Merge main into releases/v4 #3479
Merged
+15,238
−14,115
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Disable TypeScript `noUnusedLocals` and `noUnusedParameters` options, already covered by eslint
Mergeback v4.32.2 refs/heads/releases/v4 into main
Bumps the npm-minor group with 2 updates: [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) and [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc). Updates `@eslint/compat` from 2.0.1 to 2.0.2 - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v2.0.2/packages/compat) Updates `eslint-plugin-jsdoc` from 62.4.1 to 62.5.0 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](gajus/eslint-plugin-jsdoc@v62.4.1...v62.5.0) --- updated-dependencies: - dependency-name: "@eslint/compat" dependency-version: 2.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 62.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.286.0 to 1.288.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@90be115...09a7688) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.288.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Test connections to private registries in `start-proxy`
…r-5707d09364 Bump the npm-minor group with 2 updates
…thub/workflows/actions-minor-299c02fd34 Bump ruby/setup-ruby from 1.286.0 to 1.288.0 in /.github/workflows in the actions-minor group across 1 directory
Retry API authentication errors since these can be transient
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Avoid requesting features in CCR
…t-entry Add changelog entry for #3466
henrymercer
approved these changes
Feb 13, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Release-branch sync PR (main → releases/v4) that bumps the action version to 4.32.3 and brings in recent changes, including new start-proxy private-registry connectivity checks and feature-flag/HTTP client behavior updates.
Changes:
- Bump version to
4.32.3and add a4.32.3changelog section. - Add optional private-registry reachability checks to
start-proxy(gated behind a new feature flag). - Adjust feature flags behavior for CCR and tweak API client retry behavior; update dependencies and generated build artifacts.
Reviewed changes
Copilot reviewed 25 out of 28 changed files in this pull request and generated 29 comments.
Show a summary per file
| File | Description |
|---|---|
| tsconfig.json | Disables TS unused locals/params checks (relying on ESLint). |
| src/start-proxy/types.ts | Introduces typed registry/credential/address models and helpers. |
| src/start-proxy/reachability.ts | Implements registry reachability checks via HTTPS HEAD requests through proxy. |
| src/start-proxy/reachability.test.ts | Unit tests for reachability checks and logging behavior. |
| src/start-proxy.ts | Refactors credential parsing/validation and exports new types. |
| src/start-proxy.test.ts | Adds/updates tests for credential validation and stringification. |
| src/start-proxy-action.ts | Initializes feature flags, returns proxy info, optionally runs reachability checks. |
| src/feature-flags.ts | Adds StartProxyConnectionChecks flag; uses defaults for GHES/CCR without remote calls. |
| src/feature-flags.test.ts | Updates tests for default-value behavior on GHES and CCR. |
| src/api-client.ts | Adjusts retry configuration to allow retries for some auth-related statuses. |
| src/api-client.test.ts | Updates API client test expectations for retry config. |
| pr-checks/checks/rubocop-multi-language.yml | Bumps ruby/setup-ruby pin to v1.288.0. |
| package.json | Bumps version to 4.32.3; adds https-proxy-agent; updates dev deps. |
| package-lock.json | Lockfile update corresponding to dependency/version changes. |
| CHANGELOG.md | Adds 4.32.3 - 13 Feb 2026 entry. |
| .github/workflows/__rubocop-multi-language.yml | Generated workflow update for ruby/setup-ruby pin. |
| lib/upload-sarif-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/upload-sarif-action-post.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/upload-lib.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/start-proxy-action-post.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/setup-codeql-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/resolve-environment-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/init-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/init-action-post.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/autobuild-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/analyze-action.js | Generated JS output update for version/deps/feature flag/retry changes. |
| lib/analyze-action-post.js | Generated JS output update for version/deps/feature flag/retry changes. |
|
|
||
| ## 4.32.3 - 13 Feb 2026 | ||
|
|
||
| - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://github.com/github/codeql-action/pull/3466) |
There was a problem hiding this comment.
The 4.32.3 changelog entry appears incomplete for this release merge: this PR also includes user-visible behavior changes like retrying transient authentication-related API errors (#3475) and skipping feature-flag API requests in Copilot Code Review/CCR (#3476). Please add entries for these (or explicitly note if they are intentionally excluded as not user-facing) so the release notes accurately reflect changes since 4.32.2.
Suggested change
| - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://github.com/github/codeql-action/pull/3466) | |
| - Added experimental support for testing connections to [private package registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries). This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. [#3466](https://github.com/github/codeql-action/pull/3466) | |
| - Improved reliability of API authentication by retrying certain transient authentication-related errors instead of immediately failing the workflow. [#3475](https://github.com/github/codeql-action/pull/3475) | |
| - Improved performance and robustness of Copilot Code Review (CCR) by skipping feature-flag API requests when they are not required. [#3476](https://github.com/github/codeql-action/pull/3476) |
There was a problem hiding this comment.
This use of variable 'CacheFilename' always evaluates to false.
There was a problem hiding this comment.
This use of variable 'CompressionMethod' always evaluates to false.
There was a problem hiding this comment.
This use of variable 'ArchiveToolType' always evaluates to false.
There was a problem hiding this comment.
This use of variable 'KnownLanguage' always evaluates to false.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Merging 4bf6fa4 into
releases/v4.Conductor for this PR is @henrymercer.
Contains the following pull requests:
noUnusedLocalsandnoUnusedParametersoptions, already covered by eslint #3464 (@mbg)start-proxy#3466 (@mbg)Please do the following:
releases/v4branch.Create a merge commitis selected rather thanSquash and mergeorRebase and merge.