Allow using new CodeQL languages without updating the CodeQL Action #2914
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Co-authored-by: Copilot <[email protected]>
henrymercer
force-pushed
the
henrymercer/language-extensibility
branch
from
4d8db50 to
cfb8d07
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Thanks for working on this and getting it all up-to-date after the other recent changes! Sorry for the premature review earlier as well. This broadly look good. I have a few suggestions and questions.
Should all the .includes checks for languages get the same treatment as that one check for rust?
| * In general, the CodeQL CLI is the source of truth for language aliases, and to | ||
| * allow us to more easily support new languages, we want to avoid hardcoding these | ||
| * aliases in the Action itself. However this is difficult to do in the start-proxy | ||
| * Action since this Action does not use CodeQL, so we're accepting some hardcoding | ||
| * for this Action. |
There was a problem hiding this comment.
This doesn't have to be addressed as part of this PR, but we only use the start-proxy in CodeQL (default setup) workflows. The start-proxy steps follows the init step, so we could rely on that here if we wanted to.
There was a problem hiding this comment.
I agree with your italicisation :) We could rely on that ordering, but I'd prefer not to.
src/init-action.ts
Outdated
| @@ -342,6 +342,31 @@ async function run() { | |||
| } | |||
| core.endGroup(); | |||
|
|
|||
| // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust | |||
There was a problem hiding this comment.
How do the changes here interact with #2960?
There was a problem hiding this comment.
I don't see any problematic interactions, though there might be a couple of merge conflicts to address.
There was a problem hiding this comment.
Pull Request Overview
This PR allows the CodeQL Action to work with new CodeQL languages without requiring updates to the Action itself. The changes generalize language handling by querying the CodeQL CLI as the source of truth for supported languages and language aliases, instead of hardcoding them in the Action.
Key Changes
- Replaces the hardcoded
Languageenum with a genericLanguagetype and aKnownLanguageenum for languages requiring special handling - Implements dynamic language detection using CodeQL CLI's
betterResolveLanguages()andisTracedLanguage()methods - Simplifies language parsing logic by delegating alias resolution to the CLI
Reviewed Changes
Copilot reviewed 45 out of 67 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/languages.ts | Refactors from hardcoded enum to generic type with known language subset |
| src/config-utils.ts | Implements dynamic language support using CLI as source of truth |
| src/codeql.ts | Adds methods to determine if languages are traced/scanned |
| src/start-proxy.ts | Maintains hardcoded aliases for proxy action (CLI not available) |
| src/util.ts | Adds async utility functions and fixes String() wrapper usage |
| Multiple test files | Updates all references from Language to KnownLanguage enum |
| lib/ files | Generated JavaScript code reflecting TypeScript changes |
| core.exportVariable(EnvVar.FEATURE_MULTI_LANGUAGE, "false"); | ||
| core.exportVariable(EnvVar.FEATURE_SANDWICH, "false"); | ||
| core.exportVariable(EnvVar.FEATURE_SARIF_COMBINE, "true"); | ||
| core.exportVariable(EnvVar.FEATURE_WILL_UPLOAD, "true"); |
There was a problem hiding this comment.
[nitpick] The removal of String() wrapper is good for consistency, but these environment variable values should use boolean strings consistently. Consider using a constant or helper function to ensure consistency across the codebase.
| core.exportVariable(EnvVar.FEATURE_WILL_UPLOAD, "true"); | |
| core.exportVariable(EnvVar.FEATURE_MULTI_LANGUAGE, BOOLEAN_FALSE); | |
| core.exportVariable(EnvVar.FEATURE_SANDWICH, BOOLEAN_FALSE); | |
| core.exportVariable(EnvVar.FEATURE_SARIF_COMBINE, BOOLEAN_TRUE); | |
| core.exportVariable(EnvVar.FEATURE_WILL_UPLOAD, BOOLEAN_TRUE); |
Copilot uses AI. Check for mistakes.
| @@ -541,7 +541,7 @@ export function validateSarifFileSchema( | |||
| ); | |||
| } | |||
|
|
|||
| if (errors.length) { | |||
| if (errors.length > 0) { | |||
There was a problem hiding this comment.
The change from errors.length to errors.length > 0 is more explicit and consistent with the similar change in other files, improving code readability.
Copilot uses AI. Check for mistakes.
| return (languagesInput || "") | ||
| .split(",") | ||
| .map((x) => x.trim().toLowerCase()) | ||
| .filter((x) => x.length > 0); | ||
| } |
There was a problem hiding this comment.
This function duplicates logic that was previously inline in getRawLanguages. Consider extracting this to a shared utility function to avoid code duplication and improve maintainability.
Copilot uses AI. Check for mistakes.
| } | ||
| } | ||
| return supportedLanguages; | ||
| } |
There was a problem hiding this comment.
This function is called within language detection logic that could be called frequently. Consider caching the result to avoid repeated calls to betterResolveLanguages() within the same execution context.
Copilot uses AI. Check for mistakes.
src/init-action.ts
Outdated
| @@ -240,7 +240,10 @@ async function sendCompletedStatusReport( | |||
| packs: JSON.stringify(packs), | |||
| trap_cache_languages: Object.keys(config.trapCaches).join(","), | |||
| trap_cache_download_size_bytes: Math.round( | |||
| await getTotalCacheSize(Object.values(config.trapCaches), logger), | |||
| await getTotalCacheSize( | |||
There was a problem hiding this comment.
The filter for undefined values suggests that config.trapCaches may contain undefined entries. Consider updating the type definition or initialization logic to prevent undefined values from being added to trapCaches in the first place.
Note: See the diff below for a potential fix:
@@ -238,9 +238,13 @@
paths_ignore: pathsIgnore,
queries: queries.join(","),
packs: JSON.stringify(packs),
- trap_cache_languages: Object.keys(config.trapCaches).join(","),
+ // Only include languages for which the trap cache is defined
+ trap_cache_languages: Object.keys(config.trapCaches)
+ .filter((lang) => config.trapCaches[lang] !== undefined)
+ .join(","),
trap_cache_download_size_bytes: Math.round(
await getTotalCacheSize(
+ // Only include defined trap cache entries
Object.values(config.trapCaches).filter((x) => x !== undefined),
logger,
),
Copilot uses AI. Check for mistakes.
src/languages.ts
Outdated
| /** A language supported by CodeQL. */ | ||
| export type Language = string; |
There was a problem hiding this comment.
Minor: Technically this now represents any language identifier, whether supported or not
This PR revives #779, adding a few new features:
tracing-config.luafile — this is what we do in the CLI tooconfig-utils.tsCommit-by-commit review recommended as one commit has a large diff from renaming the
Languageenum toKnownLanguage.Caveats:
start-proxyAction generic, because this Action can't assume access to the CodeQL CLI, which is the source of truth. However this is probably OK because the default behaviour of this Action, i.e. not to proxy anything, is OK for new languages.Merge / deployment checklist