KEMBAR78
Add `setup-codeql` action by mbg · Pull Request #3204 · github/codeql-action · GitHub
Skip to content

Add setup-codeql action #3204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 17, 2025
Merged

Add setup-codeql action #3204

merged 9 commits into from
Oct 17, 2025
+87,949 −17

Conversation

@mbg
Copy link
Member

@mbg mbg commented Oct 12, 2025

This PR takes a stab at adding a setup-codeql action, which just installs the CodeQL CLI. Unlike init, it does not initialise a database.

This doesn't change the init action in any way yet. I.e. the goal of this PR is not to support running setup-codeql followed by init, but just setup-codeql on its own with no subsequent codeql-action steps.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Currently, none.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg force-pushed the mbg/setup-codeql branch from 13f34d1 to 80220dc Compare October 12, 2025 13:14
@mbg mbg marked this pull request as ready for review October 16, 2025 13:50
@mbg mbg requested a review from a team as a code owner October 16, 2025 13:50
@Copilot Copilot AI review requested due to automatic review settings October 16, 2025 13:50
Copilot
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces a new experimental setup-codeql action that installs the CodeQL CLI without initializing a database, providing a more focused tool setup capability separate from the existing init action.

Key changes:

  • Adds a standalone setup-codeql action for CodeQL CLI installation only
  • Creates new action entry point with status reporting integration
  • Updates test workflows to use the new action instead of init

Reviewed Changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/status-report.ts Adds SetupCodeQL action name enum for telemetry tracking
src/setup-codeql-action.ts New action implementation that installs CodeQL CLI and sets outputs
setup-codeql/action.yml Action definition with inputs/outputs for the new setup action
pr-checks/checks/bundle-from-toolcache.yml Updates test to use setup-codeql instead of init
README.md Documents the new experimental action
CHANGELOG.md Records the addition of the new action
.github/workflows/__bundle-from-toolcache.yml Generated workflow file reflecting test changes

henrymercer
henrymercer reviewed Oct 16, 2025
View reviewed changes
Copy link
Contributor

@henrymercer henrymercer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! If we aren't yet supporting running init after setup-codeql, should it be a configuration error to do so?

@mbg mbg force-pushed the mbg/setup-codeql branch from 84db292 to c0e8887 Compare October 17, 2025 11:18
@mbg mbg enabled auto-merge October 17, 2025 12:42
@mbg mbg merged commit 97a4f75 into main Oct 17, 2025
248 of 249 checks passed
@mbg mbg deleted the mbg/setup-codeql branch October 17, 2025 12:47
This was referenced Oct 17, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mbg @henrymercer