Clean up JavaMinimizeDependencyJars feature flag

[nickrolfe]

The feature flag has been fully rolled out for some time, so we can simplify the code.

At the same time, stop using the minify- prefix for dependency cache keys.

There is still some Java-specific code to set the corresponding extractor option. I've left a TODO comment and will open an internal issue for a more principled way of handling that.

---

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

The feature flag being removed is fully rolled out, so this PR should have no observable effects.

Which use cases does this change impact?

Workflow types:

• Advanced setup - Impacts users who have custom CodeQL workflows.
• Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
• Code Quality - The changes impact analyses when analysis-kinds: code-quality.
• CCR - The changes impact analyses for Copilot Code Reviews.
  • I don't know about this one.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR removes the fully rolled-out JavaMinimizeDependencyJars feature flag and simplifies the associated code. The feature flag check is replaced with a direct CodeQL version check (>= 2.23.0), and the special "minify-" cache key prefix for Java dependency caching is removed in favor of a consistent cache key format.

Key changes:

• Replaced feature flag check with direct version check in init-action logic
• Removed feature flag definition and configuration from feature-flags module
• Simplified cache key generation by removing Java-specific "minify-" prefix handling
• Removed tests for the deleted feature flag functionality

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/init-action.ts	Replaced feature flag check with CodeQL version check (>= 2.23.0) for enabling Java dependency jar minimization; added TODO for future refactoring
src/feature-flags.ts	Removed JavaMinimizeDependencyJars enum value and its configuration entry
src/dependency-caching.ts	Removed Java-specific logic for "minify-" prefix handling and simplified cache key assembly
src/dependency-caching.test.ts	Removed tests for the deleted Java minimization feature flag
lib/*.js	Auto-generated JavaScript files reflecting the TypeScript source changes

[henrymercer]

Nit, non-blocking: this might be slightly clearer as a constant at the top of the file.

[mbg]

Minor: Thanks for extracting this into a constant. Some extra thoughts:

• It may be good to extend the comment to highlight that some CLI versions before 2.23.0 support JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS but that there was a subsequent fix/improvement in 2.23.0.
• No strong feelings, but I wonder if it would be cleaner to have this in a different file / keep the FF around but enable it by default.

[nickrolfe]

I've updated the comment, as you suggested.

For your other point, I'll defer to you and Henry to make a decision.

[henrymercer]

We have most of the CLI versions in codeql.ts, although there is one exception CODEQL_VERSION_ZSTD_BUNDLE which lives in setup-codeql.ts to avoid circular imports. It would be slightly better to move this to codeql.ts for consistency but I think there are few practical implications: if we're going to deprecate a CodeQL version we're going to search the codebase for CODEQL_VERSION_.

[nickrolfe]

OK, I'll merge what's here, but feel free to follow up and rearrange the code as you see fit.