Add FF for configuration file repository property#3983
Merged
Conversation
Contributor
There was a problem hiding this comment.
Warning
- Copilot's review of this pull request may be incomplete because some of the changed files are excluded by your Copilot content exclusion settings. See Excluding content from Copilot for details.
Pull request overview
This PR introduces a feature flag to control whether the CodeQL Action may read the config-file value from the repository property (added in #3963), allowing that behavior to be enabled/disabled independently of the workflow input.
Changes:
- Add
Feature.ConfigFileRepositoryPropertyand its configuration (CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY) to the feature flag system. - Gate repository-property-based config file selection behind the new feature flag, while still prioritizing the explicit
config-fileworkflow input. - Update unit tests for
getConfigFileInputto cover both FF-on and FF-off behavior.
Show a summary per file
| File | Description |
|---|---|
| src/init-action.ts | Fetches the new feature flag value and passes it to getConfigFileInput to control repository-property usage. |
| src/feature-flags.ts | Defines and configures the new ConfigFileRepositoryProperty feature flag and its env var. |
| src/config/file.ts | Adds a useRepositoryProperty parameter and early-returns when the feature flag is off. |
| src/config/file.test.ts | Updates existing tests for the new function signature and adds a test verifying FF-off ignores the repository property. |
| lib/entry-points.js | Generated JS output change (content excluded by policy; not reviewed). |
Review details
Files excluded by content exclusion policy (1)
- lib/entry-points.js
- Files reviewed: 4/5 changed files
- Comments generated: 0
- Review effort level: Low
henrymercer
previously approved these changes
Jul 1, 2026
| logger: Logger, | ||
| actions: ActionsEnv, | ||
| repositoryProperties: Partial<RepositoryProperties>, | ||
| useRepositoryProperty: boolean, |
Contributor
There was a problem hiding this comment.
Minor: It would be clearer to use an object like { useRepositoryProperty: boolean } here so it's clearer when the function is called what the last argument means.
Member
Author
There was a problem hiding this comment.
Agreed with the point, but I expect to change this in line with the changes in #3973 (so that the features are available via the indexed ActionState).
henrymercer
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #3963 which adds a FF to control whether that functionality is enabled or not.
Risk assessment
For internal use only. Please select the risk level of this change:
Which use cases does this change impact?
Workflow types:
dynamicworkflows (Default Setup, Code Quality, ...).Products:
analysis-kinds: code-scanning.analysis-kinds: code-quality.Environments:
github.comand/or GitHub Enterprise Cloud with Data Residency.How did/will you validate this change?
.test.tsfiles).If something goes wrong after this change is released, what are the mitigation and rollback strategies?
How will you know if something goes wrong after this change is released?
Are there any special considerations for merging or releasing this change?
Merge / deployment checklist