Skip to content

Add ActionState type and make some initial use of it#3990

Draft
mbg wants to merge 14 commits into
mainfrom
mbg/action-state
Draft

Add ActionState type and make some initial use of it#3990
mbg wants to merge 14 commits into
mainfrom
mbg/action-state

Conversation

@mbg

@mbg mbg commented Jul 1, 2026

Copy link
Copy Markdown
Member

This PR extracts some changes from #3973 that add the new ActionState type. The ActionState type is indexed (at the type-level) over the types of state a corresponding value provides (essentially providing a primitive state effect system). Concretely, this allows:

  • ActionState values can be propagated easily throughout the implementation.
  • ActionState values can easily be mocked in tests.
  • By moving from using global state to ActionState, we will be able to run more tests in parallel in the future.
  • The type-level array of features allows functions to declare which state they require access to.
  • TypeScript checks that against usage in the function body. I.e. if a function tries to access state that it hasn't declared, then that is a type error.
  • Broader ActionState values can be passed to functions that require only a subset of features, but cannot use the features they don't declare.
  • TypeScript doesn't check that the declared usage is minimal, i.e. that functions only declare the features they need, but that is OK for the moment.

This PR adds the new type and surrounding infrastructure. It also updates some parts of the codebase to make use of it, but the goal of this PR is by no means to refactor the entire codebase to make use of ActionState values. The main example uses in this PR are:

  • A common runInActions wrapper to de-duplicate common code for the different Actions' entry points.
  • Simplifying interface of getConfigFileInput following Add FF for configuration file repository property #3983 and making use of the new TestEnv framework for the corresponding tests.

Notes for reviewers

  • For functions which don't pass on ActionState to other functions, I have deconstructed the objects with pattern-matching. This will go away more as we update more of the codebase to accept relevant ActionState values as inputs.
  • I have thought about the semantics of the logger in TestEnv for a while, but am not sure I have reached a satisfactory conclusion there. It probably makes sense for each TestEnv object to have its own logger, so that they are isolated from each other if multiple tests are run, but this makes it more awkward to inspect the results (since we have to acquire a reference to the logger of the TestEnv we call passes on). This could probably be improved, but may be outside the scope of this PR.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Advanced setup - Impacts users who have custom CodeQL workflows.
  • Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.
  • Other first-party - The changes impact other first-party analyses.
  • Third-party analyses - The changes affect the upload-sarif action.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg self-assigned this Jul 1, 2026
@github-actions github-actions Bot added the size/XL May be very hard to review label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size/XL May be very hard to review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant