Ensure that proxy log artifacts have unique names #3409
Conversation
There was a problem hiding this comment.
Pull request overview
This PR refactors the debug artifact upload code to ensure proxy log artifacts have unique names in matrix workflows. Previously, the start-proxy post action used a fixed artifact name "proxy-log-file", which caused upload failures in matrix workflows where multiple jobs would attempt to upload artifacts with the same name.
Changes:
- Extracted the matrix suffix generation logic into a reusable
getArtifactSuffix()function - Created a new
uploadArtifacts()function that handles artifact uploads with matrix suffix support - Updated
start-proxy-action-post.tsto use the newuploadArtifacts()function instead of manually managing artifact uploads
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/start-proxy-action-post.ts | Simplified to call the new uploadArtifacts() function instead of manually creating an uploader and uploading with a fixed name |
| src/debug-artifacts.ts | Extracted getArtifactSuffix() function and created new uploadArtifacts() function to handle uploads with matrix suffix support |
| src/debug-artifacts.test.ts | Added comprehensive tests for the new getArtifactSuffix() function |
| lib/*.js | Generated JavaScript files updated to match TypeScript changes |
|
I re-ran the "Start proxy" PR check in debug mode to exercise the new logic. This worked as expected: https://github.com/github/codeql-action/actions/runs/21172332497/job/60892639862?pr=3409#step:12:79 |
esbena
left a comment
esbena
left a comment
There was a problem hiding this comment.
LGTM with some comments on the existing code that I made before I realised it was just moving around..
| // Enumerates different, possible outcomes for artifact uploads. | ||
| export type UploadArtifactsResult = | ||
| | "no-artifacts-to-upload" | ||
| | "upload-successful" | ||
| | "upload-failed"; |
There was a problem hiding this comment.
How about using an enum?
There was a problem hiding this comment.
I probably would've gone for an enum if this was new, but I stuck with what we already had here (just named it for reusability).
src/debug-artifacts.ts
Outdated
| let suffix = ""; | ||
| if (matrix) { | ||
| try { | ||
| const matrixObject = JSON.parse(matrix) as any[][]; |
There was a problem hiding this comment.
For improved type safety, should this be unknown[][]?
There was a problem hiding this comment.
I changed this to not assume anything about what JSON.parse might return, since for user-specified input it could be any valid JSON value. Instead, I added a check that matrixObject is actually a JS object and then just assume that it is an object after that.
github-actions
bot
added
size/M
The post action for
start-proxyuploads the authentication proxy's logs in debug mode. However, it currently uses a fixed name for this (alwaysproxy-log-file). This is a problem in e.g. matrix'ed workflows where multiple CodeQL jobs may want to upload the respective proxy logs.This PR lightly refactors our existing code for uploading debug artifacts, where we already address this problem for other debug artifacts, so that the same functions can then be used for the
start-proxypost action.Risk assessment
For internal use only. Please select the risk level of this change:
Which use cases does this change impact?
Workflow types:
dynamicworkflows (Default Setup, CCR, ...).Products:
analysis-kinds: code-scanning.analysis-kinds: code-quality.Environments:
github.comand/or GitHub Enterprise Cloud with Data Residency.How did/will you validate this change?
.test.tsfiles).pr-checks).If something goes wrong after this change is released, what are the mitigation and rollback strategies?
How will you know if something goes wrong after this change is released?
Are there any special considerations for merging or releasing this change?
Merge / deployment checklist