From f7fa18f05d107ff6735857c3510fbff190c9a1eb Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 1 Jul 2026 15:51:37 +0100 Subject: [PATCH 1/4] Add FF for config file repo property --- lib/entry-points.js | 5 +++++ src/feature-flags.ts | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/lib/entry-points.js b/lib/entry-points.js index 93a4d0ed58..27cf79298a 100644 --- a/lib/entry-points.js +++ b/lib/entry-points.js @@ -145942,6 +145942,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", minimumVersion: void 0 }, + ["config_file_repository_property" /* ConfigFileRepositoryProperty */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY", + minimumVersion: void 0 + }, ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { defaultValue: false, envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", diff --git a/src/feature-flags.ts b/src/feature-flags.ts index a796982242..f71ecab57b 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -74,6 +74,8 @@ export enum Feature { AllowMultipleAnalysisKinds = "allow_multiple_analysis_kinds", AllowToolcacheInput = "allow_toolcache_input", CleanupTrapCaches = "cleanup_trap_caches", + /** Whether to allow the `config-file` input to be specified via a repository property. */ + ConfigFileRepositoryProperty = "config_file_repository_property", CppDependencyInstallation = "cpp_dependency_installation_enabled", CsharpCacheBuildModeNone = "csharp_cache_bmn", CsharpNewCacheKey = "csharp_new_cache_key", @@ -184,6 +186,11 @@ export const featureConfig = { envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", minimumVersion: undefined, }, + [Feature.ConfigFileRepositoryProperty]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CONFIG_FILE_REPOSITORY_PROPERTY", + minimumVersion: undefined, + }, [Feature.CppDependencyInstallation]: { defaultValue: false, envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", From 0025d0f2b5676fde748a0be9725dcce18dd9f986 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 1 Jul 2026 15:54:22 +0100 Subject: [PATCH 2/4] Use FF --- lib/entry-points.js | 15 +++++++++++++-- src/config/file.test.ts | 27 +++++++++++++++++++++------ src/config/file.ts | 6 ++++++ src/init-action.ts | 10 +++++++++- 4 files changed, 49 insertions(+), 9 deletions(-) diff --git a/lib/entry-points.js b/lib/entry-points.js index 27cf79298a..dcbb94c2f5 100644 --- a/lib/entry-points.js +++ b/lib/entry-points.js @@ -159652,12 +159652,15 @@ var io7 = __toESM(require_io()); var semver10 = __toESM(require_semver2()); // src/config/file.ts -function getConfigFileInput(logger, actions, repositoryProperties) { +function getConfigFileInput(logger, actions, repositoryProperties, useRepositoryProperty) { const input = actions.getOptionalInput("config-file"); if (input !== void 0) { logger.info(`Using configuration file input from workflow: ${input}`); return input; } + if (!useRepositoryProperty) { + return void 0; + } const propertyValue = repositoryProperties["github-codeql-config-file" /* CONFIG_FILE */]; if (propertyValue !== void 0 && propertyValue.trim().length > 0) { logger.info( @@ -160048,7 +160051,15 @@ async function run3(startedAt) { logger.info(`Job run UUID is ${jobRunUuid}.`); core20.exportVariable("JOB_RUN_UUID" /* JOB_RUN_UUID */, jobRunUuid); core20.exportVariable("CODEQL_ACTION_INIT_HAS_RUN" /* INIT_ACTION_HAS_RUN */, "true"); - configFile = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const useConfigFileProperty = await features.getValue( + "config_file_repository_property" /* ConfigFileRepositoryProperty */ + ); + configFile = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + useConfigFileProperty + ); sourceRoot = path24.resolve( getRequiredEnvParam("GITHUB_WORKSPACE"), getOptionalInput("source-root") || "" diff --git a/src/config/file.test.ts b/src/config/file.test.ts index 4c511c1a70..1a4e7b4f5d 100644 --- a/src/config/file.test.ts +++ b/src/config/file.test.ts @@ -15,7 +15,7 @@ setupTests(test); test("getConfigFileInput returns undefined by default", async (t) => { const logger = new RecordingLogger(); const actionsEnv = getTestActionsEnv(); - const result = getConfigFileInput(logger, actionsEnv, {}); + const result = getConfigFileInput(logger, actionsEnv, {}, true); t.is(result, undefined); }); @@ -34,7 +34,12 @@ test("getConfigFileInput returns input value", async (t) => { // Even though both an input and repository property are configured, // we prefer the direct input to the Action. - const result = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + true, + ); t.is(result, testInput); // Check for the expected log message. @@ -46,7 +51,12 @@ test("getConfigFileInput returns repository property value", async (t) => { const actionsEnv = getTestActionsEnv(); // Since there is no direct input, we should use the repository property. - const result = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + true, + ); t.is(result, repositoryProperties[RepositoryPropertyName.CONFIG_FILE]); // Check for the expected log message. @@ -62,8 +72,13 @@ test("getConfigFileInput ignores empty repository property value", async (t) => const actionsEnv = getTestActionsEnv(); // Since the repository property value is an empty/whitespace string, we should ignore it. - const result = getConfigFileInput(logger, actionsEnv, { - [RepositoryPropertyName.CONFIG_FILE]: " ", - }); + const result = getConfigFileInput( + logger, + actionsEnv, + { + [RepositoryPropertyName.CONFIG_FILE]: " ", + }, + true, + ); t.is(result, undefined); }); diff --git a/src/config/file.ts b/src/config/file.ts index 24613dc557..9df95cc01f 100644 --- a/src/config/file.ts +++ b/src/config/file.ts @@ -12,6 +12,7 @@ export function getConfigFileInput( logger: Logger, actions: ActionsEnv, repositoryProperties: Partial, + useRepositoryProperty: boolean, ): string | undefined { const input = actions.getOptionalInput("config-file"); @@ -20,6 +21,11 @@ export function getConfigFileInput( return input; } + // Don't take the repository property into consideration if the FF is not enabled. + if (!useRepositoryProperty) { + return undefined; + } + const propertyValue = repositoryProperties[RepositoryPropertyName.CONFIG_FILE]; diff --git a/src/init-action.ts b/src/init-action.ts index 9c9b45556b..ec711cdf0b 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -263,7 +263,15 @@ async function run(startedAt: Date) { core.exportVariable(EnvVar.INIT_ACTION_HAS_RUN, "true"); - configFile = getConfigFileInput(logger, actionsEnv, repositoryProperties); + const useConfigFileProperty = await features.getValue( + Feature.ConfigFileRepositoryProperty, + ); + configFile = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + useConfigFileProperty, + ); // path.resolve() respects the intended semantics of source-root. If // source-root is relative, it is relative to the GITHUB_WORKSPACE. If From f27f56386a3c745af8d7bbfb806098c714a5e32a Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 1 Jul 2026 15:55:57 +0100 Subject: [PATCH 3/4] Add test for when the FF is off --- src/config/file.test.ts | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/config/file.test.ts b/src/config/file.test.ts index 1a4e7b4f5d..442d74e854 100644 --- a/src/config/file.test.ts +++ b/src/config/file.test.ts @@ -82,3 +82,23 @@ test("getConfigFileInput ignores empty repository property value", async (t) => ); t.is(result, undefined); }); + +test("getConfigFileInput ignores repository property value when FF is off", async (t) => { + const logger = new RecordingLogger(); + const actionsEnv = getTestActionsEnv(); + + // Since the FF is off, we should ignore the repository property value. + const result = getConfigFileInput( + logger, + actionsEnv, + repositoryProperties, + false, + ); + t.is(result, undefined); + + t.false( + logger.hasMessage( + "Using configuration file input from repository property", + ), + ); +}); From d5f0145480025b49d8b08c3f6b36e6ad41a68c90 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 1 Jul 2026 16:22:48 +0100 Subject: [PATCH 4/4] Log when repository property has a value but is ignored --- lib/entry-points.js | 17 ++++++++++------- src/config/file.test.ts | 5 +++++ src/config/file.ts | 20 +++++++++++--------- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/lib/entry-points.js b/lib/entry-points.js index dcbb94c2f5..cdbd6ab82b 100644 --- a/lib/entry-points.js +++ b/lib/entry-points.js @@ -159658,15 +159658,18 @@ function getConfigFileInput(logger, actions, repositoryProperties, useRepository logger.info(`Using configuration file input from workflow: ${input}`); return input; } - if (!useRepositoryProperty) { - return void 0; - } const propertyValue = repositoryProperties["github-codeql-config-file" /* CONFIG_FILE */]; if (propertyValue !== void 0 && propertyValue.trim().length > 0) { - logger.info( - `Using configuration file input from repository property: ${propertyValue}` - ); - return propertyValue; + if (useRepositoryProperty) { + logger.info( + `Using configuration file input from repository property: ${propertyValue}` + ); + return propertyValue; + } else { + logger.info( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled." + ); + } } return void 0; } diff --git a/src/config/file.test.ts b/src/config/file.test.ts index 442d74e854..fef6088297 100644 --- a/src/config/file.test.ts +++ b/src/config/file.test.ts @@ -101,4 +101,9 @@ test("getConfigFileInput ignores repository property value when FF is off", asyn "Using configuration file input from repository property", ), ); + t.true( + logger.hasMessage( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled.", + ), + ); }); diff --git a/src/config/file.ts b/src/config/file.ts index 9df95cc01f..6b8dfdcdcb 100644 --- a/src/config/file.ts +++ b/src/config/file.ts @@ -21,19 +21,21 @@ export function getConfigFileInput( return input; } - // Don't take the repository property into consideration if the FF is not enabled. - if (!useRepositoryProperty) { - return undefined; - } - const propertyValue = repositoryProperties[RepositoryPropertyName.CONFIG_FILE]; if (propertyValue !== undefined && propertyValue.trim().length > 0) { - logger.info( - `Using configuration file input from repository property: ${propertyValue}`, - ); - return propertyValue; + // Only use the repository property value if the FF is enabled. + if (useRepositoryProperty) { + logger.info( + `Using configuration file input from repository property: ${propertyValue}`, + ); + return propertyValue; + } else { + logger.info( + "Ignoring configuration file input from repository property, because the corresponding feature flag is disabled.", + ); + } } return undefined;