pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/github/codeql-action/pull/3512

ets.com/assets/actions-109fb3a41bacb1c2.css" /> Use `getDefaultCliVersion` for `start-proxy` by mbg · Pull Request #3512 · github/codeql-action · GitHub
Skip to content

Use getDefaultCliVersion for start-proxy#3512

Open
mbg wants to merge 1 commit intomainfrom
mbg/start-proxy/use-default-cli
Open

Use getDefaultCliVersion for start-proxy#3512
mbg wants to merge 1 commit intomainfrom
mbg/start-proxy/use-default-cli

Conversation

@mbg
Copy link
Member

@mbg mbg commented Feb 25, 2026

Changes the start-proxy action to use getDefaultCliVersion rather than having defaults.bundleVersion hard-coded. Conveniently, this adds a permanent consumer of feature flags to start-proxy.

We could relatively easily add a FF as a gate for the new behaviour.

Risk assessment

For internal use only. Please select the risk level of this change:

  • High risk: Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.

Which use cases does this change impact?

Workflow types:

  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg requested a review from henrymercer February 25, 2026 17:47
@mbg mbg self-assigned this Feb 25, 2026
@mbg mbg requested a review from a team as a code owner February 25, 2026 17:47
Copilot AI review requested due to automatic review settings February 25, 2026 17:47
@github-actions github-actions bot added the size/M Should be of average difficulty to review label Feb 25, 2026
Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates the start-proxy action to use getDefaultCliVersion from feature flags instead of hard-coding defaults.bundleVersion. This change allows the start-proxy action to dynamically determine the CodeQL CLI version to use, either from feature flags on GitHub.com or from defaults on GHES, making the behavior consistent with other actions in the codebase.

Changes:

  • Modified getDownloadUrl and getProxyBinaryPath functions to accept a FeatureEnablement parameter
  • Updated start-proxy-action.ts to initialize and pass feature flags to proxy-related functions
  • Added comprehensive test coverage with proper feature flag mocking
  • Removed unused Feature import from start-proxy-action.ts

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
src/start-proxy.ts Updated function signatures to accept FeatureEnablement; changed to use getDefaultCliVersion for dynamic version selection; added getGitHubVersion import
src/start-proxy.test.ts Updated test mocking to properly handle feature flags; added mockOfflineFeatures helper; modified tests to pass features parameter
src/start-proxy-action.ts Removed unused Feature import; updated getProxyBinaryPath call to pass features parameter
lib/start-proxy-action.js Generated JavaScript reflecting TypeScript changes
Comments suppressed due to low confidence (1)

src/start-proxy.ts:558

  • The JSDoc comment for getProxyBinaryPath is missing documentation for the new features parameter. Please add a @param features entry to document this parameter.
/**
 * Gets a path to the proxy binary. If possible, this function will find the proxy in the
 * runner's tool cache. Otherwise, it downloads and extracts the proxy binary,
 * and stores it in the tool cache.
 *
 * @param logger The logger to use.
 * @returns The path to the proxy binary.
 */

src/start-proxy.test.ts
Comment on lines 394 to 408
@@ -383,33 +408,48 @@ test("getDownloadUrl returns fallback when `getLinkedRelease` rejects", async (t
});
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test "getDownloadUrl returns fallback when getReleaseByVersion rejects" needs to be updated to properly test the new code path. The issue is that createFeatures([]) returns a feature object where getDefaultCliVersion throws "not implemented", but getGitHubVersion() is not mocked. This test should either:

  1. Mock getGitHubVersion() and use mockOfflineFeatures() or another proper feature implementation (like the other tests do), OR
  2. Mock getDefaultCliVersion on the features object to return a valid result, so that the test actually verifies the behavior when getReleaseByVersion rejects (which is what the test name claims to test).

Currently, this test may pass by accident because the exception thrown by getDefaultCliVersion is caught by the catch block at line 445 in start-proxy.ts, but it's not testing what it claims to test.

See below for a potential fix:

  const logger = new RecordingLogger();

  await withTmpDir(async (tempDir) => {
    const features = mockOfflineFeatures(tempDir, logger);
    const stub = mockGetReleaseByTag();

    const info = await startProxyExports.getDownloadUrl(
      getRunnerLogger(true),
      features,
    );

    t.is(info.version, startProxyExports.UPDATEJOB_PROXY_VERSION);
    t.is(
      info.url,
      startProxyExports.getFallbackUrl(startProxyExports.getProxyPackage()),
    );

    stub.restore();
  });

Copilot uses AI. Check for mistakes.
src/start-proxy.ts
Comment on lines 408 to 414
/**
* Determines the URL of the proxy release asset that we should download if its not
* already in the toolcache, and its version.
*
* @param logger The logger to use.
* @returns Returns the download URL and version of the proxy package we plan to use.
*/
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The JSDoc comment for getDownloadUrl is missing documentation for the new features parameter. Please add a @param features entry to document this parameter.

This issue also appears on line 551 of the same file.

See below for a potential fix:

 * @param logger The logger to use.
 * @param features The feature enablement configuration used to determine the default CLI version.

Copilot uses AI. Check for mistakes.
@henrymercer henrymercer requested review from sam-robson and removed request for henrymercer February 25, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sam-robson sam-robson Awaiting requested review from sam-robson

At least 1 approving review is required to merge this pull request.

Assignees

@mbg mbg

Labels

size/M Should be of average difficulty to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbg
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy