Skip to content

Add support for the repository properties API #3126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mbg merged 23 commits into from
Sep 23, 2025
Merged

Add support for the repository properties API #3126

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
96ca55b
Ava: Run all tests in `src/` directory
mbg Sep 20, 2025
4f9b2f7
Add initial client for repository properties
mbg Sep 19, 2025
3b00d03
Load repository properties and store them in the `Config`
mbg Sep 19, 2025
6150aff
Add and use `QuerySpec` type
mbg Sep 19, 2025
ed216a0
Include queries from repo properties in `AugmentationProperties`
mbg Sep 20, 2025
781a65a
Use appropriate error message in `parseQueriesFromInput` for repo pro…
mbg Sep 20, 2025
1bfb67d
Refactor combining queries into its own function
mbg Sep 20, 2025
d14a212
Include repo property queries in `combineQueries`
mbg Sep 20, 2025
c7eb488
Add tests
mbg Sep 20, 2025
d46a178
Sort `queries` array in `check-codescanning-config`
mbg Sep 22, 2025
6bb4ad3
Update .github/actions/check-codescanning-config/index.ts
mbg Sep 22, 2025
54746c8
Fix `expected-config-file-contents`
mbg Sep 22, 2025
889d482
Add logging to `combineQueries`
mbg Sep 22, 2025
05310c6
Ignore repository property query config if CQ-only analysis
mbg Sep 22, 2025
b4f966a
Add FF to control whether to fetch repository properties
mbg Sep 22, 2025
40262b1
Add `getRepositoryProperties` to `api-client`, for easier mocking
mbg Sep 23, 2025
07920e8
Fix using `keys` instead of `values`
mbg Sep 23, 2025
7f73f8c
Add unit tests for `properties` module
mbg Sep 23, 2025
0a75581
Check that we are on dotcom
mbg Sep 23, 2025
205b6ba
Rebuild
mbg Sep 23, 2025
4178e15
Only disable `loadPropertiesFromApi` on GHES
mbg Sep 23, 2025
54bbe82
Always log when queries are configured in the repository properties
mbg Sep 23, 2025
5a4aa83
Always log when combining queries is disabled in the repo properties
mbg Sep 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 16 additions & 7 deletions lib/init-action.js
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions src/codeql.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -659,15 +659,15 @@ test(
},
{
queries: [
{
uses: "zzz",
},
{
uses: "xxx",
},
{
uses: "yyy",
},
{
uses: "zzz",
},
],
},
);
Expand Down
46 changes: 37 additions & 9 deletions src/config/db-config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,25 +364,53 @@ function parseQueriesFromInput(
/**
* Combines queries from various configuration sources.
*
* @param augmentedConfig The loaded configuration file (either `config-file` or `config` input).
* @param config The loaded configuration file (either `config-file` or `config` input).
* @param augmentationProperties Additional configuration data from other sources.
* @returns Returns `augmentedConfig` with `queries` set to the computed array of queries.
*/
function combineQueries(
augmentedConfig: UserConfig,
config: UserConfig,
augmentationProperties: AugmentationProperties,
): QuerySpec[] | undefined {
): QuerySpec[] {
const result: QuerySpec[] = [];

// Query settings obtained from the repository properties have the highest precedence.
Comment thread
henrymercer marked this conversation as resolved.
if (
augmentationProperties.repoPropertyQueries &&
augmentationProperties.repoPropertyQueries.input
) {
// If there are queries configured as a repository property, these may be organisational
// settings. If they don't allow combining with other query configurations, return just the
// ones configured in the repository properties.
if (!augmentationProperties.repoPropertyQueries.combines) {
return augmentationProperties.repoPropertyQueries.input;
} else {
// Otherwise, add them to the query array and continue.
result.push(...augmentationProperties.repoPropertyQueries.input);
}
}

// If there is a `queries` input to the Action, it has the next highest precedence.
if (augmentationProperties.queriesInput) {
if (augmentationProperties.queriesInputCombines) {
return (augmentedConfig.queries || []).concat(
augmentationProperties.queriesInput,
);
// If there is a `queries` input and `queriesInputCombines` is `false`, then we don't
// combine it with the queries configured in the configuration file (if any). That is the
// original behaviour of this property. However, we DO combine it with any queries that
// we obtained from the repository properties, since that may be enforced by the organisation.
if (!augmentationProperties.queriesInputCombines) {
return result.concat(augmentationProperties.queriesInput);
} else {
return augmentationProperties.queriesInput;
// If they combine, add them to the query array and continue.
result.push(...augmentationProperties.queriesInput);
}
}

return augmentedConfig.queries;
// If we get to this point, we either don't have any extra configuration inputs or all of them
// allow themselves to be combined with the settings from the configuration file.
if (config.queries) {
result.push(...config.queries);
}

return result;
}

export function generateCodeScanningConfig(
Expand Down