Skip to content

Update wording in some log messages #3227

Merged
mbg merged 4 commits intomainfrom
mbg/permission-warning
Oct 23, 2025
Merged

Update wording in some log messages #3227
mbg merged 4 commits intomainfrom
mbg/permission-warning

Conversation

@mbg
Copy link
Member

@mbg mbg commented Oct 23, 2025

This PR just updates some log messages to be more accurate to reflect that the CodeQL Action can be used in different contexts.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

  • Advanced setup - Impacts users who have custom workflows.
  • Default setup - Impacts users who use default setup.
  • Code Scanning - Impacts Code Scanning (i.e. analysis-kinds: code-scanning).
  • Code Quality - Impacts Code Quality (i.e. analysis-kinds: code-quality).
  • Third-party analyses - Impacts third-party analyses (i.e. upload-sarif).
  • GHES - Impacts GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg requested a review from a team as a code owner October 23, 2025 12:11
Copilot AI review requested due to automatic review settings October 23, 2025 12:11
@github-actions github-actions bot added the size/XS Should be very easy to review label Oct 23, 2025
Copilot AI reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates log messages throughout the CodeQL Action codebase to improve accuracy and reflect that the Action can be used in different contexts beyond Code Scanning. Key terminology changes include replacing "Code Scanning API" with "CodeQL Action API" and generalizing references from "Code Scanning" to "CodeQL" where appropriate.

Key Changes

  • Updated API endpoint references from "Code Scanning API" to "CodeQL Action API" in feature flag loading and status reporting
  • Changed permission guidance from referencing "the Action" to "the workflow" with more accurate permission requirements (security-events: read instead of security-events: write)
  • Generalized product-specific references from "Code Scanning" to "CodeQL" in user-facing messages

Reviewed Changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/status-report.ts Updated error messages to reference CodeQL Action API endpoints, improved permission guidance, added backticks to codeql-action references, and generalized product terminology
src/feature-flags.ts Updated debug and warning messages to reference CodeQL Action API instead of Code Scanning API, improved permission guidance
lib/upload-sarif-action.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting
lib/start-proxy-action.js Generated JavaScript reflecting TypeScript changes in status reporting
lib/setup-codeql-action.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting
lib/resolve-environment-action.js Generated JavaScript reflecting TypeScript changes in status reporting
lib/init-action.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting
lib/init-action-post.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting
lib/autobuild-action.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting
lib/analyze-action.js Generated JavaScript reflecting TypeScript changes in feature flags and status reporting

@mbg mbg force-pushed the mbg/permission-warning branch from 8be6813 to 40b4cdd Compare October 23, 2025 12:12
esbena
esbena approved these changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@esbena esbena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
For loose fixes like these I find that copilot has a pretty good hit rate when asked to find places to do similar fixes.

@mbg mbg merged commit 9625890 into main Oct 23, 2025
243 checks passed
@mbg mbg deleted the mbg/permission-warning branch October 23, 2025 15:30
This was referenced Oct 24, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@esbena esbena esbena approved these changes

Assignees

No one assigned

Labels

size/XS Should be very easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbg @esbena