Add more noise to the debug output in status-report to trace function execution in CI

Add debug output to status-report.ts
2026-01-04 13:40:23 +08:00 · 2024-05-23 11:04:50 +01:00 · 2024-05-23 10:58:50 +01:00
9536 changed files with 504472 additions and 2532029 deletions
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -0,0 +1,77 @@
+
+{
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "project": "./tsconfig.json"
+    },
+    "plugins": ["@typescript-eslint", "filenames", "github", "import", "no-async-foreach"],
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:@typescript-eslint/recommended-requiring-type-checking",
+        "plugin:github/recommended",
+        "plugin:github/typescript",
+        "plugin:import/typescript"
+    ],
+    "rules": {
+        "filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
+        "i18n-text/no-en": "off",
+        "import/extensions": ["error", {
+            // Allow importing JSON files
+            "json": {}
+        }],
+        "import/no-amd": "error",
+        "import/no-commonjs": "error",
+        "import/no-cycle": "error",
+        "import/no-dynamic-require": "error",
+        // Disable the rule that checks that devDependencies aren't imported since we use a single
+        // linting configuration file for both source and test code.
+        "import/no-extraneous-dependencies": ["error", {"devDependencies": true}],
+        "import/no-namespace": "off",
+        "import/no-unresolved": "error",
+        "import/no-webpack-loader-syntax": "error",
+        "import/order": ["error", {
+            "alphabetize": {"order": "asc"},
+            "newlines-between": "always"
+        }],
+        "max-len": ["error", {
+            "code": 120,
+            "ignoreUrls": true,
+            "ignoreStrings": true,
+            "ignoreTemplateLiterals": true
+        }],
+        "no-async-foreach/no-async-foreach": "error",
+        "no-console": "off",
+        "no-sequences": "error",
+        "no-shadow": "off",
+        "@typescript-eslint/no-shadow": ["error"],
+        "one-var": ["error", "never"]
+    },
+    "overrides": [{
+        // "temporarily downgraded during transition to eslint
+        "files": "**",
+        "rules": {
+            "@typescript-eslint/ban-types": "off",
+            "@typescript-eslint/explicit-module-boundary-types": "off",
+            "@typescript-eslint/no-explicit-any": "off",
+            "@typescript-eslint/no-unsafe-assignment": "off",
+            "@typescript-eslint/no-unsafe-call": "off",
+            "@typescript-eslint/no-unsafe-member-access": "off",
+            "@typescript-eslint/no-unsafe-return": "off",
+            "@typescript-eslint/no-var-requires": "off",
+            "@typescript-eslint/prefer-regexp-exec": "off",
+            "@typescript-eslint/require-await": "off",
+            "@typescript-eslint/restrict-template-expressions": "off",
+            "func-style": "off",
+            "sort-imports": "off"
+        }
+    }],
+    "settings": {
+        "import/resolver": {
+            "node": {
+                "moduleDirectory": ["node_modules", "src"]
+            },
+            "typescript": {}
+        }
+    }
+}
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
@@ -2,16 +2,12 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
  version:
-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
+    description: "The version of the CodeQL CLI to use. Can be 'latest', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
    required: true
  use-all-platform-bundle:
    description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
    default: 'false'
    required: false
-  setup-kotlin:
-    description: "If true, we setup kotlin"
-    default: 'true'
-    required: true
 outputs:
  tools-url:
    description: "The value that should be passed as the 'tools' input of the 'init' step."
@@ -32,20 +28,14 @@ runs:
      run: |
        set -e # Fail this Action if `gh release list` fails.

-        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
-          extension="tar.zst"
-        else
-          extension="tar.gz"
-        fi
-
        if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
-          artifact_name="codeql-bundle.$extension"
+          artifact_name="codeql-bundle.tar.gz"
        elif [[ "$RUNNER_OS" == "Linux" ]]; then
-          artifact_name="codeql-bundle-linux64.$extension"
+          artifact_name="codeql-bundle-linux64.tar.gz"
        elif [[ "$RUNNER_OS" == "macOS" ]]; then
-          artifact_name="codeql-bundle-osx64.$extension"
+          artifact_name="codeql-bundle-osx64.tar.gz"
        elif [[ "$RUNNER_OS" == "Windows" ]]; then
-          artifact_name="codeql-bundle-win64.$extension"
+          artifact_name="codeql-bundle-win64.tar.gz"
        else
          echo "::error::Unrecognized OS $RUNNER_OS"
          exit 1
@@ -60,16 +50,11 @@ runs:
        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
-        elif [[ ${{ inputs.version }} == "linked" ]]; then
-          echo "tools-url=linked" >> $GITHUB_OUTPUT
+        elif [[ ${{ inputs.version }} == "latest" ]]; then
+          echo "tools-url=latest" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "default" ]]; then
          echo "tools-url=" >> $GITHUB_OUTPUT
        else
          echo "::error::Unrecognized version specified!"
          exit 1
        fi
-
-    - uses: fwilhe2/setup-kotlin@9c245a6425255f5e98ba1ce6c15d31fce7eca9da
-      if: ${{ inputs.setup-kotlin == 'true' }}
-      with:
-        version: 1.8.21
--- a/.github/actions/query-filter-test/action.yml
+++ b/.github/actions/query-filter-test/action.yml
@@ -48,6 +48,7 @@ runs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false
        upload: never
      env:
        CODEQL_ACTION_TEST_MODE: "true"
--- a/.github/workflows/__all-platform-bundle.yml
+++ b/.github/workflows/__all-platform-bundle.yml
@@ -7,6 +7,7 @@ name: PR Check - All-platform bundle
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,16 +57,18 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'true'
-          setup-kotlin: 'true'
      - id: init
        uses: ./../action/init
        with:
-      # Swift is not supported on Ubuntu so we manually exclude it from the list here
-          languages: cpp,csharp,go,java,javascript,python,ruby
          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
+        with:
+          upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -7,6 +7,7 @@ name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -70,6 +72,7 @@ jobs:
        run: ./build.sh
      - uses: ./../action/analyze
        with:
+          upload-database: false
          ref: refs/heads/main
          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
    env:
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -7,6 +7,7 @@ name: PR Check - autobuild-action
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
    name: autobuild-action
    permissions:
      contents: read
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: csharp
@@ -73,6 +75,8 @@ jobs:
          CORECLR_PROFILER: ''
          CORECLR_PROFILER_PATH_64: ''
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - name: Check database
        shell: bash
        run: |
--- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
+++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
@@ -1,90 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Autobuild direct tracing (custom working directory)
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  autobuild-direct-tracing-with-working-dir:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-latest
-            version: linked
-          - os: windows-latest
-            version: linked
-          - os: ubuntu-latest
-            version: nightly-latest
-          - os: windows-latest
-            version: nightly-latest
-    name: Autobuild direct tracing (custom working directory)
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: >-
-          runner.os == 'macOS' && (
-
-          matrix.version == 'stable-v2.13.5' ||
-
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Test setup
-        shell: bash
-        run: |
-          # Make sure that Gradle build succeeds in autobuild-dir ...
-          cp -a ../action/tests/java-repo autobuild-dir
-          # ... and fails if attempted in the current directory
-          echo > build.gradle
-      - uses: ./../action/init
-        with:
-          build-mode: autobuild
-          languages: java
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - name: Check that indirect tracing is disabled
-        shell: bash
-        run: |
-          if [[ ! -z "${CODEQL_RUNNER}" ]]; then
-            echo "Expected indirect tracing to be disabled, but the" \
-              "CODEQL_RUNNER environment variable is set."
-            exit 1
-          fi
-      - uses: ./../action/autobuild
-        with:
-          working-directory: autobuild-dir
-      - uses: ./../action/analyze
-    env:
-      CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
-      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__autobuild-direct-tracing.yml
+++ b/.github/workflows/__autobuild-direct-tracing.yml
@@ -7,6 +7,7 @@ name: PR Check - Autobuild direct tracing
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,9 +29,9 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: windows-latest
@@ -47,6 +48,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -60,7 +63,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Set up Java test repo configuration
        shell: bash
        run: |
--- a/.github/workflows/__build-mode-autobuild.yml
+++ b/.github/workflows/__build-mode-autobuild.yml
@@ -7,6 +7,7 @@ name: PR Check - Build mode autobuild
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Set up Java test repo configuration
        run: |
          mv * .github ../action/tests/multi-language-repo/
--- a/.github/workflows/__build-mode-manual.yml
+++ b/.github/workflows/__build-mode-manual.yml
@@ -7,6 +7,7 @@ name: PR Check - Build mode manual
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
@@ -72,6 +74,10 @@ jobs:
            exit 1
          fi

+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+
      - name: Build code
        shell: bash
        run: ./build.sh
--- a/.github/workflows/__build-mode-none.yml
+++ b/.github/workflows/__build-mode-none.yml
@@ -7,6 +7,7 @@ name: PR Check - Build mode none
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
    name: Build mode none
@@ -43,6 +44,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -56,7 +59,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__build-mode-rollback.yml
+++ b/.github/workflows/__build-mode-rollback.yml
@@ -7,6 +7,7 @@ name: PR Check - Build mode rollback
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Set up Java test repo configuration
        run: |
          mv * .github ../action/tests/multi-language-repo/
--- a/.github/workflows/__cleanup-db-cluster-dir.yml
+++ b/.github/workflows/__cleanup-db-cluster-dir.yml
@@ -1,79 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Clean up database cluster directory
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  cleanup-db-cluster-dir:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-latest
-            version: linked
-    name: Clean up database cluster directory
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: >-
-          runner.os == 'macOS' && (
-
-          matrix.version == 'stable-v2.13.5' ||
-
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Add a file to the database cluster directory
-        run: |
-          mkdir -p "${{ runner.temp }}/customDbLocation/javascript"
-          touch "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt"
-
-      - uses: ./../action/init
-        id: init
-        with:
-          build-mode: none
-          db-location: ${{ runner.temp }}/customDbLocation
-          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-      - name: Validate file cleaned up
-        run: |
-          if [[ -f "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt" ]]; then
-            echo "File was not cleaned up"
-            exit 1
-          fi
-          echo "File was cleaned up"
-    env:
-      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -7,6 +7,7 @@ name: PR Check - Config export
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -51,6 +52,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -64,7 +67,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: javascript
@@ -75,7 +77,7 @@ jobs:
          output: ${{ runner.temp }}/results
          upload-database: false
      - name: Upload SARIF
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: ${{ runner.temp }}/results/javascript.sarif
--- a/.github/workflows/__config-input.yml
+++ b/.github/workflows/__config-input.yml
@@ -7,6 +7,7 @@ name: PR Check - Config input
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
    name: Config input
    permissions:
      contents: read
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Copy queries into workspace
        run: |
          cp -a ../action/queries .
--- a/.github/workflows/__cpp-deptrace-disabled.yml
+++ b/.github/workflows/__cpp-deptrace-disabled.yml
@@ -7,6 +7,7 @@ name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: ubuntu-latest
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Test setup
        shell: bash
        run: |
--- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
+++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
@@ -7,6 +7,7 @@ name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Test setup
        shell: bash
        run: |
--- a/.github/workflows/__cpp-deptrace-enabled.yml
+++ b/.github/workflows/__cpp-deptrace-enabled.yml
@@ -7,6 +7,7 @@ name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: ubuntu-latest
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Test setup
        shell: bash
        run: |
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -7,6 +7,7 @@ name: PR Check - Diagnostic export
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,17 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
-          - os: macos-latest
-            version: linked
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
          - os: windows-latest
-            version: linked
+            version: stable-20230403
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -51,6 +58,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -64,7 +73,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
@@ -75,19 +83,23 @@ jobs:
        env:
          CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
        run: |
-          "$CODEQL_PATH" database add-diagnostic \
-            "$RUNNER_TEMP/codeql_databases/javascript" \
-            --file-path /path/to/file \
-            --plaintext-message "Plaintext message" \
-            --source-id "lang/diagnostics/example" \
-            --source-name "Diagnostic name" \
-            --ready-for-status-page
+          for i in {1..2}; do
+            # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
+            # produces an invalid diagnostic with multiple identical location objects.
+            "$CODEQL_PATH" database add-diagnostic \
+              "$RUNNER_TEMP/codeql_databases/javascript" \
+              --file-path /path/to/file \
+              --plaintext-message "Plaintext message $i" \
+              --source-id "lang/diagnostics/example" \
+              --source-name "Diagnostic name" \
+              --ready-for-status-page
+          done
      - uses: ./../action/analyze
        with:
          output: ${{ runner.temp }}/results
          upload-database: false
      - name: Upload SARIF
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: ${{ runner.temp }}/results/javascript.sarif
@@ -101,7 +113,7 @@ jobs:
            const fs = require('fs');

            function checkStatusPageNotification(n) {
-              const expectedMessage = 'Plaintext message';
+              const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
              if (n.message.text !== expectedMessage) {
                core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
              }
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -7,6 +7,7 @@ name: PR Check - Export file baseline information
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
@@ -74,7 +76,7 @@ jobs:
        with:
          output: ${{ runner.temp }}/results
      - name: Upload SARIF
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
          path: ${{ runner.temp }}/results/javascript.sarif
@@ -84,7 +86,7 @@ jobs:
        run: |
          cd "$RUNNER_TEMP/results"
          expected_baseline_languages="c csharp go java kotlin javascript python ruby"
-          if [[ $RUNNER_OS == "macOS" ]]; then
+          if [[ $RUNNER_OS != "Windows" ]]; then
            expected_baseline_languages+=" swift"
          fi

--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -7,6 +7,7 @@ name: PR Check - Extractor ram and threads options test
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
    name: Extractor ram and threads options test
    permissions:
      contents: read
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: java
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: Custom queries'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,6 +28,12 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
+          - os: windows-latest
+            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -51,12 +58,6 @@ jobs:
            version: stable-v2.16.6
          - os: windows-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.17.6
-          - os: windows-latest
-            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -64,11 +65,11 @@ jobs:
          - os: windows-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -87,6 +88,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -100,7 +103,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
@@ -113,6 +115,8 @@ jobs:
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
+        with:
+          upload-database: false
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: diagnostic when Go is changed after init step'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
      # We need a Go version that ships with statically linked binaries on Linux
--- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: diagnostic when `file` is not installed'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
      # We need a Go version that ships with statically linked binaries on Linux
--- a/.github/workflows/__go-indirect-tracing-workaround.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: workaround for indirect tracing'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
      # We need a Go version that ships with statically linked binaries on Linux
@@ -67,6 +69,8 @@ jobs:
        shell: bash
        run: go build main.go
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - shell: bash
        run: |
          if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with autobuilder step'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,6 +28,10 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -43,18 +48,14 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -71,6 +72,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -84,7 +87,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
          go-version: ~1.22.0
@@ -97,6 +99,8 @@ jobs:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - uses: ./../action/autobuild
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - shell: bash
        run: |
          if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with custom build steps'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,6 +28,10 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -43,18 +48,14 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -71,6 +72,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -84,7 +87,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
          go-version: ~1.22.0
@@ -99,6 +101,8 @@ jobs:
        shell: bash
        run: go build main.go
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - shell: bash
        run: |
          # Once we start running Bash 4.2 in all environments, we can replace the
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Go: tracing with legacy workflow'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,6 +28,10 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -43,18 +48,14 @@ jobs:
            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -71,6 +72,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -84,7 +87,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
          go-version: ~1.22.0
@@ -96,6 +98,8 @@ jobs:
          languages: go
          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - shell: bash
        run: |
          cd "$RUNNER_TEMP/codeql_databases"
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Download using registries'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -34,11 +35,11 @@ jobs:
          - os: windows-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -58,6 +59,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -71,7 +74,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Init with registries
        uses: ./../action/init
        with:
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -7,6 +7,7 @@ name: PR Check - Custom source root
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: ubuntu-latest
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Move codeql-action
        shell: bash
        run: |
@@ -71,7 +73,9 @@ jobs:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - uses: ./../action/analyze
        with:
+          upload-database: false
          skip-queries: true
+          upload: never
      - name: Assert database exists
        shell: bash
        run: |
--- a/.github/workflows/__language-aliases.yml
+++ b/.github/workflows/__language-aliases.yml
@@ -7,6 +7,7 @@ name: PR Check - Language aliases
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
    name: Language aliases
    permissions:
      contents: read
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: C#,java-kotlin,swift,typescript
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -7,6 +7,7 @@ name: PR Check - Multi-language repository
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,37 +29,21 @@ jobs:
      matrix:
        include:
          - os: macos-12
-            version: stable-v2.13.5
-          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
            version: stable-v2.13.5
          - os: macos-12
            version: stable-v2.14.6
-          - os: ubuntu-latest
-            version: stable-v2.14.6
          - os: macos-latest
            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.15.5
          - os: macos-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.17.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
          - os: macos-latest
            version: default
-          - os: ubuntu-latest
-            version: default
          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
            version: nightly-latest
-          - os: ubuntu-latest
-            version: nightly-latest
    name: Multi-language repository
    permissions:
      contents: read
@@ -71,6 +56,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -84,7 +71,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
@@ -93,13 +79,9 @@ jobs:
        id: init
        with:
          db-location: ${{ runner.temp }}/customDbLocation
-      # Swift is not supported on Ubuntu so we manually exclude it from the list here
-          languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby'
-            || '' }}
          tools: ${{ steps.prepare-test.outputs.tools-url }}

      - uses: ./../action/.github/actions/setup-swift
-        if: runner.os == 'macOS'
        with:
          codeql-path: ${{ steps.init.outputs.codeql-path }}

@@ -151,8 +133,8 @@ jobs:
            exit 1
          fi

-      - name: Check language autodetect for Swift on MacOS
-        if: runner.os == 'macOS'
+      - name: Check language autodetect for Swift
+        if: runner.os != 'Windows' && matrix.version != 'stable-20230403'
        shell: bash
        run: |
          SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config and input passed to the CLI'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -57,6 +58,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -70,7 +73,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config and input'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -57,6 +58,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -70,7 +73,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Config file'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -57,6 +58,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -70,7 +73,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging.yml
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -7,6 +7,7 @@ name: 'PR Check - Packaging: Action input'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -57,6 +58,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -70,7 +73,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging2.yml
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -7,6 +7,7 @@ name: PR Check - Remote config file
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,6 +28,12 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: ubuntu-latest
+            version: stable-20230403
+          - os: macos-12
+            version: stable-20230403
+          - os: windows-latest
+            version: stable-20230403
          - os: ubuntu-latest
            version: stable-v2.13.5
          - os: macos-12
@@ -51,12 +58,6 @@ jobs:
            version: stable-v2.16.6
          - os: windows-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.17.6
-          - os: windows-latest
-            version: stable-v2.17.6
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -64,11 +65,11 @@ jobs:
          - os: windows-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -87,6 +88,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -100,7 +103,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__resolve-environment-action.yml
+++ b/.github/workflows/__resolve-environment-action.yml
@@ -7,6 +7,7 @@ name: PR Check - Resolve environment
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: stable-v2.13.5
+            version: stable-v2.13.4
          - os: macos-12
-            version: stable-v2.13.5
+            version: stable-v2.13.4
          - os: windows-latest
-            version: stable-v2.13.5
+            version: stable-v2.13.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -40,11 +41,11 @@ jobs:
          - os: windows-latest
            version: default
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: nightly-latest
          - os: macos-latest
@@ -63,6 +64,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -76,10 +79,9 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
-          languages: ${{ matrix.version == 'stable-v2.13.5' && 'go' || 'go,javascript-typescript'
+          languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
            }}
          tools: ${{ steps.prepare-test.outputs.tools-url }}

@@ -94,14 +96,14 @@ jobs:
        run: exit 1

      - name: Resolve environment for JavaScript/TypeScript
-        if: matrix.version != 'stable-v2.13.5'
+        if: matrix.version != 'stable-v2.13.4'
        uses: ./../action/resolve-environment
        id: resolve-environment-js
        with:
          language: javascript-typescript

      - name: Fail if JavaScript/TypeScript configuration present
-        if: matrix.version != 'stable-v2.13.5' && 
+        if: matrix.version != 'stable-v2.13.4' && 
          fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
        run: exit 1
    env:
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -7,6 +7,7 @@ name: PR Check - RuboCop multi-language
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -7,6 +7,7 @@ name: PR Check - Ruby analysis
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,9 +29,9 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -51,6 +52,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -64,7 +67,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: ruby
--- a/.github/workflows/__scaling-reserved-ram.yml
+++ b/.github/workflows/__scaling-reserved-ram.yml
@@ -0,0 +1,98 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Scaling reserved RAM
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  scaling-reserved-ram:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-12
+            version: stable-20230403
+          - os: macos-12
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.15.5
+          - os: macos-latest
+            version: stable-v2.16.6
+          - os: macos-latest
+            version: default
+          - os: macos-latest
+            version: latest
+          - os: macos-latest
+            version: nightly-latest
+    name: Scaling reserved RAM
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-20230403' ||
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+
+      - uses: ./../action/init
+        id: init
+        with:
+          db-location: ${{ runner.temp }}/customDbLocation
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+    env:
+      CODEQL_ACTION_SCALING_RESERVED_RAM: true
+      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -7,6 +7,7 @@ name: PR Check - Split workflow
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,9 +29,9 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -51,6 +52,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -64,7 +67,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -7,6 +7,7 @@ name: PR Check - Submit SARIF after failure
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: ubuntu-latest
            version: default
          - os: ubuntu-latest
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,12 +61,10 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: actions/checkout@v4
      - uses: ./init
        with:
          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - name: Fail
    # We want this job to pass if the Action correctly uploads the SARIF file for
    # the failed run.
--- a/.github/workflows/__swift-autobuild.yml
+++ b/.github/workflows/__swift-autobuild.yml
@@ -1,85 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Swift analysis using autobuild
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  swift-autobuild:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-latest
-            version: nightly-latest
-    name: Swift analysis using autobuild
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: >-
-          runner.os == 'macOS' && (
-
-          matrix.version == 'stable-v2.13.5' ||
-
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - uses: ./../action/init
-        id: init
-        with:
-          languages: swift
-          build-mode: autobuild
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/.github/actions/setup-swift
-        with:
-          codeql-path: ${{steps.init.outputs.codeql-path}}
-      - name: Check working directory
-        shell: bash
-        run: pwd
-      - uses: ./../action/autobuild
-        timeout-minutes: 30
-      - uses: ./../action/analyze
-        id: analysis
-        with:
-          upload-database: false
-      - name: Check database
-        shell: bash
-        run: |
-          SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
-          if [[ ! -d "$SWIFT_DB" ]]; then
-            echo "Did not create a database for Swift."
-            exit 1
-          fi
-    env:
-      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -7,6 +7,7 @@ name: PR Check - Swift analysis using a custom build command
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: macos-latest
-            version: linked
+            version: latest
          - os: macos-latest
            version: default
          - os: macos-latest
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -7,6 +7,7 @@ name: PR Check - Autobuild working directory
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
    name: Autobuild working directory
    permissions:
      contents: read
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Test setup
        shell: bash
        run: |
@@ -70,6 +72,8 @@ jobs:
        with:
          working-directory: autobuild-dir
      - uses: ./../action/analyze
+        with:
+          upload-database: false
      - name: Check database
        shell: bash
        run: |
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -7,6 +7,7 @@ name: PR Check - Local CodeQL bundle
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,7 +57,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Fetch a CodeQL bundle
        shell: bash
        env:
@@ -64,12 +66,15 @@ jobs:
      - id: init
        uses: ./../action/init
        with:
-      # Swift is not supported on Ubuntu so we manually exclude it from the list here
-          languages: cpp,csharp,go,java,javascript,python,ruby
-          tools: ./codeql-bundle-linux64.tar.zst
+          tools: ./codeql-bundle-linux64.tar.gz
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
+        with:
+          upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -7,6 +7,7 @@ name: PR Check - Proxy test
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,7 +29,7 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
    name: Proxy test
    permissions:
      contents: read
@@ -41,6 +42,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -54,12 +57,13 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'false'
      - uses: ./../action/init
        with:
          languages: javascript
          tools: ${{ steps.prepare-test.outputs.tools-url }}
      - uses: ./../action/analyze
+        with:
+          upload-database: false
    env:
      https_proxy: http://squid-proxy:3128
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -7,6 +7,7 @@ name: PR Check - Test unsetting environment variables
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -27,21 +28,17 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.13.5
-          - os: ubuntu-latest
+          - os: macos-12
            version: stable-v2.14.6
-          - os: ubuntu-latest
+          - os: macos-latest
            version: stable-v2.15.5
-          - os: ubuntu-latest
+          - os: macos-latest
            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.17.6
-          - os: ubuntu-latest
+          - os: macos-latest
+            version: latest
+          - os: macos-latest
            version: default
-          - os: ubuntu-latest
-            version: linked
-          - os: ubuntu-latest
+          - os: macos-latest
            version: nightly-latest
    name: Test unsetting environment variables
    permissions:
@@ -55,6 +52,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -68,20 +67,23 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        id: init
        with:
          db-location: ${{ runner.temp }}/customDbLocation
-      # Swift is not supported on Ubuntu so we manually exclude it from the list here
-          languages: cpp,csharp,go,java,javascript,python,ruby
          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
      - name: Build code
        shell: bash
-        run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
+    # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
+    # workaround for our PR checks.
+        run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME"
+          ./build.sh
      - uses: ./../action/analyze
        id: analysis
        with:
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -7,6 +7,7 @@ name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -68,9 +70,9 @@ jobs:
      - name: Build code
        shell: bash
        run: ./build.sh
-  # Generate some SARIF we can upload with the upload-sarif step
      - uses: ./../action/analyze
        with:
+          upload-database: false
          ref: refs/heads/main
          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
          upload: never
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -7,6 +7,7 @@ name: PR Check - Use a custom `checkout_path`
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -28,11 +29,11 @@ jobs:
      matrix:
        include:
          - os: ubuntu-latest
-            version: linked
+            version: latest
          - os: macos-latest
-            version: linked
+            version: latest
          - os: windows-latest
-            version: linked
+            version: latest
    name: Use a custom `checkout_path`
    permissions:
      contents: read
@@ -45,6 +46,8 @@ jobs:
        if: >-
          runner.os == 'macOS' && (

+          matrix.version == 'stable-20230403' ||
+
          matrix.version == 'stable-v2.13.5' ||

          matrix.version == 'stable-v2.14.6')
@@ -58,7 +61,6 @@ jobs:
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
      - name: Delete original checkout
        shell: bash
        run: |
@@ -91,6 +93,14 @@ jobs:
          checkout_path: x/y/z/some-path/tests/multi-language-repo
          ref: v1.1.0
          sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+          upload: never
+          upload-database: false
+
+      - uses: ./../action/upload-sarif
+        with:
+          ref: v1.1.0
+          sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+          checkout_path: x/y/z/some-path/tests/multi-language-repo

      - name: Verify SARIF after upload
        shell: bash
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
      id: init-latest
      uses: ./init
      with:
-        tools: linked
+        tools: latest
        languages: javascript
    - name: Compare default and latest CodeQL bundle versions
      id: compare
@@ -54,16 +54,16 @@ jobs:
        echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
        echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"

-        # If we're running on a pull request, run with both bundles, even if `tools: linked` would
+        # If we're running on a pull request, run with both bundles, even if `tools: latest` would
        # be the same as `tools: null`. This allows us to make the job for each of the bundles a
        # required status check.
        #
-        # If we're running on push or schedule, then we can skip running with `tools: linked` when it would be
+        # If we're running on push or schedule, then we can skip running with `tools: latest` when it would be
        # the same as running with `tools: null`.
        if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
          VERSIONS_JSON='[null]'
        else
-          VERSIONS_JSON='[null, "linked"]'
+          VERSIONS_JSON='[null, "latest"]'
        fi

        # Output a JSON-encoded list with the distinct versions to test against.
@@ -75,7 +75,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-12,macos-13,macos-14]
+        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13]
        tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
    runs-on: ${{ matrix.os }}

@@ -97,5 +97,3 @@ jobs:
      run: ${{steps.init.outputs.codeql-path}} version --format=json
    - name: Perform CodeQL Analysis
      uses: ./analyze
-      with:
-        category: "/language:javascript"
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -28,9 +28,9 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: linked
+          version: latest
        - os: macos-latest
-          version: linked
+          version: latest
        - os: ubuntu-latest
          version: default
        - os: macos-latest
--- a/.github/workflows/debug-artifacts-failure.yml
+++ b/.github/workflows/debug-artifacts-failure.yml
@@ -2,6 +2,9 @@
 # when the analyze step fails.
 name: PR Check - Debug artifacts after failure
 env:
+  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
+  # workaround for our PR checks.
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
@@ -34,7 +37,7 @@ jobs:
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
-          version: linked
+          version: latest
      - uses: actions/setup-go@v5
        with:
          go-version: ^1.13.1
@@ -61,7 +64,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
      - name: Check expected artifacts exist
        shell: bash
        run: |
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -1,6 +1,9 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist.
 name: PR Check - Debug artifact upload
 env:
+  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
+  # workaround for our PR checks.
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: true
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
@@ -22,19 +25,20 @@ jobs:
      fail-fast: false
      matrix:
        version:
-        - stable-v2.13.5
-        - stable-v2.14.6
+        # TODO: Once CLI v2.17.4 is available and the platform is switched back to ubuntu,
+        #       stable-20230403, stable-v2.13.5, and stable-v2.14.6 can be added back to this matrix,
+        #       and the VERSIONS variable in the bash script below. 
+        #       Prior to CLI v2.15.1, ARM runners were not supported by the build tracer.
        - stable-v2.15.5
        - stable-v2.16.6
-        - stable-v2.17.6
        - default
-        - linked
+        - latest
        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
-    runs-on: ubuntu-latest
+    runs-on: macos-latest # TODO: Switch back to ubuntu for `nightly-latest` and `latest` once CLI v2.17.4 is available.
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
@@ -53,8 +57,9 @@ jobs:
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
-          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
-          languages: cpp,csharp,go,java,javascript,python,ruby 
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -67,11 +72,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
+          VERSIONS="stable-v2.15.5 stable-v2.16.6 default latest nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@@ -29,7 +29,7 @@ jobs:
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
-        version: linked
+        version: latest
    - uses: ./../action/init
      with:
        languages: javascript
@@ -37,6 +37,8 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false
+        upload: never

    - name: Check Sarif
      uses: ./../action/.github/actions/check-sarif
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -2,6 +2,7 @@ name: PR Checks

 on:
  push:
+    branches: [main, releases/v*]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
@@ -52,7 +53,6 @@ jobs:
        run: .github/workflows/script/check-js.sh

  check-node-modules:
-    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check modules up to date
    runs-on: macos-latest
    timeout-minutes: 45
@@ -63,7 +63,6 @@ jobs:
        run: .github/workflows/script/check-node-modules.sh

  check-file-contents:
-    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check file contents
    runs-on: ubuntu-latest
    timeout-minutes: 45
@@ -88,7 +87,6 @@ jobs:
        run: .github/workflows/script/verify-pr-checks.sh

  npm-test:
-    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Unit Test
    needs: [check-js, check-node-modules]
    strategy:
@@ -108,7 +106,7 @@ jobs:
          npm test

  check-node-version:
-    if: github.event.pull_request
+    if: ${{ github.event.pull_request }}
    name: Check Action Node versions
    runs-on: ubuntu-latest
    timeout-minutes: 45
--- a/.github/workflows/python312-windows.yml
+++ b/.github/workflows/python312-windows.yml
@@ -14,8 +14,6 @@ on:

 jobs:
  test-setup-python-scripts:
-    env:
-      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: windows-latest

@@ -34,8 +32,11 @@ jobs:
    - name: Initialize CodeQL
      uses: ./../action/init
      with:
-        tools: linked
+        tools: latest
        languages: python

    - name: Analyze
      uses: ./../action/analyze
+      with:
+        upload: false
+        upload-database: false
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -27,7 +27,7 @@ jobs:
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
-        version: linked
+        version: latest

    - name: Check SARIF for default queries with Single include, Single exclude
      uses: ./../action/.github/actions/query-filter-test
--- a/.github/workflows/script/update-node-modules.sh
+++ b/.github/workflows/script/update-node-modules.sh
@@ -1,12 +1,9 @@
-#!/bin/bash
-set -eu
-
-if [ "$1" != "update" ] && [ "$1" != "check-only" ]; then
+if [ "$1" != "update" && "$1" != "check-only" ]; then
    >&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'"
    exit 1
 fi

-npm install --force -g npm@9.2.0
+sudo npm install --force -g npm@9.2.0

 # clean the npm cache to ensure we don't have any files owned by root
 sudo npm cache clean --force
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -28,7 +28,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"

 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"

 echo "$CHECKS" | jq

--- a/.github/workflows/test-codeql-bundle-all.yml
+++ b/.github/workflows/test-codeql-bundle-all.yml
@@ -2,6 +2,9 @@ name: 'PR Check - CodeQL Bundle All'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
+  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
+  # workaround for our PR checks.
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
@@ -42,12 +45,15 @@ jobs:
    - id: init
      uses: ./../action/init
      with:
-        # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
-        languages: cpp,csharp,go,java,javascript,python,ruby 
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -54,7 +54,7 @@ jobs:
          cli_version=$(jq -r '.cliVersion' src/defaults.json)
          pr_url=$(gh pr create \
            --title "Update default bundle to $cli_version" \
-            --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
+            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
            --assignee "$GITHUB_ACTOR" \
            --draft \
          )
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,78 +8,6 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the

 No user facing changes.

-## 3.26.6 - 29 Aug 2024
-
- Update default CodeQL bundle version to 2.18.3. [#2449](https://github.com/github/codeql-action/pull/2449)
-
-## 3.26.5 - 23 Aug 2024
-
- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)
-
-## 3.26.4 - 21 Aug 2024
-
- _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
-
-## 3.26.3 - 19 Aug 2024
-
- Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. [#2430](https://github.com/github/codeql-action/pull/2430)
-
-## 3.26.2 - 14 Aug 2024
-
- Update default CodeQL bundle version to 2.18.2. [#2417](https://github.com/github/codeql-action/pull/2417)
-
-## 3.26.1 - 13 Aug 2024
-
-No user facing changes.
-
-## 3.26.0 - 06 Aug 2024
-
- _Deprecation:_ Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. [#2403](https://github.com/github/codeql-action/pull/2403)
- Bump the minimum CodeQL bundle version to 2.13.5. [#2408](https://github.com/github/codeql-action/pull/2408)
-
-## 3.25.15 - 26 Jul 2024
-
- Update default CodeQL bundle version to 2.18.1. [#2385](https://github.com/github/codeql-action/pull/2385)
-
-## 3.25.14 - 25 Jul 2024
-
- Experimental: add a new `start-proxy` action which starts the same HTTP proxy as used by [`github/dependabot-action`](https://github.com/github/dependabot-action). Do not use this in production as it is part of an internal experiment and subject to change at any time. [#2376](https://github.com/github/codeql-action/pull/2376)
-
-## 3.25.13 - 19 Jul 2024
-
- Add `codeql-version` to outputs. [#2368](https://github.com/github/codeql-action/pull/2368)
- Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. [#2375](https://github.com/github/codeql-action/pull/2375)
-  - If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
-  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.25.13` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.25.13` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
-
-## 3.25.12 - 12 Jul 2024
-
- Improve the reliability and performance of analyzing code when analyzing a compiled language with the `autobuild` [build mode](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes) on GitHub Enterprise Server. This feature is already available to GitHub.com users. [#2353](https://github.com/github/codeql-action/pull/2353)
- Update default CodeQL bundle version to 2.18.0. [#2364](https://github.com/github/codeql-action/pull/2364)
-
-## 3.25.11 - 28 Jun 2024
-
- Avoid failing the workflow run if there is an error while uploading debug artifacts. [#2349](https://github.com/github/codeql-action/pull/2349)
- Update default CodeQL bundle version to 2.17.6. [#2352](https://github.com/github/codeql-action/pull/2352)
-
-## 3.25.10 - 13 Jun 2024
-
- Update default CodeQL bundle version to 2.17.5. [#2327](https://github.com/github/codeql-action/pull/2327)
-
-## 3.25.9 - 12 Jun 2024
-
- Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. [#2330](https://github.com/github/codeql-action/pull/2330)
- The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. [#2332](https://github.com/github/codeql-action/pull/2332)
-
-## 3.25.8 - 04 Jun 2024
-
- Update default CodeQL bundle version to 2.17.4. [#2321](https://github.com/github/codeql-action/pull/2321)
-
-## 3.25.7 - 31 May 2024
-
- We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. [#2306](https://github.com/github/codeql-action/pull/2306)
-
 ## 3.25.6 - 20 May 2024

 - Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295)
--- a/README.md
+++ b/README.md
@@ -33,19 +33,19 @@ To provide the best experience to customers using older versions of GitHub Enter

 For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."

-## Supported versions of the CodeQL Bundle on GitHub Enterprise Server
+## Supported versions of the CodeQL CLI and GitHub Enterprise Server

-We typically release new minor versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and Bundle releases that shipped with it are deprecated as well.
+We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.

-| Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
+| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
 |---------|----------|--------------|
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 |  |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
-| `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | |
-| `v2.20.3` | `2.13.5` | Enterprise Server 3.10 | Does not support CodeQL Action v3 |
+| `v3` | default (do not pass a `tools` input) | GitHub.com |
+| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
+| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
+| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
+| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |

-CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated. 
+CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.

 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).

--- a/analyze/action.yml
+++ b/analyze/action.yml
@@ -19,7 +19,7 @@ inputs:
    # If changing this, make sure to update workflow.ts accordingly.
    default: "always"
  cleanup-level:
-    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --cache-cleanup flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
+    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
    required: false
    default: "brutal"
  ram:
@@ -34,11 +34,6 @@ inputs:
    description: Specify whether or not to add code snippets to the output sarif file.
    required: false
    default: "false"
-    deprecationMessage: >-
-      The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
-      When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
-      However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
-      a no operation. No alternative is available.
  skip-queries:
    description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
    required: false
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -1,149 +0,0 @@
-// Automatically generated by running npx @eslint/migrate-config .eslintrc.json
-
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-import { fixupConfigRules, fixupPluginRules } from "@eslint/compat";
-import { FlatCompat } from "@eslint/eslintrc";
-import js from "@eslint/js";
-import typescriptEslint from "@typescript-eslint/eslint-plugin";
-import tsParser from "@typescript-eslint/parser";
-import filenames from "eslint-plugin-filenames";
-import github from "eslint-plugin-github";
-import _import from "eslint-plugin-import";
-import noAsyncForeach from "eslint-plugin-no-async-foreach";
-import globals from "globals";
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const compat = new FlatCompat({
-  baseDirectory: __dirname,
-  recommendedConfig: js.configs.recommended,
-  allConfig: js.configs.all,
-});
-
-export default [
-  {
-    ignores: [
-      "**/webpack.config.js",
-      "lib/**/*",
-      "src/testdata/**/*",
-      "tests/**/*",
-      "eslint.config.mjs",
-      ".github/**/*",
-    ],
-  },
-  ...fixupConfigRules(
-    compat.extends(
-      "eslint:recommended",
-      "plugin:@typescript-eslint/recommended",
-      "plugin:@typescript-eslint/recommended-requiring-type-checking",
-      "plugin:github/recommended",
-      "plugin:github/typescript",
-      "plugin:import/typescript",
-    ),
-  ),
-  {
-    plugins: {
-      "@typescript-eslint": fixupPluginRules(typescriptEslint),
-      filenames: fixupPluginRules(filenames),
-      github: fixupPluginRules(github),
-      import: fixupPluginRules(_import),
-      "no-async-foreach": noAsyncForeach,
-    },
-
-    languageOptions: {
-      parser: tsParser,
-      ecmaVersion: 5,
-      sourceType: "module",
-
-      globals: {
-        ...globals.node,
-      },
-
-      parserOptions: {
-        project: "./tsconfig.json",
-      },
-    },
-
-    settings: {
-      "import/resolver": {
-        node: {
-          moduleDirectory: ["node_modules", "src"],
-        },
-
-        typescript: {},
-      },
-      "import/ignore": ["sinon", "uuid", "@octokit/plugin-retry"],
-    },
-
-    rules: {
-      "filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
-      "i18n-text/no-en": "off",
-
-      "import/extensions": [
-        "error",
-        {
-          json: {},
-        },
-      ],
-
-      "import/no-amd": "error",
-      "import/no-commonjs": "error",
-      "import/no-cycle": "error",
-      "import/no-dynamic-require": "error",
-
-      "import/no-extraneous-dependencies": [
-        "error",
-        {
-          devDependencies: true,
-        },
-      ],
-
-      "import/no-namespace": "off",
-      "import/no-unresolved": "error",
-      "import/no-webpack-loader-syntax": "error",
-
-      "import/order": [
-        "error",
-        {
-          alphabetize: {
-            order: "asc",
-          },
-
-          "newlines-between": "always",
-        },
-      ],
-
-      "max-len": [
-        "error",
-        {
-          code: 120,
-          ignoreUrls: true,
-          ignoreStrings: true,
-          ignoreTemplateLiterals: true,
-        },
-      ],
-
-      "no-async-foreach/no-async-foreach": "error",
-      "no-sequences": "error",
-      "no-shadow": "off",
-      "@typescript-eslint/no-shadow": "error",
-      "one-var": ["error", "never"],
-    },
-  },
-  {
-    files: ["**/*.ts", "**/*.js"],
-
-    rules: {
-      "@typescript-eslint/no-explicit-any": "off",
-      "@typescript-eslint/no-unsafe-assignment": "off",
-      "@typescript-eslint/no-unsafe-member-access": "off",
-      "@typescript-eslint/no-var-requires": "off",
-      "@typescript-eslint/prefer-regexp-exec": "off",
-      "@typescript-eslint/require-await": "off",
-      "@typescript-eslint/restrict-template-expressions": "off",
-      "func-style": "off",
-    },
-  },
-];
--- a/init/action.yml
+++ b/init/action.yml
@@ -139,8 +139,6 @@ inputs:
 outputs:
  codeql-path:
    description: The path of the CodeQL binary used for analysis
-  codeql-version:
-    description: The version of the CodeQL binary used for analysis
 runs:
  using: node20
  main: '../lib/init-action.js'
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -23,27 +23,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getFileType = exports.FileCmdNotFoundError = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getOptionalInput = exports.getRequiredInput = void 0;
-exports.getTemporaryDirectory = getTemporaryDirectory;
-exports.getRef = getRef;
-exports.getActionVersion = getActionVersion;
-exports.getWorkflowEventName = getWorkflowEventName;
-exports.isRunningLocalAction = isRunningLocalAction;
-exports.getRelativeScriptPath = getRelativeScriptPath;
-exports.getWorkflowEvent = getWorkflowEvent;
-exports.isAnalyzingDefaultBranch = isAnalyzingDefaultBranch;
-exports.printDebugLogs = printDebugLogs;
-exports.getUploadValue = getUploadValue;
-exports.getWorkflowRunID = getWorkflowRunID;
-exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
-exports.isSelfHostedRunner = isSelfHostedRunner;
+exports.getFileType = exports.FileCmdNotFoundError = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const util_1 = require("./util");
-// eslint-disable-next-line import/no-commonjs, @typescript-eslint/no-require-imports
+// eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 /**
 * Wrapper around core.getInput for inputs that always have a value.
@@ -76,6 +63,7 @@ function getTemporaryDirectory() {
        ? value
        : (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
 }
+exports.getTemporaryDirectory = getTemporaryDirectory;
 /**
 * Gets the SHA of the commit that is currently checked out.
 */
@@ -104,7 +92,7 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
        }).exec();
        return commitOid.trim();
    }
-    catch {
+    catch (e) {
        if (stderr.includes("not a git repository")) {
            core.info("Could not determine current commit SHA using git. Continuing with data from user input or environment. " +
                "The checkout path provided to the action does not appear to be a git repository.");
@@ -161,7 +149,7 @@ const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
        }
        return undefined;
    }
-    catch {
+    catch (e) {
        if (stderr.includes("not a git repository")) {
            core.info("The checkout path provided to the action does not appear to be a git repository. " +
                "Will calculate the merge base on the server.");
@@ -223,6 +211,7 @@ async function getRef() {
        return ref;
    }
 }
+exports.getRef = getRef;
 function getRefFromEnv() {
    // To workaround a limitation of Actions dynamic workflows not setting
    // the GITHUB_REF in some cases, we accept also the ref within the
@@ -246,6 +235,7 @@ function getRefFromEnv() {
 function getActionVersion() {
    return pkg.version;
 }
+exports.getActionVersion = getActionVersion;
 /**
 * Returns the name of the event that triggered this workflow.
 *
@@ -254,6 +244,7 @@ function getActionVersion() {
 function getWorkflowEventName() {
    return (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_NAME");
 }
+exports.getWorkflowEventName = getWorkflowEventName;
 /**
 * Returns whether the current workflow is executing a local copy of the Action, e.g. we're running
 * a workflow on the codeql-action repo itself.
@@ -262,6 +253,7 @@ function isRunningLocalAction() {
    const relativeScriptPath = getRelativeScriptPath();
    return (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath));
 }
+exports.isRunningLocalAction = isRunningLocalAction;
 /**
 * Get the location where the Action is running from.
 *
@@ -272,6 +264,7 @@ function getRelativeScriptPath() {
    const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
    return path.relative(actionsDirectory, __filename);
 }
+exports.getRelativeScriptPath = getRelativeScriptPath;
 /** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
 function getWorkflowEvent() {
    const eventJsonFile = (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_PATH");
@@ -306,6 +299,7 @@ async function isAnalyzingDefaultBranch() {
    }
    return currentRef === defaultBranch;
 }
+exports.isAnalyzingDefaultBranch = isAnalyzingDefaultBranch;
 async function printDebugLogs(config) {
    for (const language of config.languages) {
        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
@@ -334,6 +328,7 @@ async function printDebugLogs(config) {
        walkLogFiles(logsDirectory);
    }
 }
+exports.printDebugLogs = printDebugLogs;
 /**
 * Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload
 * inputs appropriately.
@@ -354,6 +349,7 @@ function getUploadValue(input) {
            return "always";
    }
 }
+exports.getUploadValue = getUploadValue;
 /**
 * Get the workflow run ID.
 */
@@ -368,6 +364,7 @@ function getWorkflowRunID() {
    }
    return workflowRunID;
 }
+exports.getWorkflowRunID = getWorkflowRunID;
 /**
 * Get the workflow run attempt number.
 */
@@ -382,6 +379,7 @@ function getWorkflowRunAttempt() {
    }
    return workflowRunAttempt;
 }
+exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
 class FileCmdNotFoundError extends Error {
    constructor(msg) {
        super(msg);
@@ -426,7 +424,4 @@ const getFileType = async (filePath) => {
    }
 };
 exports.getFileType = getFileType;
-function isSelfHostedRunner() {
-    return process.env.RUNNER_ENVIRONMENT === "self-hosted";
-}
 //# sourceMappingURL=actions-util.js.map
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/analyze-action-env.test.js
+++ b/lib/analyze-action-env.test.js
@@ -77,7 +77,6 @@ const util = __importStar(require("./util"));
        process.env["CODEQL_RAM"] = "4992";
        const runFinalizeStub = sinon.stub(analyze, "runFinalize");
        const runQueriesStub = sinon.stub(analyze, "runQueries");
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
        const analyzeAction = require("./analyze-action");
        // When analyze-action.ts loads, it runs an async function from the top
        // level but does not wait for it to finish. To ensure that calls to
--- a/lib/analyze-action-env.test.js.map
+++ b/lib/analyze-action-env.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-input.test.js
+++ b/lib/analyze-action-input.test.js
@@ -77,7 +77,6 @@ const util = __importStar(require("./util"));
        optionalInputStub.withArgs("ram").returns("3012");
        const runFinalizeStub = sinon.stub(analyze, "runFinalize");
        const runQueriesStub = sinon.stub(analyze, "runQueries");
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
        const analyzeAction = require("./analyze-action");
        // When analyze-action.ts loads, it runs an async function from the top
        // level but does not wait for it to finish. To ensure that calls to
--- a/lib/analyze-action-input.test.js.map
+++ b/lib/analyze-action-input.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-post-helper.js
+++ b/lib/analyze-action-post-helper.js
@@ -23,15 +23,23 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = run;
+exports.run = void 0;
+const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const config_utils_1 = require("./config-utils");
 const logging_1 = require("./logging");
-async function run() {
+async function run(uploadSarifDebugArtifact) {
    const logger = (0, logging_1.getActionsLogger)();
    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
    if (config === undefined) {
        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
    }
+    // Upload Actions SARIF artifacts for debugging
+    if (config?.debugMode) {
+        core.info("Debug mode is on. Uploading available SARIF files as Actions debugging artifact...");
+        const outputDir = actionsUtil.getRequiredInput("output");
+        await uploadSarifDebugArtifact(config, outputDir);
+    }
 }
+exports.run = run;
 //# sourceMappingURL=analyze-action-post-helper.js.map
--- a/lib/analyze-action-post-helper.js.map
+++ b/lib/analyze-action-post-helper.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAIA,kBASC;AAbD,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;AACH,CAAC"}
+{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAlBD,kBAkBC"}
--- a/lib/analyze-action-post-helper.test.js
+++ b/lib/analyze-action-post-helper.test.js
@@ -1,46 +1,73 @@
 "use strict";
-// import test from "ava";
-// import * as sinon from "sinon";
-// import * as actionsUtil from "./actions-util";
-// import * as analyzeActionPostHelper from "./analyze-action-post-helper";
-// import * as configUtils from "./config-utils";
-// import { setupTests } from "./testing-utils";
-// import * as util from "./util";
-// setupTests(test);
-// test("post: analyze action with debug mode off", async (t) => {
-//   return await util.withTmpDir(async (tmpDir) => {
-//     process.env["RUNNER_TEMP"] = tmpDir;
-//     const gitHubVersion: util.GitHubVersion = {
-//       type: util.GitHubVariant.DOTCOM,
-//     };
-//     sinon.stub(configUtils, "getConfig").resolves({
-//       debugMode: false,
-//       gitHubVersion,
-//       languages: [],
-//       packs: [],
-//     } as unknown as configUtils.Config);
-//     await analyzeActionPostHelper.run();
-//     t.assert(uploadSarifSpy.notCalled);
-//   });
-// });
-// test("post: analyze action with debug mode on", async (t) => {
-//   return await util.withTmpDir(async (tmpDir) => {
-//     // process.env["RUNNER_TEMP"] = tmpDir;
-//     const gitHubVersion: util.GitHubVersion = {
-//       type: util.GitHubVariant.DOTCOM,
-//     };
-//     sinon.stub(configUtils, "getConfig").resolves({
-//       debugMode: true,
-//       gitHubVersion,
-//       languages: [],
-//       packs: [],
-//     } as unknown as configUtils.Config);
-//     const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-//     requiredInputStub.withArgs("output").returns("fake-output-dir");
-//     const uploadSarifSpy = sinon.spy();
-//     await analyzeActionPostHelper.run(uploadSarifSpy);
-//     t.assert(uploadSarifSpy.called);
-//   });
-// });
-// TODO: Move these tests!
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
+const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
+const configUtils = __importStar(require("./config-utils"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+(0, testing_utils_1.setupTests)(ava_1.default);
+(0, ava_1.default)("post: analyze action with debug mode off", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: false,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.notCalled);
+    });
+});
+(0, ava_1.default)("post: analyze action with debug mode on", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: true,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
+        requiredInputStub.withArgs("output").returns("fake-output-dir");
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.called);
+    });
+});
 //# sourceMappingURL=analyze-action-post-helper.test.js.map
--- a/lib/analyze-action-post-helper.test.js.map
+++ b/lib/analyze-action-post-helper.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";AAAA,0BAA0B;AAC1B,kCAAkC;AAElC,iDAAiD;AACjD,2EAA2E;AAC3E,iDAAiD;AACjD,gDAAgD;AAChD,kCAAkC;AAElC,oBAAoB;AAEpB,kEAAkE;AAClE,qDAAqD;AACrD,2CAA2C;AAE3C,kDAAkD;AAClD,yCAAyC;AACzC,SAAS;AACT,sDAAsD;AACtD,0BAA0B;AAC1B,uBAAuB;AACvB,uBAAuB;AACvB,mBAAmB;AACnB,2CAA2C;AAE3C,2CAA2C;AAE3C,0CAA0C;AAC1C,QAAQ;AACR,MAAM;AAEN,iEAAiE;AACjE,qDAAqD;AACrD,8CAA8C;AAE9C,kDAAkD;AAClD,yCAAyC;AACzC,SAAS;AACT,sDAAsD;AACtD,yBAAyB;AACzB,uBAAuB;AACvB,uBAAuB;AACvB,mBAAmB;AACnB,2CAA2C;AAE3C,6EAA6E;AAC7E,uEAAuE;AAEvE,0CAA0C;AAE1C,yDAAyD;AAEzD,uCAAuC;AACvC,QAAQ;AACR,MAAM;AAEN,0BAA0B"}
+{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -31,18 +31,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const environment_1 = require("./environment");
 const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
 const util_1 = require("./util");
 async function runWrapper() {
    try {
-        await analyzeActionPostHelper.run();
-        // Also run the upload-sarif post action if we determine that this is a
-        // first-party analysis run, since we're potentially running
+        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
+        // Also run the upload-sarif post action since we're potentially running
        // the same steps in the analyze action.
-        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
-            await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
-        }
+        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
    }
    catch (error) {
        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
--- a/lib/analyze-action-post.js.map
+++ b/lib/analyze-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+CAAuC;AACvC,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,EAAE,CAAC;QAEpC,uEAAuE;QACvE,4DAA4D;QAC5D,wCAAwC;QACxC,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -48,15 +48,14 @@ const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, logger) {
+async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
    const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(logger), logger, error?.message, error?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
    if (statusReportBase !== undefined) {
        const report = {
            ...statusReportBase,
            ...(stats || {}),
            ...(dbCreationTimings || {}),
-            ...(trapCacheCleanup || {}),
        };
        if (config && didUploadTrapCaches) {
            const trapCacheUploadStatusReport = {
@@ -108,7 +107,7 @@ function doesGoExtractionOutputExist(config) {
 * - We approximate whether manual build steps are present by looking at
 * whether any extraction output already exists for Go.
 */
-async function runAutobuildIfLegacyGoWorkflow(config, logger) {
+async function runAutobuildIfLegacyGoWorkflow(config, features, logger) {
    if (!config.languages.includes(languages_1.Language.go)) {
        return;
    }
@@ -135,14 +134,13 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
        return;
    }
    logger.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found.");
-    await (0, autobuild_1.runAutobuild)(config, languages_1.Language.go, logger);
+    await (0, autobuild_1.runAutobuild)(config, languages_1.Language.go, features, logger);
 }
 async function run() {
    const startedAt = new Date();
    let uploadResult = undefined;
    let runStats = undefined;
    let config = undefined;
-    let trapCacheCleanupTelemetry = undefined;
    let trapCacheUploadTime = undefined;
    let dbCreationTimings = undefined;
    let didUploadTrapCaches = false;
@@ -163,7 +161,6 @@ async function run() {
        }
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
-        core.exportVariable(environment_1.EnvVar.SARIF_RESULTS_OUTPUT_DIR, outputDir);
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
        const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
@@ -171,8 +168,8 @@ async function run() {
        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
        await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
-        await runAutobuildIfLegacyGoWorkflow(config, logger);
-        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
+        await runAutobuildIfLegacyGoWorkflow(config, features, logger);
+        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, features, logger);
        if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
        }
@@ -187,7 +184,7 @@ async function run() {
        core.setOutput("sarif-output", path_1.default.resolve(outputDir));
        const uploadInput = actionsUtil.getOptionalInput("upload");
        if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger);
+            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
            core.setOutput("sarif-id", uploadResult.sarifID);
        }
        else {
@@ -199,8 +196,6 @@ async function run() {
        const trapCacheUploadStartTime = perf_hooks_1.performance.now();
        didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);
        trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
-        // Clean up TRAP caches
-        trapCacheCleanupTelemetry = await (0, trap_caching_1.cleanupTrapCaches)(config, features, logger);
        // We don't upload results in test mode, so don't wait for processing
        if (util.isInTestMode()) {
            logger.debug("In test mode. Waiting for processing is disabled.");
@@ -221,22 +216,26 @@ async function run() {
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
        }
-        await sendStatusReport(startedAt, config, error instanceof analyze_1.CodeQLAnalysisError
-            ? error.queriesStatusReport
-            : undefined, error instanceof analyze_1.CodeQLAnalysisError ? error.error : error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
+        if (error instanceof analyze_1.CodeQLAnalysisError) {
+            const stats = { ...error.queriesStatusReport };
+            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+        }
+        else {
+            await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
+        }
        return;
    }
    if (runStats && uploadResult) {
        await sendStatusReport(startedAt, config, {
            ...runStats,
            ...uploadResult.statusReport,
-        }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
+        }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
    }
    else if (runStats) {
-        await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
+        await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
    }
    else {
-        await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
+        await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
    }
 }
 exports.runPromise = run();
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -26,13 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CodeQLAnalysisError = void 0;
-exports.runExtraction = runExtraction;
-exports.dbIsFinalized = dbIsFinalized;
-exports.runQueries = runQueries;
-exports.runFinalize = runFinalize;
-exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
-exports.runCleanup = runCleanup;
+exports.runCleanup = exports.warnIfGoInstalledAfterInit = exports.runFinalize = exports.runQueries = exports.dbIsFinalized = exports.runExtraction = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
@@ -51,12 +45,10 @@ const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
-    constructor(queriesStatusReport, message, error) {
+    constructor(queriesStatusReport, message) {
        super(message);
-        this.queriesStatusReport = queriesStatusReport;
-        this.message = message;
-        this.error = error;
        this.name = "CodeQLAnalysisError";
+        this.queriesStatusReport = queriesStatusReport;
    }
 }
 exports.CodeQLAnalysisError = CodeQLAnalysisError;
@@ -96,6 +88,7 @@ async function runExtraction(codeql, config, logger) {
        }
    }
 }
+exports.runExtraction = runExtraction;
 function shouldExtractLanguage(config, language) {
    return (config.buildMode === util_1.BuildMode.None ||
        (config.buildMode === util_1.BuildMode.Autobuild &&
@@ -108,11 +101,12 @@ function dbIsFinalized(config, language, logger) {
        const dbInfo = yaml.load(fs.readFileSync(path.resolve(dbPath, "codeql-database.yml"), "utf8"));
        return !("inProgress" in dbInfo);
    }
-    catch {
+    catch (e) {
        logger.warning(`Could not check whether database for ${language} was finalized. Assuming it is not.`);
        return false;
    }
 }
+exports.dbIsFinalized = dbIsFinalized;
 async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger) {
    const extractionStart = perf_hooks_1.performance.now();
    await runExtraction(codeql, config, logger);
@@ -186,13 +180,13 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        }
        catch (e) {
            statusReport.analyze_failure_language = language;
-            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.wrapError(e).message}`, util.wrapError(e));
+            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.wrapError(e).message}`);
        }
    }
    return statusReport;
    async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features, logger);
    }
    /** Get an object with all queries and their counts parsed from a SARIF file path. */
    function getPerQueryAlertCounts(sarifPath, log) {
@@ -219,7 +213,8 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        return await codeql.databasePrintBaseline(databasePath);
    }
 }
-async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, logger) {
+exports.runQueries = runQueries;
+async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, features, logger) {
    try {
        await (0, del_1.default)(outputDir, { force: true });
    }
@@ -232,10 +227,11 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, l
    const timings = await finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger);
    // If we didn't already end tracing in the autobuild Action, end it now.
    if (process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
-        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger);
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
    }
    return timings;
 }
+exports.runFinalize = runFinalize;
 async function warnIfGoInstalledAfterInit(config, logger) {
    // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
    // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
@@ -261,6 +257,7 @@ async function warnIfGoInstalledAfterInit(config, logger) {
        }
    }
 }
+exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
 async function runCleanup(config, cleanupLevel, logger) {
    logger.startGroup("Cleaning up databases");
    for (const language of config.languages) {
@@ -270,4 +267,5 @@ async function runCleanup(config, cleanupLevel, logger) {
    }
    logger.endGroup();
 }
+exports.runCleanup = runCleanup;
 //# sourceMappingURL=analyze.js.map
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/api-client.js
+++ b/lib/api-client.js
@@ -26,25 +26,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DisallowedAPIVersionReason = void 0;
-exports.getApiDetails = getApiDetails;
-exports.getApiClient = getApiClient;
-exports.getApiClientWithExternalAuth = getApiClientWithExternalAuth;
-exports.getGitHubVersionFromApi = getGitHubVersionFromApi;
-exports.getGitHubVersion = getGitHubVersion;
-exports.getWorkflowRelativePath = getWorkflowRelativePath;
-exports.getAnalysisKey = getAnalysisKey;
-exports.getAutomationID = getAutomationID;
-exports.computeAutomationID = computeAutomationID;
-exports.listActionsCaches = listActionsCaches;
-exports.deleteActionsCache = deleteActionsCache;
-exports.wrapApiConfigurationError = wrapApiConfigurationError;
+exports.wrapApiConfigurationError = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRelativePath = exports.getGitHubVersion = exports.getGitHubVersionFromApi = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0;
 const core = __importStar(require("@actions/core"));
 const githubUtils = __importStar(require("@actions/github/lib/utils"));
 const retry = __importStar(require("@octokit/plugin-retry"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
 const actions_util_1 = require("./actions-util");
-const repository_1 = require("./repository");
 const util_1 = require("./util");
 const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version";
 var DisallowedAPIVersionReason;
@@ -68,12 +55,15 @@ function getApiDetails() {
        apiURL: (0, util_1.getRequiredEnvParam)("GITHUB_API_URL"),
    };
 }
+exports.getApiDetails = getApiDetails;
 function getApiClient() {
    return createApiClientWithDetails(getApiDetails());
 }
+exports.getApiClient = getApiClient;
 function getApiClientWithExternalAuth(apiDetails) {
    return createApiClientWithDetails(apiDetails, { allowExternal: true });
 }
+exports.getApiClientWithExternalAuth = getApiClientWithExternalAuth;
 let cachedGitHubVersion = undefined;
 async function getGitHubVersionFromApi(apiClient, apiDetails) {
    // We can avoid making an API request in the standard dotcom case
@@ -82,7 +72,6 @@ async function getGitHubVersionFromApi(apiClient, apiDetails) {
    }
    // Doesn't strictly have to be the meta endpoint as we're only
    // using the response headers which are available on every request.
-    // eslint-disable-next-line @typescript-eslint/no-unsafe-call
    const response = await apiClient.rest.meta.get();
    // This happens on dotcom, although we expect to have already returned in that
    // case. This can also serve as a fallback in cases we haven't foreseen.
@@ -95,6 +84,7 @@ async function getGitHubVersionFromApi(apiClient, apiDetails) {
    const version = response.headers[GITHUB_ENTERPRISE_VERSION_HEADER];
    return { type: util_1.GitHubVariant.GHES, version };
 }
+exports.getGitHubVersionFromApi = getGitHubVersionFromApi;
 /**
 * Report the GitHub server version. This is a wrapper around
 * util.getGitHubVersion() that automatically supplies GitHub API details using
@@ -108,6 +98,7 @@ async function getGitHubVersion() {
    }
    return cachedGitHubVersion;
 }
+exports.getGitHubVersion = getGitHubVersion;
 /**
 * Get the path of the currently executing workflow relative to the repository root.
 */
@@ -123,16 +114,10 @@ async function getWorkflowRelativePath() {
        run_id,
    });
    const workflowUrl = runsResponse.data.workflow_url;
-    const requiredWorkflowRegex = /\/repos\/[^/]+\/[^/]+\/actions\/required_workflows\/[^/]+/;
-    if (!workflowUrl || requiredWorkflowRegex.test(workflowUrl)) {
-        // For required workflows, the workflowUrl is invalid so we cannot fetch more informations
-        // about the workflow.
-        // However, the path is available in the original response.
-        return runsResponse.data.path;
-    }
    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
    return workflowResponse.data.path;
 }
+exports.getWorkflowRelativePath = getWorkflowRelativePath;
 /**
 * Get the analysis key parameter for the current job.
 *
@@ -152,11 +137,13 @@ async function getAnalysisKey() {
    core.exportVariable(analysisKeyEnvVar, analysisKey);
    return analysisKey;
 }
+exports.getAnalysisKey = getAnalysisKey;
 async function getAutomationID() {
    const analysis_key = await getAnalysisKey();
    const environment = (0, actions_util_1.getRequiredInput)("matrix");
    return computeAutomationID(analysis_key, environment);
 }
+exports.getAutomationID = getAutomationID;
 function computeAutomationID(analysis_key, environment) {
    let automationID = `${analysis_key}/`;
    const matrix = (0, util_1.parseMatrixInput)(environment);
@@ -175,25 +162,7 @@ function computeAutomationID(analysis_key, environment) {
    }
    return automationID;
 }
-/** List all Actions cache entries matching the provided key and ref. */
-async function listActionsCaches(key, ref) {
-    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-    return await getApiClient().paginate("GET /repos/{owner}/{repo}/actions/caches", {
-        owner: repositoryNwo.owner,
-        repo: repositoryNwo.repo,
-        key,
-        ref,
-    });
-}
-/** Delete an Actions cache item by its ID. */
-async function deleteActionsCache(id) {
-    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-    await getApiClient().rest.actions.deleteActionsCacheById({
-        owner: repositoryNwo.owner,
-        repo: repositoryNwo.repo,
-        cache_id: id,
-    });
-}
+exports.computeAutomationID = computeAutomationID;
 function wrapApiConfigurationError(e) {
    if ((0, util_1.isHTTPError)(e)) {
        if (e.message.includes("API rate limit exceeded for site ID installation") ||
@@ -204,4 +173,5 @@ function wrapApiConfigurationError(e) {
    }
    return e;
 }
+exports.wrapApiConfigurationError = wrapApiConfigurationError;
 //# sourceMappingURL=api-client.js.map
--- a/lib/api-client.js.map
+++ b/lib/api-client.js.map
--- a/lib/api-compatibility.json
+++ b/lib/api-compatibility.json
@@ -1 +1 @@
-{ "maximumVersion": "3.15", "minimumVersion": "3.10" }
+{ "maximumVersion": "3.13", "minimumVersion": "3.9" }
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -30,7 +30,9 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const status_report_1 = require("./status-report");
 const tracer_config_1 = require("./tracer-config");
 const util_1 = require("./util");
@@ -61,6 +63,8 @@ async function run() {
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
        config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
        if (config === undefined) {
            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
@@ -75,12 +79,12 @@ async function run() {
            }
            for (const language of languages) {
                currentLanguage = language;
-                await (0, autobuild_1.runAutobuild)(config, language, logger);
+                await (0, autobuild_1.runAutobuild)(config, language, features, logger);
            }
        }
        // End tracing early to avoid tracing analyze. This improves the performance and reliability of
        // the analyze step.
-        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger);
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
    }
    catch (unwrappedError) {
        const error = (0, util_1.wrapError)(unwrappedError);
--- a/lib/autobuild-action.js.map
+++ b/lib/autobuild-action.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,mDAAuD;AACvD,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/autobuild.js
+++ b/lib/autobuild.js
@@ -23,14 +23,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.determineAutobuildLanguages = determineAutobuildLanguages;
-exports.setupCppAutobuild = setupCppAutobuild;
-exports.runAutobuild = runAutobuild;
+exports.runAutobuild = exports.setupCppAutobuild = exports.determineAutobuildLanguages = void 0;
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
-const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -104,13 +101,16 @@ async function determineAutobuildLanguages(codeql, config, logger) {
        logger.warning(`We will only automatically build ${languages.join(" and ")} code. If you wish to scan ${autobuildLanguagesWithoutGo
            .slice(1)
            .join(" and ")}, you must replace the autobuild step of your workflow with custom build steps. ` +
-            `See ${doc_url_1.DocUrl.SPECIFY_BUILD_STEPS_MANUALLY} for more information.`);
+            "For more information, see " +
+            "https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language");
    }
    return languages;
 }
+exports.determineAutobuildLanguages = determineAutobuildLanguages;
 async function setupCppAutobuild(codeql, logger) {
    const envVar = feature_flags_1.featureConfig[feature_flags_1.Feature.CppDependencyInstallation].envVar;
    const featureName = "C++ automatic installation of dependencies";
+    const envDoc = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow";
    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
    const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
@@ -119,12 +119,12 @@ async function setupCppAutobuild(codeql, logger) {
        if (process.env["RUNNER_ENVIRONMENT"] === "self-hosted" &&
            process.env[envVar] !== "true") {
            logger.info(`Disabling ${featureName} as we are on a self-hosted runner.${(0, actions_util_1.getWorkflowEventName)() !== "dynamic"
-                ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${doc_url_1.DocUrl.DEFINE_ENV_VARIABLES} for more information.`
+                ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow (see ${envDoc}).`
                : ""}`);
            core.exportVariable(envVar, "false");
        }
        else {
-            logger.info(`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${doc_url_1.DocUrl.DEFINE_ENV_VARIABLES} for more information.`);
+            logger.info(`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false' (see ${envDoc}).`);
            core.exportVariable(envVar, "true");
        }
    }
@@ -133,14 +133,15 @@ async function setupCppAutobuild(codeql, logger) {
        core.exportVariable(envVar, "false");
    }
 }
-async function runAutobuild(config, language, logger) {
+exports.setupCppAutobuild = setupCppAutobuild;
+async function runAutobuild(config, language, features, logger) {
    logger.startGroup(`Attempting to automatically build ${language} code`);
    const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    if (language === languages_1.Language.cpp) {
        await setupCppAutobuild(codeQL, logger);
    }
    if (config.buildMode &&
-        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeQL))) {
        await codeQL.extractUsingBuildMode(config, language);
    }
    else {
@@ -151,4 +152,5 @@ async function runAutobuild(config, language, logger) {
    }
    logger.endGroup();
 }
+exports.runAutobuild = runAutobuild;
 //# sourceMappingURL=autobuild.js.map
--- a/lib/autobuild.js.map
+++ b/lib/autobuild.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEA+FC;AAED,8CAqCC;AAED,oCAsBC;AA7KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,EACjE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}
--- a/lib/cli-errors.js
+++ b/lib/cli-errors.js
@@ -1,9 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
-exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
-exports.wrapCliConfigurationError = wrapCliConfigurationError;
-const doc_url_1 = require("./doc-url");
+exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
 const util_1 = require("./util");
 /**
 * A class of Error that we can classify as an error stemming from a CLI
@@ -20,16 +17,20 @@ class CommandInvocationError extends Error {
        if (fatalErrors) {
            message =
                `Encountered a fatal error while running "${prettyCommand}". ` +
-                    `Exit code was ${exitCode} and error was: ${ensureEndsInPeriod(fatalErrors.trim())} See the logs for more details.`;
+                    `Exit code was ${exitCode} and error was: ${fatalErrors.trim()} See the logs for more details.`;
        }
        else if (autobuildErrors) {
+            const autobuildHelpLink = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
            message =
                "We were unable to automatically build your code. Please provide manual build steps. " +
-                    `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
+                    `For more information, see ${autobuildHelpLink}. ` +
                    `Encountered the following error: ${autobuildErrors}`;
        }
        else {
-            const lastLine = ensureEndsInPeriod(stderr.trim().split("\n").pop()?.trim() || "n/a");
+            let lastLine = stderr.trim().split("\n").pop()?.trim() || "";
+            if (lastLine[lastLine.length - 1] !== ".") {
+                lastLine += ".";
+            }
            message =
                `Encountered a fatal error while running "${prettyCommand}". ` +
                    `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`;
@@ -71,7 +72,7 @@ exports.CommandInvocationError = CommandInvocationError;
 * the Actions UI.
 */
 function extractFatalErrors(error) {
-    const fatalErrorRegex = /.*fatal (internal )?error occurr?ed(. Details)?:/gi;
+    const fatalErrorRegex = /.*fatal error occurred:/gi;
    let fatalErrors = [];
    let lastFatalErrorIndex;
    let match;
@@ -115,7 +116,6 @@ function ensureEndsInPeriod(text) {
 /** Error messages from the CLI that we consider configuration errors and handle specially. */
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
-    CliConfigErrorCategory["AutobuildError"] = "AutobuildError";
    CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
    CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
    CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
@@ -130,7 +130,6 @@ var CliConfigErrorCategory;
    CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
    CliConfigErrorCategory["OutOfMemoryOrDisk"] = "OutOfMemoryOrDisk";
    CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
-    CliConfigErrorCategory["PackMissingAuth"] = "PackMissingAuth";
    CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
    CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
 })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
@@ -139,11 +138,6 @@ var CliConfigErrorCategory;
 * would like to categorize an error as a configuration error or not.
 */
 exports.cliErrorsConfig = {
-    [CliConfigErrorCategory.AutobuildError]: {
-        cliErrorMessageCandidates: [
-            new RegExp("We were unable to automatically build your code"),
-        ],
-    },
    [CliConfigErrorCategory.ExternalRepositoryCloneFailed]: {
        cliErrorMessageCandidates: [
            new RegExp("Failed to clone external Git repository"),
@@ -223,12 +217,6 @@ exports.cliErrorsConfig = {
            new RegExp("Query pack .* cannot be found\\. Check the spelling of the pack\\."),
        ],
    },
-    [CliConfigErrorCategory.PackMissingAuth]: {
-        cliErrorMessageCandidates: [
-            new RegExp("GitHub Container registry .* 403 Forbidden"),
-            new RegExp("Do you need to specify a token to authenticate to the registry?"),
-        ],
-    },
    [CliConfigErrorCategory.SwiftBuildFailed]: {
        cliErrorMessageCandidates: [
            new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),
@@ -261,6 +249,7 @@ function getCliConfigCategoryIfExists(cliError) {
    }
    return undefined;
 }
+exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
 /**
 * Changes an error received from the CLI to a ConfigurationError with optionally an extra
 * error message appended, if it exists in a known set of configuration errors. Otherwise,
@@ -281,4 +270,5 @@ function wrapCliConfigurationError(cliError) {
    }
    return new util_1.ConfigurationError(errorMessageBuilder);
 }
+exports.wrapCliConfigurationError = wrapCliConfigurationError;
 //# sourceMappingURL=cli-errors.js.map
--- a/lib/cli-errors.js.map
+++ b/lib/cli-errors.js.map
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -23,17 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = void 0;
-exports.setupCodeQL = setupCodeQL;
-exports.getCodeQL = getCodeQL;
-exports.setCodeQL = setCodeQL;
-exports.getCachedCodeQL = getCachedCodeQL;
-exports.getCodeQLForTesting = getCodeQLForTesting;
-exports.getCodeQLForCmd = getCodeQLForCmd;
-exports.getExtraOptions = getExtraOptions;
-exports.getTrapCachingExtractorConfigArgs = getTrapCachingExtractorConfigArgs;
-exports.getTrapCachingExtractorConfigArgsForLang = getTrapCachingExtractorConfigArgsForLang;
-exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
+exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -42,7 +32,6 @@ const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
 const cli_errors_1 = require("./cli-errors");
-const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const setupCodeql = __importStar(require("./setup-codeql"));
@@ -63,19 +52,19 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.13.5";
+const CODEQL_MINIMUM_VERSION = "2.12.6";
 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.13.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.12.6";
 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.9";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.8";
 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-07-09";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-03-26";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -85,6 +74,14 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 * For convenience, please keep these in descending order. Once a version
 * flag is older than the oldest supported version above, it may be removed.
 */
+/**
+ * Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
+ */
+exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = "2.13.1";
+/**
+ * Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
+ */
+exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
 /**
 * Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
 */
@@ -105,10 +102,6 @@ exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
 * Versions 2.15.2+ of the CodeQL CLI support the `--sarif-include-query-help` option.
 */
 const CODEQL_VERSION_INCLUDE_QUERY_HELP = "2.15.2";
-/**
- * Versions 2.17.1+ of the CodeQL CLI support the `--cache-cleanup` option.
- */
-const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
 /**
 * Set up CodeQL CLI access.
 *
@@ -124,8 +117,7 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
 */
 async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
    try {
-        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
-        logger.debug(`Bundle download status report: ${JSON.stringify(toolsDownloadStatusReport)}`);
+        const { codeqlFolder, toolsDownloadDurationMs, toolsSource, toolsVersion } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
        let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
        if (process.platform === "win32") {
            codeqlCmd += ".exe";
@@ -136,7 +128,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
        return {
            codeql: cachedCodeQL,
-            toolsDownloadStatusReport,
+            toolsDownloadDurationMs,
            toolsSource,
            toolsVersion,
        };
@@ -145,6 +137,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
    }
 }
+exports.setupCodeQL = setupCodeQL;
 /**
 * Use the CodeQL executable located at the given path.
 */
@@ -154,6 +147,7 @@ async function getCodeQL(cmd) {
    }
    return cachedCodeQL;
 }
+exports.getCodeQL = getCodeQL;
 function resolveFunction(partialCodeql, methodName, defaultImplementation) {
    if (typeof partialCodeql[methodName] !== "function") {
        if (defaultImplementation !== undefined) {
@@ -203,6 +197,7 @@ function setCodeQL(partialCodeql) {
    };
    return cachedCodeQL;
 }
+exports.setCodeQL = setCodeQL;
 /**
 * Get the cached CodeQL object. Should only be used from tests.
 *
@@ -216,6 +211,7 @@ function getCachedCodeQL() {
    }
    return cachedCodeQL;
 }
+exports.getCachedCodeQL = getCachedCodeQL;
 /**
 * Get a real, newly created CodeQL instance for testing. The instance refers to
 * a non-existent placeholder codeql command, so tests that use this function
@@ -224,6 +220,7 @@ function getCachedCodeQL() {
 async function getCodeQLForTesting(cmd = "codeql-for-testing") {
    return getCodeQLForCmd(cmd, false);
 }
+exports.getCodeQLForTesting = getCodeQLForTesting;
 /**
 * Return a CodeQL object for CodeQL CLI access.
 *
@@ -244,7 +241,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                try {
                    result = JSON.parse(output);
                }
-                catch {
+                catch (err) {
                    throw Error(`Invalid JSON output from \`version --format=json\`: ${output}`);
                }
                util.cacheCodeQlVersion(result);
@@ -257,9 +254,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async supportsFeature(feature) {
            return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
        },
-        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, features, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
-            if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config)) {
+            if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config, features)) {
                extraArgs.push("--begin-tracing");
                extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                extraArgs.push(`--trace-process-name=${processName}`);
@@ -286,13 +283,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            else if (await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
                extraArgs.push("--no-sublanguage-file-coverage");
            }
-            const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
-                ? "--force-overwrite"
-                : "--overwrite";
            await runTool(cmd, [
                "database",
                "init",
-                overwriteFlag,
+                "--overwrite",
                "--db-cluster",
                config.dbLocation,
                `--source-root=${sourceRoot}`,
@@ -346,8 +340,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                    "database",
                    "trace-command",
                    "--use-build-mode",
-                    "--working-dir",
-                    process.cwd(),
                    ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
                    ...getExtractionVerbosityArguments(config.debugMode),
                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
@@ -358,7 +350,8 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                if (config.buildMode === util_1.BuildMode.Autobuild) {
                    const prefix = "We were unable to automatically build your code. " +
                        "Please change the build mode for this language to manual and specify build steps " +
-                        `for your project. See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information.`;
+                        "for your project. For more information, see " +
+                        "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
                    const ErrorConstructor = e instanceof util.ConfigurationError
                        ? util.ConfigurationError
                        : Error;
@@ -470,15 +463,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
            await runTool(cmd, codeqlArgs);
        },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
            const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
+            const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
+                !(await isDiagnosticsExportInvalidSarifFixed(this));
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
+                ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
+                : sarifFile;
            const codeqlArgs = [
                "database",
                "interpret-results",
                threadsFlag,
                "--format=sarif-latest",
                verbosityFlag,
-                `--output=${sarifFile}`,
+                `--output=${codeqlOutputFile}`,
                addSnippetsFlag,
                "--print-diagnostics-summary",
                "--print-metrics-summary",
@@ -513,9 +511,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
            // Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
            // logs to avoid printing it twice.
-            return await runTool(cmd, codeqlArgs, {
+            const analysisSummary = await runTool(cmd, codeqlArgs, {
                noStreamStdout: true,
            });
+            if (shouldWorkaroundInvalidNotifications) {
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+            }
+            return analysisSummary;
        },
        async databasePrintBaseline(databasePath) {
            const codeqlArgs = [
@@ -571,14 +573,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
        },
        async databaseCleanup(databasePath, cleanupLevel) {
-            const cacheCleanupFlag = (await util.codeQlVersionAtLeast(this, CODEQL_VERSION_CACHE_CLEANUP))
-                ? "--cache-cleanup"
-                : "--mode";
            const codeqlArgs = [
                "database",
                "cleanup",
                databasePath,
-                `${cacheCleanupFlag}=${cleanupLevel}`,
+                `--mode=${cleanupLevel}`,
                ...getExtraOptionsFromEnv(["database", "cleanup"]),
            ];
            await runTool(cmd, codeqlArgs);
@@ -594,14 +593,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            ];
            await new toolrunner.ToolRunner(cmd, args).exec();
        },
-        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId) {
+        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
+            const shouldWorkaroundInvalidNotifications = !(await isDiagnosticsExportInvalidSarifFixed(this));
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
+                ? path.join(tempDir, "codeql-intermediate-results.sarif")
+                : sarifFile;
            const args = [
                "database",
                "export-diagnostics",
                `${databasePath}`,
                "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
                "--format=sarif-latest",
-                `--output=${sarifFile}`,
+                `--output=${codeqlOutputFile}`,
                "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
                "-vvv",
                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -610,6 +613,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                args.push("--sarif-category", automationDetailsId);
            }
            await new toolrunner.ToolRunner(cmd, args).exec();
+            if (shouldWorkaroundInvalidNotifications) {
+                // Fix invalid notifications in the SARIF file output by CodeQL.
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+            }
        },
        async diagnosticsExport(sarifFile, automationDetailsId, config) {
            const args = [
@@ -696,6 +703,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
    }
    return codeql;
 }
+exports.getCodeQLForCmd = getCodeQLForCmd;
 /**
 * Gets the options for `path` of `options` as an array of extra option strings.
 *
@@ -743,6 +751,7 @@ function getExtraOptions(options, paths, pathInfo) {
        : getExtraOptions(options?.[paths[0]], paths?.slice(1), pathInfo.concat(paths[0]));
    return all.concat(specific);
 }
+exports.getExtraOptions = getExtraOptions;
 /*
 * A constant defining the maximum number of characters we will keep from
 * the programs stderr for logging. This serves two purposes:
@@ -796,7 +805,7 @@ async function runTool(cmd, args = [], opts = {}) {
 async function generateCodeScanningConfig(config, logger) {
    const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
    // make a copy so we can modify it
-    const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
+    const augmentedConfig = cloneObject(config.originalUserInput);
    // Inject the queries from the input
    if (config.augmentationProperties.queriesInput) {
        if (config.augmentationProperties.queriesInputCombines) {
@@ -840,6 +849,9 @@ async function generateCodeScanningConfig(config, logger) {
    fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig));
    return codeScanningConfigFile;
 }
+function cloneObject(obj) {
+    return JSON.parse(JSON.stringify(obj));
+}
 // This constant sets the size of each TRAP cache in megabytes.
 const TRAP_CACHE_SIZE_MB = 1024;
 async function getTrapCachingExtractorConfigArgs(config) {
@@ -848,6 +860,7 @@ async function getTrapCachingExtractorConfigArgs(config) {
        result.push(await getTrapCachingExtractorConfigArgsForLang(config, language));
    return result.flat();
 }
+exports.getTrapCachingExtractorConfigArgs = getTrapCachingExtractorConfigArgs;
 async function getTrapCachingExtractorConfigArgsForLang(config, language) {
    const cacheDir = config.trapCaches[language];
    if (cacheDir === undefined)
@@ -859,6 +872,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
        `-O=${language}.trap.cache.write=${write}`,
    ];
 }
+exports.getTrapCachingExtractorConfigArgsForLang = getTrapCachingExtractorConfigArgsForLang;
 /**
 * Get the path to the code scanning configuration generated by the CLI.
 *
@@ -867,6 +881,10 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
 function getGeneratedCodeScanningConfigPath(config) {
    return path.resolve(config.tempDir, "user-config.yaml");
 }
+exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
+async function isDiagnosticsExportInvalidSarifFixed(codeql) {
+    return await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
+}
 async function getLanguageAliasingArguments(codeql) {
    if (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
        return ["--extractor-include-aliases"];
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.stubToolRunnerConstructor = stubToolRunnerConstructor;
+exports.stubToolRunnerConstructor = void 0;
 const fs = __importStar(require("fs"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
@@ -40,7 +40,6 @@ const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
 const defaults = __importStar(require("./defaults.json"));
-const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const setup_codeql_1 = require("./setup-codeql");
@@ -101,7 +100,7 @@ function mockApiDetails(apiDetails) {
            t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
            t.is(result.toolsVersion, `0.0.0-${version}`);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        }
        t.is(toolcache.findAllVersions("CodeQL").length, 2);
    });
@@ -118,7 +117,7 @@ function mockApiDetails(apiDetails) {
        t.assert(toolcache.find("CodeQL", `2.14.0`));
        t.is(result.toolsVersion, `2.14.0`);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
    });
 });
 (0, ava_1.default)("downloads an explicitly requested bundle even if a different version is cached", async (t) => {
@@ -136,33 +135,42 @@ function mockApiDetails(apiDetails) {
        t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
        t.deepEqual(result.toolsVersion, "0.0.0-20200610");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
    });
 });
 const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
    {
-        tagName: "codeql-bundle-2.17.6",
-        expectedToolcacheVersion: "2.17.6",
+        cliVersion: "2.10.0",
+        expectedToolcacheVersion: "2.10.0-20200610",
    },
    {
-        tagName: "codeql-bundle-20240805",
-        expectedToolcacheVersion: "0.0.0-20240805",
+        cliVersion: "2.10.0-pre",
+        expectedToolcacheVersion: "0.0.0-20200610",
+    },
+    {
+        cliVersion: "2.10.0+202006100101",
+        expectedToolcacheVersion: "0.0.0-20200610",
    },
 ];
-for (const { tagName, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
-    (0, ava_1.default)(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => {
+for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
+    (0, ava_1.default)(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
        await util.withTmpDir(async (tmpDir) => {
            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
            mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
            sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
+            const releaseApiMock = mockReleaseApi({
+                assetNames: [`cli-version-${cliVersion}.txt`],
+                tagName: "codeql-bundle-20200610",
+            });
            const url = (0, testing_utils_1.mockBundleDownloadApi)({
-                tagName,
+                tagName: "codeql-bundle-20200610",
            });
            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            t.assert(releaseApiMock.isDone(), "Releases API should have been called");
            t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
-            t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
+            t.deepEqual(result.toolsVersion, cliVersion);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        });
    });
 }
@@ -184,7 +192,7 @@ for (const toolcacheVersion of [
            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
            t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-            t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
+            t.is(result.toolsDownloadDurationMs, undefined);
        });
    });
 }
@@ -202,7 +210,7 @@ for (const toolcacheVersion of [
        }, (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, "0.0.0-20200601");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-        t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
+        t.is(result.toolsDownloadDurationMs, undefined);
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
    });
@@ -224,7 +232,7 @@ for (const toolcacheVersion of [
        }, (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, defaults.cliVersion);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
@@ -243,7 +251,7 @@ for (const toolcacheVersion of [
        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.deepEqual(result.toolsVersion, defaults.cliVersion);
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 2);
    });
@@ -254,7 +262,7 @@ for (const toolcacheVersion of [
        mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
        sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
        const releasesApiMock = mockReleaseApi({
-            assetNames: ["cli-version-2.13.5.txt"],
+            assetNames: ["cli-version-2.12.6.txt"],
            tagName: "codeql-bundle-20230203",
        });
        (0, testing_utils_1.mockBundleDownloadApi)({
@@ -265,7 +273,7 @@ for (const toolcacheVersion of [
        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.is(result.toolsVersion, "0.0.0-20230203");
        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.true(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
+        t.true(Number.isInteger(result.toolsDownloadDurationMs));
        const cachedVersions = toolcache.findAllVersions("CodeQL");
        t.is(cachedVersions.length, 1);
        t.is(cachedVersions[0], "0.0.0-20230203");
@@ -307,7 +315,7 @@ const injectedConfigMacro = ava_1.default.macro({
                tempDir,
                augmentationProperties,
            };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            const args = runnerConstructorStub.firstCall.args[1];
            // should have used an config file
            const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -442,8 +450,8 @@ const injectedConfigMacro = ava_1.default.macro({
    await util.withTmpDir(async (tempDir) => {
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should have used a config file
        const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -457,9 +465,9 @@ const injectedConfigMacro = ava_1.default.macro({
    await util.withTmpDir(async (tempDir) => {
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
-        (0, logging_1.getRunnerLogger)(true));
+        (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
        t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
@@ -488,7 +496,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
        githubVersion: {
            type: util.GitHubVariant.GHES,
-            version: "3.10.0",
+            version: "3.9.0",
        },
        flagPassed: true,
        negativeFlagPassed: false,
@@ -513,12 +521,24 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
        sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
        // safeWhich throws because of the test CodeQL object.
        sinon.stub(safeWhich, "safeWhich").resolves("");
-        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]));
-        const actualArgs = runnerConstructorStub.firstCall.args[1];
-        t.is(actualArgs.includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
-        t.is(actualArgs.includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
+        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        t.is(runnerConstructorStub.firstCall.args[1].includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
+        t.is(runnerConstructorStub.firstCall.args[1].includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
    });
 }
+(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
+    const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
+        "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
+    stubToolRunnerConstructor(32, cliMessage);
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
+        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
+            `Exit code was 32 and last log line was: ${cliMessage} See the logs for more details.`,
+    });
+});
 (0, ava_1.default)("runTool summarizes several fatal errors", async (t) => {
    const heapError = "A fatal error occurred: Evaluator heap must be at least 384.00 MiB";
    const datasetImportError = "A fatal error occurred: Dataset import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2";
@@ -526,7 +546,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
        `${heapError}\n${datasetImportError}.`;
    stubToolRunnerConstructor(32, cliStderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@@ -548,14 +568,15 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
  `;
    stubToolRunnerConstructor(1, stderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
-        instanceOf: util.ConfigurationError,
+        instanceOf: cli_errors_1.CommandInvocationError,
        message: "We were unable to automatically build your code. Please provide manual build steps. " +
-            `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
+            "For more information, see " +
+            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
            "Encountered the following error: Start of the error message\n" +
            "  Some more context about the error message\n" +
            "  continued\n" +
@@ -566,42 +587,24 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
    const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
    stubToolRunnerConstructor(1, stderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
-        instanceOf: util.ConfigurationError,
+        instanceOf: cli_errors_1.CommandInvocationError,
        message: "We were unable to automatically build your code. Please provide manual build steps. " +
-            `See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
+            "For more information, see " +
+            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
            "Encountered the following error: " +
            `${Array.from({ length: 10 }, (_, i) => `line${i + 1}`).join("\n")}\n(truncated)`,
    });
 });
-(0, ava_1.default)("runTool recognizes fatal internal errors", async (t) => {
-    const stderr = `
-    [11/31 eval 8m19s] Evaluation done; writing results to codeql/go-queries/Security/CWE-020/MissingRegexpAnchor.bqrs.
-    Oops! A fatal internal error occurred. Details:
-    com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
-    Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk`;
-    stubToolRunnerConstructor(1, stderr);
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
-    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.databaseRunQueries(stubConfig.dbLocation, []), {
-        instanceOf: cli_errors_1.CommandInvocationError,
-        message: `Encountered a fatal error while running "codeql-for-testing database run-queries  --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
-    com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
-    Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk. See the logs for more details.`,
-    });
-});
 (0, ava_1.default)("runTool outputs last line of stderr if fatal error could not be found", async (t) => {
    const cliStderr = "line1\nline2\nline3\nline4\nline5";
    stubToolRunnerConstructor(32, cliStderr);
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@@ -613,12 +616,12 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
 (0, ava_1.default)("Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => {
    const runnerConstructorStub = stubToolRunnerConstructor();
    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
    // safeWhich throws because of the test CodeQL object.
    sinon.stub(safeWhich, "safeWhich").resolves("");
    process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
        '{ "database": { "init": ["--overwrite"] } }';
-    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, logging_1.getRunnerLogger)(false));
+    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(false));
    t.true(runnerConstructorStub.calledOnce);
    const args = runnerConstructorStub.firstCall.args[1];
    t.is(args.filter((option) => option === "--overwrite").length, 1, "--overwrite should only be passed once");
@@ -644,4 +647,5 @@ function stubToolRunnerConstructor(exitCode = 0, stderr) {
    });
    return runnerConstructorStub;
 }
+exports.stubToolRunnerConstructor = stubToolRunnerConstructor;
 //# sourceMappingURL=codeql.test.js.map
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@@ -23,31 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultAugmentationProperties = void 0;
-exports.getPacksStrInvalid = getPacksStrInvalid;
-exports.getConfigFileOutsideWorkspaceErrorMessage = getConfigFileOutsideWorkspaceErrorMessage;
-exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
-exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
-exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
-exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
-exports.getNoLanguagesError = getNoLanguagesError;
-exports.getUnknownLanguagesError = getUnknownLanguagesError;
-exports.getLanguagesInRepo = getLanguagesInRepo;
-exports.getLanguages = getLanguages;
-exports.getLanguageAliases = getLanguageAliases;
-exports.getRawLanguages = getRawLanguages;
-exports.getDefaultConfig = getDefaultConfig;
-exports.calculateAugmentation = calculateAugmentation;
-exports.parsePacksFromInput = parsePacksFromInput;
-exports.parsePacksSpecification = parsePacksSpecification;
-exports.validatePackSpecification = validatePackSpecification;
-exports.initConfig = initConfig;
-exports.parseRegistriesWithoutCredentials = parseRegistriesWithoutCredentials;
-exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
-exports.getConfig = getConfig;
-exports.generateRegistries = generateRegistries;
-exports.wrapEnvironment = wrapEnvironment;
-exports.parseBuildModeInput = parseBuildModeInput;
+exports.parseBuildModeInput = exports.wrapEnvironment = exports.generateRegistries = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromInput = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getPacksStrInvalid = exports.defaultAugmentationProperties = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
@@ -76,23 +52,29 @@ function getPacksStrInvalid(packStr, configFile) {
        ? getConfigFilePropertyError(configFile, PACKS_PROPERTY, `"${packStr}" is not a valid pack`)
        : `"${packStr}" is not a valid pack`;
 }
+exports.getPacksStrInvalid = getPacksStrInvalid;
 function getConfigFileOutsideWorkspaceErrorMessage(configFile) {
    return `The configuration file "${configFile}" is outside of the workspace`;
 }
+exports.getConfigFileOutsideWorkspaceErrorMessage = getConfigFileOutsideWorkspaceErrorMessage;
 function getConfigFileDoesNotExistErrorMessage(configFile) {
    return `The configuration file "${configFile}" does not exist`;
 }
+exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
 function getConfigFileRepoFormatInvalidMessage(configFile) {
    let error = `The configuration file "${configFile}" is not a supported remote file reference.`;
    error += " Expected format <owner>/<repository>/<file-path>@<ref>";
    return error;
 }
+exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
 function getConfigFileFormatInvalidMessage(configFile) {
    return `The configuration file "${configFile}" could not be read`;
 }
+exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
 function getConfigFileDirectoryGivenMessage(configFile) {
    return `The configuration file "${configFile}" looks like a directory, not a file`;
 }
+exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
 function getConfigFilePropertyError(configFile, property, error) {
    if (configFile === undefined) {
        return `The workflow property "${property}" is invalid: ${error}`;
@@ -105,9 +87,11 @@ function getNoLanguagesError() {
    return ("Did not detect any languages to analyze. " +
        "Please update input in workflow or check that GitHub detects the correct languages in your repository.");
 }
+exports.getNoLanguagesError = getNoLanguagesError;
 function getUnknownLanguagesError(languages) {
    return `Did not recognize the following languages: ${languages.join(", ")}`;
 }
+exports.getUnknownLanguagesError = getUnknownLanguagesError;
 /**
 * Gets the set of languages in the current repository that are
 * scannable by CodeQL.
@@ -132,6 +116,7 @@ async function getLanguagesInRepo(repository, logger) {
    }
    return [...languages];
 }
+exports.getLanguagesInRepo = getLanguagesInRepo;
 /**
 * Get the languages to analyse.
 *
@@ -185,6 +170,7 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
    }
    return parsedLanguages;
 }
+exports.getLanguages = getLanguages;
 /**
 * Gets the set of languages supported by CodeQL, along with their aliases if supported by the
 * version of the CLI.
@@ -195,6 +181,7 @@ async function getLanguageAliases(codeql) {
    }
    return undefined;
 }
+exports.getLanguageAliases = getLanguageAliases;
 /**
 * Gets the set of languages in the current repository without checking to
 * see if these languages are actually supported by CodeQL.
@@ -222,6 +209,7 @@ async function getRawLanguages(languagesInput, repository, logger) {
    }
    return { rawLanguages, autodetected };
 }
+exports.getRawLanguages = getRawLanguages;
 /**
 * Get the default config for when the user has not supplied one.
 */
@@ -246,6 +234,7 @@ async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buil
        trapCacheDownloadTime,
    };
 }
+exports.getDefaultConfig = getDefaultConfig;
 async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger) {
    let trapCaches = {};
    let trapCacheDownloadTime = 0;
@@ -326,6 +315,7 @@ function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
        queriesInputCombines,
    };
 }
+exports.calculateAugmentation = calculateAugmentation;
 function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
    if (!rawQueriesInput) {
        return undefined;
@@ -373,6 +363,7 @@ function parsePacksFromInput(rawPacksInput, languages, packsInputCombines) {
        }, []),
    };
 }
+exports.parsePacksFromInput = parsePacksFromInput;
 /**
 * Validates that this package specification is syntactically correct.
 * It may not point to any real package, but after this function returns
@@ -420,7 +411,7 @@ function parsePacksSpecification(packStr) {
        try {
            new semver.Range(version);
        }
-        catch {
+        catch (e) {
            // The range string is invalid. OK to ignore the caught error
            throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
        }
@@ -445,9 +436,11 @@ function parsePacksSpecification(packStr) {
        path: packPath,
    };
 }
+exports.parsePacksSpecification = parsePacksSpecification;
 function validatePackSpecification(pack) {
    return (0, util_1.prettyPrintPack)(parsePacksSpecification(pack));
 }
+exports.validatePackSpecification = validatePackSpecification;
 /**
 * The convention in this action is that an input value that is prefixed with a '+' will
 * be combined with the corresponding value in the config file.
@@ -498,22 +491,17 @@ async function initConfig(inputs) {
    await saveConfig(config, logger);
    return config;
 }
+exports.initConfig = initConfig;
 function parseRegistries(registriesInput) {
    try {
        return registriesInput
            ? yaml.load(registriesInput)
            : undefined;
    }
-    catch {
+    catch (e) {
        throw new util_1.ConfigurationError("Invalid registries input. Must be a YAML string.");
    }
 }
-function parseRegistriesWithoutCredentials(registriesInput) {
-    return parseRegistries(registriesInput)?.map((r) => {
-        const { url, packages } = r;
-        return { url, packages };
-    });
-}
 function isLocal(configPath) {
    // If the path starts with ./, look locally
    if (configPath.indexOf("./") === 0) {
@@ -562,6 +550,7 @@ async function getRemoteConfig(configFile, apiDetails) {
 function getPathToParsedConfigFile(tempDir) {
    return path.join(tempDir, "config");
 }
+exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
 /**
 * Store the given config to the path returned from getPathToParsedConfigFile.
 */
@@ -587,6 +576,7 @@ async function getConfig(tempDir, logger) {
    logger.debug(configString);
    return JSON.parse(configString);
 }
+exports.getConfig = getConfig;
 /**
 * Generate a `qlconfig.yml` file from the `registries` input.
 * This file is used by the CodeQL CLI to list the registries to use for each
@@ -625,6 +615,7 @@ async function generateRegistries(registriesInput, tempDir, logger) {
        qlconfigFile,
    };
 }
+exports.generateRegistries = generateRegistries;
 function createRegistriesBlock(registries) {
    if (!Array.isArray(registries) ||
        registries.some((r) => !r.url || !r.packages)) {
@@ -674,6 +665,7 @@ async function wrapEnvironment(env, operation) {
        }
    }
 }
+exports.wrapEnvironment = wrapEnvironment;
 // Exported for testing
 async function parseBuildModeInput(input, languages, features, logger) {
    if (input === undefined) {
@@ -682,11 +674,6 @@ async function parseBuildModeInput(input, languages, features, logger) {
    if (!Object.values(util_1.BuildMode).includes(input)) {
        throw new util_1.ConfigurationError(`Invalid build mode: '${input}'. Supported build modes are: ${Object.values(util_1.BuildMode).join(", ")}.`);
    }
-    if (languages.includes(languages_1.Language.csharp) &&
-        (await features.getValue(feature_flags_1.Feature.DisableCsharpBuildless))) {
-        logger.warning("Scanning C# code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.");
-        return util_1.BuildMode.Autobuild;
-    }
    if (languages.includes(languages_1.Language.java) &&
        (await features.getValue(feature_flags_1.Feature.DisableJavaBuildlessEnabled))) {
        logger.warning("Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.");
@@ -694,4 +681,5 @@ async function parseBuildModeInput(input, languages, features, logger) {
    }
    return input;
 }
+exports.parseBuildModeInput = parseBuildModeInput;
 //# sourceMappingURL=config-utils.js.map
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -764,40 +764,27 @@ const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
        t.deepEqual(mockRequest.called, args.expectedApiCall);
    });
 });
-for (const { displayName, language, feature } of [
-    {
-        displayName: "Java",
-        language: languages_1.Language.java,
-        feature: feature_flags_1.Feature.DisableJavaBuildlessEnabled,
-    },
-    {
-        displayName: "C#",
-        language: languages_1.Language.csharp,
-        feature: feature_flags_1.Feature.DisableCsharpBuildless,
-    },
-]) {
-    (0, ava_1.default)(`Build mode not overridden when disable ${displayName} buildless feature flag disabled`, async (t) => {
-        const messages = [];
-        const buildMode = await configUtils.parseBuildModeInput("none", [language], (0, testing_utils_1.createFeatures)([]), (0, testing_utils_1.getRecordingLogger)(messages));
-        t.is(buildMode, util_1.BuildMode.None);
-        t.deepEqual(messages, []);
-    });
-    (0, ava_1.default)(`Build mode not overridden for other languages when disable ${displayName} buildless feature flag enabled`, async (t) => {
-        const messages = [];
-        const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.python], (0, testing_utils_1.createFeatures)([feature]), (0, testing_utils_1.getRecordingLogger)(messages));
-        t.is(buildMode, util_1.BuildMode.None);
-        t.deepEqual(messages, []);
-    });
-    (0, ava_1.default)(`Build mode overridden when analyzing ${displayName} and disable ${displayName} buildless feature flag enabled`, async (t) => {
-        const messages = [];
-        const buildMode = await configUtils.parseBuildModeInput("none", [language], (0, testing_utils_1.createFeatures)([feature]), (0, testing_utils_1.getRecordingLogger)(messages));
-        t.is(buildMode, util_1.BuildMode.Autobuild);
-        t.deepEqual(messages, [
-            {
-                message: `Scanning ${displayName} code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.`,
-                type: "warning",
-            },
-        ]);
-    });
-}
+(0, ava_1.default)("Build mode not overridden when disable Java buildless feature flag disabled", async (t) => {
+    const messages = [];
+    const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.java], (0, testing_utils_1.createFeatures)([]), (0, testing_utils_1.getRecordingLogger)(messages));
+    t.is(buildMode, util_1.BuildMode.None);
+    t.deepEqual(messages, []);
+});
+(0, ava_1.default)("Build mode not overridden for other languages", async (t) => {
+    const messages = [];
+    const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.python], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableJavaBuildlessEnabled]), (0, testing_utils_1.getRecordingLogger)(messages));
+    t.is(buildMode, util_1.BuildMode.None);
+    t.deepEqual(messages, []);
+});
+(0, ava_1.default)("Build mode overridden when analyzing Java and disable Java buildless feature flag enabled", async (t) => {
+    const messages = [];
+    const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.java], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableJavaBuildlessEnabled]), (0, testing_utils_1.getRecordingLogger)(messages));
+    t.is(buildMode, util_1.BuildMode.Autobuild);
+    t.deepEqual(messages, [
+        {
+            message: "Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.",
+            type: "warning",
+        },
+    ]);
+});
 //# sourceMappingURL=config-utils.test.js.map
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Fotis Koutoulakis (@NlightNFotis)	72dc0335f8	Add more noise to the debug output in status-report to trace function execution in CI	2024-05-23 11:04:50 +01:00
Fotis Koutoulakis (@NlightNFotis)	b2a144d499	Add debug output to status-report.ts	2024-05-23 10:58:50 +01:00