Skip to content

Fall back to non-overlay analysis when diff-informed analysis is unavailable#3791

Open
sam-robson wants to merge 1 commit intomainfrom
sam-robson/overlay-fallback
Open

Fall back to non-overlay analysis when diff-informed analysis is unavailable#3791
sam-robson wants to merge 1 commit intomainfrom
sam-robson/overlay-fallback

Conversation

@sam-robson
Copy link
Copy Markdown
Contributor

@sam-robson sam-robson commented Mar 30, 2026

When overlay analysis is enabled for a PR but diff-informed analysis fails (e.g. deleted branch, API error, too many changed files), the action previously continued with overlay-only analysis. This is an untested combination that can produce inaccurate results. Now we fall back to a full non-overlay analysis instead.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

  • Other - Manual code review. The change is a single conditional guard following established patterns in the same file. No unit tests due to the init-action entry point side-effect constraint, but the logic is minimal (3 conditions + mode revert).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@github-actions github-actions bot added the size/XS Should be very easy to review label Mar 30, 2026
@sam-robson sam-robson force-pushed the sam-robson/overlay-fallback branch 2 times, most recently from 472336b to 8c82546 Compare March 30, 2026 09:50
@sam-robson sam-robson marked this pull request as ready for review March 30, 2026 13:11
@sam-robson sam-robson requested a review from a team as a code owner March 30, 2026 13:11
Copilot AI review requested due to automatic review settings March 30, 2026 13:11
Copilot AI reviewed Mar 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Ensures the CodeQL init step avoids the unsupported “overlay-only” mode by falling back to a full non-overlay analysis when diff-informed analysis was expected but didn’t produce the pr-diff-range.json output.

Changes:

  • Add a hasDiffRangesJsonFile() helper to detect whether pr-diff-range.json was produced.
  • In init-action, revert overlayDatabaseMode to None when overlay is enabled, diff-informed analysis should have run, but the diff ranges file is missing.
  • Update the generated lib/init-action.js to reflect the TypeScript changes.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/init-action.ts Adds a guard to revert overlay mode to non-overlay when diff-informed output is missing.
src/diff-informed-analysis-utils.ts Introduces hasDiffRangesJsonFile() helper for detecting persisted diff ranges output.
lib/init-action.js Generated build output reflecting the TypeScript changes (not reviewed).

@sam-robson sam-robson force-pushed the sam-robson/overlay-fallback branch from 8c82546 to 08f4ea7 Compare March 30, 2026 14:36
redsun82
redsun82 previously approved these changes Mar 31, 2026
View reviewed changes
@sam-robson sam-robson added this pull request to the merge queue Mar 31, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 31, 2026
@sam-robson sam-robson added this pull request to the merge queue Mar 31, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 31, 2026
@mbg mbg changed the title fix: fall back to non-overlay analysis when diff-informed analysis is unavailable Fall back to non-overlay analysis when diff-informed analysis is unavailable Mar 31, 2026
mbg
mbg requested changes Mar 31, 2026
View reviewed changes
src/init-action.ts Outdated
Comment on lines +443 to +466
// If overlay is enabled and diff-informed analysis should have run but
// failed to produce output, revert to non-overlay analysis. Overlay
// without diff-informed is an untested combination that can produce
// inaccurate results.
try {
if (
config.overlayDatabaseMode === OverlayDatabaseMode.Overlay &&
(await shouldPerformDiffInformedAnalysis(codeql, features, logger)) &&
!hasDiffRangesJsonFile()
) {
logger.warning(
"Diff-informed analysis is not available for this pull request. " +
`Reverting overlay database mode to ${OverlayDatabaseMode.None}.`,
);
config.overlayDatabaseMode = OverlayDatabaseMode.None;
}
} catch (e) {
logger.warning(
`Failed to determine diff-informed analysis availability, ` +
`reverting overlay database mode to ${OverlayDatabaseMode.None}: ${getErrorMessage(e)}`,
);
config.overlayDatabaseMode = OverlayDatabaseMode.None;
}

Copy link
Copy Markdown
Member

@mbg mbg Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be good to move this out of init-action.ts and into one of the overlay-specific modules if possible.

There's already a bunch of logic around overlay enablement there, so spreading that out across different locations isn't good.

We also have some frameworks for tests/diagnostics/telemetry there that this could factor into. In any case, this should have test coverage.

@sam-robson sam-robson force-pushed the sam-robson/overlay-fallback branch from 08f4ea7 to 3a6c216 Compare April 6, 2026 13:24
@github-actions github-actions bot added size/M Should be of average difficulty to review and removed size/XS Should be very easy to review labels Apr 6, 2026
@sam-robson sam-robson force-pushed the sam-robson/overlay-fallback branch from 3a6c216 to c9b00bb Compare April 6, 2026 13:25
@sam-robson sam-robson force-pushed the sam-robson/overlay-fallback branch from c9b00bb to 5e930d3 Compare April 6, 2026 13:45
@sam-robson sam-robson requested a review from mbg April 6, 2026 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@redsun82 redsun82 redsun82 left review comments

@mbg mbg Awaiting requested review from mbg

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

size/M Should be of average difficulty to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sam-robson @mbg @redsun82