Gate config export behind a feature flag

lib/analyze.js

@@ -218,7 +218,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     return statusReport;
     async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, featureEnablement);
     }
     async function runPrintLinesOfCode(language) {
         const databasePath = util.getCodeQLDatabasePath(config, language);

lib/codeql.js

@@ -31,6 +31,7 @@ const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
 const config_utils_1 = require("./config-utils");
 const error_matcher_1 = require("./error-matcher");
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
@@ -508,7 +509,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }
             await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
         },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
             const codeqlArgs = [
                 "database",
                 "interpret-results",
@@ -520,7 +521,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "--print-diagnostics-summary",
                 "--print-metrics-summary",
                 "--sarif-group-rules-by-pack",
-                ...(await getCodeScanningConfigExportArguments(config, this)),
+                ...(await getCodeScanningConfigExportArguments(config, this, features)),
                 ...getExtraOptionsFromEnv(["database", "interpret-results"]),
             ];
             if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
@@ -613,13 +614,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ];
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
-        async diagnosticsExport(sarifFile, automationDetailsId, config) {
+        async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
             const args = [
                 "diagnostics",
                 "export",
                 "--format=sarif-latest",
                 `--output=${sarifFile}`,
-                ...(await getCodeScanningConfigExportArguments(config, this)),
+                ...(await getCodeScanningConfigExportArguments(config, this, features)),
                 ...getExtraOptionsFromEnv(["diagnostics", "export"]),
             ];
             if (automationDetailsId !== undefined) {
@@ -804,10 +805,10 @@ function cloneObject(obj) {
  *
  * Returns an empty list if a code scanning configuration file was not generated by the CLI.
  */
-async function getCodeScanningConfigExportArguments(config, codeql) {
+async function getCodeScanningConfigExportArguments(config, codeql, features) {
     const codeScanningConfigPath = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
     if (fs.existsSync(codeScanningConfigPath) &&
-        (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
+        (await features.getValue(feature_flags_1.Feature.ExportCodeScanningConfigEnabled, codeql))) {
         return ["--sarif-codescanning-config", codeScanningConfigPath];
     }
     return [];

lib/codeql.test.js

@@ -424,7 +424,7 @@ for (const isBundleVersionInUrl of [true, false]) {
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig);
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
@@ -433,7 +433,7 @@ for (const isBundleVersionInUrl of [true, false]) {
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig);
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
@@ -733,7 +733,7 @@ const injectedConfigMacro = ava_1.default.macro({
     sinon.stub(codeqlObject, "getVersion").resolves("2.11.3");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig);
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
@@ -742,7 +742,7 @@ const injectedConfigMacro = ava_1.default.macro({
     sinon.stub(codeqlObject, "getVersion").resolves("2.11.2");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig);
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
 });
 function stubToolRunnerConstructor() {

lib/feature-flags.js

@@ -28,6 +28,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
+const codeql_1 = require("./codeql");
 const defaults = __importStar(require("./defaults.json"));
 const util = __importStar(require("./util"));
 const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
@@ -36,6 +37,7 @@ var Feature;
 (function (Feature) {
     Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
+    Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature = exports.Feature || (exports.Feature = {}));
@@ -48,6 +50,10 @@ exports.featureConfig = {
         envVar: "CODEQL_PASS_CONFIG_TO_CLI",
         minimumVersion: "2.11.6",
     },
+    [Feature.ExportCodeScanningConfigEnabled]: {
+        envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
+        minimumVersion: codeql_1.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
+    },
     [Feature.MlPoweredQueriesEnabled]: {
         envVar: "CODEQL_ML_POWERED_QUERIES",
         minimumVersion: "2.7.5",

lib/init-action-post-helper.js

@@ -43,12 +43,12 @@ function createFailedUploadFailedSarifResult(error) {
  * Upload a failed SARIF file if we can verify that SARIF upload is enabled and determine the SARIF
  * category for the workflow.
  */
-async function maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger) {
+async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
     if (!config.codeQLCmd) {
         return { upload_failed_run_skipped_because: "CodeQL command not found" };
     }
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    if (!(await featureEnablement.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
+    if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
         return { upload_failed_run_skipped_because: "Feature disabled" };
     }
     const workflow = await (0, workflow_1.getWorkflow)();
@@ -61,16 +61,16 @@ async function maybeUploadFailedSarif(config, repositoryNwo, featureEnablement,
     const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
     const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
     const sarifFile = "../codeql-failed-run.sarif";
-    await codeql.diagnosticsExport(sarifFile, category, config);
+    await codeql.diagnosticsExport(sarifFile, category, config, features);
     core.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
     return uploadResult?.statusReport ?? {};
 }
-async function tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger) {
+async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
     if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
         try {
-            return await maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
+            return await maybeUploadFailedSarif(config, repositoryNwo, features, logger);
         }
         catch (e) {
             logger.debug(`Failed to upload a SARIF file for this failed CodeQL code scanning run. ${e}`);
@@ -84,13 +84,13 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablemen
     }
 }
 exports.tryUploadSarifIfRunFailed = tryUploadSarifIfRunFailed;
-async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
+async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, features, logger) {
     const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
     if (config === undefined) {
         logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
         return;
     }
-    const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger);
+    const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger);
     if (uploadFailedSarifResult.upload_failed_run_skipped_because) {
         logger.debug("Won't upload a failed SARIF file for this CodeQL code scanning run because: " +
             `${uploadFailedSarifResult.upload_failed_run_skipped_because}.`);

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE5D,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEtE,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}

lib/init-action-post-helper.test.js

@@ -254,7 +254,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUploa
         });
     }
     if (expectUpload) {
-        t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, sinon.match.any), `Actual args were: ${diagnosticsExportStub.args}`);
+        t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, sinon.match.any, sinon.match.any), `Actual args were: ${diagnosticsExportStub.args}`);
         t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
         t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
             isUnsuccessfulExecution: true,

src/analyze.ts

@@ -368,7 +368,8 @@ export async function runQueries(
       threadsFlag,
       enableDebugLogging ? "-vv" : "-v",
       automationDetailsId,
-      config
+      config,
+      featureEnablement
     );
   }
 

src/codeql.test.ts

@@ -636,7 +636,8 @@ test("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0",
     "",
     "-v",
     "",
-    stubConfig
+    stubConfig,
+    createFeatures([])
   );
   t.false(
     runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
@@ -658,7 +659,8 @@ test("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (
     "",
     "-v",
     "",
-    stubConfig
+    stubConfig,
+    createFeatures([])
   );
   t.true(
     runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
@@ -1155,7 +1157,8 @@ test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3"
     "",
     "-v",
     "",
-    stubConfig
+    stubConfig,
+    createFeatures([])
   );
   t.true(
     runnerConstructorStub.firstCall.args[1].includes(
@@ -1179,7 +1182,8 @@ test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for
     "",
     "-v",
     "",
-    stubConfig
+    stubConfig,
+    createFeatures([])
   );
   t.false(
     runnerConstructorStub.firstCall.args[1].includes(

src/codeql.ts

@@ -8,7 +8,11 @@ import { getOptionalInput } from "./actions-util";
 import * as api from "./api-client";
 import { Config, getGeneratedCodeScanningConfigPath } from "./config-utils";
 import { errorMatchers } from "./error-matcher";
-import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags";
+import {
+  CodeQLDefaultVersionInfo,
+  Feature,
+  FeatureEnablement,
+} from "./feature-flags";
 import { ToolsSource } from "./init";
 import { isTracedLanguage, Language } from "./languages";
 import { Logger } from "./logging";
@@ -174,7 +178,8 @@ export interface CodeQL {
     threadsFlag: string,
     verbosityFlag: string | undefined,
     automationDetailsId: string | undefined,
-    config: Config
+    config: Config,
+    features: FeatureEnablement
   ): Promise<string>;
   /**
    * Run 'codeql database print-baseline'.
@@ -186,7 +191,8 @@ export interface CodeQL {
   diagnosticsExport(
     sarifFile: string,
     automationDetailsId: string | undefined,
-    config: Config
+    config: Config,
+    features: FeatureEnablement
   ): Promise<void>;
 }
 
@@ -850,7 +856,8 @@ export async function getCodeQLForCmd(
       threadsFlag: string,
       verbosityFlag: string,
       automationDetailsId: string | undefined,
-      config: Config
+      config: Config,
+      features: FeatureEnablement
     ): Promise<string> {
       const codeqlArgs = [
         "database",
@@ -863,7 +870,7 @@ export async function getCodeQLForCmd(
         "--print-diagnostics-summary",
         "--print-metrics-summary",
         "--sarif-group-rules-by-pack",
-        ...(await getCodeScanningConfigExportArguments(config, this)),
+        ...(await getCodeScanningConfigExportArguments(config, this, features)),
         ...getExtraOptionsFromEnv(["database", "interpret-results"]),
       ];
       if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
@@ -984,14 +991,15 @@ export async function getCodeQLForCmd(
     async diagnosticsExport(
       sarifFile: string,
       automationDetailsId: string | undefined,
-      config: Config
+      config: Config,
+      features: FeatureEnablement
     ): Promise<void> {
       const args = [
         "diagnostics",
         "export",
         "--format=sarif-latest",
         `--output=${sarifFile}`,
-        ...(await getCodeScanningConfigExportArguments(config, this)),
+        ...(await getCodeScanningConfigExportArguments(config, this, features)),
         ...getExtraOptionsFromEnv(["diagnostics", "export"]),
       ];
       if (automationDetailsId !== undefined) {
@@ -1217,15 +1225,13 @@ function cloneObject<T>(obj: T): T {
  */
 async function getCodeScanningConfigExportArguments(
   config: Config,
-  codeql: CodeQL
+  codeql: CodeQL,
+  features: FeatureEnablement
 ): Promise<string[]> {
   const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
   if (
     fs.existsSync(codeScanningConfigPath) &&
-    (await util.codeQlVersionAbove(
+    (await features.getValue(Feature.ExportCodeScanningConfigEnabled, codeql))
-      codeql,
-      CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG
-    ))
   ) {
     return ["--sarif-codescanning-config", codeScanningConfigPath];
   }

src/feature-flags.ts

@@ -4,7 +4,7 @@ import * as path from "path";
 import * as semver from "semver";
 
 import { getApiClient } from "./api-client";
-import { CodeQL } from "./codeql";
+import { CodeQL, CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG } from "./codeql";
 import * as defaults from "./defaults.json";
 import { Logger } from "./logging";
 import { RepositoryNwo } from "./repository";
@@ -36,6 +36,7 @@ export interface FeatureEnablement {
 export enum Feature {
   CliConfigFileEnabled = "cli_config_file_enabled",
   DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
+  ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
   MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
   UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
 }
@@ -52,6 +53,10 @@ export const featureConfig: Record<
     envVar: "CODEQL_PASS_CONFIG_TO_CLI",
     minimumVersion: "2.11.6",
   },
+  [Feature.ExportCodeScanningConfigEnabled]: {
+    envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
+    minimumVersion: CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
+  },
   [Feature.MlPoweredQueriesEnabled]: {
     envVar: "CODEQL_ML_POWERED_QUERIES",
     minimumVersion: "2.7.5",

src/init-action-post-helper.test.ts

@@ -292,6 +292,7 @@ async function testFailedSarifUpload(
       diagnosticsExportStub.calledOnceWith(
         sinon.match.string,
         category,
+        sinon.match.any,
         sinon.match.any
       ),
       `Actual args were: ${diagnosticsExportStub.args}`

src/init-action-post-helper.ts

@@ -43,19 +43,14 @@ function createFailedUploadFailedSarifResult(
 async function maybeUploadFailedSarif(
   config: Config,
   repositoryNwo: RepositoryNwo,
-  featureEnablement: FeatureEnablement,
+  features: FeatureEnablement,
   logger: Logger
 ): Promise<UploadFailedSarifResult> {
   if (!config.codeQLCmd) {
     return { upload_failed_run_skipped_because: "CodeQL command not found" };
   }
   const codeql = await getCodeQL(config.codeQLCmd);
-  if (
+  if (!(await features.getValue(Feature.UploadFailedSarifEnabled, codeql))) {
-    !(await featureEnablement.getValue(
-      Feature.UploadFailedSarifEnabled,
-      codeql
-    ))
-  ) {
     return { upload_failed_run_skipped_because: "Feature disabled" };
   }
   const workflow = await getWorkflow();
@@ -71,7 +66,7 @@ async function maybeUploadFailedSarif(
   const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
 
   const sarifFile = "../codeql-failed-run.sarif";
-  await codeql.diagnosticsExport(sarifFile, category, config);
+  await codeql.diagnosticsExport(sarifFile, category, config, features);
 
   core.info(`Uploading failed SARIF file ${sarifFile}`);
   const uploadResult = await uploadLib.uploadFromActions(
@@ -92,7 +87,7 @@ async function maybeUploadFailedSarif(
 export async function tryUploadSarifIfRunFailed(
   config: Config,
   repositoryNwo: RepositoryNwo,
-  featureEnablement: FeatureEnablement,
+  features: FeatureEnablement,
   logger: Logger
 ): Promise<UploadFailedSarifResult> {
   if (process.env[CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
@@ -100,7 +95,7 @@ export async function tryUploadSarifIfRunFailed(
       return await maybeUploadFailedSarif(
         config,
         repositoryNwo,
-        featureEnablement,
+        features,
         logger
       );
     } catch (e) {
@@ -122,7 +117,7 @@ export async function run(
   uploadLogsDebugArtifact: Function,
   printDebugLogs: Function,
   repositoryNwo: RepositoryNwo,
-  featureEnablement: FeatureEnablement,
+  features: FeatureEnablement,
   logger: Logger
 ) {
   const config = await getConfig(actionsUtil.getTemporaryDirectory(), logger);
@@ -136,7 +131,7 @@ export async function run(
   const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(
     config,
     repositoryNwo,
-    featureEnablement,
+    features,
     logger
   );
   if (uploadFailedSarifResult.upload_failed_run_skipped_because) {