Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Overlay: Check database metadata for overlayBaseSpecifier#3340

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
kaspersv merged 4 commits intomainfromkaspersv/check-for-overlayBaseSpecifier
Dec 9, 2025

Conversation

@kaspersv
Copy link
Contributor

This PR adds an additional validity check for overlay-base databases before uploading an overlay-base to the actions cache or using an overlay-base for overlay analysis. The additional check consists of runningcodeql resolve database and checking for the existence of anoverlayBaseSpecifier key.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users withdynamic workflows (Default Setup, CCR, ...).

Products:

  • Code Scanning - The changes impact analyses whenanalysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses whenanalysis-kinds: code-quality.

Environments:

  • Dotcom - Impacts CodeQL workflows ongithub.com.

How did/will you validate this change?

  • Test repository - This change will be tested on a test repository before merging.
  • Unit tests - I am depending on unit test coverage (i.e. tests in.test.ts files).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.
  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.
  • Special considerations - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding achangelog entry for this change.
  • Confirm thereadme and docs have been updated if necessary.

@github-actionsgithub-actionsbot added the size/SShould be easy to review labelDec 3, 2025
@kaspersvkaspersvforce-pushed thekaspersv/check-for-overlayBaseSpecifier branch from35d5d53 to6391bd0CompareDecember 3, 2025 08:28
@kaspersvkaspersv changed the titleKaspersv/check for overlay base specifierOverlay: Check database metadata for overlayBaseSpecifierDec 3, 2025
@kaspersvkaspersvforce-pushed thekaspersv/check-for-overlayBaseSpecifier branch 4 times, most recently fromfd0d09f toaff036bCompareDecember 3, 2025 09:15
@kaspersv
Copy link
ContributorAuthor

The failingCode-Scanning config CLI tests appear to be unrelated to this PR and the same failure has been observed on an unrelateddependabot PR.

@kaspersvkaspersv requested a review frommbgDecember 3, 2025 09:53
@kaspersvkaspersv marked this pull request as ready for reviewDecember 3, 2025 09:53
CopilotAI review requested due to automatic review settingsDecember 3, 2025 09:53
@kaspersvkaspersv requested a review froma team as acode ownerDecember 3, 2025 09:53
Copy link
Contributor

CopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull request overview

This PR adds an additional validation check for overlay-base databases by runningcodeql resolve database and verifying the presence of anoverlayBaseSpecifier key in the database metadata. This check helps ensure that only valid overlay-base databases are uploaded to the cache or used for overlay analysis.

Key changes:

  • NewresolveDatabase method added to the CodeQL CLI interface that runscodeql resolve database --format=json
  • EnhancedcheckOverlayBaseDatabase function to validate theoverlayBaseSpecifier metadata for each language
  • Test coverage added for the new validation scenario whereoverlayBaseSpecifier is missing

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 4 comments.

Show a summary per file
FileDescription
src/codeql.tsAddedresolveDatabase method andResolveDatabaseOutput interface to support querying database metadata
src/overlay-database-utils.tsEnhanced overlay-base database validation to check foroverlayBaseSpecifier usingcodeql resolve database
src/overlay-database-utils.test.tsAdded test case for missingoverlayBaseSpecifier and updated test infrastructure to mockresolveDatabase
src/testing-utils.tsChanged default language increateTestConfig from empty array to[KnownLanguage.java] to support tests that iterate over languages
lib/*.jsAuto-generated JavaScript files reflecting the TypeScript changes

resolveDatabaseOutput===undefined||
!("overlayBaseSpecifier"inresolveDatabaseOutput)
){
logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`);
Copy link

CopilotAIDec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The logging level here should belogger.warning instead oflogger.info to be consistent with line 189 where a similar validation failure is logged as a warning. Validation failures that cause the function to return false should be warnings so they're visible in the logs.

Suggested change
logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`);
logger.warning(`${warningPrefix}: no overlayBaseSpecifier defined`);

Copilot uses AI. Check for mistakes.
Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

The info log-level is intentional. The extractor is allowed to decide not to produce an overlay-base. This will for instance happen for Go if the extractor is asked to produce an overlay-base for a traced build. In that case the Go extractor will decide not to produce an overlay-base and we shouldn't generate a warning for that case.

@kaspersvkaspersvforce-pushed thekaspersv/check-for-overlayBaseSpecifier branch fromc96efdb to505fdd0CompareDecember 3, 2025 10:25
@kaspersvkaspersvforce-pushed thekaspersv/check-for-overlayBaseSpecifier branch from505fdd0 toc4efbdaCompareDecember 3, 2025 12:40
@kaspersv
Copy link
ContributorAuthor

Rebased on top of#3341.

@kaspersvkaspersv requested review fromhenrymercer and removed request formbgDecember 4, 2025 12:43
@kaspersvkaspersv assignedhenrymercer and unassignedmbgDec 4, 2025
Copy link
Contributor

@henrymercerhenrymercer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

A couple of suggestions otherwise this looks good 👍

kaspersv reacted with thumbs up emoji
logger.info(`${warningPrefix}: no overlayBaseSpecifier defined`);
returnfalse;
}else{
logger.info(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Should this be a debug level log? I had a quick look and it looks like this is not within a log group.

Copy link
ContributorAuthor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Yes, it makes sense to log at debug log-level in the else branch, to avoid logging unnecessarily in the default case where anoverlayBaseSpecifier is present. I would still like to keep the log that nooverlayBaseSpecifier was present at info level.

kaspersvand others added2 commitsDecember 9, 2025 09:41
@kaspersvkaspersv merged commitc43362b intomainDec 9, 2025
241 checks passed
@kaspersvkaspersv deleted the kaspersv/check-for-overlayBaseSpecifier branchDecember 9, 2025 10:37
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

Copilot code reviewCopilotCopilot left review comments

@henrymercerhenrymercerhenrymercer approved these changes

Assignees

@henrymercerhenrymercer

Labels

size/SShould be easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kaspersv@henrymercer@mbg
[8]ページ先頭
©2009-2025 Movatter.jp