Stop using feature-flag support for determining if a feature is active

Using the feature flag mechanism for checking if uploads are enabled was
too clunky. I'm moving the change to checking versions directly.

lib/analyze-action-post.js

@@ -41,12 +41,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
+const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const environment_1 = require("./environment");
-const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
-const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
@@ -54,13 +53,14 @@ async function runWrapper() {
         const logger = (0, logging_1.getActionsLogger)();
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
-        const features = createFeatures(gitHubVersion, logger);
         // Upload SARIF artifacts if we determine that this is a first-party analysis run.
         // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
         if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
             const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
             if (config !== undefined) {
-                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, features));
+                const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+                const version = await codeql.getVersion();
+                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, version.version));
             }
         }
     }
@@ -68,10 +68,5 @@ async function runWrapper() {
         core.setFailed(`analyze post-action step failed: ${(0, util_1.getErrorMessage)(error)}`);
     }
 }
-function createFeatures(gitHubVersion, logger) {
-    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
-    return features;
-}
 void runWrapper();
 //# sourceMappingURL=analyze-action-post.js.map

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,mDAA2C;AAC3C,uCAAgE;AAChE,6CAAkD;AAClD,iCAKgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,QAAQ,GAAG,cAAc,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEvD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,QAAQ,CACT,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,aAA4B,EAAE,MAAc;IAClE,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,qCAAqC;AACrC,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC1C,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,OAAO,CAAC,OAAO,CAChB,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/debug-artifacts.js

@@ -52,8 +52,8 @@ const actions_util_1 = require("./actions-util");
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
 const environment_1 = require("./environment");
-const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
+const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
     return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
@@ -62,7 +62,7 @@ function sanitizeArtifactName(name) {
  * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
  * environment variable is set
  */
-async function uploadCombinedSarifArtifacts(logger, gitHubVariant, features) {
+async function uploadCombinedSarifArtifacts(logger, gitHubVariant, codeQlVersion) {
     const tempDir = (0, actions_util_1.getTemporaryDirectory)();
     // Upload Actions SARIF artifacts for debugging when environment variable is set
     if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
@@ -81,7 +81,7 @@ async function uploadCombinedSarifArtifacts(logger, gitHubVariant, features) {
             }
         }
         try {
-            await uploadDebugArtifacts(logger, toUpload, baseTempDir, "combined-sarif-artifacts", gitHubVariant, features);
+            await uploadDebugArtifacts(logger, toUpload, baseTempDir, "combined-sarif-artifacts", gitHubVariant, codeQlVersion);
         }
         catch (e) {
             logger.warning(`Failed to upload combined SARIF files as Actions debugging artifact. Reason: ${(0, util_1.getErrorMessage)(e)}`);
@@ -141,7 +141,7 @@ async function tryBundleDatabase(config, language, logger) {
  *
  * Logs and suppresses any errors that occur.
  */
-async function tryUploadAllAvailableDebugArtifacts(config, logger, features) {
+async function tryUploadAllAvailableDebugArtifacts(config, logger, codeQlVersion) {
     const filesToUpload = [];
     try {
         for (const language of config.languages) {
@@ -181,21 +181,19 @@ async function tryUploadAllAvailableDebugArtifacts(config, logger, features) {
         return;
     }
     try {
-        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(logger, filesToUpload, config.dbLocation, config.debugArtifactName, config.gitHubVersion.type, features));
+        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(logger, filesToUpload, config.dbLocation, config.debugArtifactName, config.gitHubVersion.type, codeQlVersion));
     }
     catch (e) {
         logger.warning(`Failed to upload debug artifacts. Reason: ${(0, util_1.getErrorMessage)(e)}`);
     }
 }
-async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghVariant, features) {
+async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghVariant, codeQlVersion) {
     if (toUpload.length === 0) {
         return "no-artifacts-to-upload";
     }
-    const uploadSupported = typeof features === "boolean"
+    const uploadSupported = (0, tools_features_1.isSafeArtifactUpload)(codeQlVersion);
-        ? features
-        : await features.getValue(feature_flags_1.Feature.SafeArtifactUpload);
     if (!uploadSupported) {
-        core.info(`Skipping debug artifact upload because the current CLI does not support safe upload. Please upgrade to CLI v${feature_flags_1.featureConfig.safe_artifact_upload.minimumVersion} or later.`);
+        core.info(`Skipping debug artifact upload because the current CLI does not support safe upload. Please upgrade to CLI v${tools_features_1.SafeArtifactUploadVersion} or later.`);
         return "upload-not-supported";
     }
     let suffix = "";

lib/debug-artifacts.test.js

@@ -38,9 +38,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
-const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, ava_1.default)("sanitizeArtifactName", (t) => {
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello-world_"), "hello-world_");
@@ -52,39 +50,31 @@ const util_1 = require("./util");
     // Test that no error is thrown if artifacts list is empty.
     const logger = (0, logging_1.getActionsLogger)();
     await t.notThrowsAsync(async () => {
-        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, [], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, true);
+        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, [], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, undefined);
         t.is(uploaded, "no-artifacts-to-upload", "Should not have uploaded any artifacts");
     });
 });
-(0, ava_1.default)("uploadDebugArtifacts when true", async (t) => {
+(0, ava_1.default)("uploadDebugArtifacts when no codeql version is used", async (t) => {
     // Test that the artifact is uploaded.
     const logger = (0, logging_1.getActionsLogger)();
     await t.notThrowsAsync(async () => {
-        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, true);
+        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, undefined);
         t.is(uploaded, "upload-failed", "Expect failure to upload artifacts since root dir does not exist");
     });
 });
-(0, ava_1.default)("uploadDebugArtifacts when false", async (t) => {
+(0, ava_1.default)("uploadDebugArtifacts when new codeql version is used", async (t) => {
-    // Test that the artifact is not uploaded.
-    const logger = (0, logging_1.getActionsLogger)();
-    await t.notThrowsAsync(async () => {
-        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, false);
-        t.is(uploaded, "upload-not-supported", "Should not have uploaded any artifacts");
-    });
-});
-(0, ava_1.default)("uploadDebugArtifacts when feature enabled", async (t) => {
     // Test that the artifact is uploaded.
     const logger = (0, logging_1.getActionsLogger)();
     await t.notThrowsAsync(async () => {
-        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.SafeArtifactUpload]));
+        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, "2.20.3");
         t.is(uploaded, "upload-failed", "Expect failure to upload artifacts since root dir does not exist");
     });
 });
-(0, ava_1.default)("uploadDebugArtifacts when feature disabled", async (t) => {
+(0, ava_1.default)("uploadDebugArtifacts when old codeql is used", async (t) => {
     // Test that the artifact is not uploaded.
     const logger = (0, logging_1.getActionsLogger)();
     await t.notThrowsAsync(async () => {
-        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, (0, testing_utils_1.createFeatures)([]));
+        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, "2.20.2");
         t.is(uploaded, "upload-not-supported", "Expect failure to upload artifacts since root dir does not exist");
     });
 });

lib/debug-artifacts.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,mDAA0C;AAC1C,uCAA6C;AAC7C,mDAAiD;AACjD,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2CAA2C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5D,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,IAAI,CACL,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,gCAAgC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjD,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,IAAI,CACL,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClD,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,KAAK,CACN,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2CAA2C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5D,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,IAAA,8BAAc,EAAC,CAAC,uBAAO,CAAC,kBAAkB,CAAC,CAAC,CAC7C,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,4CAA4C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7D,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,IAAA,8BAAc,EAAC,EAAE,CAAC,CACnB,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2CAA2C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5D,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,qDAAqD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACtE,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8CAA8C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/D,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/feature-flags.js

@@ -69,7 +69,6 @@ var Feature;
     Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
     Feature["ZstdBundleStreamingExtraction"] = "zstd_bundle_streaming_extraction";
-    Feature["SafeArtifactUpload"] = "safe_artifact_upload";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
     [Feature.CleanupTrapCaches]: {
@@ -139,17 +138,6 @@ exports.featureConfig = {
         legacyApi: true,
         minimumVersion: undefined,
     },
-    /**
-     * The first version of the CodeQL CLI where artifact upload is safe to use
-     * for failed runs. This is not really a feature flag, but it is easiest to
-     * model the behavior as a feature flag.
-     */
-    [Feature.SafeArtifactUpload]: {
-        defaultValue: true,
-        envVar: "CODEQL_ACTION_SAFE_ARTIFACT_UPLOAD",
-        legacyApi: true,
-        minimumVersion: "2.20.3",
-    },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 /**

lib/init-action-post-helper.js

@@ -142,7 +142,9 @@ async function run(uploadAllAvailableDebugArtifacts, printDebugLogs, config, rep
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
         logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
-        await uploadAllAvailableDebugArtifacts(config, logger, features);
+        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        const version = await codeql.getVersion();
+        await uploadAllAvailableDebugArtifacts(config, logger, version.version);
         await printDebugLogs(config);
     }
     if (actionsUtil.isSelfHostedRunner()) {

lib/tools-features.js

@@ -1,7 +1,42 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ToolsFeature = void 0;
+exports.SafeArtifactUploadVersion = exports.ToolsFeature = void 0;
 exports.isSupportedToolsFeature = isSupportedToolsFeature;
+exports.isSafeArtifactUpload = isSafeArtifactUpload;
+const semver = __importStar(require("semver"));
 var ToolsFeature;
 (function (ToolsFeature) {
     ToolsFeature["AnalysisSummaryV2IsDefault"] = "analysisSummaryV2Default";
@@ -25,4 +60,20 @@ var ToolsFeature;
 function isSupportedToolsFeature(versionInfo, feature) {
     return !!versionInfo.features && versionInfo.features[feature];
 }
+exports.SafeArtifactUploadVersion = "2.20.3";
+/**
+ * The first version of the CodeQL CLI where artifact upload is safe to use
+ * for failed runs. This is not really a feature flag, but it is easiest to
+ * model the behavior as a feature flag.
+ *
+ * This was not captured in a tools feature, so we need to use semver.
+ *
+ * @param codeQlVersion The version of the CodeQL CLI to check. If not provided, it is assumed to be safe.
+ * @returns True if artifact upload is safe to use for failed runs or false otherwise.
+ */
+function isSafeArtifactUpload(codeQlVersion) {
+    return !codeQlVersion
+        ? true
+        : semver.gte(codeQlVersion, exports.SafeArtifactUploadVersion);
+}
 //# sourceMappingURL=tools-features.js.map

lib/tools-features.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;AAsBA,0DAKC;AAzBD,IAAY,YAWX;AAXD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAXW,YAAY,4BAAZ,YAAY,QAWvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC"}
+{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,0DAKC;AAcD,oDAIC;AA/CD,+CAAiC;AAIjC,IAAY,YAWX;AAXD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAXW,YAAY,4BAAZ,YAAY,QAWvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}

lib/upload-sarif-action-post.js

@@ -59,7 +59,10 @@ async function runWrapper() {
                 core.warning(`Did not upload debug artifacts because cannot determine the GitHub variant running.`);
                 return;
             }
-            await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, gitHubVersion.type, true));
+            await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, gitHubVersion.type, 
+            // The codeqlVersion is not applicable for uploading non-codeql sarif.
+            // We can assume all versions are safe to upload.
+            undefined));
         }
     }
     catch (error) {

lib/upload-sarif-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,6CAA6C;QAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,mFAAmF;QACnF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACrC,IAAI,CAAC,OAAO,CACV,qFAAqF,CACtF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,aAAa,CAAC,IAAI,EAClB,IAAI,CACL,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAClE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,6CAA6C;QAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,mFAAmF;QACnF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACrC,IAAI,CAAC,OAAO,CACV,qFAAqF,CACtF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,aAAa,CAAC,IAAI;YAClB,sEAAsE;YACtE,iDAAiD;YACjD,SAAS,CACV,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAClE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

src/analyze-action-post.ts

@@ -7,18 +7,12 @@ import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
 import { getGitHubVersion } from "./api-client";
+import { getCodeQL } from "./codeql";
 import { getConfig } from "./config-utils";
 import * as debugArtifacts from "./debug-artifacts";
 import { EnvVar } from "./environment";
-import { Features } from "./feature-flags";
+import { getActionsLogger, withGroup } from "./logging";
-import { getActionsLogger, Logger, withGroup } from "./logging";
+import { checkGitHubVersionInRange, getErrorMessage } from "./util";
-import { parseRepositoryNwo } from "./repository";
-import {
-  checkGitHubVersionInRange,
-  getErrorMessage,
-  getRequiredEnvParam,
-  GitHubVersion,
-} from "./util";
 
 async function runWrapper() {
   try {
@@ -27,8 +21,6 @@ async function runWrapper() {
     const gitHubVersion = await getGitHubVersion();
     checkGitHubVersionInRange(gitHubVersion, logger);
 
-    const features = createFeatures(gitHubVersion, logger);
-
     // Upload SARIF artifacts if we determine that this is a first-party analysis run.
     // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
     if (process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true") {
@@ -37,11 +29,13 @@ async function runWrapper() {
         logger,
       );
       if (config !== undefined) {
+        const codeql = await getCodeQL(config.codeQLCmd);
+        const version = await codeql.getVersion();
         await withGroup("Uploading combined SARIF debug artifact", () =>
           debugArtifacts.uploadCombinedSarifArtifacts(
             logger,
             config.gitHubVersion.type,
-            features,
+            version.version,
           ),
         );
       }
@@ -53,18 +47,4 @@ async function runWrapper() {
   }
 }
 
-function createFeatures(gitHubVersion: GitHubVersion, logger: Logger) {
-  const repositoryNwo = parseRepositoryNwo(
-    getRequiredEnvParam("GITHUB_REPOSITORY"),
-  );
-
-  const features = new Features(
-    gitHubVersion,
-    repositoryNwo,
-    actionsUtil.getTemporaryDirectory(),
-    logger,
-  );
-  return features;
-}
-
 void runWrapper();

src/debug-artifacts.test.ts

@@ -1,9 +1,7 @@
 import test from "ava";
 
 import * as debugArtifacts from "./debug-artifacts";
-import { Feature } from "./feature-flags";
 import { getActionsLogger } from "./logging";
-import { createFeatures } from "./testing-utils";
 import { GitHubVariant } from "./util";
 
 test("sanitizeArtifactName", (t) => {
@@ -32,7 +30,7 @@ test("uploadDebugArtifacts when artifacts empty", async (t) => {
       "i-dont-exist",
       "artifactName",
       GitHubVariant.DOTCOM,
-      true,
+      undefined,
     );
     t.is(
       uploaded,
@@ -42,7 +40,7 @@ test("uploadDebugArtifacts when artifacts empty", async (t) => {
   });
 });
 
-test("uploadDebugArtifacts when true", async (t) => {
+test("uploadDebugArtifacts when no codeql version is used", async (t) => {
   // Test that the artifact is uploaded.
   const logger = getActionsLogger();
   await t.notThrowsAsync(async () => {
@@ -52,7 +50,7 @@ test("uploadDebugArtifacts when true", async (t) => {
       "i-dont-exist",
       "artifactName",
       GitHubVariant.DOTCOM,
-      true,
+      undefined,
     );
     t.is(
       uploaded,
@@ -62,27 +60,7 @@ test("uploadDebugArtifacts when true", async (t) => {
   });
 });
 
-test("uploadDebugArtifacts when false", async (t) => {
+test("uploadDebugArtifacts when new codeql version is used", async (t) => {
-  // Test that the artifact is not uploaded.
-  const logger = getActionsLogger();
-  await t.notThrowsAsync(async () => {
-    const uploaded = await debugArtifacts.uploadDebugArtifacts(
-      logger,
-      ["hucairz"],
-      "i-dont-exist",
-      "artifactName",
-      GitHubVariant.DOTCOM,
-      false,
-    );
-    t.is(
-      uploaded,
-      "upload-not-supported",
-      "Should not have uploaded any artifacts",
-    );
-  });
-});
-
-test("uploadDebugArtifacts when feature enabled", async (t) => {
   // Test that the artifact is uploaded.
   const logger = getActionsLogger();
   await t.notThrowsAsync(async () => {
@@ -92,7 +70,7 @@ test("uploadDebugArtifacts when feature enabled", async (t) => {
       "i-dont-exist",
       "artifactName",
       GitHubVariant.DOTCOM,
-      createFeatures([Feature.SafeArtifactUpload]),
+      "2.20.3",
     );
     t.is(
       uploaded,
@@ -102,7 +80,7 @@ test("uploadDebugArtifacts when feature enabled", async (t) => {
   });
 });
 
-test("uploadDebugArtifacts when feature disabled", async (t) => {
+test("uploadDebugArtifacts when old codeql is used", async (t) => {
   // Test that the artifact is not uploaded.
   const logger = getActionsLogger();
   await t.notThrowsAsync(async () => {
@@ -112,7 +90,7 @@ test("uploadDebugArtifacts when feature disabled", async (t) => {
       "i-dont-exist",
       "artifactName",
       GitHubVariant.DOTCOM,
-      createFeatures([]),
+      "2.20.2",
     );
     t.is(
       uploaded,

src/debug-artifacts.ts

@@ -12,14 +12,12 @@ import { dbIsFinalized } from "./analyze";
 import { getCodeQL } from "./codeql";
 import { Config } from "./config-utils";
 import { EnvVar } from "./environment";
-import {
-  Feature,
-  featureConfig,
-  FeatureEnablement,
-  Features,
-} from "./feature-flags";
 import { Language } from "./languages";
 import { Logger, withGroup } from "./logging";
+import {
+  isSafeArtifactUpload,
+  SafeArtifactUploadVersion,
+} from "./tools-features";
 import {
   bundleDb,
   doesDirectoryExist,
@@ -40,7 +38,7 @@ export function sanitizeArtifactName(name: string): string {
 export async function uploadCombinedSarifArtifacts(
   logger: Logger,
   gitHubVariant: GitHubVariant,
-  features: Features | boolean,
+  codeQlVersion: string | undefined,
 ) {
   const tempDir = getTemporaryDirectory();
 
@@ -75,7 +73,7 @@ export async function uploadCombinedSarifArtifacts(
         baseTempDir,
         "combined-sarif-artifacts",
         gitHubVariant,
-        features,
+        codeQlVersion,
       );
     } catch (e) {
       logger.warning(
@@ -168,7 +166,7 @@ async function tryBundleDatabase(
 export async function tryUploadAllAvailableDebugArtifacts(
   config: Config,
   logger: Logger,
-  features: FeatureEnablement,
+  codeQlVersion: string | undefined,
 ) {
   const filesToUpload: string[] = [];
   try {
@@ -232,7 +230,7 @@ export async function tryUploadAllAvailableDebugArtifacts(
         config.dbLocation,
         config.debugArtifactName,
         config.gitHubVersion.type,
-        features,
+        codeQlVersion,
       ),
     );
   } catch (e) {
@@ -248,7 +246,7 @@ export async function uploadDebugArtifacts(
   rootDir: string,
   artifactName: string,
   ghVariant: GitHubVariant,
-  features: FeatureEnablement | boolean,
+  codeQlVersion: string | undefined,
 ): Promise<
   | "no-artifacts-to-upload"
   | "upload-successful"
@@ -258,14 +256,11 @@ export async function uploadDebugArtifacts(
   if (toUpload.length === 0) {
     return "no-artifacts-to-upload";
   }
-  const uploadSupported =
+  const uploadSupported = isSafeArtifactUpload(codeQlVersion);
-    typeof features === "boolean"
-      ? features
-      : await features.getValue(Feature.SafeArtifactUpload);
 
   if (!uploadSupported) {
     core.info(
-      `Skipping debug artifact upload because the current CLI does not support safe upload. Please upgrade to CLI v${featureConfig.safe_artifact_upload.minimumVersion} or later.`,
+      `Skipping debug artifact upload because the current CLI does not support safe upload. Please upgrade to CLI v${SafeArtifactUploadVersion} or later.`,
     );
     return "upload-not-supported";
   }

src/feature-flags.ts

@@ -54,7 +54,6 @@ export enum Feature {
   PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib",
   QaTelemetryEnabled = "qa_telemetry_enabled",
   ZstdBundleStreamingExtraction = "zstd_bundle_streaming_extraction",
-  SafeArtifactUpload = "safe_artifact_upload",
 }
 
 export const featureConfig: Record<
@@ -155,18 +154,6 @@ export const featureConfig: Record<
     legacyApi: true,
     minimumVersion: undefined,
   },
-
-  /**
-   * The first version of the CodeQL CLI where artifact upload is safe to use
-   * for failed runs. This is not really a feature flag, but it is easiest to
-   * model the behavior as a feature flag.
-   */
-  [Feature.SafeArtifactUpload]: {
-    defaultValue: true,
-    envVar: "CODEQL_ACTION_SAFE_ARTIFACT_UPLOAD",
-    legacyApi: true,
-    minimumVersion: "2.20.3",
-  },
 };
 
 /**

src/init-action-post-helper.ts

@@ -161,7 +161,7 @@ export async function run(
   uploadAllAvailableDebugArtifacts: (
     config: Config,
     logger: Logger,
-    features: FeatureEnablement,
+    codeQlVersion: string,
   ) => Promise<void>,
   printDebugLogs: (config: Config) => Promise<void>,
   config: Config,
@@ -211,7 +211,9 @@ export async function run(
     logger.info(
       "Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...",
     );
-    await uploadAllAvailableDebugArtifacts(config, logger, features);
+    const codeql = await getCodeQL(config.codeQLCmd);
+    const version = await codeql.getVersion();
+    await uploadAllAvailableDebugArtifacts(config, logger, version.version);
     await printDebugLogs(config);
   }
 

src/tools-features.ts

@@ -1,3 +1,5 @@
+import * as semver from "semver";
+
 import type { VersionInfo } from "./codeql";
 
 export enum ToolsFeature {
@@ -26,3 +28,21 @@ export function isSupportedToolsFeature(
 ): boolean {
   return !!versionInfo.features && versionInfo.features[feature];
 }
+
+export const SafeArtifactUploadVersion = "2.20.3";
+
+/**
+ * The first version of the CodeQL CLI where artifact upload is safe to use
+ * for failed runs. This is not really a feature flag, but it is easiest to
+ * model the behavior as a feature flag.
+ *
+ * This was not captured in a tools feature, so we need to use semver.
+ *
+ * @param codeQlVersion The version of the CodeQL CLI to check. If not provided, it is assumed to be safe.
+ * @returns True if artifact upload is safe to use for failed runs or false otherwise.
+ */
+export function isSafeArtifactUpload(codeQlVersion?: string): boolean {
+  return !codeQlVersion
+    ? true
+    : semver.gte(codeQlVersion, SafeArtifactUploadVersion);
+}

src/upload-sarif-action-post.ts

@@ -33,7 +33,9 @@ async function runWrapper() {
         debugArtifacts.uploadCombinedSarifArtifacts(
           logger,
           gitHubVersion.type,
-          true,
+          // The codeqlVersion is not applicable for uploading non-codeql sarif.
+          // We can assume all versions are safe to upload.
+          undefined,
         ),
       );
     }