Skip to content

Always skip database upload if AnalysisKind.CodeScanning is not enabled#3221

Merged
mbg merged 1 commit intomainfrom
mbg/code-quality/skip-db-upload
Oct 21, 2025
Merged

Always skip database upload if AnalysisKind.CodeScanning is not enabled#3221
mbg merged 1 commit intomainfrom
mbg/code-quality/skip-db-upload

Conversation

@mbg
Copy link
Member

@mbg mbg commented Oct 21, 2025

Databases that are produced if analysis-kinds: code-quality is the only enabled analysis kind are initialised for a different set of queries than those that are initialised if analysis-kinds: code-scanning is enabled. This shouldn't really be a problem in itself, but the API endpoint for database uploads also doesn't currently accept uploads if Code Scanning is not enabled. That results in a warning in the CodeQL Action, rather than an outright failure, but both of these points combined mean it probably makes sense for us to skip attempting a database upload.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

  • Advanced setup - Impacts users who have custom workflows.
  • Default setup - Impacts users who use default setup.
  • Code Quality - Impacts Code Quality (i.e. analysis-kinds: code-quality).

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg requested a review from henrymercer October 21, 2025 11:38
@mbg mbg self-assigned this Oct 21, 2025
@mbg mbg requested a review from a team as a code owner October 21, 2025 11:38
Copilot AI review requested due to automatic review settings October 21, 2025 11:38
Copilot AI reviewed Oct 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the CodeQL Action to skip database uploads when Code Scanning is not enabled as an analysis kind. This addresses the issue where the API endpoint for database uploads doesn't accept uploads without Code Scanning enabled, preventing unnecessary warnings in the workflow logs.

Key changes:

  • Added an early return check in uploadDatabases to skip upload when AnalysisKind.CodeScanning is not included in the enabled analysis kinds
  • Added corresponding unit test coverage to verify the new skip behavior

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
src/database-upload.ts Added check to skip database upload when Code Scanning analysis kind is not enabled
src/database-upload.test.ts Added test case to verify database upload is skipped without Code Scanning enabled
lib/analyze-action.js Generated JavaScript code corresponding to TypeScript changes

@github-actions github-actions bot added the size/S Should be easy to review label Oct 21, 2025
@mbg mbg merged commit 0c5185d into main Oct 21, 2025
243 checks passed
@mbg mbg deleted the mbg/code-quality/skip-db-upload branch October 21, 2025 12:10
This was referenced Oct 24, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

@mbg mbg

Labels

size/S Should be easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbg @henrymercer