codeql-action/.github/copilot-instructions.md

CodeQL Action - Copilot Instructions

Generated code

The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the generated JavaScript code are contained in this repository. The TypeScript sources are contained in the src directory and the JavaScript code is contained in the lib directory. A GitHub Actions workflow checks that the JavaScript code in lib is up-to-date. Therefore, you should not review any changes to the contents of the lib folder and it is expected that the JavaScript code in lib closely mirrors the TypeScript code it is generated from.

GitHub Actions workflows in the .github/workflows directory whose filenames start with two underscores (e.g. __all-platform-bundle.yml) are automatically generated using the pr-checks/sync.sh script from template files in the pr-checks/checks directory. Therefore, you do not need to review files in the .github/workflows directory that start with two underscores. However, you should review changes to the pr-checks directory as well as workflows in the .github/workflows directory that do not start with underscores.

Release process

• A release-PR is a PR which matches all of the following patterns:

  • PR title starts with the exact prefix: Merge main into releases/v
    • Equivalent regex: ^Merge main into releases\/v
  • AND head (source) branch matches the update-branch pattern:
    • Regex: ^update-v[0-9]+(?:\.[0-9]+)*(?:-[a-f0-9]+)? (e.g. update-v3.29.9-cc722e476)
  • AND base (target) branch matches a release branch:
    • Regex: ^releases\/v (e.g. releases/v3)

• Consider all files in release-PRs to have already been reviewed and do not review them, except for the following two files:

  • CHANGELOG.md
  • package.json