fix: wire SetCPUTrackingEnabled to start/stop TimerCreateCpuProfiler by korniltsev-grafanista-yolo-vibecoder239 · Pull Request #280 · grafana/pyroscope-dotnet

korniltsev-grafanista-yolo-vibecoder239 · 2026-04-14T01:22:57Z

Summary

Fixes #259 — dynamic CPU profiling toggle was not working on Linux.

SetStackSamplerEnabled only controlled StackSamplerLoopManager (wall-time + manual CPU loop), but on Linux the actual CPU profiler is TimerCreateCpuProfiler — a completely independent service that was never started/stopped by the toggle API.
ProfilerSignalManager::IgnoreSignal() set SIGPROF to SIG_IGN but did not reset its internal _handler and _isHandlerInPlace state, so RegisterHandler() would short-circuit on re-start and the signal handler was never re-registered.

Changes

CorProfilerCallback::SetStackSamplerEnabled — start/stop _pCpuProfiler alongside _pStackSamplerLoopManager on Linux
ProfilerSignalManager::IgnoreSignal — reset _handler and _isHandlerInPlace after successfully ignoring the signal, so a subsequent RegisterHandler() call re-installs the handler

Test plan

make -C itest itest/dynamic-cpu/glibc/8.0 — integration test from test: add integration test reproducing dynamic CPU profiling bug (#259) #278

🤖 Generated with Claude Code

Note

Medium Risk
Touches Linux CPU-profiler start/stop and signal-handler installation logic; mistakes here can disable profiling or destabilize signal handling, but changes are localized and guarded by existing checks.

Overview
Fixes Linux dynamic CPU profiling toggling by starting/stopping the timer-based _pCpuProfiler alongside _pStackSamplerLoopManager in CorProfilerCallback::SetStackSamplerEnabled.

Hardens ProfilerSignalManager so SIGPROF handler registration can be reliably re-installed after being ignored/replaced: _handler and _isHandlerInPlace are now atomic, internal state is reset on IgnoreSignal(), and previous sigaction state capture is tracked via _previousActionCaptured to avoid clobbering the saved handler (with UnRegisterHandler() now test-only).

^{Reviewed by Cursor Bugbot for commit 78d85df. Bugbot is set up for automated code reviews on this repo. Configure here.}

…rafana#259) SetCPUTrackingEnabled only controlled the StackSamplerLoopManager (wall-time and manual CPU), but on Linux the actual CPU profiler is TimerCreateCpuProfiler which was never started/stopped by the toggle. Wire SetStackSamplerEnabled to also start/stop _pCpuProfiler, and clear ProfilerSignalManager handler state in IgnoreSignal() so the SIGPROF handler can be properly re-registered after a stop/start cycle. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

…es (#8381) Bumps the gh-actions-packages group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `5.1.0` | `5.2.0` | | [DataDog/dd-octo-sts-action](https://github.com/datadog/dd-octo-sts-action) | `1.0.3` | `1.0.4` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `2.6.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.34.1` | | [advanced-security/filter-sarif](https://github.com/advanced-security/filter-sarif) | `1.0.1` | `1.1` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` | Bumps the gh-actions-packages group with 3 updates in the /.github/actions/create-system-test-docker-base-images directory: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Bumps the gh-actions-packages group with 1 update in the /.github/actions/publish-debug-symbols directory: [actions/setup-node](https://github.com/actions/setup-node). Updates `actions/setup-dotnet` from 5.1.0 to 5.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-dotnet/releases">actions/setup-dotnet's releases</a>.</em></p> <blockquote> <h2>v5.2.0</h2> <h2>What's changed</h2> <h3>Enhancements</h3> <ul> <li>Add support for workloads input by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-dotnet/pull/693">actions/setup-dotnet#693</a></li> <li>Add support for optional architecture input for cross-architecture .NET installs by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-dotnet/pull/700">actions/setup-dotnet#700</a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Upgrade fast-xml-parser from 4.4.1 to 5.3.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-dotnet/pull/671">actions/setup-dotnet#671</a></li> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-dotnet/pull/705">actions/setup-dotnet#705</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-dotnet/compare/v5...v5.2.0">https://github.com/actions/setup-dotnet/compare/v5...v5.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-dotnet/commit/c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7"><code>c2fa09f</code></a> Bump minimatch from 3.1.2 to 3.1.5 (<a href="https://redirect.github.com/actions/setup-dotnet/issues/705">#705</a>)</li> <li><a href="https://github.com/actions/setup-dotnet/commit/02574b18e2dc57a218ee4e11ba1e1603c67236e8"><code>02574b1</code></a> Add support for optional architecture input for cross-architecture .NET insta...</li> <li><a href="https://github.com/actions/setup-dotnet/commit/16c7b3c2fa55a0e394467d22512b84fda46adf63"><code>16c7b3c</code></a> Bump fast-xml-parser from 4.4.1 to 5.3.6 (<a href="https://redirect.github.com/actions/setup-dotnet/issues/671">#671</a>)</li> <li><a href="https://github.com/actions/setup-dotnet/commit/131b410979e0b49e2162c0718030257b22d6dc2c"><code>131b410</code></a> Add support for workloads input (<a href="https://redirect.github.com/actions/setup-dotnet/issues/693">#693</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-dotnet/compare/baa11fbfe1d6520db94683bd5c7a3818018e4309...c2fa09f4bde5ebb9d1777cf28262a3eb3db3ced7">compare view</a></li> </ul> </details> <br /> Updates `DataDog/dd-octo-sts-action` from 1.0.3 to 1.0.4 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a"><code>96a2546</code></a> Fix typo in Readme (<a href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/18">#18</a>)</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/9691c26e1de0f1f26e1e8708c5c34b4f64e43f5f"><code>9691c26</code></a> Merge pull request <a href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/14">#14</a> from DataDog/improve/parse-jwt-claims</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/b98b59d08d3575cbda7001bddfe86633787536e8"><code>b98b59d</code></a> Merge pull request <a href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/13">#13</a> from DataDog/improve/fetch-error-url-logging</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/e7953d4e870e933635e6afa9172b3957b568c417"><code>e7953d4</code></a> Merge pull request <a href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/15">#15</a> from DataDog/improve/ci-workflow-hardening</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/e47344e9570a80d3a7d333a339ace4a5e88b7646"><code>e47344e</code></a> Merge pull request <a href="https://redirect.github.com/datadog/dd-octo-sts-action/issues/16">#16</a> from DataDog/improve/bump-node24</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/5a7a632cb3be2334cd1515df9c74eb3103942b50"><code>5a7a632</code></a> Bump Node.js runtime from node20 to node24</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/260fcf964ad38660b2abc359216586af9d31a05d"><code>260fcf9</code></a> Add parseJwtClaims() function with tests, replace fragile inline parsing</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/371c4d81ebd5ed74dfcc7bb2ab234d9f1e30fe65"><code>371c4d8</code></a> Harden CI workflows with least-privilege permissions and credential controls</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/1fc658893bed0edd73a7e284f6266e3fc4bdc93e"><code>1fc6588</code></a> Include URL in fetchWithRetry error messages</li> <li><a href="https://github.com/DataDog/dd-octo-sts-action/commit/0b31f95da950c7562ef40f6447086e75515897ce"><code>0b31f95</code></a> Harden CI workflows with least-privilege permissions and credential controls</li> <li>Additional commits viewable in <a href="https://github.com/datadog/dd-octo-sts-action/compare/acaa02eee7e3bb0839e4272dacb37b8f3b58ba80...96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a">compare view</a></li> </ul> </details> <br /> Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <p><code>2.6.1</code> is a patch release focused on restoring linked discussion thread creation when <code>discussion_category_name</code> is set. It fixes <code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>, where the draft-first publish flow stopped carrying the discussion category through the final publish step.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: preserve discussion category on publish by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li> </ul> <h2>v2.6.0</h2> <p><code>2.6.0</code> is a minor release centered on <code>previous_tag</code> support for <code>generate_release_notes</code>, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a <code>working_directory</code> docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: support previous_tag for generate_release_notes by <a href="https://github.com/pocesar"><code>@pocesar</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/372">softprops/action-gh-release#372</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: recover concurrent asset metadata 404s by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/760">softprops/action-gh-release#760</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>docs: clarify reused draft release behavior by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/759">softprops/action-gh-release#759</a></li> <li>docs: clarify working_directory input by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/761">softprops/action-gh-release#761</a></li> <li>ci: verify dist bundle freshness by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/762">softprops/action-gh-release#762</a></li> <li>fix: clarify immutable prerelease uploads by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/763">softprops/action-gh-release#763</a></li> </ul> <h2>v2.5.3</h2>  <p><code>2.5.3</code> is a patch release focused on the remaining path-handling and release-selection bugs uncovered after <code>2.5.2</code>. It fixes <code>[#639](https://github.com/softprops/action-gh-release/issues/639)</code>, <code>[#571](https://github.com/softprops/action-gh-release/issues/571)</code>, <code>[#280](https://github.com/softprops/action-gh-release/issues/280)</code>, <code>[#614](https://github.com/softprops/action-gh-release/issues/614)</code>, <code>[#311](https://github.com/softprops/action-gh-release/issues/311)</code>, <code>[#403](https://github.com/softprops/action-gh-release/issues/403)</code>, and <code>[#368](https://github.com/softprops/action-gh-release/issues/368)</code>. It also adds documentation clarifications for <code>[#541](https://github.com/softprops/action-gh-release/issues/541)</code>, <code>[#645](https://github.com/softprops/action-gh-release/issues/645)</code>, <code>[#542](https://github.com/softprops/action-gh-release/issues/542)</code>, <code>[#393](https://github.com/softprops/action-gh-release/issues/393)</code>, and <code>[#411](https://github.com/softprops/action-gh-release/issues/411)</code>, where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>2.6.1</h2> <p><code>2.6.1</code> is a patch release focused on restoring linked discussion thread creation when <code>discussion_category_name</code> is set. It fixes <code>[#764](https://github.com/softprops/action-gh-release/issues/764)</code>, where the draft-first publish flow stopped carrying the discussion category through the final publish step.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Bug fixes 🐛</h3> <ul> <li>fix: preserve discussion category on publish by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/765">softprops/action-gh-release#765</a></li> </ul> <h2>2.6.0</h2> <p><code>2.6.0</code> is a minor release centered on <code>previous_tag</code> support for <code>generate_release_notes</code>, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a <code>working_directory</code> docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: support previous_tag for generate_release_notes by <a href="https://github.com/pocesar"><code>@pocesar</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/372">softprops/action-gh-release#372</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: recover concurrent asset metadata 404s by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/760">softprops/action-gh-release#760</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>docs: clarify reused draft release behavior by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/759">softprops/action-gh-release#759</a></li> <li>docs: clarify working_directory input by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/761">softprops/action-gh-release#761</a></li> <li>ci: verify dist bundle freshness by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/762">softprops/action-gh-release#762</a></li> <li>fix: clarify immutable prerelease uploads by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/763">softprops/action-gh-release#763</a></li> </ul> <h2>2.5.3</h2> <p><code>2.5.3</code> is a patch release focused on the remaining path-handling and release-selection bugs uncovered after <code>2.5.2</code>. It fixes <code>[#639](https://github.com/softprops/action-gh-release/issues/639)</code>, <code>[#571](https://github.com/softprops/action-gh-release/issues/571)</code>, <code>[#280](https://github.com/softprops/action-gh-release/issues/280)</code>, <code>[#614](https://github.com/softprops/action-gh-release/issues/614)</code>, <code>[#311](https://github.com/softprops/action-gh-release/issues/311)</code>, <code>[#403](https://github.com/softprops/action-gh-release/issues/403)</code>, and <code>[#368](https://github.com/softprops/action-gh-release/issues/368)</code>. It also adds documentation clarifications for <code>[#541](https://github.com/softprops/action-gh-release/issues/541)</code>, <code>[#645](https://github.com/softprops/action-gh-release/issues/645)</code>, <code>[#542](https://github.com/softprops/action-gh-release/issues/542)</code>, <code>[#393](https://github.com/softprops/action-gh-release/issues/393)</code>, and <code>[#411](https://github.com/softprops/action-gh-release/issues/411)</code>, where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.</p> <p>If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/153bb8e04406b158c6c84fc1615b65b24149a1fe"><code>153bb8e</code></a> release 2.6.1</li> <li><a href="https://github.com/softprops/action-gh-release/commit/569deb874d08cd8cc0aa24af7c0b21160fe4b0e4"><code>569deb8</code></a> fix: preserve discussion category when publishing releases (<a href="https://redirect.github.com/softprops/action-gh-release/issues/765">#765</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/26e8ad27a09a225049a7075d7ec1caa2df6ff332"><code>26e8ad2</code></a> release 2.6.0</li> <li><a href="https://github.com/softprops/action-gh-release/commit/b959f31e968fb47fb7bb823087fc092d5613e0a4"><code>b959f31</code></a> fix: clarify immutable prerelease uploads (<a href="https://redirect.github.com/softprops/action-gh-release/issues/763">#763</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/8a8510e3a0d8dfc9296171fd405ca8c8ea6206a4"><code>8a8510e</code></a> ci: verify dist bundle freshness (<a href="https://redirect.github.com/softprops/action-gh-release/issues/762">#762</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/438c15ddf5b01e992ef98dc29cea3f9992ab54ac"><code>438c15d</code></a> docs: clarify working_directory input (<a href="https://redirect.github.com/softprops/action-gh-release/issues/761">#761</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/6ca3b5d96e3a0fac11dc53f0809c2cb029e64902"><code>6ca3b5d</code></a> fix: recover concurrent asset metadata 404s (<a href="https://redirect.github.com/softprops/action-gh-release/issues/760">#760</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/11f917660b31d6d56980ea3261f210556a812bd0"><code>11f9176</code></a> chore: add RELEASE.md</li> <li><a href="https://github.com/softprops/action-gh-release/commit/1f3f350167714515d2bcf8a18afcc5e8e0a362a8"><code>1f3f350</code></a> feat: add AGENTS.md</li> <li><a href="https://github.com/softprops/action-gh-release/commit/37819cb191890d306d21cfb5ac4e7a358f0a6e4f"><code>37819cb</code></a> docs: clarify reused draft release behavior (<a href="https://redirect.github.com/softprops/action-gh-release/issues/759">#759</a>)</li> <li>Additional commits viewable in <a href="https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...153bb8e04406b158c6c84fc1615b65b24149a1fe">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 4.32.4 to 4.34.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.34.1</h2> <ul> <li>Downgrade default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a> due to issues with a small percentage of Actions and JavaScript analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li> </ul> <h2>v4.34.0</h2> <ul> <li>Added an experimental change which disables TRAP caching when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li> <li>We are rolling out improved incremental analysis to C/C++ analyses that use build mode <code>none</code>. We expect this rollout to be complete by the end of April 2026. <a href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li> </ul> <h2>v4.33.0</h2> <ul> <li> <p>Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. <a href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p> <p>To opt out of this change:</p> <ul> <li><strong>Repositories owned by an organization:</strong> Create a custom repository property with the name <code>github-codeql-file-coverage-on-prs</code> and the type "True/false", then set this property to <code>true</code> in the repository's settings. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. Alternatively, if you are using an advanced setup workflow, you can set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using default setup:</strong> Switch to an advanced setup workflow and set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using advanced setup:</strong> Set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> </ul> </li> <li> <p>Fixed <a href="https://redirect.github.com/github/codeql-action/issues/3555">a bug</a> which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. <a href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p> </li> <li> <p>The CodeQL Action now loads <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom repository properties</a> on GitHub Enterprise Server, enabling the customization of features such as <code>github-codeql-disable-overlay</code> that was previously only available on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p> </li> <li> <p>Once <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries</a> can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. <a href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p> </li> <li> <p>Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". <a href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p> </li> <li> <p>A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p> </li> </ul> <h2>v4.32.6</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li> </ul> <h2>v4.32.5</h2> <ul> <li>Repositories owned by an organization can now set up the <code>github-codeql-disable-overlay</code> custom repository property to disable <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis for CodeQL</a>. First, create a custom repository property with the name <code>github-codeql-disable-overlay</code> and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to <code>true</code> to disable improved incremental analysis. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. This feature is not yet available on GitHub Enterprise Server. <a href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li> <li>Added an experimental change so that when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li> <li>The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. <a href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li> <li>Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. <a href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li> <li>Added an experimental change which lowers the minimum disk space requirement for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3498">#3498</a></li> <li>Added an experimental change which allows the <code>start-proxy</code> action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3512">#3512</a></li> <li>The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. <a href="https://redirect.github.com/github/codeql-action/pull/3503">#3503</a>, <a href="https://redirect.github.com/github/codeql-action/pull/3504">#3504</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <ul> <li>Reduced the minimum Git version required for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> from 2.38.0 to 2.11.0. <a href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li> </ul> <h2>4.34.1 - 20 Mar 2026</h2> <ul> <li>Downgrade default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a> due to issues with a small percentage of Actions and JavaScript analyses. <a href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li> </ul> <h2>4.34.0 - 20 Mar 2026</h2> <ul> <li>Added an experimental change which disables TRAP caching when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li> <li>We are rolling out improved incremental analysis to C/C++ analyses that use build mode <code>none</code>. We expect this rollout to be complete by the end of April 2026. <a href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li> </ul> <h2>4.33.0 - 16 Mar 2026</h2> <ul> <li> <p>Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. <a href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p> <p>To opt out of this change:</p> <ul> <li><strong>Repositories owned by an organization:</strong> Create a custom repository property with the name <code>github-codeql-file-coverage-on-prs</code> and the type "True/false", then set this property to <code>true</code> in the repository's settings. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. Alternatively, if you are using an advanced setup workflow, you can set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using default setup:</strong> Switch to an advanced setup workflow and set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> <li><strong>User-owned repositories using advanced setup:</strong> Set the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to <code>true</code> in your workflow.</li> </ul> </li> <li> <p>Fixed <a href="https://redirect.github.com/github/codeql-action/issues/3555">a bug</a> which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. <a href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p> </li> <li> <p>The CodeQL Action now loads <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom repository properties</a> on GitHub Enterprise Server, enabling the customization of features such as <code>github-codeql-disable-overlay</code> that was previously only available on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p> </li> <li> <p>Once <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries</a> can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. <a href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p> </li> <li> <p>Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". <a href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p> </li> <li> <p>A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p> </li> </ul> <h2>4.32.6 - 05 Mar 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li> </ul> <h2>4.32.5 - 02 Mar 2026</h2> <ul> <li>Repositories owned by an organization can now set up the <code>github-codeql-disable-overlay</code> custom repository property to disable <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis for CodeQL</a>. First, create a custom repository property with the name <code>github-codeql-disable-overlay</code> and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to <code>true</code> to disable improved incremental analysis. For more information, see <a href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing custom properties for repositories in your organization</a>. This feature is not yet available on GitHub Enterprise Server. <a href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li> <li>Added an experimental change so that when <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li> <li>The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. <a href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li> <li>Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. <a href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li> <li>Added an experimental change which lowers the minimum disk space requirement for <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a>, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3498">#3498</a></li> <li>Added an experimental change which allows the <code>start-proxy</code> action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. <a href="https://redirect.github.com/github/codeql-action/pull/3512">#3512</a></li> <li>The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. <a href="https://redirect.github.com/github/codeql-action/pull/3503">#3503</a>, <a href="https://redirect.github.com/github/codeql-action/pull/3504">#3504</a></li> </ul> <h2>4.32.4 - 20 Feb 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.2">2.24.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3493">#3493</a></li> <li>Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when <a href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private package registries are configured</a>. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. <a href="https://redirect.github.com/github/codeql-action/pull/3473">#3473</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/38697555549f1db7851b81482ff19f1fa5c4fedc"><code>3869755</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3763">#3763</a> from github/update-v4.34.1-095e0fe50</li> <li><a href="https://github.com/github/codeql-action/commit/20e68ac12bc8d1eb16a56d3ef4e78263197d2e47"><code>20e68ac</code></a> Update changelog for v4.34.1</li> <li><a href="https://github.com/github/codeql-action/commit/095e0fe505bb5ab6198675d021352632c2c69a46"><code>095e0fe</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3762">#3762</a> from github/henrymercer/downgrade-default-bundle</li> <li><a href="https://github.com/github/codeql-action/commit/47b94fe61cd788995769140a7a8adffec0738aa1"><code>47b94fe</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/51a1d6917f5d33f400200c675401974da443b2ea"><code>51a1d69</code></a> Downgrade default bundle to codeql-bundle-v2.24.3</li> <li><a href="https://github.com/github/codeql-action/commit/510cf736e330d7eb9bc471636d65aaa180118824"><code>510cf73</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3589">#3589</a> from github/mergeback/v4.34.0-to-main-c6f93110</li> <li><a href="https://github.com/github/codeql-action/commit/89f0c86efa3acf01faeff510383f0c4a4152760a"><code>89f0c86</code></a> Rebuild</li> <li><a href="https://github.com/github/codeql-action/commit/c3f90ba975e427c1913b529a89ef97a2442493f2"><code>c3f90ba</code></a> Update changelog and version after v4.34.0</li> <li><a href="https://github.com/github/codeql-action/commit/c6f931105cb2c34c8f901cc885ba1e2e259cf745"><code>c6f9311</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3588">#3588</a> from github/update-v4.34.0-30c555a52</li> <li><a href="https://github.com/github/codeql-action/commit/eeb9b3f4244c2945a20b9761dfa77f19d468d35f"><code>eeb9b3f</code></a> Update changelog for v4.34.0</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...38697555549f1db7851b81482ff19f1fa5c4fedc">compare view</a></li> </ul> </details> <br /> Updates `advanced-security/filter-sarif` from 1.0.1 to 1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/advanced-security/filter-sarif/releases">advanced-security/filter-sarif's releases</a>.</em></p> <blockquote> <h2>v1.1</h2> <h2>What's Changed</h2> <ul> <li>Specify category in upload by <a href="https://github.com/felickz"><code>@felickz</code></a> in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/10">advanced-security/filter-sarif#10</a></li> <li>Fix minimal example glob by <a href="https://github.com/aegilops"><code>@aegilops</code></a> in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/12">advanced-security/filter-sarif#12</a></li> <li>Update recommended usage to preserve diagnostics for failed runs by <a href="https://github.com/henrymercer"><code>@henrymercer</code></a> in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/13">advanced-security/filter-sarif#13</a></li> <li>Update filter_sarif.py: use UTF-8 as encoding for reading/writing SARIF content by <a href="https://github.com/aibaars"><code>@aibaars</code></a> in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/14">advanced-security/filter-sarif#14</a></li> <li>Add optional severity filter for SARIF alerts by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/17">advanced-security/filter-sarif#17</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/felickz"><code>@felickz</code></a> made their first contribution in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/10">advanced-security/filter-sarif#10</a></li> <li><a href="https://github.com/henrymercer"><code>@henrymercer</code></a> made their first contribution in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/13">advanced-security/filter-sarif#13</a></li> <li><a href="https://github.com/aibaars"><code>@aibaars</code></a> made their first contribution in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/14">advanced-security/filter-sarif#14</a></li> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/advanced-security/filter-sarif/pull/17">advanced-security/filter-sarif#17</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/advanced-security/filter-sarif/compare/v1...v1.1">https://github.com/advanced-security/filter-sarif/compare/v1...v1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/advanced-security/filter-sarif/commit/2da736ff05ef065cb2894ac6892e47b5eac2c3c0"><code>2da736f</code></a> Merge pull request <a href="https://redirect.github.com/advanced-security/filter-sarif/issues/17">#17</a> from advanced-security/copilot/add-severity-filter-option</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/b82026b24b33bcb263e8ee8be0e9dc61b95137d7"><code>b82026b</code></a> Remove [DEBUG] print statements from production code</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/f15e3e496e74f52fd73ef988f9b6692bffde8d7d"><code>f15e3e4</code></a> Update action.yml</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/f74eb2048e037d62d353dcf15316cbd3fb6338bb"><code>f74eb20</code></a> Refactor collect_rule_severities to streamline rule processing and enhance de...</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/da97499204a010ddc00eac572e68ff4c026c76f4"><code>da97499</code></a> Fix severity filter: results no longer incorrectly filtered when level is mis...</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/be3128116e74f051368d9cbe782b7e035ead7b7f"><code>be31281</code></a> Initial plan for severity filter bug fix</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/4bddfd62c6b03e66ae8b8e81c9757e6b3d30c26a"><code>4bddfd6</code></a> Address code review: use env var for shell safety, fix double strip</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/e304681acdb034e246e8f32c24f8f6f31ae128a9"><code>e304681</code></a> Add optional severity filter for SARIF alerts</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/36dc0cede241fb8e0885f26bdb054a35fc868e7b"><code>36dc0ce</code></a> Initial plan</li> <li><a href="https://github.com/advanced-security/filter-sarif/commit/59d0a64b3c0a34d787819f6659708915b6210582"><code>59d0a64</code></a> Merge pull request <a href="https://redirect.github.com/advanced-security/filter-sarif/issues/14">#14</a> from aibaars/patch-1</li> <li>Additional commits viewable in <a href="https://github.com/advanced-security/filter-sarif/compare/f3b8118a9349d88f7b1c0c488476411145b6270d...2da736ff05ef065cb2894ac6892e47b5eac2c3c0">compare view</a></li> </ul> </details> <br /> Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.0.0</h2> <h1><a href="https://github.com/actions/create-github-app-token/compare/v2.2.2...v3.0.0">3.0.0</a> (2026-03-14)</h1> <ul> <li>feat!: node 24 support (<a href="https://redirect.github.com/actions/create-github-app-token/issues/275">#275</a>) (<a href="https://github.com/actions/create-github-app-token/commit/2e564a0bb8e7cc2b907b2401a2afe177882d4325">2e564a0</a>)</li> <li>fix!: require <code>NODE_USE_ENV_PROXY</code> for proxy support (<a href="https://redirect.github.com/actions/create-github-app-token/issues/342">#342</a>) (<a href="https://github.com/actions/create-github-app-token/commit/4451bcbc139f8124b0bf04f968ea2586b17df458">4451bcb</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>remove custom proxy handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/143">#143</a>) (<a href="https://github.com/actions/create-github-app-token/commit/dce0ab05f36f30b22fd14289fd36655c618e4e8e">dce0ab0</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.</li> <li>Requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later if you are using a self-hosted runner.</li> </ul> <h2>v3.0.0-beta.6</h2> <h1><a href="https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.5...v3.0.0-beta.6">3.0.0-beta.6</a> (2026-03-13)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump <code>@actions/core</code> from 1.11.1 to 3.0.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/337">#337</a>) (<a href="https://github.com/actions/create-github-app-token/commit/b04413352d4644ac2131b9a90c074f5e93ca18a1">b044133</a>)</li> <li><strong>deps:</strong> bump minimatch from 9.0.5 to 9.0.9 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/335">#335</a>) (<a href="https://github.com/actions/create-github-app-token/commit/5cbc65624c9ddc4589492bda7c8b146223e8c3e4">5cbc656</a>)</li> <li><strong>deps:</strong> bump the production-dependencies group with 4 updates (<a href="https://redirect.github.com/actions/create-github-app-token/issues/336">#336</a>) (<a href="https://github.com/actions/create-github-app-token/commit/6bda5bc1410576b9a0879ce6076d53345485bba9">6bda5bc</a>)</li> <li><strong>deps:</strong> bump undici from 7.16.0 to 7.18.2 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/323">#323</a>) (<a href="https://github.com/actions/create-github-app-token/commit/b4f638f48ee0dcdbb0bc646c48e4cb2a2de847fe">b4f638f</a>)</li> </ul> <h2>v3.0.0-beta.5</h2> <h1><a href="https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.4...v3.0.0-beta.5">3.0.0-beta.5</a> (2026-03-13)</h1> <ul> <li>fix!: require <code>NODE_USE_ENV_PROXY</code> for proxy support (<a href="https://redirect.github.com/actions/create-github-app-token/issues/342">#342</a>) (<a href="https://github.com/actions/create-github-app-token/commit/d53a1cdfde844c958786293adcaf739ecb8b5eb9">d53a1cd</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.</li> </ul> <h2>v3.0.0-beta.4</h2> <h1><a href="https://github.com/actions/create-github-app-token/compare/v3.0.0-beta.3...v3.0.0-beta.4">3.0.0-beta.4</a> (2026-03-13)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump <code>@octokit/auth-app</code> from 7.2.1 to 8.0.1 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/257">#257</a>) (<a href="https://github.com/actions/create-github-app-token/commit/bef1eaf1c0ac2b148ee2a0a74c65fbe6db0631f1">bef1eaf</a>)</li> <li><strong>deps:</strong> bump <code>@octokit/request</code> from 9.2.3 to 10.0.2 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/256">#256</a>) (<a href="https://github.com/actions/create-github-app-token/commit/5d7307be63501c0070c634b0ae8fec74e8208130">5d7307b</a>)</li> <li><strong>deps:</strong> bump glob from 10.4.5 to 10.5.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/305">#305</a>) (<a href="https://github.com/actions/create-github-app-token/commit/5480f4325a18c025ee16d7e081413854624e9edc">5480f43</a>)</li> <li><strong>deps:</strong> bump p-retry from 6.2.1 to 7.1.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/294">#294</a>) (<a href="https://github.com/actions/create-github-app-token/commit/dce3be8b284f45e65caed11a610e2bef738d15b4">dce3be8</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/create-github-app-token/commit/f8d387b68d61c58ab83c6c016672934102569859"><code>f8d387b</code></a> build(release): 3.0.0 [skip ci]</li> <li><a href="https://github.com/actions/create-github-app-token/commit/d2129bd463d4feb8723edeea9437baa7db58e41e"><code>d2129bd</code></a> style: remove extra blank line in release workflow</li> <li><a href="https://github.com/actions/create-github-app-token/commit/77b94efc3e5f99a45abdd163fe04a4ebb95e98d6"><code>77b94ef</code></a> build: refresh generated artifacts</li> <li><a href="https://github.com/actions/create-github-app-token/commit/3ab4c6689898955f913a485593b36b197c6dbbdc"><code>3ab4c66</code></a> chore: move undici to devDependencies</li> <li><a href="https://github.com/actions/create-github-app-token/commit/739cf66feb937a443e4b6b7626bedd98f9fef6df"><code>739cf66</code></a> docs: update README action versions</li> <li><a href="https://github.com/actions/create-github-app-token/commit/db40289976a36527816d4f6f45765fdee71f134b"><code>db40289</code></a> build(deps): bump actions versions in test.yml</li> <li><a href="https://github.com/actions/create-github-app-token/commit/496a7ac4eb472eeac44d67818d1ce7f5e9e5fc97"><code>496a7ac</code></a> test: migrate from AVA to Node.js native test runner (<a href="https://redirect.github.com/actions/create-github-app-token/issues/346">#346</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/3870dc3051e3f1fc3a2faa17bcbb00f31fe1dd6c"><code>3870dc3</code></a> Rename end-to-end proxy job in test workflow</li> <li><a href="https://github.com/actions/create-github-app-token/commit/4451bcbc139f8124b0bf04f968ea2586b17df458"><code>4451bcb</code></a> fix!: require <code>NODE_USE_ENV_PROXY</code> for proxy support (<a href="https://redirect.github.com/actions/create-github-app-token/issues/342">#342</a>)</li> <li><a href="https://github.com/actions/create-github-app-token/commit/dce0ab05f36f30b22fd14289fd36655c618e4e8e"><code>dce0ab0</code></a> fix: remove custom proxy handling (<a href="https://redirect.github.com/actions/create-github-app-token/issues/143">#143</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/create-github-app-token/compare/29824e69f54612133e76f7eaac726eef6c875baf...f8d387b68d61c58ab83c6c016672934102569859">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/245">docker/setup-qemu-action#245</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/241">docker/setup-qemu-action#241</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/244">docker/setup-qemu-action#244</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.77.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/243">docker/setup-qemu-action#243</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/240">docker/setup-qemu-action#240</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/231">docker/setup-qemu-action#231</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/238">docker/setup-qemu-action#238</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0">https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/ce360397dd3f832beb865e1373c09c0e9f86d70a"><code>ce36039</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/245">#245</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/63863443c130689b5b352363f362c820cf73b26d"><code>6386344</code></a> node 24 as default runtime</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/1ea3db7bfb6d247e5e3511955d6e476a8d400ef3"><code>1ea3db7</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/243">#243</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b56a0022b9d517f4d4f8f8357e107e587548db78"><code>b56a002</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/c43f02d0c908d30161ad4230a59285d9e442956d"><code>c43f02d</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.77.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/ce10c58dd1801e20f2e65c72aff588c6fc5f6609"><code>ce10c58</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/244">#244</a> from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/429fc9dbdab394ec482946ef7f7b60be3a169336"><code>429fc9d</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/060e5f8b59ae7d2a0e4dcf681f8625f0e54e2024"><code>060e5f8</code></a> build(deps): bump <code>@actions/core</code> from 1.11.1 to 3.0.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/44be13e7d9ba38145b648950e52ac18e2a4efd3a"><code>44be13e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/231">#231</a> from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/1897438ed3baad455b19c89cda913ca4f31dd079"><code>1897438</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/c7c53464625b32c7a7e944ae62b3e17d2b600130...ce360397dd3f832beb865e1373c09c0e9f86d70a">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li> <li>Remove deprecated inputs/outputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd"><code>4d04d5d</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/485">#485</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d"><code>cd74e05</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84"><code>eee38ec</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.79.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24"><code>7a83f65</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/484">#484</a> from docker/dependabot/github_actions/docker/setup-qe...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327"><code>a5aa967</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/464">#464</a> from crazy-max/rm-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3"><code>e73d53f</code></a> build(deps): bump docker/setup-qemu-action from 3 to 4</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312"><code>28a438e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/483">#483</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf"><code>034e9d3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be"><code>b4664d8</code></a> remove deprecated inputs/outputs</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba"><code>a8257de</code></a> node 24 as default runtime</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd">compare view</a></li> </ul> </details> <br /> Updates `docker/build-push-action` from 6.19.2 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1470">docker/build-push-action#1470</a></li> <li>Remove deprecated <code>DOCKER_BUILD_NO_SUMMARY</code> and <code>DOCKER_BUILD_EXPORT_RETENTION_DAYS</code> envs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1473">docker/build-push-action#1473</a></li> <li>Remove legacy export-build tool support for build summary by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1474">docker/build-push-action#1474</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1466">docker/build-push-action#1466</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1454">docker/build-push-action#1454</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.79.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1453">docker/build-push-action#1453</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1472">docker/build-push-action#1472</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1479">docker/build-push-action#1479</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/build-push-action/pull/1463">docker/build-push-action#1463</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0">https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/d08e5c354a6adb9ed34480a06d141179aa583294"><code>d08e5c3</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1479">#1479</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/cbd2dff9a0f0ef650dcce9c635bb2f877ab37be5"><code>cbd2dff</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/f76f51f12900bb84aa9d1a498f35870ef1f76675"><code>f76f51f</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.78.0 to 0.79.0</li> <li><a href="https://github.com/docker/build-push-action/commit/7d03e66b5f24d6b390ab64b132795fd3ef4152c8"><code>7d03e66</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1473">#1473</a> from crazy-max/rm-deprecated-envs</li> <li><a href="https://github.com/docker/build-push-action/commit/98f853d923dd281a3bcbbb98a0712a91aa913322"><code>98f853d</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/cadccf6e8c7385c86d9cb0800cf07672645cc238"><code>cadccf6</code></a> remove deprecated envs</li> <li><a href="https://github.com/docker/build-push-action/commit/03fe8775e325e34fffbda44c73316f8287aea372"><code>03fe877</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1478">#1478</a> from docker/dependabot/github_actions/docker/setup-b...</li> <li><a href="https://github.com/docker/build-push-action/commit/827e36650e1fa7386d09422b5ba3c068fdbe0a1d"><code>827e366</code></a> chore(deps): Bump docker/setup-buildx-action from 3 to 4</li> <li><a href="https://github.com/docker/build-push-action/commit/e25db879d025485a4eebd64fea9bb88a43632da6"><code>e25db87</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1474">#1474</a> from crazy-max/rm-export-build-tool</li> <li><a href="https://github.com/docker/build-push-action/commit/1ac2573b5c8b4e4621d5453ab2a99e83725242bd"><code>1ac2573</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1470">#…

UnRegisterHandler restores the previous signal disposition, which for SIGPROF is process termination. It is never called in production — only in tests. Guard it with DD_TEST to make that intent explicit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

_handler is written on a normal thread in RegisterHandler and read inside a signal handler in CallCustomHandler. Without atomics this is undefined behavior — the C++ standard requires lock-free atomics for signal-safe access ([support.signal]/3). Also fixes the double-checked locking in RegisterHandler: the second check after acquiring the mutex was comparing a stale local copy instead of re-loading from the (now atomic) _handler. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

After IgnoreSignal(), the sigaction is SIG_IGN but _handler still holds the logical handler function. Gate RegisterHandler's early return on _isHandlerInPlace so that a stop/start cycle reinstalls sigaction without needing to null out _handler. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

_isHandlerInPlace is read without the mutex on the fast path of RegisterHandler and written from IgnoreSignal on a different thread. Make it std::atomic<bool> to match _handler's treatment. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a812673a4a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

cursor

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.}

^{Reviewed by Cursor Bugbot for commit a812673. Configure here.}

After IgnoreSignal() sets SIG_IGN, a subsequent SetupSignalHandler() would overwrite _previousAction with the SIG_IGN disposition instead of the original pre-profiler handler. Pass nullptr to sigaction() on subsequent calls so the original _previousAction is preserved. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

SetupSignalHandler() makes the sigaction live immediately — a signal can fire before _handler is stored, causing CallCustomHandler to read nullptr. Likewise _isHandlerInPlace became true before _handler was written, so a concurrent RegisterHandler caller could hit the assert. Store _handler first so the signal handler always sees a valid function pointer, then set _isHandlerInPlace last as the publish flag. Roll back _handler on SetupSignalHandler failure. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

korniltsev-grafanista · 2026-04-14T03:30:19Z

@codex review

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0cdf638895

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

When a third party replaces our signal handler, CheckSignalHandler reclaims it by calling SetupSignalHandler. It must capture the new _previousAction to chain to the third party's handler. Reset _previousActionCaptured before reinstalling so sigaction saves the replacement handler, not the stale original. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Restores ProfilerSignalManager.h and .cpp to their state on main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

_handler is written on a normal thread in RegisterHandler and read inside a signal handler in CallCustomHandler. Without atomics this is undefined behavior — the C++ standard requires lock-free atomics for signal-safe access ([support.signal]/3). Also fixes the double-checked locking in RegisterHandler: the second check after acquiring the mutex was comparing a stale local copy instead of re-loading from the (now atomic) _handler. Applies grafana#281 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

…ignal IgnoreSignal replaces the OS-level SIGPROF disposition with SIG_IGN but left _isHandlerInPlace true, so a subsequent RegisterHandler call would short-circuit and never call SetupSignalHandler. Timers created on restart fired SIGPROF into SIG_IGN — no samples were collected. Clear _isHandlerInPlace in IgnoreSignal and check it in both RegisterHandler fast paths so the handler is properly re-installed on the next Start. _handler itself is never cleared, so in-flight signal handlers always find a valid function and never fall through to _previousAction. Fixes grafana#275 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

korniltsev-grafanista · 2026-04-14T05:21:28Z

@codex review

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bf15233886

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

SetupSignalHandler unconditionally saved the outgoing OS disposition into _previousAction. After IgnoreSignal (which installs SIG_IGN) followed by a re-register, the original handler was overwritten with SIG_IGN and permanently lost — CallOrignalHandler would never chain to it again. Save the outgoing action to a local first and only copy it into _previousAction when it is not SIG_IGN. IgnoreSignal is the only path that installs SIG_IGN for our signal, so if the outgoing action is SIG_IGN we know it came from us and the real previous handler is already stored. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

korniltsev-grafanista · 2026-04-14T05:57:32Z

@codex review

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dcb093b553

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-04-14T06:01:23Z

+    if (oldAction.sa_handler != SIG_IGN)
+    {
+        _previousAction = oldAction;
+    }


Preserve prior SIG_IGN action when installing handler

The new if (oldAction.sa_handler != SIG_IGN) guard drops the previous action whenever the process had already set this signal to ignore before the profiler starts. In that case _previousAction is left at its default-initialized value, so later unregistration/destruction restores the signal to default instead of restoring SIG_IGN, changing process signal semantics after profiler shutdown (applies to any ProfilerSignalManager, including SIGUSR1 and SIGPROF). This regression is introduced by the conditional assignment here.

Useful? React with 👍 / 👎.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dcb093b553

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-04-14T06:18:02Z

+#ifdef LINUX
+        if (_pCpuProfiler != nullptr)
+        {
+            _pCpuProfiler->Start();


Skip duplicate timer profiler start on manual enable

Calling SetStackSamplerEnabled(true) now invokes _pCpuProfiler->Start() immediately, but CorProfilerCallback::StartServices() still unconditionally starts _pCpuProfiler later and treats a false return as startup failure. In managed-activation/SSI flows where this toggle can run before delayed service startup, the second Start() call hits ServiceBase's "already started" path, causing StartServices() to fail and trigger StopServices(), so profiling may never fully start. Guard this call (or make it idempotent) so pre-start toggles do not poison the later startup sequence.

Useful? React with 👍 / 👎.

Might want to take a look at this @korniltsev-grafanista

Do you think this is valid concern? What should we do?

Only for SSI/delayed-start flows for what I can understand (?) Something like this might help:

if (_pCpuProfiler != nullptr) { if (!_pCpuProfiler->IsStarted()) { success = _pCpuProfiler->Start(); LogServiceStart(success, _pCpuProfiler->GetName()); result &= success; } }

korniltsev-grafanista-yolo-vibecoder239 and others added 2 commits April 14, 2026 01:59

korniltsev-grafanista closed this Apr 14, 2026

korniltsev-grafanista reopened this Apr 14, 2026

korniltsev-grafanista mentioned this pull request Apr 14, 2026

fix: make ProfilerSignalManager::_handler atomic #281

Closed

korniltsev-grafanista marked this pull request as ready for review April 14, 2026 03:10