES_AUTH = "original"; + const registriesInput = yaml.dump([ + { + url: "http://ghcr.io", + packages: ["codeql/*", "codeql-testing/*"], + token: "not-a-token", + }, + ]); + const logger = getRunnerLogger(true); + const { registriesAuthTokens, qlconfigFile } = + await configUtils.generateRegistries(registriesInput, tmpDir, logger); - t.is(registriesAuthTokens, "original"); - t.is(qlconfigFile, path.join(tmpDir, "qlconfig.yml")); - }); -}); + t.is(registriesAuthTokens, "original"); + t.is(qlconfigFile, path.join(tmpDir, "qlconfig.yml")); + }); + }, +); // getLanguages @@ -862,7 +874,7 @@ const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); expectedLanguages: ["javascript"], }, ].forEach((args) => { - test(`getLanguages: ${args.name}`, async (t) => { + test.serial(`getLanguages: ${args.name}`, async (t) => { const mockRequest = mockLanguagesInRepo(args.languagesInRepository); const stubExtractorEntry = { extractor_root: "", @@ -1999,13 +2011,16 @@ for (const language in KnownLanguage) { ); } -test("hasActionsWorkflows doesn't throw if workflows folder doesn't exist", async (t) => { - return withTmpDir(async (tmpDir) => { - t.notThrows(() => configUtils.hasActionsWorkflows(tmpDir)); - }); -}); +test.serial( + "hasActionsWorkflows doesn't throw if workflows folder doesn't exist", + async (t) => { + return withTmpDir(async (tmpDir) => { + t.notThrows(() => configUtils.hasActionsWorkflows(tmpDir)); + }); + }, +); -test("getPrimaryAnalysisConfig - single analysis kind", (t) => { +test.serial("getPrimaryAnalysisConfig - single analysis kind", (t) => { // If only one analysis kind is configured, we expect to get the matching configuration. for (const analysisKind of supportedAnalysisKinds) { const singleKind = createTestConfig({ analysisKinds: [analysisKind] }); @@ -2013,7 +2028,7 @@ test("getPrimaryAnalysisConfig - single analysis kind", (t) => { } }); -test("getPrimaryAnalysisConfig - Code Scanning + Code Quality", (t) => { +test.serial("getPrimaryAnalysisConfig - Code Scanning + Code Quality", (t) => { // For CS+CQ, we expect to get the Code Scanning configuration. const codeScanningAndCodeQuality = createTestConfig({ analysisKinds: [AnalysisKind.CodeScanning, AnalysisKind.CodeQuality], From 545356f2000b1a42be69d55c10341bd770a00909 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 17:53:15 +0000 Subject: [PATCH 15/38] Bump the npm-minor group with 2 updates Bumps the npm-minor group with 2 updates: [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint). Updates `eslint-plugin-jsdoc` from 62.6.0 to 62.7.1 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v62.6.0...v62.7.1) Updates `typescript-eslint` from 8.56.0 to 8.56.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: eslint-plugin-jsdoc dependency-version: 62.7.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: typescript-eslint dependency-version: 8.56.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 177 +++++++++++++++++++++++++--------------------- package.json | 4 +- 2 files changed, 97 insertions(+), 84 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2bd163cb5..456048f00 100644 --- a/package-lock.json +++ b/package-lock.json @@ -52,14 +52,14 @@ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "globals": "^17.3.0", "nock": "^14.0.11", "sinon": "^21.0.1", "typescript": "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -2553,17 +2553,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.0.tgz", - "integrity": "sha512-lRyPDLzNCuae71A3t9NEINBiTn7swyOhvUj3MyUOxb8x6g6vPEFoOU+ZRmGMusNC3X3YMhqMIX7i8ShqhT74Pw==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz", + "integrity": "sha512-Jz9ZztpB37dNC+HU2HI28Bs9QXpzCz+y/twHOwhyrIRdbuVDxSytJNDl6z/aAKlaRIwC7y8wJdkBv7FxYGgi0A==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.12.2", - "@typescript-eslint/scope-manager": "8.56.0", - "@typescript-eslint/type-utils": "8.56.0", - "@typescript-eslint/utils": "8.56.0", - "@typescript-eslint/visitor-keys": "8.56.0", + "@typescript-eslint/scope-manager": "8.56.1", + "@typescript-eslint/type-utils": "8.56.1", + "@typescript-eslint/utils": "8.56.1", + "@typescript-eslint/visitor-keys": "8.56.1", "ignore": "^7.0.5", "natural-compare": "^1.4.0", "ts-api-utils": "^2.4.0" @@ -2576,7 +2576,7 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.56.0", + "@typescript-eslint/parser": "^8.56.1", "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0", "typescript": ">=4.8.4 <6.0.0" } @@ -2592,16 +2592,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.0.tgz", - "integrity": "sha512-IgSWvLobTDOjnaxAfDTIHaECbkNlAlKv2j5SjpB2v7QHKv1FIfjwMy8FsDbVfDX/KjmCmYICcw7uGaXLhtsLNg==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.1.tgz", + "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.56.0", - "@typescript-eslint/types": "8.56.0", - "@typescript-eslint/typescript-estree": "8.56.0", - "@typescript-eslint/visitor-keys": "8.56.0", + "@typescript-eslint/scope-manager": "8.56.1", + "@typescript-eslint/types": "8.56.1", + "@typescript-eslint/typescript-estree": "8.56.1", + "@typescript-eslint/visitor-keys": "8.56.1", "debug": "^4.4.3" }, "engines": { @@ -2635,14 +2635,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.0.tgz", - "integrity": "sha512-M3rnyL1vIQOMeWxTWIW096/TtVP+8W3p/XnaFflhmcFp+U4zlxUxWj4XwNs6HbDeTtN4yun0GNTTDBw/SvufKg==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz", + "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.56.0", - "@typescript-eslint/types": "^8.56.0", + "@typescript-eslint/tsconfig-utils": "^8.56.1", + "@typescript-eslint/types": "^8.56.1", "debug": "^4.4.3" }, "engines": { @@ -2675,14 +2675,14 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.0.tgz", - "integrity": "sha512-7UiO/XwMHquH+ZzfVCfUNkIXlp/yQjjnlYUyYz7pfvlK3/EyyN6BK+emDmGNyQLBtLGaYrTAI6KOw8tFucWL2w==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz", + "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.56.0", - "@typescript-eslint/visitor-keys": "8.56.0" + "@typescript-eslint/types": "8.56.1", + "@typescript-eslint/visitor-keys": "8.56.1" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2693,9 +2693,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.0.tgz", - "integrity": "sha512-bSJoIIt4o3lKXD3xmDh9chZcjCz5Lk8xS7Rxn+6l5/pKrDpkCwtQNQQwZ2qRPk7TkUYhrq3WPIHXOXlbXP0itg==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz", + "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==", "dev": true, "license": "MIT", "engines": { @@ -2710,15 +2710,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.0.tgz", - "integrity": "sha512-qX2L3HWOU2nuDs6GzglBeuFXviDODreS58tLY/BALPC7iu3Fa+J7EOTwnX9PdNBxUI7Uh0ntP0YWGnxCkXzmfA==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.1.tgz", + "integrity": "sha512-yB/7dxi7MgTtGhZdaHCemf7PuwrHMenHjmzgUW1aJpO+bBU43OycnM3Wn+DdvDO/8zzA9HlhaJ0AUGuvri4oGg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.56.0", - "@typescript-eslint/typescript-estree": "8.56.0", - "@typescript-eslint/utils": "8.56.0", + "@typescript-eslint/types": "8.56.1", + "@typescript-eslint/typescript-estree": "8.56.1", + "@typescript-eslint/utils": "8.56.1", "debug": "^4.4.3", "ts-api-utils": "^2.4.0" }, @@ -2753,9 +2753,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.0.tgz", - "integrity": "sha512-DBsLPs3GsWhX5HylbP9HNG15U0bnwut55Lx12bHB9MpXxQ+R5GC8MwQe+N1UFXxAeQDvEsEDY6ZYwX03K7Z6HQ==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz", + "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==", "dev": true, "license": "MIT", "engines": { @@ -2767,18 +2767,18 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.0.tgz", - "integrity": "sha512-ex1nTUMWrseMltXUHmR2GAQ4d+WjkZCT4f+4bVsps8QEdh0vlBsaCokKTPlnqBFqqGaxilDNJG7b8dolW2m43Q==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz", + "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.56.0", - "@typescript-eslint/tsconfig-utils": "8.56.0", - "@typescript-eslint/types": "8.56.0", - "@typescript-eslint/visitor-keys": "8.56.0", + "@typescript-eslint/project-service": "8.56.1", + "@typescript-eslint/tsconfig-utils": "8.56.1", + "@typescript-eslint/types": "8.56.1", + "@typescript-eslint/visitor-keys": "8.56.1", "debug": "^4.4.3", - "minimatch": "^9.0.5", + "minimatch": "^10.2.2", "semver": "^7.7.3", "tinyglobby": "^0.2.15", "ts-api-utils": "^2.4.0" @@ -2794,14 +2794,27 @@ "typescript": ">=4.8.4 <6.0.0" } }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz", + "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "18 || 20 || >=22" + } + }, "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", - "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz", + "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==", "dev": true, "license": "MIT", "dependencies": { - "balanced-match": "^1.0.0" + "balanced-match": "^4.0.2" + }, + "engines": { + "node": "18 || 20 || >=22" } }, "node_modules/@typescript-eslint/typescript-estree/node_modules/debug": { @@ -2823,32 +2836,32 @@ } }, "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { - "version": "9.0.9", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz", - "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==", + "version": "10.2.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz", + "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==", "dev": true, - "license": "ISC", + "license": "BlueOak-1.0.0", "dependencies": { - "brace-expansion": "^2.0.2" + "brace-expansion": "^5.0.2" }, "engines": { - "node": ">=16 || 14 >=14.17" + "node": "18 || 20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" } }, "node_modules/@typescript-eslint/utils": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.0.tgz", - "integrity": "sha512-RZ3Qsmi2nFGsS+n+kjLAYDPVlrzf7UhTffrDIKr+h2yzAlYP/y5ZulU0yeDEPItos2Ph46JAL5P/On3pe7kDIQ==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz", + "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.9.1", - "@typescript-eslint/scope-manager": "8.56.0", - "@typescript-eslint/types": "8.56.0", - "@typescript-eslint/typescript-estree": "8.56.0" + "@typescript-eslint/scope-manager": "8.56.1", + "@typescript-eslint/types": "8.56.1", + "@typescript-eslint/typescript-estree": "8.56.1" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2863,13 +2876,13 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.0.tgz", - "integrity": "sha512-q+SL+b+05Ud6LbEE35qe4A99P+htKTKVbyiNEe45eCbJFyh/HVK9QXwlrbz+Q4L8SOW4roxSVwXYj4DMBT7Ieg==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz", + "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.56.0", + "@typescript-eslint/types": "8.56.1", "eslint-visitor-keys": "^5.0.0" }, "engines": { @@ -2881,9 +2894,9 @@ } }, "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.0.tgz", - "integrity": "sha512-A0XeIi7CXU7nPlfHS9loMYEKxUaONu/hTEzHTGba9Huu94Cq1hPivf+DE5erJozZOky0LfvXAyrV/tcswpLI0Q==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz", + "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==", "dev": true, "license": "Apache-2.0", "engines": { @@ -5146,9 +5159,9 @@ } }, "node_modules/eslint-plugin-jsdoc": { - "version": "62.6.0", - "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.6.0.tgz", - "integrity": "sha512-Z18zZD1Q2m9usqFbAzb30z+lF8bzE4WiUy+dfOXljJlZ1Jm5uhkuAWfGV97FYyh+WlKfrvpDYs+s1z45eZWMfA==", + "version": "62.7.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-62.7.1.tgz", + "integrity": "sha512-4Zvx99Q7d1uggYBUX/AIjvoyqXhluGbbKrRmG8SQTLprPFg6fa293tVJH1o1GQwNe3lUydd8ZHzn37OaSncgSQ==", "dev": true, "license": "BSD-3-Clause", "dependencies": { @@ -5163,7 +5176,7 @@ "html-entities": "^2.6.0", "object-deep-merge": "^2.0.0", "parse-imports-exports": "^0.2.4", - "semver": "^7.7.3", + "semver": "^7.7.4", "spdx-expression-parse": "^4.0.0", "to-valid-identifier": "^1.0.0" }, @@ -5171,7 +5184,7 @@ "node": "^20.19.0 || ^22.13.0 || >=24" }, "peerDependencies": { - "eslint": "^7.0.0 || ^8.0.0 || ^9.0.0" + "eslint": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0" } }, "node_modules/eslint-plugin-jsdoc/node_modules/debug": { @@ -9189,16 +9202,16 @@ } }, "node_modules/typescript-eslint": { - "version": "8.56.0", - "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.0.tgz", - "integrity": "sha512-c7toRLrotJ9oixgdW7liukZpsnq5CZ7PuKztubGYlNppuTqhIoWfhgHo/7EU0v06gS2l/x0i2NEFK1qMIf0rIg==", + "version": "8.56.1", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.1.tgz", + "integrity": "sha512-U4lM6pjmBX7J5wk4szltF7I1cGBHXZopnAXCMXb3+fZ3B/0Z3hq3wS/CCUB2NZBNAExK92mCU2tEohWuwVMsDQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/eslint-plugin": "8.56.0", - "@typescript-eslint/parser": "8.56.0", - "@typescript-eslint/typescript-estree": "8.56.0", - "@typescript-eslint/utils": "8.56.0" + "@typescript-eslint/eslint-plugin": "8.56.1", + "@typescript-eslint/parser": "8.56.1", + "@typescript-eslint/typescript-estree": "8.56.1", + "@typescript-eslint/utils": "8.56.1" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" diff --git a/package.json b/package.json index 197f910f0..240fa1785 100644 --- a/package.json +++ b/package.json @@ -67,14 +67,14 @@ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "globals": "^17.3.0", "nock": "^14.0.11", "sinon": "^21.0.1", "typescript": "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, "overrides": { "@actions/tool-cache": { From 4d433615e74af9ba5c02111851fcbfc9deba7b74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 18:00:15 +0000 Subject: [PATCH 16/38] Bump actions/download-artifact from 7 to 8 in /.github/workflows Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/debug-artifacts-failure-safe.yml | 2 +- .github/workflows/debug-artifacts-safe.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 6c456ea88..fdb028ca5 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -89,7 +89,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 - name: Check expected artifacts exist run: | LANGUAGES="cpp csharp go java javascript python" diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index 7c1d8da64..dddc7ba44 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -83,7 +83,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download all artifacts - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 - name: Check expected artifacts exist run: | VERSIONS="stable-v2.20.3 default linked nightly-latest" From 31d26f2397aeb027734b81f1fda5925d8dba684e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Mar 2026 18:01:17 +0000 Subject: [PATCH 17/38] Bump actions/upload-artifact from 6 to 7 in /.github/workflows Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/__analysis-kinds.yml | 4 ++-- .github/workflows/__bundle-zstd.yml | 2 +- .github/workflows/__config-export.yml | 2 +- .github/workflows/__diagnostics-export.yml | 2 +- .github/workflows/__export-file-baseline-information.yml | 2 +- .github/workflows/__job-run-uuid-sarif.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/__analysis-kinds.yml b/.github/workflows/__analysis-kinds.yml index 94b8877c7..1e43775ff 100644 --- a/.github/workflows/__analysis-kinds.yml +++ b/.github/workflows/__analysis-kinds.yml @@ -92,7 +92,7 @@ jobs: post-processed-sarif-path: '${{ runner.temp }}/post-processed' - name: Upload SARIF files - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: | analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} @@ -100,7 +100,7 @@ jobs: retention-days: 7 - name: Upload post-processed SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: | post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index d1ddf108f..ede1e320c 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -82,7 +82,7 @@ jobs: output: ${{ runner.temp }}/results upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.os }}-zstd-bundle.sarif path: ${{ runner.temp }}/results/javascript.sarif diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index dce3fc85d..24549dd18 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -70,7 +70,7 @@ jobs: output: '${{ runner.temp }}/results' upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: '${{ runner.temp }}/results/javascript.sarif' diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index c18641694..bdf6b0aee 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -81,7 +81,7 @@ jobs: output: '${{ runner.temp }}/results' upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: '${{ runner.temp }}/results/javascript.sarif' diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index ef33c6485..b376d77f0 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -102,7 +102,7 @@ jobs: with: output: '${{ runner.temp }}/results' - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: '${{ runner.temp }}/results/javascript.sarif' diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index 3e48afbb1..a10ccd1d1 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -67,7 +67,7 @@ jobs: with: output: '${{ runner.temp }}/results' - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json path: '${{ runner.temp }}/results/javascript.sarif' From 77f9a86c608284e0ff33de26ccd5d79db902466b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:19:28 +0000 Subject: [PATCH 18/38] Rebuild --- lib/analyze-action-post.js | 4 ++-- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/resolve-environment-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action-post.js | 4 ++-- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action-post.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index b753e030e..e2afab379 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 5a99e1d1f..ae24bd2fa 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 6a5998873..9bd492faf 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a24252700..45475b829 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/init-action.js b/lib/init-action.js index cc32ddc52..fb035a646 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 1631f7c2c..ffb29f931 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6f1f3261f..4ff355976 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index d1b828de8..8e280e0f3 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 0dbbe3691..6d0e3e00e 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index b3d35b747..345ad7769 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -47350,14 +47350,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index b3802f733..e62b286bf 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index c41ee0c1a..048265b52 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -46053,14 +46053,14 @@ var require_package = __commonJS({ "eslint-import-resolver-typescript": "^3.8.7", "eslint-plugin-github": "^6.0.0", "eslint-plugin-import-x": "^4.16.1", - "eslint-plugin-jsdoc": "^62.6.0", + "eslint-plugin-jsdoc": "^62.7.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", globals: "^17.3.0", nock: "^14.0.11", sinon: "^21.0.1", typescript: "^5.9.3", - "typescript-eslint": "^8.56.0" + "typescript-eslint": "^8.56.1" }, overrides: { "@actions/tool-cache": { From e96635d9ff02db17552a6e4067d89a283d369850 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:19:38 +0000 Subject: [PATCH 19/38] Rebuild --- pr-checks/checks/analysis-kinds.yml | 4 ++-- pr-checks/checks/bundle-zstd.yml | 2 +- pr-checks/checks/config-export.yml | 2 +- pr-checks/checks/diagnostics-export.yml | 2 +- pr-checks/checks/export-file-baseline-information.yml | 2 +- pr-checks/checks/job-run-uuid-sarif.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pr-checks/checks/analysis-kinds.yml b/pr-checks/checks/analysis-kinds.yml index 6eedaec02..1fed31053 100644 --- a/pr-checks/checks/analysis-kinds.yml +++ b/pr-checks/checks/analysis-kinds.yml @@ -40,7 +40,7 @@ steps: post-processed-sarif-path: "${{ runner.temp }}/post-processed" - name: Upload SARIF files - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: | analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} @@ -48,7 +48,7 @@ steps: retention-days: 7 - name: Upload post-processed SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: | post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} diff --git a/pr-checks/checks/bundle-zstd.yml b/pr-checks/checks/bundle-zstd.yml index 371525aab..002334523 100644 --- a/pr-checks/checks/bundle-zstd.yml +++ b/pr-checks/checks/bundle-zstd.yml @@ -27,7 +27,7 @@ steps: output: ${{ runner.temp }}/results upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.os }}-zstd-bundle.sarif path: ${{ runner.temp }}/results/javascript.sarif diff --git a/pr-checks/checks/config-export.yml b/pr-checks/checks/config-export.yml index fc4c68ad6..ea66ad994 100644 --- a/pr-checks/checks/config-export.yml +++ b/pr-checks/checks/config-export.yml @@ -12,7 +12,7 @@ steps: output: "${{ runner.temp }}/results" upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: "${{ runner.temp }}/results/javascript.sarif" diff --git a/pr-checks/checks/diagnostics-export.yml b/pr-checks/checks/diagnostics-export.yml index ccf5b3501..1b2696937 100644 --- a/pr-checks/checks/diagnostics-export.yml +++ b/pr-checks/checks/diagnostics-export.yml @@ -25,7 +25,7 @@ steps: output: "${{ runner.temp }}/results" upload-database: false - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: "${{ runner.temp }}/results/javascript.sarif" diff --git a/pr-checks/checks/export-file-baseline-information.yml b/pr-checks/checks/export-file-baseline-information.yml index e45fc58ca..114aa8c43 100644 --- a/pr-checks/checks/export-file-baseline-information.yml +++ b/pr-checks/checks/export-file-baseline-information.yml @@ -19,7 +19,7 @@ steps: with: output: "${{ runner.temp }}/results" - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: "${{ runner.temp }}/results/javascript.sarif" diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml index e0610846b..815d88000 100644 --- a/pr-checks/checks/job-run-uuid-sarif.yml +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -11,7 +11,7 @@ steps: with: output: "${{ runner.temp }}/results" - name: Upload SARIF - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json path: "${{ runner.temp }}/results/javascript.sarif" From 102d7627b63c066871badf0743c11b2f6dd9c9e9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 14:47:50 +0000 Subject: [PATCH 20/38] Bump tar from 7.5.7 to 7.5.10 Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.10. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.10) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 456048f00..cb957b3b7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8870,9 +8870,9 @@ } }, "node_modules/tar": { - "version": "7.5.7", - "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.7.tgz", - "integrity": "sha512-fov56fJiRuThVFXD6o6/Q354S7pnWMJIVlDBYijsTNx6jKSE4pvrDTs6lUnmGvNyfJwFQQwWy3owKz1ucIhveQ==", + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.10.tgz", + "integrity": "sha512-8mOPs1//5q/rlkNSPcCegA6hiHJYDmSLEI8aMH/CdSQJNWztHC9WHNam5zdQlfpTwB9Xp7IBEsHfV5LKMJGVAw==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { From f2669dd916c673b2811839169929a8ba71bb7634 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 15:34:19 +0000 Subject: [PATCH 21/38] Update default bundle to codeql-bundle-v2.24.3 --- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/defaults.json | 8 ++++---- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- src/defaults.json | 8 ++++---- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index ae24bd2fa..ef880289d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107350,8 +107350,8 @@ var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 9bd492faf..9479dbdec 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -103820,8 +103820,8 @@ var path3 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs2 = __toESM(require("fs")); diff --git a/lib/defaults.json b/lib/defaults.json index 94988f4cf..9b6ec84bd 100644 --- a/lib/defaults.json +++ b/lib/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.24.2", - "cliVersion": "2.24.2", - "priorBundleVersion": "codeql-bundle-v2.24.1", - "priorCliVersion": "2.24.1" + "bundleVersion": "codeql-bundle-v2.24.3", + "cliVersion": "2.24.3", + "priorBundleVersion": "codeql-bundle-v2.24.2", + "priorCliVersion": "2.24.2" } diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 45475b829..50498dd16 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -165218,8 +165218,8 @@ var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/lib/init-action.js b/lib/init-action.js index 2f027f535..0fad1883d 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104857,8 +104857,8 @@ var path6 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 4ff355976..42928ba09 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103679,8 +103679,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 6d0e3e00e..7305f25ce 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120612,8 +120612,8 @@ var path = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var actionsCache = __toESM(require_cache5()); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 345ad7769..4e14450d3 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -106934,8 +106934,8 @@ var path5 = __toESM(require("path")); var semver5 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 048265b52..4bd2f606e 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -106618,8 +106618,8 @@ var path4 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json -var bundleVersion = "codeql-bundle-v2.24.2"; -var cliVersion = "2.24.2"; +var bundleVersion = "codeql-bundle-v2.24.3"; +var cliVersion = "2.24.3"; // src/overlay/index.ts var fs3 = __toESM(require("fs")); diff --git a/src/defaults.json b/src/defaults.json index 94988f4cf..9b6ec84bd 100644 --- a/src/defaults.json +++ b/src/defaults.json @@ -1,6 +1,6 @@ { - "bundleVersion": "codeql-bundle-v2.24.2", - "cliVersion": "2.24.2", - "priorBundleVersion": "codeql-bundle-v2.24.1", - "priorCliVersion": "2.24.1" + "bundleVersion": "codeql-bundle-v2.24.3", + "cliVersion": "2.24.3", + "priorBundleVersion": "codeql-bundle-v2.24.2", + "priorCliVersion": "2.24.2" } From 80c9cda73902bba67939606c4bf3a1d9606bb150 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 15:34:29 +0000 Subject: [PATCH 22/38] Add changelog note --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ad77b2e1..26da6cfe1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548) ## 4.32.5 - 02 Mar 2026 From 0da2e79318f35b4862018f37f474d45d14a50404 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 5 Mar 2026 16:17:19 +0000 Subject: [PATCH 23/38] Remove `installPython` from checks which should no longer need it --- .github/workflows/__analyze-ref-input.yml | 17 +---------------- .github/workflows/__local-bundle.yml | 17 +---------------- ..._packaging-codescanning-config-inputs-js.yml | 17 +---------------- .github/workflows/__remote-config.yml | 17 +---------------- .github/workflows/__unset-environment.yml | 17 +---------------- .github/workflows/__upload-ref-sha-input.yml | 17 +---------------- .github/workflows/__upload-sarif.yml | 17 +---------------- .github/workflows/__with-checkout-path.yml | 17 +---------------- pr-checks/checks/analyze-ref-input.yml | 1 - pr-checks/checks/local-bundle.yml | 1 - .../packaging-codescanning-config-inputs-js.yml | 1 - pr-checks/checks/remote-config.yml | 1 - pr-checks/checks/unset-environment.yml | 1 - pr-checks/checks/upload-ref-sha-input.yml | 1 - pr-checks/checks/upload-sarif.yml | 1 - pr-checks/checks/with-checkout-path.yml | 1 - 16 files changed, 8 insertions(+), 136 deletions(-) diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 671e5f57b..9b4ddcdb7 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: analyze-ref-input: strategy: @@ -93,11 +83,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index ae7798300..2a83eede8 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: local-bundle: strategy: @@ -93,11 +83,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index d0304ecd1..be29a9cb0 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: packaging-codescanning-config-inputs-js: strategy: @@ -104,11 +94,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index abf5cd21e..856b38aee 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: remote-config: strategy: @@ -95,11 +85,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index 5be68f810..32d953522 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: unset-environment: strategy: @@ -95,11 +85,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index f9a832d7e..afa8371a0 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: upload-ref-sha-input: strategy: @@ -93,11 +83,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 873ba5ca9..b0afc5b2d 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: upload-sarif: strategy: @@ -100,11 +90,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 11f6e1dbc..0e8419186 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -30,11 +30,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -47,11 +42,6 @@ on: description: The version of Go to install required: false default: '>=1.21.0' - python-version: - type: string - description: The version of Python to install - required: false - default: '3.13' dotnet-version: type: string description: The version of .NET to install @@ -62,7 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: with-checkout-path: strategy: @@ -94,11 +84,6 @@ jobs: with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - - name: Install Python - if: matrix.version != 'nightly-latest' - uses: actions/setup-python@v6 - with: - python-version: ${{ inputs.python-version || '3.13' }} - name: Install .NET uses: actions/setup-dotnet@v5 with: diff --git a/pr-checks/checks/analyze-ref-input.yml b/pr-checks/checks/analyze-ref-input.yml index e9d2cd176..f3425ec70 100644 --- a/pr-checks/checks/analyze-ref-input.yml +++ b/pr-checks/checks/analyze-ref-input.yml @@ -2,7 +2,6 @@ name: "Analyze: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" versions: ["default"] installGo: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/local-bundle.yml b/pr-checks/checks/local-bundle.yml index c0930772e..2d090d432 100644 --- a/pr-checks/checks/local-bundle.yml +++ b/pr-checks/checks/local-bundle.yml @@ -2,7 +2,6 @@ name: "Local CodeQL bundle" description: "Tests using a CodeQL bundle from a local file rather than a URL" versions: ["linked"] installGo: true -installPython: true installDotNet: true steps: - name: Fetch latest CodeQL bundle diff --git a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml index 6fd0f7c8a..20fd16a48 100644 --- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml +++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml @@ -3,7 +3,6 @@ description: "Checks that specifying packages using a combination of a config fi versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs installGo: true installNode: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/remote-config.yml b/pr-checks/checks/remote-config.yml index 24249156e..9211cb212 100644 --- a/pr-checks/checks/remote-config.yml +++ b/pr-checks/checks/remote-config.yml @@ -6,7 +6,6 @@ versions: - linked - nightly-latest installGo: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/unset-environment.yml b/pr-checks/checks/unset-environment.yml index 4cc728600..dd41f159b 100644 --- a/pr-checks/checks/unset-environment.yml +++ b/pr-checks/checks/unset-environment.yml @@ -6,7 +6,6 @@ versions: - linked - nightly-latest installGo: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/upload-ref-sha-input.yml b/pr-checks/checks/upload-ref-sha-input.yml index 0c8059a51..95b753b2b 100644 --- a/pr-checks/checks/upload-ref-sha-input.yml +++ b/pr-checks/checks/upload-ref-sha-input.yml @@ -2,7 +2,6 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs" description: "Checks that specifying 'ref' and 'sha' as inputs works" versions: ["default"] installGo: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 8009225c2..403cdab3a 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -3,7 +3,6 @@ description: "Checks that uploading SARIFs to the code quality endpoint works" versions: ["default"] analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] installGo: true -installPython: true installDotNet: true steps: - uses: ./../action/init diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 230e342e3..6f69d45d8 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -2,7 +2,6 @@ name: "Use a custom `checkout_path`" description: "Checks that a custom `checkout_path` will find the proper commit_oid" versions: ["linked"] installGo: true -installPython: true installDotNet: true steps: # This ensures we don't accidentally use the original checkout for any part of the test. From d4c6be7cf1c47a33a06fa9183269e133e6863574 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 18:58:14 +0000 Subject: [PATCH 24/38] Update changelog for v4.32.6 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26da6cfe1..d7cba59a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.32.6 - 05 Mar 2026 - Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548) From 05a48207b38463a2551e6223bf52bf93c38f407d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 19:33:19 +0000 Subject: [PATCH 25/38] Update changelog and version after v4.32.6 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d7cba59a9..cac0f792e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.32.6 - 05 Mar 2026 - Update default CodeQL bundle version to [2.24.3](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3). [#3548](https://github.com/github/codeql-action/pull/3548) diff --git a/package-lock.json b/package-lock.json index cb957b3b7..2fbb729f7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.32.6", + "version": "4.32.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.32.6", + "version": "4.32.7", "license": "MIT", "dependencies": { "@actions/artifact": "^5.0.3", diff --git a/package.json b/package.json index 240fa1785..85628de5c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.32.6", + "version": "4.32.7", "private": true, "description": "CodeQL action", "scripts": { From 0ccdcb8c0a9912e8c46e1d4964905114f25ab030 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 19:44:36 +0000 Subject: [PATCH 26/38] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e2afab379..4fd650079 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index ef880289d..3935138f5 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 9479dbdec..de91c2350 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 50498dd16..42738ca24 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index 0fad1883d..a047977e2 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index ffb29f931..c5230200e 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 42928ba09..d323a2dcc 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 8e280e0f3..b9a712fa4 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 7305f25ce..694b6a100 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 4e14450d3..67f15351c 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -47283,7 +47283,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index e62b286bf..aa0d4cda9 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 4bd2f606e..9130bfc50 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -45986,7 +45986,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.32.6", + version: "4.32.7", private: true, description: "CodeQL action", scripts: { From 8e70ae21a1b4b30a35f2b8c32f316dd8d1eee60e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 12:03:34 +0000 Subject: [PATCH 27/38] Update `GitHubRepositoryProperty` to match schema --- src/feature-flags/properties.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 3b55fcb6a..e98a41426 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -37,7 +37,7 @@ const repositoryPropertyParsers: { */ export interface GitHubRepositoryProperty { property_name: string; - value: string; + value: string | string[]; } /** From 9c75a5f60ced7a336710741b803a179f74860d09 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 12:10:30 +0000 Subject: [PATCH 28/38] Only validate property `value` type if we care about the property --- lib/init-action.js | 10 +++++----- src/feature-flags/properties.test.ts | 23 +++++++++++++++++++++++ src/feature-flags/properties.ts | 14 ++++++++------ 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index a047977e2..6cf274d04 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104434,12 +104434,12 @@ async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { `Expected repository property object to have a 'property_name', but got: ${JSON.stringify(property)}` ); } - if (typeof property.value !== "string") { - throw new Error( - `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}` - ); - } if (isKnownPropertyName(property.property_name)) { + if (typeof property.value !== "string") { + throw new Error( + `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}` + ); + } setProperty2(properties, property.property_name, property.value, logger); } } diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index afe936932..396780685 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -64,6 +64,29 @@ test.serial( }, ); +test.serial( + "loadPropertiesFromApi does not throw for unexpected value types of unknown properties", + async (t) => { + sinon.stub(api, "getRepositoryProperties").resolves({ + headers: {}, + status: 200, + url: "", + data: [{ property_name: "not-used-by-us", value: { foo: "bar" } }], + }); + const logger = getRunnerLogger(true); + const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); + await t.notThrowsAsync( + properties.loadPropertiesFromApi( + { + type: util.GitHubVariant.DOTCOM, + }, + logger, + mockRepositoryNwo, + ), + ); + }, +); + test.serial( "loadPropertiesFromApi returns empty object if on GHES", async (t) => { diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index e98a41426..64459dd5c 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -85,13 +85,15 @@ export async function loadPropertiesFromApi( ); } - if (typeof property.value !== "string") { - throw new Error( - `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}`, - ); - } - if (isKnownPropertyName(property.property_name)) { + // Only validate the type of `value` if this is a property we care about, to avoid throwing + // on unrelated properties that may use representations we do not support. + if (typeof property.value !== "string") { + throw new Error( + `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}`, + ); + } + setProperty(properties, property.property_name, property.value, logger); } } From 58991590bdeb0592c668edbd4224fc7601648184 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 12:46:16 +0000 Subject: [PATCH 29/38] Validate `value` types returned by API against expectations --- lib/init-action.js | 42 +++++++++----- src/feature-flags/properties.test.ts | 6 +- src/feature-flags/properties.ts | 86 ++++++++++++++++++++++------ 3 files changed, 98 insertions(+), 36 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 6cf274d04..7e59bbb27 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -100091,7 +100091,7 @@ var require_follow_redirects = __commonJS({ if (this._ending) { throw new WriteAfterEndError(); } - if (!isString(data) && !isBuffer(data)) { + if (!isString2(data) && !isBuffer(data)) { throw new TypeError("data should be a string, Buffer or Uint8Array"); } if (isFunction(encoding)) { @@ -100346,7 +100346,7 @@ var require_follow_redirects = __commonJS({ function request2(input, options, callback) { if (isURL(input)) { input = spreadUrlObject(input); - } else if (isString(input)) { + } else if (isString2(input)) { input = spreadUrlObject(parseUrl2(input)); } else { callback = options; @@ -100362,7 +100362,7 @@ var require_follow_redirects = __commonJS({ maxBodyLength: exports3.maxBodyLength }, input, options); options.nativeProtocols = nativeProtocols; - if (!isString(options.host) && !isString(options.hostname)) { + if (!isString2(options.host) && !isString2(options.hostname)) { options.hostname = "::1"; } assert.equal(options.protocol, protocol, "protocol mismatch"); @@ -100389,7 +100389,7 @@ var require_follow_redirects = __commonJS({ parsed = new URL2(input); } else { parsed = validateUrl(url.parse(input)); - if (!isString(parsed.protocol)) { + if (!isString2(parsed.protocol)) { throw new InvalidUrlError({ input }); } } @@ -100461,11 +100461,11 @@ var require_follow_redirects = __commonJS({ request2.destroy(error3); } function isSubdomain(subdomain, domain) { - assert(isString(subdomain) && isString(domain)); + assert(isString2(subdomain) && isString2(domain)); var dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } - function isString(value) { + function isString2(value) { return typeof value === "string" || value instanceof String; } function isFunction(value) { @@ -104408,9 +104408,21 @@ var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => { RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries"; return RepositoryPropertyName2; })(RepositoryPropertyName || {}); +function isString(value) { + return typeof value === "string"; +} +var stringProperty = { + validate: isString, + parse: parseStringRepositoryProperty +}; +var booleanProperty = { + // The value from the API should come as a string, which we then parse into a boolean. + validate: isString, + parse: parseBooleanRepositoryProperty +}; var repositoryPropertyParsers = { - ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: parseBooleanRepositoryProperty, - ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: parseStringRepositoryProperty + ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: booleanProperty, + ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: stringProperty }; async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { if (gitHubVersion.type === "GitHub Enterprise Server" /* GHES */) { @@ -104435,11 +104447,6 @@ async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { ); } if (isKnownPropertyName(property.property_name)) { - if (typeof property.value !== "string") { - throw new Error( - `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}` - ); - } setProperty2(properties, property.property_name, property.value, logger); } } @@ -104463,7 +104470,14 @@ async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { } } function setProperty2(properties, name, value, logger) { - properties[name] = repositoryPropertyParsers[name](name, value, logger); + const propertyOptions = repositoryPropertyParsers[name]; + if (propertyOptions.validate(value)) { + properties[name] = propertyOptions.parse(name, value, logger); + } else { + throw new Error( + `Unexpected value for repository property '${name}', got: ${JSON.stringify(value)}` + ); + } } function parseBooleanRepositoryProperty(name, value, logger) { if (value !== "true" && value !== "false") { diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index 396780685..d74d50d4b 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -38,7 +38,7 @@ test.serial( ); test.serial( - "loadPropertiesFromApi throws if response data contains unexpected objects", + "loadPropertiesFromApi throws if response data contains objects without `property_name`", async (t) => { sinon.stub(api, "getRepositoryProperties").resolves({ headers: {}, @@ -197,7 +197,7 @@ test.serial( ); test.serial( - "loadPropertiesFromApi throws if property value is not a string", + "loadPropertiesFromApi throws if known property value is not a string", async (t) => { sinon.stub(api, "getRepositoryProperties").resolves({ headers: {}, @@ -217,7 +217,7 @@ test.serial( ), { message: - /Expected repository property 'github-codeql-extra-queries' to have a string value/, + /Unexpected value for repository property 'github-codeql-extra-queries', got: 123/, }, ); }, diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 64459dd5c..680cc48ce 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -20,16 +20,56 @@ type AllRepositoryProperties = { /** Parsed repository properties. */ export type RepositoryProperties = Partial; +/** Maps known repository properties to the type we expect to get from the API. */ +type RepositoryPropertyApiType = { + [RepositoryPropertyName.DISABLE_OVERLAY]: string; + [RepositoryPropertyName.EXTRA_QUERIES]: string; +}; + +/** The type of functions which take the `value` from the API and try to convert it to the type we want. */ +export type PropertyParser = ( + name: K, + value: RepositoryPropertyApiType[K], + logger: Logger, +) => AllRepositoryProperties[K]; + +/** Possible types of `value`s we get from the API. */ +export type RepositoryPropertyValue = string | string[]; + +/** The type of repository property configurations. */ +export type PropertyInfo = { + /** A validator which checks that the value received from the API is what we expect. */ + validate: ( + value: RepositoryPropertyValue, + ) => value is RepositoryPropertyApiType[K]; + /** A `PropertyParser` for the property. */ + parse: PropertyParser; +}; + +/** Determines whether a value from the API is a string or not. */ +function isString(value: RepositoryPropertyValue): value is string { + return typeof value === "string"; +} + +/** A repository property that we expect to contain a string value. */ +const stringProperty = { + validate: isString, + parse: parseStringRepositoryProperty, +}; + +/** A repository property that we expect to contain a boolean value. */ +const booleanProperty = { + // The value from the API should come as a string, which we then parse into a boolean. + validate: isString, + parse: parseBooleanRepositoryProperty, +}; + /** Parsers that transform repository properties from the API response into typed values. */ const repositoryPropertyParsers: { - [K in RepositoryPropertyName]: ( - name: K, - value: string, - logger: Logger, - ) => AllRepositoryProperties[K]; + [K in RepositoryPropertyName]: PropertyInfo; } = { - [RepositoryPropertyName.DISABLE_OVERLAY]: parseBooleanRepositoryProperty, - [RepositoryPropertyName.EXTRA_QUERIES]: parseStringRepositoryProperty, + [RepositoryPropertyName.DISABLE_OVERLAY]: booleanProperty, + [RepositoryPropertyName.EXTRA_QUERIES]: stringProperty, }; /** @@ -37,7 +77,7 @@ const repositoryPropertyParsers: { */ export interface GitHubRepositoryProperty { property_name: string; - value: string | string[]; + value: RepositoryPropertyValue; } /** @@ -86,14 +126,6 @@ export async function loadPropertiesFromApi( } if (isKnownPropertyName(property.property_name)) { - // Only validate the type of `value` if this is a property we care about, to avoid throwing - // on unrelated properties that may use representations we do not support. - if (typeof property.value !== "string") { - throw new Error( - `Expected repository property '${property.property_name}' to have a string value, but got: ${JSON.stringify(property)}`, - ); - } - setProperty(properties, property.property_name, property.value, logger); } } @@ -119,14 +151,30 @@ export async function loadPropertiesFromApi( } } -/** Update the partial set of repository properties with the parsed value of the specified property. */ +/** + * Validate that `value` has the correct type for `K` and, if so, update the partial set of repository + * properties with the parsed value of the specified property. + */ function setProperty( properties: RepositoryProperties, name: K, - value: string, + value: RepositoryPropertyValue, logger: Logger, ): void { - properties[name] = repositoryPropertyParsers[name](name, value, logger); + const propertyOptions = repositoryPropertyParsers[name]; + + // We perform the validation here for two reasons: + // 1. This function is only called if `name` is a property we care about, to avoid throwing + // on unrelated properties that may use representations we do not support. + // 2. The `propertyOptions.validate` function checks that the type of `value` we received from + // the API is what expect and narrows the type accordingly, allowing us to call `parse`. + if (propertyOptions.validate(value)) { + properties[name] = propertyOptions.parse(name, value, logger); + } else { + throw new Error( + `Unexpected value for repository property '${name}', got: ${JSON.stringify(value)}`, + ); + } } /** Parse a boolean repository property. */ From 58314dce95a83b737c360e9356356e52a6a60777 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 13:03:47 +0000 Subject: [PATCH 30/38] Export types that weren't already --- src/feature-flags/properties.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 680cc48ce..276bfe501 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -12,7 +12,7 @@ export enum RepositoryPropertyName { } /** Parsed types of the known repository properties. */ -type AllRepositoryProperties = { +export type AllRepositoryProperties = { [RepositoryPropertyName.DISABLE_OVERLAY]: boolean; [RepositoryPropertyName.EXTRA_QUERIES]: string; }; @@ -21,7 +21,7 @@ type AllRepositoryProperties = { export type RepositoryProperties = Partial; /** Maps known repository properties to the type we expect to get from the API. */ -type RepositoryPropertyApiType = { +export type RepositoryPropertyApiType = { [RepositoryPropertyName.DISABLE_OVERLAY]: string; [RepositoryPropertyName.EXTRA_QUERIES]: string; }; From 5311ed41ea6559c31939a79deab8c6030b41cbaf Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 13:09:22 +0000 Subject: [PATCH 31/38] Include type in error message --- lib/init-action.js | 2 +- src/feature-flags/properties.test.ts | 2 +- src/feature-flags/properties.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 7e59bbb27..b07f684e9 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104475,7 +104475,7 @@ function setProperty2(properties, name, value, logger) { properties[name] = propertyOptions.parse(name, value, logger); } else { throw new Error( - `Unexpected value for repository property '${name}', got: ${JSON.stringify(value)}` + `Unexpected value for repository property '${name}' (${typeof value}), got: ${JSON.stringify(value)}` ); } } diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index d74d50d4b..86e998de9 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -217,7 +217,7 @@ test.serial( ), { message: - /Unexpected value for repository property 'github-codeql-extra-queries', got: 123/, + /Unexpected value for repository property 'github-codeql-extra-queries' \(number\), got: 123/, }, ); }, diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 276bfe501..cb407c308 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -172,7 +172,7 @@ function setProperty( properties[name] = propertyOptions.parse(name, value, logger); } else { throw new Error( - `Unexpected value for repository property '${name}', got: ${JSON.stringify(value)}`, + `Unexpected value for repository property '${name}' (${typeof value}), got: ${JSON.stringify(value)}`, ); } } From 149fd14ac7b1778cea753416012a569738e88e87 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 13:12:37 +0000 Subject: [PATCH 32/38] Add unknown property with `string[]` value --- src/feature-flags/properties.test.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index 86e998de9..c820f8d00 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -71,7 +71,10 @@ test.serial( headers: {}, status: 200, url: "", - data: [{ property_name: "not-used-by-us", value: { foo: "bar" } }], + data: [ + { property_name: "not-used-by-us", value: { foo: "bar" } }, + { property_name: "also-not-used-by-us", value: ["A", "B", "C"] }, + ], }); const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); From 6f90eb695f80e8870988630b44b1630ba747f3b9 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 9 Mar 2026 14:24:29 +0000 Subject: [PATCH 33/38] Add changelog entry --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cac0f792e..28a3105f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Fixed [a bug](https://github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://github.com/github/codeql-action/pull/3557) ## 4.32.6 - 05 Mar 2026 From b35c0d37b11db04fcf3e4a94aa3e3f284130c33a Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:15:04 +0000 Subject: [PATCH 34/38] Clean up repository properties feature flag --- lib/analyze-action-post.js | 5 ----- lib/analyze-action.js | 5 ----- lib/autobuild-action.js | 5 ----- lib/init-action-post.js | 5 ----- lib/init-action.js | 14 +------------- lib/resolve-environment-action.js | 5 ----- lib/setup-codeql-action.js | 5 ----- lib/start-proxy-action-post.js | 5 ----- lib/start-proxy-action.js | 5 ----- lib/upload-lib.js | 5 ----- lib/upload-sarif-action-post.js | 5 ----- lib/upload-sarif-action.js | 5 ----- src/feature-flags.ts | 6 ------ src/init-action.ts | 9 --------- 14 files changed, 1 insertion(+), 83 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 4fd650079..454c2d9fb 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -162243,11 +162243,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 3935138f5..78ce035ed 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107992,11 +107992,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index de91c2350..acd1b250e 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -104292,11 +104292,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 42738ca24..6a89d40a2 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -165729,11 +165729,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/init-action.js b/lib/init-action.js index b07f684e9..67c03243a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -105552,11 +105552,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", @@ -109648,7 +109643,6 @@ async function run(startedAt) { const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, gitHubVersion, - features, logger ); const jobRunUuid = v4_default(); @@ -110048,7 +110042,7 @@ exec ${goBinaryPath} "$@"` logger ); } -async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features, logger) { +async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { const repositoryOwnerType = github2.context.payload.repository?.owner.type; logger.debug( `Repository owner type is '${repositoryOwnerType ?? "unknown"}'.` @@ -110059,12 +110053,6 @@ async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features, ); return new Success({}); } - if (!await features.getValue("use_repository_properties_v2" /* UseRepositoryProperties */)) { - logger.debug( - "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled." - ); - return new Success({}); - } try { return new Success( await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index c5230200e..aa3673bd3 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -104283,11 +104283,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index d323a2dcc..a9eb08eb5 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -104180,11 +104180,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index b9a712fa4..6fdfe2d8b 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161649,11 +161649,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 694b6a100..84519a068 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120972,11 +120972,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 67f15351c..236eb8512 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -107439,11 +107439,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index aa0d4cda9..dab78eb86 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161811,11 +161811,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9130bfc50..ab769c22f 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107153,11 +107153,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/src/feature-flags.ts b/src/feature-flags.ts index c77bd794f..c773ca9a4 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -87,7 +87,6 @@ export enum Feature { StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries", StartProxyUseFeaturesRelease = "start_proxy_use_features_release", UploadOverlayDbToApi = "upload_overlay_db_to_api", - UseRepositoryProperties = "use_repository_properties_v2", ValidateDbConfig = "validate_db_config", } @@ -352,11 +351,6 @@ export const featureConfig = { minimumVersion: undefined, toolsFeature: ToolsFeature.BundleSupportsOverlay, }, - [Feature.UseRepositoryProperties]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: undefined, - }, [Feature.ValidateDbConfig]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/src/init-action.ts b/src/init-action.ts index 7bd749e82..483140b90 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -251,7 +251,6 @@ async function run(startedAt: Date) { const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, gitHubVersion, - features, logger, ); @@ -821,7 +820,6 @@ async function run(startedAt: Date) { async function loadRepositoryProperties( repositoryNwo: RepositoryNwo, gitHubVersion: GitHubVersion, - features: FeatureEnablement, logger: Logger, ): Promise> { // See if we can skip loading repository properties early. In particular, @@ -839,13 +837,6 @@ async function loadRepositoryProperties( return new Success({}); } - if (!(await features.getValue(Feature.UseRepositoryProperties))) { - logger.debug( - "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled.", - ); - return new Success({}); - } - try { return new Success( await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo), From 8924dfb7d06dd0b09208a051d749c25395d6bb85 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:19:32 +0000 Subject: [PATCH 35/38] Remove GHES feature gate All supported versions of GHES support the repository properties API. --- lib/init-action.js | 9 +--- src/feature-flags/properties.test.ts | 71 ++-------------------------- src/feature-flags/properties.ts | 9 +--- src/init-action.ts | 4 +- 4 files changed, 8 insertions(+), 85 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 67c03243a..faaab1841 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104424,10 +104424,7 @@ var repositoryPropertyParsers = { ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: booleanProperty, ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: stringProperty }; -async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { - if (gitHubVersion.type === "GitHub Enterprise Server" /* GHES */) { - return {}; - } +async function loadPropertiesFromApi(logger, repositoryNwo) { try { const response = await getRepositoryProperties(repositoryNwo); const remoteProperties = response.data; @@ -110054,9 +110051,7 @@ async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { return new Success({}); } try { - return new Success( - await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) - ); + return new Success(await loadPropertiesFromApi(logger, repositoryNwo)); } catch (error3) { logger.warning( `Failed to load repository properties: ${getErrorMessage(error3)}` diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index c820f8d00..a468b3349 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -5,7 +5,6 @@ import * as api from "../api-client"; import { getRunnerLogger } from "../logging"; import { parseRepositoryNwo } from "../repository"; import { setupTests } from "../testing-utils"; -import * as util from "../util"; import * as properties from "./properties"; @@ -23,13 +22,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Expected repository properties API to return an array/, }, @@ -49,13 +42,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Expected repository property object to have a 'property_name'/, @@ -79,43 +66,11 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.notThrowsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), ); }, ); -test.serial( - "loadPropertiesFromApi returns empty object if on GHES", - async (t) => { - sinon.stub(api, "getRepositoryProperties").resolves({ - headers: {}, - status: 200, - url: "", - data: [ - { property_name: "github-codeql-extra-queries", value: "+queries" }, - { property_name: "unknown-property", value: "something" }, - ] satisfies properties.GitHubPropertiesResponse, - }); - const logger = getRunnerLogger(true); - const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); - const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.GHES, - version: "", - }, - logger, - mockRepositoryNwo, - ); - t.deepEqual(response, {}); - }, -); - test.serial("loadPropertiesFromApi loads known properties", async (t) => { sinon.stub(api, "getRepositoryProperties").resolves({ headers: {}, @@ -129,9 +84,6 @@ test.serial("loadPropertiesFromApi loads known properties", async (t) => { const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -155,9 +107,6 @@ test.serial("loadPropertiesFromApi parses true boolean property", async (t) => { const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -186,9 +135,6 @@ test.serial( const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -211,13 +157,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Unexpected value for repository property 'github-codeql-extra-queries' \(number\), got: 123/, @@ -244,9 +184,6 @@ test.serial( const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index cb407c308..40669bafc 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -1,7 +1,7 @@ import { getRepositoryProperties } from "../api-client"; import { Logger } from "../logging"; import { RepositoryNwo } from "../repository"; -import { GitHubVariant, GitHubVersion } from "../util"; +import { GitHubVariant, GitHubVersion, satisfiesGHESVersion } from "../util"; /** * Enumerates repository property names that have some meaning to us. @@ -93,16 +93,9 @@ export type GitHubPropertiesResponse = GitHubRepositoryProperty[]; * @returns Returns a partial mapping from `RepositoryPropertyName` to values. */ export async function loadPropertiesFromApi( - gitHubVersion: GitHubVersion, logger: Logger, repositoryNwo: RepositoryNwo, ): Promise { - // TODO: To be safe for now; later we should replace this with a version check once we know - // which version of GHES we expect this to be supported by. - if (gitHubVersion.type === GitHubVariant.GHES) { - return {}; - } - try { const response = await getRepositoryProperties(repositoryNwo); const remoteProperties = response.data as GitHubPropertiesResponse; diff --git a/src/init-action.ts b/src/init-action.ts index 483140b90..9386e2c56 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -838,9 +838,7 @@ async function loadRepositoryProperties( } try { - return new Success( - await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo), - ); + return new Success(await loadPropertiesFromApi(logger, repositoryNwo)); } catch (error) { logger.warning( `Failed to load repository properties: ${getErrorMessage(error)}`, From a770e76359a57da3e78bcabda297b3f6a24a58bc Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:20:52 +0000 Subject: [PATCH 36/38] Add changelog note --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28a3105f8..6d6c8a15e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] - Fixed [a bug](https://github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://github.com/github/codeql-action/pull/3557) +- The CodeQL Action now loads [custom repository properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) on GitHub Enterprise Server, enabling the customization of features such as `github-codeql-disable-overlay` that was previously only available on GitHub.com. [#3559](https://github.com/github/codeql-action/pull/3559) ## 4.32.6 - 05 Mar 2026 From b0642f9e8677af302837641b970d8b26de43e77d Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:25:20 +0000 Subject: [PATCH 37/38] Remove unused imports --- src/feature-flags/properties.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 40669bafc..7c339e3f3 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -1,7 +1,6 @@ import { getRepositoryProperties } from "../api-client"; import { Logger } from "../logging"; import { RepositoryNwo } from "../repository"; -import { GitHubVariant, GitHubVersion, satisfiesGHESVersion } from "../util"; /** * Enumerates repository property names that have some meaning to us. From 1b7fa1a121750f626e5de1945f901e2261d41eaa Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:30:34 +0000 Subject: [PATCH 38/38] Drop unused variable --- lib/init-action.js | 3 +-- src/init-action.ts | 3 --- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index faaab1841..5d5a6fa59 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -109639,7 +109639,6 @@ async function run(startedAt) { ); const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, - gitHubVersion, logger ); const jobRunUuid = v4_default(); @@ -110039,7 +110038,7 @@ exec ${goBinaryPath} "$@"` logger ); } -async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { +async function loadRepositoryProperties(repositoryNwo, logger) { const repositoryOwnerType = github2.context.payload.repository?.owner.type; logger.debug( `Repository owner type is '${repositoryOwnerType ?? "unknown"}'.` diff --git a/src/init-action.ts b/src/init-action.ts index 9386e2c56..f7d9d52eb 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -93,7 +93,6 @@ import { checkActionVersion, getErrorMessage, BuildMode, - GitHubVersion, Result, getOptionalEnvVar, Success, @@ -250,7 +249,6 @@ async function run(startedAt: Date) { // Fetch the values of known repository properties that affect us. const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, - gitHubVersion, logger, ); @@ -819,7 +817,6 @@ async function run(startedAt: Date) { */ async function loadRepositoryProperties( repositoryNwo: RepositoryNwo, - gitHubVersion: GitHubVersion, logger: Logger, ): Promise> { // See if we can skip loading repository properties early. In particular,