Recommend using default setup or matrixing languages

2025-12-06 07:48:17 +08:00 · 2025-05-14 16:57:11 +01:00
9 changed files with 44 additions and 3 deletions
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@@ -60,11 +60,14 @@ exports.parseBuildModeInput = parseBuildModeInput;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
+const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
+const doc_url_1 = require("./doc-url");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const trap_caching_1 = require("./trap-caching");
@@ -212,6 +215,16 @@ async function getRawLanguages(languagesInput, repository, logger) {
        .split(",")
        .map((x) => x.trim().toLowerCase())
        .filter((x) => x.length > 0);
+    if (rawLanguages.length > 1 &&
+        process.env[environment_1.EnvVar.SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION] !==
+            "true") {
+        core.notice("For the best experience, we recommend analyzing each language within its own Actions job. " +
+            "If you do not need a highly customizable code scanning configuration, consider using default setup for code scanning. " +
+            "Otherwise, consider using a matrix to analyze each language in its own job. " +
+            // Space before period to avoid issues copying links
+            `For more information, see ${doc_url_1.DocUrl.CONFIGURE_DEFAULT_SETUP} and ${doc_url_1.DocUrl.ACTIONS_MATRIX} . ` +
+            `To suppress this recommendation, set the environment variable ${environment_1.EnvVar.SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION} to "true".`);
+    }
    let autodetected;
    if (rawLanguages.length) {
        autodetected = false;
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/lib/doc-url.js
+++ b/lib/doc-url.js
@@ -6,8 +6,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.DocUrl = void 0;
 var DocUrl;
 (function (DocUrl) {
+    DocUrl["ACTIONS_MATRIX"] = "https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow";
    DocUrl["ASSIGNING_PERMISSIONS_TO_JOBS"] = "https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs";
    DocUrl["AUTOMATIC_BUILD_FAILED"] = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
+    DocUrl["CONFIGURE_DEFAULT_SETUP"] = "https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning";
    DocUrl["DEFINE_ENV_VARIABLES"] = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow";
    DocUrl["SCANNING_ON_PUSH"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push";
    DocUrl["SPECIFY_BUILD_STEPS_MANUALLY"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually";
--- a/lib/doc-url.js.map
+++ b/lib/doc-url.js.map
@@ -1 +1 @@
-{"version":3,"file":"doc-url.js","sourceRoot":"","sources":["../src/doc-url.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,IAAY,MAQX;AARD,WAAY,MAAM;IAChB,uHAA6G,CAAA;IAC7G,gJAAsI,CAAA;IACtI,yJAA+I,CAAA;IAC/I,qMAA2L,CAAA;IAC3L,gOAAsN,CAAA;IACtN,2PAAiP,CAAA;IACjP,mMAAyL,CAAA;AAC3L,CAAC,EARW,MAAM,sBAAN,MAAM,QAQjB"}
+{"version":3,"file":"doc-url.js","sourceRoot":"","sources":["../src/doc-url.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,IAAY,MAUX;AAVD,WAAY,MAAM;IAChB,2JAAiJ,CAAA;IACjJ,uHAA6G,CAAA;IAC7G,gJAAsI,CAAA;IACtI,+JAAqJ,CAAA;IACrJ,yJAA+I,CAAA;IAC/I,qMAA2L,CAAA;IAC3L,gOAAsN,CAAA;IACtN,2PAAiP,CAAA;IACjP,mMAAyL,CAAA;AAC3L,CAAC,EAVW,MAAM,sBAAN,MAAM,QAUjB"}
--- a/lib/environment.js
+++ b/lib/environment.js
@@ -64,6 +64,8 @@ var EnvVar;
    EnvVar["SCALING_RESERVED_RAM_PERCENTAGE"] = "CODEQL_ACTION_SCALING_RESERVED_RAM_PERCENTAGE";
    /** Whether to suppress the warning if the current CLI will soon be unsupported. */
    EnvVar["SUPPRESS_DEPRECATED_SOON_WARNING"] = "CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING";
+    /** Whether to suppress the recommendation for analyzing a single language per job. */
+    EnvVar["SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION"] = "CODEQL_ACTION_SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION";
    /** Whether to disable uploading SARIF results or status reports to the GitHub API */
    EnvVar["TEST_MODE"] = "CODEQL_ACTION_TEST_MODE";
    EnvVar["TESTING_ENVIRONMENT"] = "CODEQL_ACTION_TESTING_ENVIRONMENT";
--- a/lib/environment.js.map
+++ b/lib/environment.js.map
@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MA8GX;AA9GD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD,kFAAkF;IAClF,+EAAqE,CAAA;IAErE;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD,8DAA8D;IAC9D,6EAAmE,CAAA;IAEnE;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;IAE9C;;;;OAIG;IACH,iEAAuD,CAAA;IAEvD;;;OAGG;IACH,6EAAmE,CAAA;AACrE,CAAC,EA9GW,MAAM,sBAAN,MAAM,QA8GjB"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MAiHX;AAjHD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD,kFAAkF;IAClF,+EAAqE,CAAA;IAErE;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD,8DAA8D;IAC9D,6EAAmE,CAAA;IAEnE;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,sFAAsF;IACtF,2HAAiH,CAAA;IAEjH,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;IAE9C;;;;OAIG;IACH,iEAAuD,CAAA;IAEvD;;;OAGG;IACH,6EAAmE,CAAA;AACrE,CAAC,EAjHW,MAAM,sBAAN,MAAM,QAiHjB"}
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@@ -2,6 +2,7 @@ import * as fs from "fs";
 import * as path from "path";
 import { performance } from "perf_hooks";

+import * as core from "@actions/core";
 import * as yaml from "js-yaml";
 import * as semver from "semver";

@@ -9,6 +10,8 @@ import * as api from "./api-client";
 import { CachingKind, getCachingKind } from "./caching-utils";
 import { CodeQL } from "./codeql";
 import { shouldPerformDiffInformedAnalysis } from "./diff-informed-analysis-utils";
+import { DocUrl } from "./doc-url";
+import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { Language, parseLanguage } from "./languages";
 import { Logger } from "./logging";
@@ -389,6 +392,22 @@ export async function getRawLanguages(
    .split(",")
    .map((x) => x.trim().toLowerCase())
    .filter((x) => x.length > 0);
+
+  if (
+    rawLanguages.length > 1 &&
+    process.env[EnvVar.SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION] !==
+      "true"
+  ) {
+    core.notice(
+      "When creating a new setup of CodeQL, we recommend analyzing each language within its own Actions job for the best experience. " +
+        "If you do not need a highly customizable code scanning configuration, consider using default setup for code scanning. " +
+        "Otherwise, consider using a matrix to analyze each language in its own job. " +
+        // Space before period to avoid issues copying links
+        `For more information, see ${DocUrl.CONFIGURE_DEFAULT_SETUP} and ${DocUrl.ACTIONS_MATRIX} . ` +
+        `To suppress this recommendation, set the environment variable ${EnvVar.SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION} to "true".`,
+    );
+  }
+
  let autodetected: boolean;
  if (rawLanguages.length) {
    autodetected = false;
--- a/src/doc-url.ts
+++ b/src/doc-url.ts
@@ -3,8 +3,10 @@
 */

 export enum DocUrl {
+  ACTIONS_MATRIX = "https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/running-variations-of-jobs-in-a-workflow",
  ASSIGNING_PERMISSIONS_TO_JOBS = "https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
  AUTOMATIC_BUILD_FAILED = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed",
+  CONFIGURE_DEFAULT_SETUP = "https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning",
  DEFINE_ENV_VARIABLES = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow",
  SCANNING_ON_PUSH = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push",
  SPECIFY_BUILD_STEPS_MANUALLY = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually",
--- a/src/environment.ts
+++ b/src/environment.ts
@@ -79,6 +79,9 @@ export enum EnvVar {
  /** Whether to suppress the warning if the current CLI will soon be unsupported. */
  SUPPRESS_DEPRECATED_SOON_WARNING = "CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING",

+  /** Whether to suppress the recommendation for analyzing a single language per job. */
+  SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION = "CODEQL_ACTION_SUPPRESS_SINGLE_LANGUAGE_PER_JOB_RECOMMENDATION",
+
  /** Whether to disable uploading SARIF results or status reports to the GitHub API */
  TEST_MODE = "CODEQL_ACTION_TEST_MODE",