- The `upload` input to the `analyze` Action now accepts the following values:
- `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
- `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
- `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
- The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
---------
Co-authored-by: Henry Mercer <henry.mercer@me.com>
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.
While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
Build tracing using CLIs before 2.7.3 no longer works with the most
recent update to the `ubuntu-22.04` runner image.
With this new logic, we can remove the workarounds around testing
`windows-2019` and `windows-2022`.
This is the earliest CodeQL version supported by GHES.
Bumping to this version resolves some flaky tests caused by the "We
still have not reached idleness" deadlock, as this deadlock is fixed in
2.4.5.
