fix(ci): resolve codeql.yml and vscode-ci.yml startup failures on main#416
Draft
vicperdana wants to merge 4 commits into
Draft
fix(ci): resolve codeql.yml and vscode-ci.yml startup failures on main#416vicperdana wants to merge 4 commits into
vicperdana wants to merge 4 commits into
Conversation
Both workflows failed at startup (0s) on every push to main because of invalid workflow-file config, leaving main with a persistent red status. - codeql.yml: the `paths` input to codeql-action/init was a YAML sequence, but the action input must be a scalar string. Convert to a scalar so the `with:` block is valid. - vscode-ci.yml: the publish step used the `secrets` context in an `if:` conditional, which is not allowed. Reference `env.VSCE_PAT` instead (the step already maps the secret into env). Validated with actionlint: no syntax/expression startup errors remain. Fixes Azure#415 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Enabling the previously-broken codeql.yml and vscode-ci.yml workflows surfaced two pre-existing failures that those startup errors had masked. PSRule MSFT.OSS.License (codeql.yml `oss` job, repo-root scan): - Add a root ps-rule.yaml so the monorepo-wide scan ignores generated resource designers (*.Designer.cs) and the vendored packages/psdocs and packages/vscode-extension subtrees, mirroring the per-package configs. - build.ps1 is ignored because it needs a shebang on line 1 (for the documented `./build.ps1`), which is incompatible with the rule requiring the license header to be the first line. - Add the standard license header to scripts/extract-release-notes.ps1. vscode-ci.yml test jobs (TypeError: glob is not a function): - package.json was bumped to glob ^11, whose callback API was removed in v9. Update the mocha bootstrap (src/test/suite/index.ts) to use the promise-based glob API. Verified with `npm ci && npm run compile`. Verified the OSS scan locally with PSRule 2.9.0 + MSFT.OSS 1.1.0: 0 failures. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Windows test jobs failed with "Failed to get VS Code archive location". The deprecated vscode-test@1.6.1 hardcodes the legacy `win32-archive` (32-bit) platform, which modern VS Code (1.126.0) no longer publishes, so the download URL could not be resolved on Windows (Linux/macOS were unaffected as their platform strings still exist). Migrate the integration-test harness to the maintained successor @vscode/test-electron ^2.5.2, which resolves `win32-x64-archive`. Pinned to the 2.x line because 3.x requires Node >=22 while CI runs Node 20. The runTests API is unchanged. Verified locally: version resolves and VS Code downloads successfully (the prior failure point); compile passes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
After the test harness could download VS Code again, the macOS test job failed at launch: "IPC handle ... is longer than 103 chars" / "listen EINVAL". VS Code's default user-data-dir under .vscode-test produces a Unix domain socket path that exceeds the macOS 103-char sun_path limit. Launch the test instance with a short --user-data-dir under the OS temp directory. No-op on Windows (named pipes) and Linux (longer limit, shorter path), but unblocks macOS. Verified locally on macOS: VS Code launches, the extension host starts, and mocha completes successfully (exit 0). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes two GitHub Actions workflow configuration issues that caused codeql.yml and vscode-ci.yml to be rejected at workflow startup (0s), restoring actionable CI signal on main. It also updates the VS Code extension’s test harness/dependencies and adds root PSRule configuration to align repository-wide scanning behavior with the monorepo layout.
Changes:
- Fix CodeQL init configuration by making
pathsa scalar string (.github/workflows/codeql.yml). - Fix workflow expression validation by removing
secretsusage from a step-levelif:(.github/workflows/vscode-ci.yml). - Update VS Code extension test tooling (glob promise API +
@vscode/test-electron) and add root PSRule config / headers to support repo-wide scanning and packaging.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/codeql.yml |
Fixes invalid with.paths YAML shape so the workflow can start successfully. |
.github/workflows/vscode-ci.yml |
Fixes invalid if: expression by switching to an allowed context (env). |
ps-rule.yaml |
Adds root PSRule configuration to control repo-wide OSS scanning behavior in the CodeQL workflow. |
scripts/extract-release-notes.ps1 |
Adds license header. |
packages/vscode-extension/src/test/suite/index.ts |
Updates test discovery to use glob’s promise-based API. |
packages/vscode-extension/src/test/runTest.ts |
Migrates test runner import to @vscode/test-electron and adjusts launch args for macOS IPC socket path constraints. |
packages/vscode-extension/package.json |
Adds @vscode/test-electron dev dependency and removes deprecated vscode-test. |
packages/vscode-extension/package-lock.json |
Lockfile updates reflecting the dev dependency changes. |
Files not reviewed (1)
- packages/vscode-extension/package-lock.json: Generated file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two GitHub Actions workflows that fail at startup (0s) on every push to
mainwith "This run likely failed because of a workflow file issue." Theseare workflow-file/config errors — the workflow is rejected before any job runs, so
maincarries a persistent red status even thoughCIandDocsare green.Closes #415.
Changes
.github/workflows/codeql.ymlThe
pathsinput togithub/codeql-action/initwas a YAML sequence, but theaction input must be a scalar string. The list made the
with:block invalid.with: languages: javascript-typescript - paths: - - packages/vscode-extension/src + paths: packages/vscode-extension/src.github/workflows/vscode-ci.ymlThe pre-release publish step used the
secretscontext in anif:conditional,which is not allowed. The step already maps the secret into
env, so reference theenvcontext (which is allowed inif:).Validation
actionlintreports no[syntax-check]/[expression]startup errors on eitherfile after the change. Final confirmation will be green runs for both workflows on
the next push to
main.Out of scope
Non-fatal
shellcheckwarnings (SC2086/SC2035/SC2012/SC2129) inci.yml,vscode-ci.yml, andrelease-*.ymlare tracked as follow-ups in #415.