Skip to content

Test connections to private registries in start-proxy#3466

Merged
mbg merged 21 commits intomainfrom
mbg/start-proxy/test-connections
Feb 11, 2026
Merged

Test connections to private registries in start-proxy#3466
mbg merged 21 commits intomainfrom
mbg/start-proxy/test-connections

Conversation

@mbg
Copy link
Member

@mbg mbg commented Feb 10, 2026

Modifies the start-proxy action to perform a basic connectivity test for each configured private registry. The outcomes of these tests are logged. The implementation is designed to be tolerant to failures and is gated behind a new FF.

Note that this PR includes the approved changes from #3438 in the first commit.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

  • Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

  • Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
  • Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

  • Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
  • GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

  • Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.

How will you know if something goes wrong after this change is released?

  • Telemetry - I rely on existing telemetry or have made changes to the telemetry.
    • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
    • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg self-assigned this Feb 10, 2026
Copilot AI review requested due to automatic review settings February 10, 2026 15:33
@mbg mbg requested a review from a team as a code owner February 10, 2026 15:33
@github-actions github-actions bot added the size/M Should be of average difficulty to review label Feb 10, 2026
@mbg mbg force-pushed the mbg/start-proxy/test-connections branch from e89464b to 01ee641 Compare February 10, 2026 15:37
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an (FF-gated) connectivity check in the start-proxy action to probe each configured private registry and log the outcome, along with the supporting types, tests, and dependency updates.

Changes:

  • Introduces checkConnections + ReachabilityBackend abstraction to test registry reachability via the local proxy.
  • Updates start-proxy-action to return proxy connection details and (optionally) run the reachability checks behind a new feature flag.
  • Adds https-proxy-agent dependency and the new start_proxy_connection_checks feature flag.

Reviewed changes

Copilot reviewed 18 out of 20 changed files in this pull request and generated 34 comments.

Show a summary per file
File Description
src/start-proxy/types.ts Adds shared types for registries/credentials and a ProxyInfo return type.
src/start-proxy/reachability.ts Implements proxy-based reachability checks and related error type/backends.
src/start-proxy/reachability.test.ts Adds unit tests for reachability-check logging and filtering behavior.
src/start-proxy.ts Moves Credential definition to shared types and re-exports types.
src/start-proxy-action.ts Initializes feature flags and (FF-gated) triggers reachability checks after starting proxy.
src/feature-flags.ts Adds StartProxyConnectionChecks feature flag + env var wiring.
package.json Adds https-proxy-agent dependency.
package-lock.json Locks https-proxy-agent dependency version and metadata.
lib/upload-sarif-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/upload-sarif-action-post.js Generated JS update reflecting dependency/feature-flag additions.
lib/upload-lib.js Generated JS update reflecting dependency/feature-flag additions.
lib/start-proxy-action-post.js Generated JS update reflecting dependency/feature-flag additions.
lib/setup-codeql-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/resolve-environment-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/init-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/init-action-post.js Generated JS update reflecting dependency/feature-flag additions.
lib/autobuild-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/analyze-action.js Generated JS update reflecting dependency/feature-flag additions.
lib/analyze-action-post.js Generated JS update reflecting dependency/feature-flag additions.

@github-actions github-actions bot added size/L May be hard to review and removed size/M Should be of average difficulty to review labels Feb 10, 2026
henrymercer
henrymercer reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

@henrymercer henrymercer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments, otherwise looks good!

As a general comment and potential followup, consider whether it would make sense to allowlist any of these errors to help us debug issues with telemetry.

@mbg mbg requested review from Copilot and henrymercer February 11, 2026 17:26
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 19 out of 21 changed files in this pull request and generated 4 comments.

@mbg mbg merged commit ff33514 into main Feb 11, 2026
250 checks passed
@mbg mbg deleted the mbg/start-proxy/test-connections branch February 11, 2026 19:19
mbg added a commit that referenced this pull request Feb 12, 2026
@mbg
Add changelog entry for #3466
be75dd9
Copilot AI mentioned this pull request Feb 12, 2026
Merged
henrymercer added a commit that referenced this pull request Feb 13, 2026
@henrymercer
Merge pull request #3478 from github/mbg/changelog/add-connection-tes…
4bf6fa4 
…t-entry

Add changelog entry for #3466
This was referenced Feb 13, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

@mbg mbg

Labels

size/L May be hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mbg @henrymercer