Skip to content

[eslint-miner] feat(eslint): add prefer-core-logging rule#46195

Draft
github-actions[bot] wants to merge 3 commits into
mainfrom
eslint-miner/prefer-core-logging-677bf81819ff7157
Draft

[eslint-miner] feat(eslint): add prefer-core-logging rule#46195
github-actions[bot] wants to merge 3 commits into
mainfrom
eslint-miner/prefer-core-logging-677bf81819ff7157

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Summary

Adds a new ESLint rule prefer-core-logging that flags console.* calls in scopes where an @actions/core alias (core / coreObj) is available.

Rationale

console.* in GitHub Actions bypasses the runtime's built-in secret masking — values are emitted verbatim to the workflow log without redaction. core.info / core.error / core.warning / core.debug apply masking and integrate with the Actions annotation system.

This pattern was observed in actions/setup/js across multiple files:

File Line Issue
generate_workflow_overview.cjs 38 console.log("Generated workflow overview...")
generate_usage_activity_summary.cjs console.log/warn/error in core-aware scope
merge_frontmatter_models.cjs console.log in core-aware scope
merge_remote_agent_github_folder.cjs 33–37 console.log/warn/error adapter wrapping core

Rule details

  • Name: gh-aw-custom/prefer-core-logging
  • Severity: warn
  • Detection scope: Only flags when a CORE_ALIASES binding (core / coreObj) is demonstrably in scope — no false positives on plain scripts without @actions/core.
  • Mapping: console.log/info → core.info, console.error → core.error, console.warn → core.warning, console.debug → core.debug
  • Auto-fix suggestion included for each violation.

Validation

npm run build   ✅ (0 errors)
npm run lint:setup-js  → 5 new warnings from prefer-core-logging across 4 files
vitest run src/rules/prefer-core-logging.test.ts  → 11/11 tests passed

Files changed

  • eslint-factory/src/rules/prefer-core-logging.ts — rule implementation
  • eslint-factory/src/rules/prefer-core-logging.test.ts — 11 unit tests
  • eslint-factory/src/index.ts — rule registration
  • eslint-factory/eslint.config.cjs — rule enabled at warn

Generated by ESLint Miner · 108.1 AIC · ⌖ 8.85 AIC · ⊞ 4.4K ·

  • expires on Jul 24, 2026, 1:36 AM UTC-08:00

Adds a new ESLint rule that flags console.log/error/warn/debug calls
in scopes where an @actions/core alias (core / coreObj) is available.

Rationale:
- console.* bypasses GitHub Actions' secret masking: values passed
  to console.* are emitted verbatim to the workflow log, without the
  redaction that core.info/error/warning/debug applies.
- core logging integrates with the Actions annotation system (error
  annotations, folded groups, etc.) while console.* does not.
- The pattern appears in 5 locations in actions/setup/js, e.g.
  generate_workflow_overview.cjs:38 and merge_remote_agent_github_folder.cjs.

Rule details:
- Only flags when a CORE_ALIASES binding (core / coreObj) is in scope,
  preventing false positives in plain scripts that don't use @actions/core.
- Covers: console.log → core.info, console.error → core.error,
  console.warn → core.warning, console.debug → core.debug,
  console.info → core.info.
- Provides an auto-fix suggestion for each violation.
- 11 unit tests (all passing).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions Bot added automation cookie Issue Monster Loves Cookies! eslint labels Jul 17, 2026
@pelikhan

Copy link
Copy Markdown
Collaborator

@copiliot always favor using core.... since we have a shim.cjs file to also support node.js context.

@pelikhan

Copy link
Copy Markdown
Collaborator

@copilot always favor using core.... since we have a shim.cjs file to also support node.js context.

Copilot AI and others added 2 commits July 17, 2026 11:37
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…n setup/js

The shim.cjs provides global.core in all Node.js contexts, so console.*
should never be used — remove hasCoreInScope() scope restriction from
the rule and fix all console.* calls in the files mentioned in the PR.

Changes:
- prefer-core-logging.ts: remove hasCoreInScope() function and check;
  flag all console.* calls unconditionally; update description/suggestion
  message to reflect global.core availability via shim.cjs
- prefer-core-logging.test.ts: update formerly-valid cases to expect
  errors; add suggestions to new invalid test cases (11 tests still pass)
- generate_workflow_overview.cjs: console.log → core.info (core is a param)
- generate_usage_activity_summary.cjs: require shim.cjs + console.log → core.info
- merge_remote_agent_github_folder.cjs: require shim.cjs; remove local
  coreObj fallback that used console.*; replace all coreObj.* → core.*

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

@copilot always favor using core.... since we have a shim.cjs file to also support node.js context.

Done in commit feat(eslint): make prefer-core-logging unconditional; fix console.* in setup/js.

  • Removed the hasCoreInScope() scope restriction from the prefer-core-logging rule — it now flags all console.* calls unconditionally, since shim.cjs provides global.core in every Node.js context.
  • Fixed merge_remote_agent_github_folder.cjs: added require("./shim.cjs") and removed the local coreObj fallback that used console.*; replaced all coreObj.*core.*.
  • Fixed generate_workflow_overview.cjs: console.log(...)core.info(...).
  • Fixed generate_usage_activity_summary.cjs: added require("./shim.cjs") and changed console.log(outputPath)core.info(outputPath).

@github-actions

Copy link
Copy Markdown
Contributor Author

🤖 PR Triage

Field Value
Category feature
Risk 🟡 medium
Priority Score 52/100
Score Breakdown impact: 25, urgency: 15, quality: 12
Action batch_review

Adds new ESLint miner rule prefer-core-logging. Medium-risk new linter feature addition.

Batch: pr-batch:linter-additions (groups with #46289)

Generated by 🔧 PR Triage Agent · 52.2 AIC · ⌖ 6.84 AIC · ⊞ 5.6K ·

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants