Merged
Conversation
4a0c236 to
d6499fa
Compare
Contributor
robertbrignull
left a comment
There was a problem hiding this comment.
I haven't reviewed in huge detail. I can do that tomorrow or leave it to the CodeQL team. I have a couple of initial comments though.
As suggested in review: The `GITHUB_REPOSITORY` environment variable is only available on Actions. Passing it in explicitly avoids potentially crashing if this code is called from the runner.
3 tasks
aeisenberg
reviewed
Dec 15, 2021
Contributor
aeisenberg
left a comment
There was a problem hiding this comment.
Looks good. A few minor comments.
Contributor
robertbrignull
left a comment
There was a problem hiding this comment.
LGTM too once @aeisenberg is happy
Replaces the previous string literal type
6250a27 to
254816c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces feature flagging to the CodeQL Action via a GitHub API endpoint
/repositories/:repository_id/code-scanning/codeql-action/features(see backlinked issue). This API endpoint only exists on Dotcom, so for GHES and GHAE feature flags will all be marked as disabled.This is a general purpose solution that'll allow us to add many feature flags to the CodeQL Action while only calling a single API endpoint. In this PR we use this mechanism to replace the database uploading feature flags; in the future we'll use it to decide whether to run ML-powered queries.
I've written some unit tests for the feature flagging class, and verified that database upload works as expected on a repo with the feature flag enabled. Ideas for further testing welcome.
Merge / deployment checklist