Skip to content

Add FF for configuration file repository property#3983

Merged
mbg merged 4 commits into
mainfrom
mbg/repo-props/ff-for-config-file-prop
Jul 1, 2026
Merged

Add FF for configuration file repository property#3983
mbg merged 4 commits into
mainfrom
mbg/repo-props/ff-for-config-file-prop

Conversation

@mbg

@mbg mbg commented Jul 1, 2026

Copy link
Copy Markdown
Member

Follow-up to #3963 which adds a FF to control whether that functionality is enabled or not.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.
  • Other first-party - The changes impact other first-party analyses.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg requested a review from henrymercer July 1, 2026 14:57
@mbg mbg self-assigned this Jul 1, 2026
Copilot AI review requested due to automatic review settings July 1, 2026 14:57
@mbg mbg requested a review from a team as a code owner July 1, 2026 14:57
@github-actions github-actions Bot added the size/S Should be easy to review label Jul 1, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Warning

  • Copilot's review of this pull request may be incomplete because some of the changed files are excluded by your Copilot content exclusion settings. See Excluding content from Copilot for details.

Pull request overview

This PR introduces a feature flag to control whether the CodeQL Action may read the config-file value from the repository property (added in #3963), allowing that behavior to be enabled/disabled independently of the workflow input.

Changes:

  • Add Feature.ConfigFileRepositoryProperty and its configuration (CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY) to the feature flag system.
  • Gate repository-property-based config file selection behind the new feature flag, while still prioritizing the explicit config-file workflow input.
  • Update unit tests for getConfigFileInput to cover both FF-on and FF-off behavior.
Show a summary per file
File Description
src/init-action.ts Fetches the new feature flag value and passes it to getConfigFileInput to control repository-property usage.
src/feature-flags.ts Defines and configures the new ConfigFileRepositoryProperty feature flag and its env var.
src/config/file.ts Adds a useRepositoryProperty parameter and early-returns when the feature flag is off.
src/config/file.test.ts Updates existing tests for the new function signature and adds a test verifying FF-off ignores the repository property.
lib/entry-points.js Generated JS output change (content excluded by policy; not reviewed).

Review details

Files excluded by content exclusion policy (1)
  • lib/entry-points.js
  • Files reviewed: 4/5 changed files
  • Comments generated: 0
  • Review effort level: Low

henrymercer
henrymercer previously approved these changes Jul 1, 2026
Comment thread src/config/file.ts
logger: Logger,
actions: ActionsEnv,
repositoryProperties: Partial<RepositoryProperties>,
useRepositoryProperty: boolean,

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor: It would be clearer to use an object like { useRepositoryProperty: boolean } here so it's clearer when the function is called what the last argument means.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed with the point, but I expect to change this in line with the changes in #3973 (so that the features are available via the indexed ActionState).

Comment thread src/config/file.ts Outdated
@mbg mbg enabled auto-merge July 1, 2026 15:24
@mbg mbg added this pull request to the merge queue Jul 1, 2026
Merged via the queue into main with commit 1f34ec1 Jul 1, 2026
225 checks passed
@mbg mbg deleted the mbg/repo-props/ff-for-config-file-prop branch July 1, 2026 15:46
@github-actions github-actions Bot mentioned this pull request Jul 1, 2026
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/S Should be easy to review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants