Skip to content

Commit ebc1924

Browse files
felickzCopilot
andauthored
feat(ci): add copilot-setup-steps.yml for delegated CI-fix sessions (#174)
Pre-installs the pinned CodeQL CLI (via the existing install-codeql composite action) and clones the matching codeql-cli-<version> branch of github/codeql, so a Copilot coding agent session delegated to fix compile/test errors from a CLI bump has everything it needs to run `codeql pack install`/`codeql test run` itself instead of discovering and installing the CLI through trial and error. The github/codeql clone matters specifically for tests: several languages' test `options` files (e.g. java/test/**/options) reference third-party library stubs (log4j, servlet-api, etc.) via a relative path into a sibling github/codeql checkout rather than vendoring those stub jars into this repo - without it, codeql test run can't compile the test snippets at all. This mirrors what ci.yml's own "Install Packs" step already does. Also links this from CONTRIBUTING.md's "Fix any compilation/test errors" checklist item. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
1 parent 1c5a633 commit ebc1924

2 files changed

Lines changed: 61 additions & 1 deletion

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
name: "Copilot Setup Steps"
2+
3+
# Runs in Copilot coding agent's ephemeral environment before it starts working on
4+
# a delegated task (e.g. fixing compile/test errors surfaced by a CodeQL CLI bump -
5+
# see CONTRIBUTING.md's "Updating the pinned CodeQL CLI/library version"). Without
6+
# this, Copilot would have to discover and install the CodeQL CLI itself, which is
7+
# slow/unreliable and can't happen at all for anything requiring auth.
8+
#
9+
# Also runs on workflow_dispatch/push/pull_request against this file itself, so it
10+
# can be validated like a normal CI check before Copilot ever relies on it.
11+
on:
12+
workflow_dispatch:
13+
push:
14+
paths:
15+
- .github/workflows/copilot-setup-steps.yml
16+
pull_request:
17+
paths:
18+
- .github/workflows/copilot-setup-steps.yml
19+
20+
jobs:
21+
# The job MUST be named `copilot-setup-steps` or Copilot won't pick it up.
22+
copilot-setup-steps:
23+
runs-on: ubuntu-latest
24+
permissions:
25+
contents: read
26+
27+
steps:
28+
- name: Checkout
29+
uses: actions/checkout@v7
30+
31+
- name: Setup CodeQL
32+
id: install-codeql
33+
uses: ./.github/actions/install-codeql
34+
35+
- name: Clone github/codeql (test stubs)
36+
env:
37+
GITHUB_TOKEN: ${{ github.token }}
38+
CODEQL_CLI_VERSION: ${{ steps.install-codeql.outputs.codeql-cli-version }}
39+
run: |
40+
# Several languages' test suites (see e.g. java/test/**/options,
41+
# `--javac-args -cp ${testdir}/../../../../codeql/java/ql/test/stubs/...`)
42+
# reference third-party library "stubs" (log4j, servlet-api, etc.) via a
43+
# relative path into a sibling checkout of github/codeql, instead of
44+
# vendoring those stub jars into this repo - github/codeql's own
45+
# standard-library tests reuse the same stubs. Cloning the
46+
# `codeql-cli-<version>` branch matching our pinned CLI version (mirroring
47+
# ci.yml's own "Install Packs" step) is what makes those relative paths
48+
# resolve, so `codeql test run` can actually compile the test snippets.
49+
# `--depth=1`: we only need the tree at that branch tip, not its history.
50+
gh repo clone github/codeql -- -b "codeql-cli-${CODEQL_CLI_VERSION}" --depth=1
51+
52+
# Deliberately not running `codeql pack install <lang>/...` here for every
53+
# language - that's fast enough (a few seconds) for Copilot to run itself for
54+
# whichever specific language pack(s) it's actually fixing, and running it
55+
# for all 7 languages up front would just slow down every session regardless
56+
# of what it's working on.

CONTRIBUTING.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -240,7 +240,10 @@ coding agent) in the loop for the hard part — fixing whatever the new CLI brea
240240
`version:` field is touched), so there's no rush, but it still needs:
241241
- [ ] Fix any compilation/test errors CI surfaces from upstream API changes (usually the
242242
hardest part, see [#124][pr-124] for an example of what this can involve). Consider
243-
delegating this step to a Copilot coding agent session pointed at the PR/branch.
243+
delegating this step to a Copilot coding agent session pointed at the PR/branch -
244+
[`copilot-setup-steps.yml`][copilot-setup-steps-workflow] pre-installs the pinned
245+
CodeQL CLI and the matching `github/codeql` test-stubs checkout so the agent can
246+
actually run `codeql test run` itself instead of guessing.
244247
- [ ] Update the "Supported CodeQL versions" table above.
245248
- [ ] Review and merge.
246249
- [ ] Once merged, run [`update-release.yml`][update-release-workflow] as described in
@@ -385,6 +388,7 @@ Please do get in touch (privacy@github.com) if you have any questions about this
385388
[update-release-workflow]: ./.github/workflows/update-release.yml
386389
[update-codeql-version-workflow]: ./.github/workflows/update-codeql-version.yml
387390
[detect-codeql-release-workflow]: ./.github/workflows/detect-codeql-release.yml
391+
[copilot-setup-steps-workflow]: ./.github/workflows/copilot-setup-steps.yml
388392
[pin-codeql-library-versions-script]: ./.github/scripts/pin-codeql-library-versions.sh
389393
[codeql-cli-binaries]: https://github.com/github/codeql-cli-binaries/releases
390394
[release-config]: ./.release.yml

0 commit comments

Comments
 (0)