From b35c0d37b11db04fcf3e4a94aa3e3f284130c33a Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:15:04 +0000 Subject: [PATCH 1/7] Clean up repository properties feature flag --- lib/analyze-action-post.js | 5 ----- lib/analyze-action.js | 5 ----- lib/autobuild-action.js | 5 ----- lib/init-action-post.js | 5 ----- lib/init-action.js | 14 +------------- lib/resolve-environment-action.js | 5 ----- lib/setup-codeql-action.js | 5 ----- lib/start-proxy-action-post.js | 5 ----- lib/start-proxy-action.js | 5 ----- lib/upload-lib.js | 5 ----- lib/upload-sarif-action-post.js | 5 ----- lib/upload-sarif-action.js | 5 ----- src/feature-flags.ts | 6 ------ src/init-action.ts | 9 --------- 14 files changed, 1 insertion(+), 83 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 4fd650079..454c2d9fb 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -162243,11 +162243,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 3935138f5..78ce035ed 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107992,11 +107992,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index de91c2350..acd1b250e 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -104292,11 +104292,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 42738ca24..6a89d40a2 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -165729,11 +165729,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/init-action.js b/lib/init-action.js index b07f684e9..67c03243a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -105552,11 +105552,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", @@ -109648,7 +109643,6 @@ async function run(startedAt) { const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, gitHubVersion, - features, logger ); const jobRunUuid = v4_default(); @@ -110048,7 +110042,7 @@ exec ${goBinaryPath} "$@"` logger ); } -async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features, logger) { +async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { const repositoryOwnerType = github2.context.payload.repository?.owner.type; logger.debug( `Repository owner type is '${repositoryOwnerType ?? "unknown"}'.` @@ -110059,12 +110053,6 @@ async function loadRepositoryProperties(repositoryNwo, gitHubVersion, features, ); return new Success({}); } - if (!await features.getValue("use_repository_properties_v2" /* UseRepositoryProperties */)) { - logger.debug( - "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled." - ); - return new Success({}); - } try { return new Success( await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index c5230200e..aa3673bd3 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -104283,11 +104283,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index d323a2dcc..a9eb08eb5 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -104180,11 +104180,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index b9a712fa4..6fdfe2d8b 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161649,11 +161649,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 694b6a100..84519a068 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120972,11 +120972,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 67f15351c..236eb8512 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -107439,11 +107439,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index aa0d4cda9..dab78eb86 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161811,11 +161811,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9130bfc50..ab769c22f 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107153,11 +107153,6 @@ var featureConfig = { minimumVersion: void 0, toolsFeature: "bundleSupportsOverlay" /* BundleSupportsOverlay */ }, - ["use_repository_properties_v2" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, ["validate_db_config" /* ValidateDbConfig */]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/src/feature-flags.ts b/src/feature-flags.ts index c77bd794f..c773ca9a4 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -87,7 +87,6 @@ export enum Feature { StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries", StartProxyUseFeaturesRelease = "start_proxy_use_features_release", UploadOverlayDbToApi = "upload_overlay_db_to_api", - UseRepositoryProperties = "use_repository_properties_v2", ValidateDbConfig = "validate_db_config", } @@ -352,11 +351,6 @@ export const featureConfig = { minimumVersion: undefined, toolsFeature: ToolsFeature.BundleSupportsOverlay, }, - [Feature.UseRepositoryProperties]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: undefined, - }, [Feature.ValidateDbConfig]: { defaultValue: false, envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG", diff --git a/src/init-action.ts b/src/init-action.ts index 7bd749e82..483140b90 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -251,7 +251,6 @@ async function run(startedAt: Date) { const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, gitHubVersion, - features, logger, ); @@ -821,7 +820,6 @@ async function run(startedAt: Date) { async function loadRepositoryProperties( repositoryNwo: RepositoryNwo, gitHubVersion: GitHubVersion, - features: FeatureEnablement, logger: Logger, ): Promise> { // See if we can skip loading repository properties early. In particular, @@ -839,13 +837,6 @@ async function loadRepositoryProperties( return new Success({}); } - if (!(await features.getValue(Feature.UseRepositoryProperties))) { - logger.debug( - "Skipping loading repository properties because the UseRepositoryProperties feature flag is disabled.", - ); - return new Success({}); - } - try { return new Success( await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo), From 8924dfb7d06dd0b09208a051d749c25395d6bb85 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:19:32 +0000 Subject: [PATCH 2/7] Remove GHES feature gate All supported versions of GHES support the repository properties API. --- lib/init-action.js | 9 +--- src/feature-flags/properties.test.ts | 71 ++-------------------------- src/feature-flags/properties.ts | 9 +--- src/init-action.ts | 4 +- 4 files changed, 8 insertions(+), 85 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index 67c03243a..faaab1841 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -104424,10 +104424,7 @@ var repositoryPropertyParsers = { ["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: booleanProperty, ["github-codeql-extra-queries" /* EXTRA_QUERIES */]: stringProperty }; -async function loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) { - if (gitHubVersion.type === "GitHub Enterprise Server" /* GHES */) { - return {}; - } +async function loadPropertiesFromApi(logger, repositoryNwo) { try { const response = await getRepositoryProperties(repositoryNwo); const remoteProperties = response.data; @@ -110054,9 +110051,7 @@ async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { return new Success({}); } try { - return new Success( - await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo) - ); + return new Success(await loadPropertiesFromApi(logger, repositoryNwo)); } catch (error3) { logger.warning( `Failed to load repository properties: ${getErrorMessage(error3)}` diff --git a/src/feature-flags/properties.test.ts b/src/feature-flags/properties.test.ts index c820f8d00..a468b3349 100644 --- a/src/feature-flags/properties.test.ts +++ b/src/feature-flags/properties.test.ts @@ -5,7 +5,6 @@ import * as api from "../api-client"; import { getRunnerLogger } from "../logging"; import { parseRepositoryNwo } from "../repository"; import { setupTests } from "../testing-utils"; -import * as util from "../util"; import * as properties from "./properties"; @@ -23,13 +22,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Expected repository properties API to return an array/, }, @@ -49,13 +42,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Expected repository property object to have a 'property_name'/, @@ -79,43 +66,11 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.notThrowsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), ); }, ); -test.serial( - "loadPropertiesFromApi returns empty object if on GHES", - async (t) => { - sinon.stub(api, "getRepositoryProperties").resolves({ - headers: {}, - status: 200, - url: "", - data: [ - { property_name: "github-codeql-extra-queries", value: "+queries" }, - { property_name: "unknown-property", value: "something" }, - ] satisfies properties.GitHubPropertiesResponse, - }); - const logger = getRunnerLogger(true); - const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); - const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.GHES, - version: "", - }, - logger, - mockRepositoryNwo, - ); - t.deepEqual(response, {}); - }, -); - test.serial("loadPropertiesFromApi loads known properties", async (t) => { sinon.stub(api, "getRepositoryProperties").resolves({ headers: {}, @@ -129,9 +84,6 @@ test.serial("loadPropertiesFromApi loads known properties", async (t) => { const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -155,9 +107,6 @@ test.serial("loadPropertiesFromApi parses true boolean property", async (t) => { const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -186,9 +135,6 @@ test.serial( const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); @@ -211,13 +157,7 @@ test.serial( const logger = getRunnerLogger(true); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); await t.throwsAsync( - properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, - logger, - mockRepositoryNwo, - ), + properties.loadPropertiesFromApi(logger, mockRepositoryNwo), { message: /Unexpected value for repository property 'github-codeql-extra-queries' \(number\), got: 123/, @@ -244,9 +184,6 @@ test.serial( const warningSpy = sinon.spy(logger, "warning"); const mockRepositoryNwo = parseRepositoryNwo("owner/repo"); const response = await properties.loadPropertiesFromApi( - { - type: util.GitHubVariant.DOTCOM, - }, logger, mockRepositoryNwo, ); diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index cb407c308..40669bafc 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -1,7 +1,7 @@ import { getRepositoryProperties } from "../api-client"; import { Logger } from "../logging"; import { RepositoryNwo } from "../repository"; -import { GitHubVariant, GitHubVersion } from "../util"; +import { GitHubVariant, GitHubVersion, satisfiesGHESVersion } from "../util"; /** * Enumerates repository property names that have some meaning to us. @@ -93,16 +93,9 @@ export type GitHubPropertiesResponse = GitHubRepositoryProperty[]; * @returns Returns a partial mapping from `RepositoryPropertyName` to values. */ export async function loadPropertiesFromApi( - gitHubVersion: GitHubVersion, logger: Logger, repositoryNwo: RepositoryNwo, ): Promise { - // TODO: To be safe for now; later we should replace this with a version check once we know - // which version of GHES we expect this to be supported by. - if (gitHubVersion.type === GitHubVariant.GHES) { - return {}; - } - try { const response = await getRepositoryProperties(repositoryNwo); const remoteProperties = response.data as GitHubPropertiesResponse; diff --git a/src/init-action.ts b/src/init-action.ts index 483140b90..9386e2c56 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -838,9 +838,7 @@ async function loadRepositoryProperties( } try { - return new Success( - await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo), - ); + return new Success(await loadPropertiesFromApi(logger, repositoryNwo)); } catch (error) { logger.warning( `Failed to load repository properties: ${getErrorMessage(error)}`, From a770e76359a57da3e78bcabda297b3f6a24a58bc Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:20:52 +0000 Subject: [PATCH 3/7] Add changelog note --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 28a3105f8..6d6c8a15e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] - Fixed [a bug](https://github.com/github/codeql-action/issues/3555) which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. [#3557](https://github.com/github/codeql-action/pull/3557) +- The CodeQL Action now loads [custom repository properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization) on GitHub Enterprise Server, enabling the customization of features such as `github-codeql-disable-overlay` that was previously only available on GitHub.com. [#3559](https://github.com/github/codeql-action/pull/3559) ## 4.32.6 - 05 Mar 2026 From b0642f9e8677af302837641b970d8b26de43e77d Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:25:20 +0000 Subject: [PATCH 4/7] Remove unused imports --- src/feature-flags/properties.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/src/feature-flags/properties.ts b/src/feature-flags/properties.ts index 40669bafc..7c339e3f3 100644 --- a/src/feature-flags/properties.ts +++ b/src/feature-flags/properties.ts @@ -1,7 +1,6 @@ import { getRepositoryProperties } from "../api-client"; import { Logger } from "../logging"; import { RepositoryNwo } from "../repository"; -import { GitHubVariant, GitHubVersion, satisfiesGHESVersion } from "../util"; /** * Enumerates repository property names that have some meaning to us. From 1b7fa1a121750f626e5de1945f901e2261d41eaa Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:30:34 +0000 Subject: [PATCH 5/7] Drop unused variable --- lib/init-action.js | 3 +-- src/init-action.ts | 3 --- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index faaab1841..5d5a6fa59 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -109639,7 +109639,6 @@ async function run(startedAt) { ); const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, - gitHubVersion, logger ); const jobRunUuid = v4_default(); @@ -110039,7 +110038,7 @@ exec ${goBinaryPath} "$@"` logger ); } -async function loadRepositoryProperties(repositoryNwo, gitHubVersion, logger) { +async function loadRepositoryProperties(repositoryNwo, logger) { const repositoryOwnerType = github2.context.payload.repository?.owner.type; logger.debug( `Repository owner type is '${repositoryOwnerType ?? "unknown"}'.` diff --git a/src/init-action.ts b/src/init-action.ts index 9386e2c56..f7d9d52eb 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -93,7 +93,6 @@ import { checkActionVersion, getErrorMessage, BuildMode, - GitHubVersion, Result, getOptionalEnvVar, Success, @@ -250,7 +249,6 @@ async function run(startedAt: Date) { // Fetch the values of known repository properties that affect us. const repositoryPropertiesResult = await loadRepositoryProperties( repositoryNwo, - gitHubVersion, logger, ); @@ -819,7 +817,6 @@ async function run(startedAt: Date) { */ async function loadRepositoryProperties( repositoryNwo: RepositoryNwo, - gitHubVersion: GitHubVersion, logger: Logger, ): Promise> { // See if we can skip loading repository properties early. In particular, From ab180c9eeb700d53dd2feb78770a435dced00324 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:35:21 +0000 Subject: [PATCH 6/7] Clean up pre GHES 3.14 code paths --- lib/analyze-action.js | 10 +--- lib/init-action-post.js | 10 +--- lib/upload-lib.js | 10 +--- lib/upload-sarif-action.js | 10 +--- src/status-report.ts | 1 - src/upload-lib.test.ts | 106 +++++++------------------------------ src/upload-lib.ts | 16 +----- 7 files changed, 28 insertions(+), 135 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 3935138f5..3ba151803 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -112465,10 +112465,7 @@ function areAllRunsUnique(sarifLogs) { // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { - if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { - return false; - } +async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects) { return !areAllRunsUnique(sarifObjects) && !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING; } async function throwIfCombineSarifFilesDisabled(sarifObjects, githubVersion) { @@ -112501,10 +112498,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo logger.debug( "Not all SARIF files were produced by CodeQL. Merging files in the action." ); - if (await shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects, - gitHubVersion - )) { + if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) { logger.warning( `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}` ); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 42738ca24..e0377547b 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -169555,10 +169555,7 @@ function areAllRunsUnique(sarifLogs) { // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { - if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { - return false; - } +async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects) { return !areAllRunsUnique(sarifObjects) && !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING; } async function throwIfCombineSarifFilesDisabled(sarifObjects, githubVersion) { @@ -169591,10 +169588,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo logger.debug( "Not all SARIF files were produced by CodeQL. Merging files in the action." ); - if (await shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects, - gitHubVersion - )) { + if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) { logger.warning( `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}` ); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 67f15351c..d1bc40475 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -110352,10 +110352,7 @@ function areAllRunsUnique(sarifLogs) { // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { - if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { - return false; - } +async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects) { return !areAllRunsUnique(sarifObjects) && !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING; } async function throwIfCombineSarifFilesDisabled(sarifObjects, githubVersion) { @@ -110388,10 +110385,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo logger.debug( "Not all SARIF files were produced by CodeQL. Merging files in the action." ); - if (await shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects, - gitHubVersion - )) { + if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) { logger.warning( `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}` ); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9130bfc50..e8491b896 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -110944,10 +110944,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe // src/upload-lib.ts var GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning."; var GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository."; -async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) { - if (githubVersion.type === "GitHub Enterprise Server" /* GHES */ && satisfiesGHESVersion(githubVersion.version, "<3.14", true)) { - return false; - } +async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects) { return !areAllRunsUnique(sarifObjects) && !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING; } async function throwIfCombineSarifFilesDisabled(sarifObjects, githubVersion) { @@ -110980,10 +110977,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo logger.debug( "Not all SARIF files were produced by CodeQL. Merging files in the action." ); - if (await shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects, - gitHubVersion - )) { + if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) { logger.warning( `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}` ); diff --git a/src/status-report.ts b/src/status-report.ts index cdb96356e..7cda9c234 100644 --- a/src/status-report.ts +++ b/src/status-report.ts @@ -356,7 +356,6 @@ export async function createStatusReportBase( statusReport.matrix_vars = matrix; } if ("RUNNER_ARCH" in process.env) { - // RUNNER_ARCH is available only in GHES 3.4 and later // Values other than X86, X64, ARM, or ARM64 are discarded server side statusReport.runner_arch = process.env["RUNNER_ARCH"]; } diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index 92dc2e773..e1990a811 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -631,57 +631,10 @@ test.serial( "shouldShowCombineSarifFilesDeprecationWarning when on dotcom", async (t) => { t.true( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.DOTCOM, - }, - ), - ); - }, -); - -test.serial( - "shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.13", - async (t) => { - t.false( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.GHES, - version: "3.13.2", - }, - ), - ); - }, -); - -test.serial( - "shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.14", - async (t) => { - t.true( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.GHES, - version: "3.14.0", - }, - ), - ); - }, -); - -test.serial( - "shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.16 pre", - async (t) => { - t.true( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.GHES, - version: "3.16.0.pre1", - }, - ), + await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([ + createMockSarif("abc", "def"), + createMockSarif("abc", "def"), + ]), ); }, ); @@ -690,12 +643,9 @@ test.serial( "shouldShowCombineSarifFilesDeprecationWarning with only 1 run", async (t) => { t.false( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def")], - { - type: GitHubVariant.DOTCOM, - }, - ), + await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([ + createMockSarif("abc", "def"), + ]), ); }, ); @@ -704,12 +654,10 @@ test.serial( "shouldShowCombineSarifFilesDeprecationWarning with distinct categories", async (t) => { t.false( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("def", "def")], - { - type: GitHubVariant.DOTCOM, - }, - ), + await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([ + createMockSarif("abc", "def"), + createMockSarif("def", "def"), + ]), ); }, ); @@ -718,12 +666,10 @@ test.serial( "shouldShowCombineSarifFilesDeprecationWarning with distinct tools", async (t) => { t.false( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "abc"), createMockSarif("abc", "def")], - { - type: GitHubVariant.DOTCOM, - }, - ), + await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([ + createMockSarif("abc", "abc"), + createMockSarif("abc", "def"), + ]), ); }, ); @@ -734,12 +680,10 @@ test.serial( process.env["CODEQL_MERGE_SARIF_DEPRECATION_WARNING"] = "true"; t.false( - await uploadLib.shouldShowCombineSarifFilesDeprecationWarning( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.DOTCOM, - }, - ), + await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([ + createMockSarif("abc", "def"), + createMockSarif("abc", "def"), + ]), ); }, ); @@ -759,18 +703,6 @@ test.serial("throwIfCombineSarifFilesDisabled when on dotcom", async (t) => { ); }); -test.serial("throwIfCombineSarifFilesDisabled when on GHES 3.13", async (t) => { - await t.notThrowsAsync( - uploadLib.throwIfCombineSarifFilesDisabled( - [createMockSarif("abc", "def"), createMockSarif("abc", "def")], - { - type: GitHubVariant.GHES, - version: "3.13.2", - }, - ), - ); -}); - test.serial("throwIfCombineSarifFilesDisabled when on GHES 3.14", async (t) => { await t.notThrowsAsync( uploadLib.throwIfCombineSarifFilesDisabled( diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 249882533..101e7946f 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -47,16 +47,7 @@ const GENERIC_404_MSG = // Checks whether the deprecation warning for combining SARIF files should be shown. export async function shouldShowCombineSarifFilesDeprecationWarning( sarifObjects: Array>, - githubVersion: GitHubVersion, ) { - // Do not show this warning on GHES versions before 3.14.0 - if ( - githubVersion.type === GitHubVariant.GHES && - satisfiesGHESVersion(githubVersion.version, "<3.14", true) - ) { - return false; - } - // Only give a deprecation warning when not all runs are unique and // we haven't already shown the warning. return ( @@ -131,12 +122,7 @@ async function combineSarifFilesUsingCLI( "Not all SARIF files were produced by CodeQL. Merging files in the action.", ); - if ( - await shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects, - gitHubVersion, - ) - ) { + if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects)) { logger.warning( `Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`, ); From fdecf48e2257189b371e8cd0b23067dd68ace5a4 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Mon, 9 Mar 2026 16:43:17 +0000 Subject: [PATCH 7/7] Linting: Require unused function parameters to start with `_` --- eslint.config.mjs | 1 + 1 file changed, 1 insertion(+) diff --git a/eslint.config.mjs b/eslint.config.mjs index 6ac800276..97e15194e 100644 --- a/eslint.config.mjs +++ b/eslint.config.mjs @@ -161,6 +161,7 @@ export default [ "@typescript-eslint/no-unused-vars": [ "error", { + "args": "all", "argsIgnorePattern": "^_", } ],