Skip to content

Action size: Minify JS bundle on release branches #3920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
henrymercer wants to merge 1 commit into
base: main
Choose a base branch
from
+60 −8
Draft

Action size: Minify JS bundle on release branches #3920

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 6 additions & 8 deletions .github/update-release-branch.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,8 @@ def run_command(*args):

# Rebuilds the action and commits any changes.
def rebuild_action():
# For backports, the only source-level change vs the source branch is the new version number,
# so we just need to refresh the version embedded in `lib/`.
run_command('npm', 'ci')
# We only expect changes to the JavaScript output, rebuilding e.g. the PR checks is unnecessary.
run_command('npm', 'run', 'build')

run_git('add', '--all')
Expand Down Expand Up @@ -450,12 +449,11 @@ def main():
run_git('add', 'CHANGELOG.md')
run_git('commit', '-m', f'Update changelog for v{version}')

if not is_primary_release:
if len(conflicted_files) == 0:
print('Rebuilding the Action.')
rebuild_action()
else:
print(f'Skipping automatic rebuild because the merge produced conflicts in {conflicted_files}.')
if len(conflicted_files) > 0:
print(f'Skipping automatic rebuild because the merge produced conflicts in {conflicted_files}.')
else:
print('Rebuilding the Action.')
rebuild_action()

run_git('push', ORIGIN, new_branch_name)

Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

- _Breaking change_: Bump the minimum required CodeQL bundle version to 2.19.4. [#3894](https://github.com/github/codeql-action/pull/3894)
- Add support for SHA-256 Git object IDs. [#3893](https://github.com/github/codeql-action/pull/3893)
- The JavaScript bundle shipped on release branches is now minified, reducing the size of the repository by around 20%. Bundles on `main` remain unminified to avoid merge conflicts between PRs. [#3920](https://github.com/github/codeql-action/pull/3920)

## 4.35.5 - 15 May 2026

Expand Down
53 changes: 53 additions & 0 deletions build.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import { execFileSync } from "node:child_process";
import { copyFile, readFile, rm, writeFile } from "node:fs/promises";
import { basename, dirname, join } from "node:path";
import { fileURLToPath } from "node:url";
Expand All @@ -13,6 +14,51 @@
const SRC_DIR = join(__dirname, "src");
const OUT_DIR = join(__dirname, "lib");

/**
* Decide whether to minify the bundle.
*
* We deliberately do not minify by default to avoid making every PR's regenerated bundle conflict
* with every other PR. Instead, we minify only when building for a release branch so consumers of
* `github/codeql-action/<action>@vN` get the smaller bundle while day-to-day development on `main`
* stays low-churn.
*
* @returns {boolean}
*/
function shouldMinify() {
const override = process.env.CODEQL_ACTION_MINIFY;
if (override === "true") return true;
if (override === "false") return false;

// In `pull_request` and `merge_group` contexts, we can just look at the base ref.
if (process.env.GITHUB_BASE_REF) {
return process.env.GITHUB_BASE_REF.startsWith("releases/v");
}

// When running locally or in contexts without a base ref (e.g. `push`, `workflow_dispatch`),
// check whether we're running as part of the release automation by looking at the local branch
// name. Mergebacks target `main` and should not be minified, while update and backport branches
// target release branches and should be minified.
const localBranch = getLocalBranchName();
if (localBranch?.startsWith("mergeback/")) return false;
if (localBranch && /^(update|backport)-v\d/.test(localBranch)) return true;

// If we don't seem to be running as part of the release automation, then only minify if we're on
// a release branch.
const refName = process.env.GITHUB_REF_NAME || localBranch;

Check warning

Code scanning / CodeQL

Some environment variables may not exist in default setup workflows Warning

The environment variable GITHUB_REF_NAME may not exist in default setup workflows. If all uses are safe, add it to the list of environment variables that are known to be safe in 'queries/default-setup-environment-variables.ql'. If this use is safe but others are not, dismiss this alert as a false positive.
return !!refName && refName.startsWith("releases/v");
}

function getLocalBranchName() {
try {
return execFileSync("git", ["rev-parse", "--abbrev-ref", "HEAD"], {
encoding: "utf-8",
stdio: ["pipe", "pipe", "ignore"],
}).trim();
Comment on lines +53 to +56
} catch {
return undefined;
}
}

/**
* Clean the output directory before building.
*
Expand Down Expand Up @@ -201,10 +247,17 @@
},
};

const minify = shouldMinify();
if (minify) {
// eslint-disable-next-line no-console
console.log("Minification enabled for this build.");
}

const context = await esbuild.context({
entryPoints: [{ in: SHARED_ENTRYPOINT, out: SHARED_ENTRYPOINT }],
bundle: true,
format: "cjs",
minify,
outdir: OUT_DIR,
platform: "node",
external: ["./entry-points"],
Expand Down
Loading