github · mbg · Oct 10, 2025 · Oct 3, 2025 · Oct 3, 2025 · Oct 3, 2025
@@ -2,7 +2,7 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
   version:
-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
+    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'toolcache', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
     required: true
   use-all-platform-bundle:
     description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
@@ -41,6 +41,9 @@ runs:
         elif [[ "$VERSION" == "linked" ]]; then
           echo "tools-url=linked" >> "$GITHUB_OUTPUT"
           exit 0
+        elif [[ "$VERSION" == "toolcache" ]]; then
+          echo "tools-url=toolcache" >> "$GITHUB_OUTPUT"
+          exit 0
         elif [[ "$VERSION" == "default" ]]; then
           echo "tools-url=" >> "$GITHUB_OUTPUT"
           exit 0

@@ -16,9 +16,12 @@ updates:
       - dependency-name: "eslint-plugin-import"
         versions: [">=2.30.0"]
     groups:
-      npm:
+      npm-minor:
         patterns:
           - "*"
+        update-types:
+          - "minor"
+          - "patch"
   - package-ecosystem: github-actions
     directories:
       - "/.github/workflows"
@@ -28,6 +31,9 @@ updates:
     labels:
       - Rebuild
     groups:
-      actions:
+      actions-minor:
         patterns:
           - "*"
+        update-types:
+          - "minor"
+          - "patch"
@@ -1,4 +1,13 @@
-<!-- For GitHub staff: Remember that this is a public repository. -->
+<!--
+    For GitHub staff: Remember that this is a public repository. Do not link to internal resources.
+                      If necessary, link to this PR from an internal issue and include further details there.
+
+    Everyone: Include a summary of the context of this change, what it aims to accomplish, and why you
+              chose the approach you did if applicable. Indicate any open questions you want to answer
+              during the review process and anything you want reviewers to pay particular attention to.
+
+    See https://github.com/github/codeql-action/blob/main/CONTRIBUTING.md for additional information.
+-->
 
 ### Risk assessment
 
@@ -7,6 +16,44 @@ For internal use only. Please select the risk level of this change:
 - **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.
 - **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.
 
+#### Which use cases does this change impact?
+
+<!-- Delete options that don't apply. -->
+
+- **Advanced setup** - Impacts users who have custom workflows.
+- **Default setup** - Impacts users who use default setup.
+- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`).
+- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`).
+- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`).
+- **GHES** - Impacts GitHub Enterprise Server.
+
+#### How did/will you validate this change?
+
+<!-- Delete options that don't apply. -->
+
+- **Test repository** - This change will be tested on a test repository before merging.
+- **Unit tests** - I am depending on unit test coverage (i.e. tests in `.test.ts` files).
+- **End-to-end tests** - I am depending on PR checks (i.e. tests in `pr-checks`).
+- **Other** - Please provide details.
+- **None** - I am not validating these changes.
+
+#### If something goes wrong after this change is released, what are the mitigation and rollback strategies?
+
+<!-- Delete strategies that don't apply. -->
+
+- **Feature flags** - All new or changed code paths can be fully disabled with corresponding feature flags.
+- **Rollback** - Change can only be disabled by rolling back the release or releasing a new version with a fix.
+- **Other** - Please provide details.
+
+#### How will you know if something goes wrong after this change is released?
+
+<!-- Delete options that don't apply. -->
+
+- **Telemetry** - I rely on existing telemetry or have made changes to the telemetry.
+    - **Dashboards** - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
+    - **Alerts** - New or existing monitors will trip if something goes wrong with this change.
+- **Other** - Please provide details.
+
 ### Merge / deployment checklist
 
 - Confirm this change is backwards compatible with existing workflows.

@@ -371,10 +371,10 @@ def main():
       # releases.
       run_git('revert', vOlder_update_commits[0], '--no-edit')
 
-      # Also revert the "Update checked-in dependencies" commit created by Actions.
-      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
-      print(f'  Reverting {update_dependencies_commit}')
-      run_git('revert', update_dependencies_commit, '--no-edit')
+      # Also revert the "Rebuild" commit created by Actions.
+      rebuild_commit = run_git('log', '--grep', '^Rebuild$', '--format=%H').split()[0]
+      print(f'  Reverting {rebuild_commit}')
+      run_git('revert', rebuild_commit, '--no-edit')
 
     else:
       print('  Nothing to revert.')