Bundle Actions using esbuild by henrymercer · Pull Request #3054 · github/codeql-action (original) (raw)

This PR bundles the Action using esbuild.

Reasoning

• Avoid risks of long paths in node_modules, specifically the risk that these paths could exceed MAX_PATH on Windows when checked out.
• Speed up the download of the Action, and every code scanning workflow as a result.

Downsides we should be aware of

• Potential for more merge conflicts
  • Mitigation: I haven't enabled minification which I hope will reduce the likelihood of merge conflicts
  • Mitigation: You can now run the rebuild workflow on PRs even if they have merge conflicts (Enable rebuilding PRs with conflicts #3014)

Risk assessment

For internal use only. Please select the risk level of this change:

• High risk: Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.

This is a risky change. Things I've done to minimise the risk:

• Avoid changing the module resolution system — this is tricky and requires us to change a lot of our unit tests.
• Keep the compiled Actions in the same place, so that users invoking them directly do not need to change their paths.
• Keep defaults.json copied over to lib.
• Minimise changes to unit testing setup by preserving the "compile to JS" workflow that's known to work reasonably well with ava.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.