diff --git a/lib/entry-points.js b/lib/entry-points.js index 93a4d0ed58..cdbd6ab82b 100644 --- a/lib/entry-points.js +++ b/lib/entry-points.js @@ -145942,6 +145942,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", minimumVersion: void 0 }, + ["config_file_repository_property" /* ConfigFileRepositoryProperty */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY", + minimumVersion: void 0 + }, ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { defaultValue: false, envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", @@ -159647,7 +159652,7 @@ var io7 = __toESM(require_io()); var semver10 = __toESM(require_semver2()); // src/config/file.ts -function getConfigFileInput(logger, actions, repositoryProperties) { +function getConfigFileInput(logger, actions, repositoryProperties, useRepositoryProperty) { const input = actions.getOptionalInput("config-file"); if (input !== void 0) { logger.info(`Using configuration file input from workflow: ${input}`); @@ -159655,10 +159660,16 @@ function getConfigFileInput(logger, actions, repositoryProperties) { } const propertyValue = repositoryProperties["github-codeql-config-file" /* CONFIG_FILE */]; if (propertyValue !== void 0 && propertyValue.trim().length > 0) { - logger.info( - `Using configuration file input from repository property: ${propertyValue}` - ); - return propertyValue; + if (useRepositoryProperty) { + logger.info( + `Using configuration file input from repository property: ${propertyValue}` + ); + return propertyValue; + } else { + logger.info( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled." + ); + } } return void 0; } @@ -160043,7 +160054,15 @@ async function run3(startedAt) { logger.info(`Job run UUID is ${jobRunUuid}.`); core20.exportVariable("JOB_RUN_UUID" /* JOB_RUN_UUID */, jobRunUuid); core20.exportVariable("CODEQL_ACTION_INIT_HAS_RUN" /* INIT_ACTION_HAS_RUN */, "true"); - configFile = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const useConfigFileProperty = await features.getValue( + "config_file_repository_property" /* ConfigFileRepositoryProperty */ + ); + configFile = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + useConfigFileProperty + ); sourceRoot = path24.resolve( getRequiredEnvParam("GITHUB_WORKSPACE"), getOptionalInput("source-root") || "" diff --git a/src/config/file.test.ts b/src/config/file.test.ts index 4c511c1a70..fef6088297 100644 --- a/src/config/file.test.ts +++ b/src/config/file.test.ts @@ -15,7 +15,7 @@ setupTests(test); test("getConfigFileInput returns undefined by default", async (t) => { const logger = new RecordingLogger(); const actionsEnv = getTestActionsEnv(); - const result = getConfigFileInput(logger, actionsEnv, {}); + const result = getConfigFileInput(logger, actionsEnv, {}, true); t.is(result, undefined); }); @@ -34,7 +34,12 @@ test("getConfigFileInput returns input value", async (t) => { // Even though both an input and repository property are configured, // we prefer the direct input to the Action. - const result = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + true, + ); t.is(result, testInput); // Check for the expected log message. @@ -46,7 +51,12 @@ test("getConfigFileInput returns repository property value", async (t) => { const actionsEnv = getTestActionsEnv(); // Since there is no direct input, we should use the repository property. - const result = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + true, + ); t.is(result, repositoryProperties[RepositoryPropertyName.CONFIG_FILE]); // Check for the expected log message. @@ -62,8 +72,38 @@ test("getConfigFileInput ignores empty repository property value", async (t) => const actionsEnv = getTestActionsEnv(); // Since the repository property value is an empty/whitespace string, we should ignore it. - const result = getConfigFileInput(logger, actionsEnv, { - [RepositoryPropertyName.CONFIG_FILE]: " ", - }); + const result = getConfigFileInput( + logger, + actionsEnv, + { + [RepositoryPropertyName.CONFIG_FILE]: " ", + }, + true, + ); + t.is(result, undefined); +}); + +test("getConfigFileInput ignores repository property value when FF is off", async (t) => { + const logger = new RecordingLogger(); + const actionsEnv = getTestActionsEnv(); + + // Since the FF is off, we should ignore the repository property value. + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + false, + ); t.is(result, undefined); + + t.false( + logger.hasMessage( + "Using configuration file input from repository property", + ), + ); + t.true( + logger.hasMessage( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled.", + ), + ); }); diff --git a/src/config/file.ts b/src/config/file.ts index 24613dc557..6b8dfdcdcb 100644 --- a/src/config/file.ts +++ b/src/config/file.ts @@ -12,6 +12,7 @@ export function getConfigFileInput( logger: Logger, actions: ActionsEnv, repositoryProperties: Partial, + useRepositoryProperty: boolean, ): string | undefined { const input = actions.getOptionalInput("config-file"); @@ -24,10 +25,17 @@ export function getConfigFileInput( repositoryProperties[RepositoryPropertyName.CONFIG_FILE]; if (propertyValue !== undefined && propertyValue.trim().length > 0) { - logger.info( - `Using configuration file input from repository property: ${propertyValue}`, - ); - return propertyValue; + // Only use the repository property value if the FF is enabled. + if (useRepositoryProperty) { + logger.info( + `Using configuration file input from repository property: ${propertyValue}`, + ); + return propertyValue; + } else { + logger.info( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled.", + ); + } } return undefined; diff --git a/src/feature-flags.ts b/src/feature-flags.ts index a796982242..f71ecab57b 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -74,6 +74,8 @@ export enum Feature { AllowMultipleAnalysisKinds = "allow_multiple_analysis_kinds", AllowToolcacheInput = "allow_toolcache_input", CleanupTrapCaches = "cleanup_trap_caches", + /** Whether to allow the `config-file` input to be specified via a repository property. */ + ConfigFileRepositoryProperty = "config_file_repository_property", CppDependencyInstallation = "cpp_dependency_installation_enabled", CsharpCacheBuildModeNone = "csharp_cache_bmn", CsharpNewCacheKey = "csharp_new_cache_key", @@ -184,6 +186,11 @@ export const featureConfig = { envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", minimumVersion: undefined, }, + [Feature.ConfigFileRepositoryProperty]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY", + minimumVersion: undefined, + }, [Feature.CppDependencyInstallation]: { defaultValue: false, envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", diff --git a/src/init-action.ts b/src/init-action.ts index 9c9b45556b..ec711cdf0b 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -263,7 +263,15 @@ async function run(startedAt: Date) { core.exportVariable(EnvVar.INIT_ACTION_HAS_RUN, "true"); - configFile = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const useConfigFileProperty = await features.getValue( + Feature.ConfigFileRepositoryProperty, + ); + configFile = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + useConfigFileProperty, + ); // path.resolve() respects the intended semantics of source-root. If // source-root is relative, it is relative to the GITHUB_WORKSPACE. If