Skip to content

Prefer providing CodeQL via dependency injection #3011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 7, 2025
Merged

Prefer providing CodeQL via dependency injection #3011

merged 2 commits into from
Aug 7, 2025

Conversation

henrymercer
Copy link
Contributor

This makes it more obvious when CodeQL is being used, and therefore when we might need to provide stubs in tests.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

@henrymercer henrymercer requested a review from a team as a code owner August 7, 2025 11:21
@Copilot Copilot AI review requested due to automatic review settings August 7, 2025 11:21
Copilot
Copilot AI reviewed Aug 7, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the CodeQL Action codebase to prefer dependency injection of CodeQL instances over using global cached instances. The change makes CodeQL usage more explicit and facilitates better testing by providing stub CodeQL objects directly to functions that need them.

  • Replaces setCodeQL with createStubCodeQL to create stub instances without modifying global state
  • Updates functions to accept CodeQL parameters instead of internally calling getCodeQL
  • Modifies test files to pass stub CodeQL instances explicitly

Reviewed Changes

Copilot reviewed 28 out of 42 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/trap-caching.test.ts Updates test to use createStubCodeQL instead of setCodeQL
src/testing-utils.ts Changes test utility to use createStubCodeQL
src/init-action-post.ts Adds CodeQL parameter to initActionPostHelper.run call
src/init-action-post-helper.ts Updates function signatures to accept CodeQL via dependency injection
src/init-action-post-helper.test.ts Passes stub CodeQL instances to test functions
src/debug-artifacts.ts Updates functions to accept CodeQL parameter instead of calling getCodeQL internally
src/database-upload.test.ts Changes test to use createStubCodeQL
src/config-utils.test.ts Updates multiple test cases to use createStubCodeQL and removes unused getCachedCodeQL calls
src/codeql.ts Refactors setCodeQL to call createStubCodeQL and removes getCachedCodeQL function
src/analyze.ts Updates runQueries to accept CodeQL parameter
src/analyze.test.ts Updates test to use createStubCodeQL and pass CodeQL instance to runQueries
src/analyze-action.ts Passes CodeQL instance to runQueries call
src/analyze-action-input.test.ts Adds assertions to verify function calls
src/analyze-action-env.test.ts Adds assertions to verify function calls
lib/* files Generated JavaScript equivalents of TypeScript changes

mbg
mbg previously approved these changes Aug 7, 2025
View reviewed changes
Copy link
Member

@mbg mbg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a nice change, definitely makes it clearer when the CodeQL object is used.

It would be nice if we could get rid of setCodeQL entirely.

src/analyze.test.ts
@@ -42,7 +42,7 @@ test("status report fields", async (t) => {
sinon.stub(uploadLib, "validateSarifFileSchema");

for (const language of Object.values(KnownLanguage)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just an observation unrelated to this PR: KnownLanguage doesn't include "actions" anymore, so that doesn't get tested here.

@henrymercer
Copy link
Contributor Author

It would be nice if we could get rid of setCodeQL entirely.

Agreed, though this is trickier since we have a couple of tests that run the top-level Actions, namely src/analyze-action-env.test.ts and src/analyze-action-input.test.ts. It might be worth seeing if we can rewrite these without losing coverage, but I'll leave that as future work.

Base automatically changed from henrymercer/cleanup-for-mrva to main August 7, 2025 14:31
@henrymercer henrymercer dismissed mbg’s stale review August 7, 2025 14:31

The base branch was changed.

@henrymercer henrymercer requested a review from mbg August 7, 2025 14:33
@henrymercer henrymercer enabled auto-merge August 7, 2025 14:33
@henrymercer henrymercer merged commit 4a32399 into main Aug 7, 2025
282 checks passed
@henrymercer henrymercer deleted the henrymercer/prefer-injecting-codeql branch August 7, 2025 14:45
@github-actions github-actions bot mentioned this pull request Aug 8, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@mbg mbg mbg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@henrymercer @mbg