Bundle action using esbuild

Remove node_modules from repository to reduce cost to download repository. Because node_modules is no longer included: * If `npm` isn't available (e.g. in a container), install it * Run `npm install` before performing various tasks Change pr-checks to not be particularly picky about the generated content because it will differ between different versions as everything is bundled together.
github · Nov 5, 2024 · 3dc118c · 3dc118c
1 parent d67cef3
commit 3dc118c
Show file tree

Hide file tree

Showing 18,886 changed files with 3,121 additions and 4,740,764 deletions.
diff --git a/.github/actions/prepare-test/action.yml b/.github/actions/prepare-test/action.yml
@@ -19,6 +19,12 @@ outputs:
 runs:
   using: composite
   steps:
+    - name: npm install
+      shell: bash
+      run: |
+        if command -v npm >/dev/null 2>/dev/null; then
+          npm ci
+        fi
     - name: Move codeql-action
       shell: bash
       run: |

diff --git a/.github/actions/update-bundle/action.yml b/.github/actions/update-bundle/action.yml
@@ -8,6 +8,10 @@ runs:
       shell: bash
       run: npm install -g ts-node
 
+    - name: Install
+      shell: bash
+      run: npm ci
+
     - name: Run update script
       working-directory: ${{ github.action_path }}
       shell: bash

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -26,6 +26,9 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Install
+        run: npm install
+
       - name: Lint
         id: lint
         run: npm run-script lint-ci
@@ -52,6 +55,16 @@ jobs:
           # `npm install` on Linux.
           npm install
 
+          (
+            echo '*/*-action.js';
+            echo '*/*-action-post.js'
+          ) >> .gitignore
+          for action in $(
+            find * -mindepth 1 -maxdepth 1 -type f -name action.yml
+          ); do
+            git rm -f "$(dirname "$action")"/*-action*.js
+          done
+
           if [ ! -z "$(git status --porcelain)" ]; then
             git config --global user.email "[email protected]"
             git config --global user.name "github-actions[bot]"
@@ -112,6 +125,12 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+      - name: npm install
+        run: |
+          npm ci
+      - name: Build
+        run: |
+          npm run build
       - name: npm test
         run: |
           # Run any commands referenced in package.json using Bash, otherwise

diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,7 @@
-# Ignore for example failing-tests.json from AVA
-node_modules/.cache/
+# actions are bundled to make this repository lightweight for consumers
+node_modules/
+# lib is generated by tsc
+lib
 # Java build files
 .gradle/
 *.class
@@ -8,4 +10,4 @@ node_modules/.cache/
 # eslint sarif report
 eslint.sarif
 # for local incremental compilation
-tsconfig.tsbuildinfo
+tsconfig.tsbuildinfo
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
 ## [UNRELEASED]
 
 - The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. [#2573](https://github.com/github/codeql-action/pull/2573)
+- The CodeQL Action no longer includes node_modules. This should drammatically decrease the download size/increase download speed for `uses: github/codeql-action@...`.
 
 ## 3.27.0 - 22 Oct 2024
 

diff --git a/analyze/action.yml b/analyze/action.yml
@@ -92,5 +92,5 @@ outputs:
     description: The ID of the uploaded SARIF file.
 runs:
   using: node20
-  main: "../lib/analyze-action.js"
-  post: "../lib/analyze-action-post.js"
+  main: "analyze-action.js"
+  post: "analyze-action-post.js"
diff --git a/analyze/analyze-action-post.js b/analyze/analyze-action-post.js
diff --git a/analyze/analyze-action.js b/analyze/analyze-action.js
diff --git a/autobuild/action.yml b/autobuild/action.yml
@@ -16,4 +16,4 @@ inputs:
     required: false
 runs:
   using: node20
-  main: '../lib/autobuild-action.js'
+  main: 'autobuild-action.js'
diff --git a/autobuild/autobuild-action.js b/autobuild/autobuild-action.js
diff --git a/eslint.config.mjs b/eslint.config.mjs
@@ -31,6 +31,8 @@ export default [
       "tests/**/*",
       "eslint.config.mjs",
       ".github/**/*",
+      "*/*-action.js",
+      "*/*-action-post.js",
     ],
   },
   ...fixupConfigRules(

diff --git a/init/action.yml b/init/action.yml
@@ -147,5 +147,5 @@ outputs:
     description: The version of the CodeQL binary used for analysis
 runs:
   using: node20
-  main: '../lib/init-action.js'
-  post: '../lib/init-action-post.js'
+  main: 'init-action.js'
+  post: 'init-action-post.js'
diff --git a/init/init-action-post.js b/init/init-action-post.js
diff --git a/init/init-action.js b/init/init-action.js