- 
                Notifications
    You must be signed in to change notification settings 
- Fork 409
Prefer providing CodeQL via dependency injection #3011
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR refactors the CodeQL Action codebase to prefer dependency injection of CodeQL instances over using global cached instances. The change makes CodeQL usage more explicit and facilitates better testing by providing stub CodeQL objects directly to functions that need them.
- Replaces setCodeQLwithcreateStubCodeQLto create stub instances without modifying global state
- Updates functions to accept CodeQLparameters instead of internally callinggetCodeQL
- Modifies test files to pass stub CodeQL instances explicitly
Reviewed Changes
Copilot reviewed 28 out of 42 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description | 
|---|---|
| src/trap-caching.test.ts | Updates test to use createStubCodeQLinstead ofsetCodeQL | 
| src/testing-utils.ts | Changes test utility to use createStubCodeQL | 
| src/init-action-post.ts | Adds CodeQL parameter to initActionPostHelper.runcall | 
| src/init-action-post-helper.ts | Updates function signatures to accept CodeQL via dependency injection | 
| src/init-action-post-helper.test.ts | Passes stub CodeQL instances to test functions | 
| src/debug-artifacts.ts | Updates functions to accept CodeQL parameter instead of calling getCodeQLinternally | 
| src/database-upload.test.ts | Changes test to use createStubCodeQL | 
| src/config-utils.test.ts | Updates multiple test cases to use createStubCodeQLand removes unusedgetCachedCodeQLcalls | 
| src/codeql.ts | Refactors setCodeQLto callcreateStubCodeQLand removesgetCachedCodeQLfunction | 
| src/analyze.ts | Updates runQueriesto accept CodeQL parameter | 
| src/analyze.test.ts | Updates test to use createStubCodeQLand pass CodeQL instance torunQueries | 
| src/analyze-action.ts | Passes CodeQL instance to runQueriescall | 
| src/analyze-action-input.test.ts | Adds assertions to verify function calls | 
| src/analyze-action-env.test.ts | Adds assertions to verify function calls | 
| lib/* files | Generated JavaScript equivalents of TypeScript changes | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a nice change, definitely makes it clearer when the CodeQL object is used.
It would be nice if we could get rid of setCodeQL entirely.
| const threadsFlag = ""; | ||
| sinon.stub(uploadLib, "validateSarifFileSchema"); | ||
|  | ||
| for (const language of Object.values(KnownLanguage)) { | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just an observation unrelated to this PR: KnownLanguage doesn't include "actions" anymore, so that doesn't get tested here.
| 
 Agreed, though this is trickier since we have a couple of tests that run the top-level Actions, namely  | 
This makes it more obvious when CodeQL is being used, and therefore when we might need to provide stubs in tests.
Merge / deployment checklist