feat(ci): add copilot-setup-steps.yml for delegated CI-fix sessions#174
Merged
Conversation
Pre-installs the pinned CodeQL CLI (via the existing install-codeql composite action) and clones the matching codeql-cli-<version> branch of github/codeql, so a Copilot coding agent session delegated to fix compile/test errors from a CLI bump has everything it needs to run `codeql pack install`/`codeql test run` itself instead of discovering and installing the CLI through trial and error. The github/codeql clone matters specifically for tests: several languages' test `options` files (e.g. java/test/**/options) reference third-party library stubs (log4j, servlet-api, etc.) via a relative path into a sibling github/codeql checkout rather than vendoring those stub jars into this repo - without it, codeql test run can't compile the test snippets at all. This mirrors what ci.yml's own "Install Packs" step already does. Also links this from CONTRIBUTING.md's "Fix any compilation/test errors" checklist item. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a Copilot cloud-agent setup workflow so delegated “fix CI after CodeQL CLI bump” sessions start with the repo’s pinned CodeQL CLI and the required github/codeql test-stubs checkout already available, and documents this in the contributor workflow.
Changes:
- Add
.github/workflows/copilot-setup-steps.ymlto install the pinned CodeQL CLI and clone the matchingcodeql-cli-<version>branch ofgithub/codeql. - Update
CONTRIBUTING.mdto reference the new setup-steps workflow in the “Fix compilation/test errors” checklist item.
Show a summary per file
| File | Description |
|---|---|
| CONTRIBUTING.md | Links the new Copilot setup workflow from the CI-fix checklist item. |
| .github/workflows/copilot-setup-steps.yml | Adds Copilot setup steps to preinstall CodeQL CLI and clone github/codeql stubs for codeql test run. |
Review details
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 2/2 changed files
- Comments generated: 1
- Review effort level: Low
Comment on lines
+40
to
+50
| # Several languages' test suites (see e.g. java/test/**/options, | ||
| # `--javac-args -cp ${testdir}/../../../../codeql/java/ql/test/stubs/...`) | ||
| # reference third-party library "stubs" (log4j, servlet-api, etc.) via a | ||
| # relative path into a sibling checkout of github/codeql, instead of | ||
| # vendoring those stub jars into this repo - github/codeql's own | ||
| # standard-library tests reuse the same stubs. Cloning the | ||
| # `codeql-cli-<version>` branch matching our pinned CLI version (mirroring | ||
| # ci.yml's own "Install Packs" step) is what makes those relative paths | ||
| # resolve, so `codeql test run` can actually compile the test snippets. | ||
| # `--depth=1`: we only need the tree at that branch tip, not its history. | ||
| gh repo clone github/codeql -- -b "codeql-cli-${CODEQL_CLI_VERSION}" --depth=1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Right now, delegating "fix the CI breakage from a CodeQL CLI bump" to a
Copilot coding agent session means it starts with no CodeQL CLI at all - it
would have to discover and install it itself, which the docs explicitly
warn
is "slow and unreliable, given the non-deterministic nature of LLMs."
What this does
Adds
.github/workflows/copilot-setup-steps.yml, which GitHub Copilot codingagent runs automatically before it starts working on a delegated task in this
repo. It:
.codeqlversion, via theexisting
./.github/actions/install-codeqlcomposite action (same oneci.ymlalready uses).codeql-cli-<version>branch ofgithub/codeqlalongside the workspace. Several languages' test
optionsfiles (e.g.java/test/security/CWE-020/options) reference third-party library"stubs" (log4j, servlet-api, etc.) via a relative path into that sibling
checkout instead of vendoring those stub jars into this repo - without it,
codeql test runcan't compile the test snippets at all. This mirrorsci.yml's own "Install Packs" step.Deliberately does not run
codeql pack install <lang>/...for everylanguage up front - that's fast enough for the agent to do itself for
whichever specific pack(s) it's actually fixing.
Also links this from
CONTRIBUTING.md's "Fix any compilation/test errors"checklist item, where delegating to a coding agent was already suggested.
Testing
codeql-cli-<version>branch naming was confirmed to exist upstream(e.g.
codeql-cli-2.21.4) againstgithub/codeql.