Ensure artifacts are only uploaded in safe situations #2726
Conversation
This commit: Turns on uploading of artifacts again but only if CLI version is >= 2.20.3. I implemented the check using our feature flag functionality. I was on the fence about this since it makes the PR more complex. However, it does give us more flexibility when controlling artifact uploads. Also, I renamed the two workflows that were previously disabled. This way we will not accidentally enable the old workflows for previous versions of the action.
There was a problem hiding this comment.
Copilot reviewed 17 out of 17 changed files in this pull request and generated no comments.
Comments suppressed due to low confidence (1)
src/debug-artifacts.ts:300
- No test confirms the 'upload-successful' scenario. Adding a test that verifies successful artifact uploads would provide more complete coverage.
return "upload-successful";
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
Using the feature flag mechanism for checking if uploads are enabled was too clunky. I'm moving the change to checking versions directly.
aeisenberg
force-pushed
the
aeisenberg/reenable-artifact-upload
branch
from
7201315 to
f71067b
Compare
Not sure why we need this now, but didn't before.
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| version: | ||
| - stable-v2.20.3 | ||
| - default | ||
| - linked | ||
| - nightly-latest |
There was a problem hiding this comment.
We are now matrixing the build because we want to be sure it is working in the versions we know about.
src/debug-artifacts.test.ts
Outdated
| t.is( | ||
| uploaded, | ||
| "upload-not-supported", | ||
| "Expect failure to upload artifacts since root dir does not exist", |
There was a problem hiding this comment.
I think this test failure should be because the CodeQL version is old and not supported here?
There was a problem hiding this comment.
I think this comment is still valid on this test — the failure should be because the upload is not supported on this version of the CLI, right?
There was a problem hiding this comment.
Oops. Yes. You're right about this one. I'll change it.
|
@angelapwen, do these comments clarify things? |
Yes! I think one comment is still valid, posted above! |
Turns on uploading of artifacts again but only if CLI version is >= 2.20.3.
I implemented the check using our feature flag functionality. I was on the fence about this since it makes the PR more complex. However, it does give us more flexibility when controlling artifact uploads.I've changed the PR so that it checks versions directly.
Also, I renamed the two workflows that were previously disabled. This way we will not accidentally enable the old workflows for previous versions of the action.
Merge / deployment checklist