Update codeql.ts

2025-12-07 08:18:08 +08:00 · 2020-07-11 13:28:32 -07:00 · 2020-07-11 13:22:57 -07:00 · 2020-07-11 13:17:46 -07:00 · 2020-07-11 13:12:15 -07:00 · 2020-07-11 13:08:34 -07:00
422 changed files with 183888 additions and 6451 deletions
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -10,4 +10,5 @@ queries:
  - uses: security-extended
  - uses: security-and-quality
 paths-ignore:
-  - tests
+  - tests
+  - lib
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,7 +1,4 @@
 ### Merge / deployment checklist

- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in other repos!
-  - [ ] CodeQL using init/analyze actions
-  - [ ] 3rd party tool using upload action
 - [ ] Confirm this change is backwards compatible with existing workflows.
 - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -10,7 +10,7 @@ jobs:
    runs-on: ${{ matrix.os }}

    steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
      with:
        # Must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head of the pull request.
--- a/.github/workflows/integration-testing.yml
+++ b/.github/workflows/integration-testing.yml
@@ -36,7 +36,7 @@ jobs:
          exit 1
        fi

-  multi-language-repo_test-custom-queries:
+  multi-language-repo_test-custom-queries-and-remote-config:
    strategy:
      fail-fast: false
      matrix:
@@ -54,7 +54,7 @@ jobs:
    - uses: ./../action/init
      with:
        languages: cpp,csharp,java,javascript,python
-        config-file: ./.github/codeql/custom-queries.yml
+        config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -93,7 +93,6 @@ jobs:
      env:
        TEST_MODE: true

-
  multi-language-repo_rubocop:
    runs-on: ubuntu-latest

@@ -124,3 +123,30 @@ jobs:
        sarif_file: rubocop.sarif
      env:
        TEST_MODE: true
+
+  test-proxy:
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:18.04
+      options: --dns 127.0.0.1
+    services:
+      squid-proxy:
+        image: datadog/squid:latest
+        ports:
+          - 3128:3128
+    env:
+      https_proxy: http://squid-proxy:3128
+    steps:
+    - uses: actions/checkout@v2
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+    - uses: ./../action/init
+      with:
+        languages: javascript
+    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -7,6 +7,7 @@ on:
    # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
    # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
    types: [update-release-branch]
+  workflow_dispatch:

 jobs:
  update:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,13 +10,32 @@ Contributions to this project are [released](https://help.github.com/articles/gi

 Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.

+## Development and Testing
+
+Before you start, ensure that you have a recent version of node installed. You can see which version of node is used by the action in `init/action.yml`.
+
+### Common tasks
+
+* Transpile the TypeScript to JavaScript: `npm run build`.  Note that the JavaScript files are committed to git.
+* Run tests: `npm run test`.  You’ll need to ensure that the JavaScript files are up-to-date first by running the command above.
+* Run the linter: `npm run lint`.
+
+### Running the action
+
+To see the effect of your changes and to test them, push your changes in a branch and then look at the [Actions output](https://github.com/github/codeql-action/actions) for that branch.  You can also exercise the code locally by running the automated tests.
+
+### Integration tests
+
+As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.
+
 ## Submitting a pull request

 1. [Fork][fork] and clone the repository
 2. Create a new branch: `git checkout -b my-branch-name`
 3. Make your change, add tests, and make sure the tests still pass
 4. Push to your fork and [submit a pull request][pr]
-5. Pat your self on the back and wait for your pull request to be reviewed and merged.
+5. Pat yourself on the back and wait for your pull request to be reviewed and merged.
+If you're a GitHub staff member, you can merge your own PR once it's approved; for external contributors, GitHub staff will merge your PR once it's approved.

 Here are a few things you can do that will increase the likelihood of your pull request being accepted:

--- a/init/action.yml
+++ b/init/action.yml
@@ -5,7 +5,7 @@ inputs:
  tools:
    description: URL of CodeQL tools
    required: false
-    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz
+    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz
  languages:
    description: The languages to be analysed
    required: false
--- a/lib/analysis-paths.js
+++ b/lib/analysis-paths.js
@@ -8,19 +8,50 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+function isInterpretedLanguage(language) {
+    return language === 'javascript' || language === 'python';
+}
+// Matches a string containing only characters that are legal to include in paths on windows.
+exports.legalWindowsPathCharactersRegex = /^[^<>:"\|?]*$/;
+// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
+function buildIncludeExcludeEnvVar(paths) {
+    // Ignore anything containing a *
+    paths = paths.filter(p => p.indexOf('*') === -1);
+    // Some characters are illegal in path names in windows
+    if (process.platform === 'win32') {
+        paths = paths.filter(p => p.match(exports.legalWindowsPathCharactersRegex));
+    }
+    return paths.join('\n');
+}
 function includeAndExcludeAnalysisPaths(config, languages) {
+    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
+    // control which files/directories are traversed when scanning.
+    // This allows including files that otherwise would not be scanned, or
+    // excluding and not traversing entire file subtrees.
+    // It does not understand globs or double-globs because that would require it to
+    // traverse the entire file tree to determine which files are matched.
+    // Any paths containing "*" are not included in these.
    if (config.paths.length !== 0) {
-        core.exportVariable('LGTM_INDEX_INCLUDE', config.paths.join('\n'));
+        core.exportVariable('LGTM_INDEX_INCLUDE', buildIncludeExcludeEnvVar(config.paths));
    }
    if (config.pathsIgnore.length !== 0) {
-        core.exportVariable('LGTM_INDEX_EXCLUDE', config.pathsIgnore.join('\n'));
+        core.exportVariable('LGTM_INDEX_EXCLUDE', buildIncludeExcludeEnvVar(config.pathsIgnore));
    }
-    function isInterpretedLanguage(language) {
-        return language === 'javascript' || language === 'python';
+    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
+    // extracted or ignored. It does not control which directories are traversed.
+    // This does understand the glob and double-glob syntax.
+    const filters = [];
+    filters.push(...config.paths.map(p => 'include:' + p));
+    filters.push(...config.pathsIgnore.map(p => 'exclude:' + p));
+    if (filters.length !== 0) {
+        core.exportVariable('LGTM_INDEX_FILTERS', filters.join('\n'));
    }
-    // Index include/exclude only work in javascript and python
-    // If some other language is detected/configured show a warning
-    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) && !languages.every(isInterpretedLanguage)) {
+    // Index include/exclude/filters only work in javascript and python.
+    // If any other languages are detected/configured then show a warning.
+    if ((config.paths.length !== 0 ||
+        config.pathsIgnore.length !== 0 ||
+        filters.length !== 0) &&
+        !languages.every(isInterpretedLanguage)) {
        core.warning('The "paths"/"paths-ignore" fields of the config only have effect for Javascript and Python');
    }
 }
--- a/lib/analysis-paths.js.map
+++ b/lib/analysis-paths.js.map
@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC5F,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KACpE;IAED,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC1E;IAED,SAAS,qBAAqB,CAAC,QAAQ;QACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;IAC5D,CAAC;IAED,2DAA2D;IAC3D,+DAA+D;IAC/D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC7G,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC5G;AACH,CAAC;AAlBD,wEAkBC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;AAC5D,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,eAAe,CAAC;AAE/D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACrE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC5F,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;KACpF;IACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;KAC1F;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC/D;IAED,oEAAoE;IACpE,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QACxB,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC/B,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;QACvB,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC3C,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC5G;AACH,CAAC;AAjCD,wEAiCC"}
--- a/lib/analysis-paths.test.js
+++ b/lib/analysis-paths.test.js
@@ -14,19 +14,21 @@ const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const configUtils = __importStar(require("./config-utils"));
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default("emptyPaths", async (t) => {
    let config = new configUtils.Config();
    analysisPaths.includeAndExcludeAnalysisPaths(config, []);
    t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
    t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
+    t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
 });
 ava_1.default("nonEmptyPaths", async (t) => {
    let config = new configUtils.Config();
-    config.paths.push('path1', 'path2');
-    config.pathsIgnore.push('path3', 'path4');
+    config.paths.push('path1', 'path2', '**/path3');
+    config.pathsIgnore.push('path4', 'path5', 'path6/**');
    analysisPaths.includeAndExcludeAnalysisPaths(config, []);
    t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path3\npath4');
+    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
+    t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
 });
 //# sourceMappingURL=analysis-paths.test.js.map
--- a/lib/analysis-paths.test.js.map
+++ b/lib/analysis-paths.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAAmD;AAEnD,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAA2C;AAE3C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IACtD,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,gGAAgG,CAAC,CAAC;AAC5I,CAAC,CAAC,CAAC"}
--- a/lib/api-client.js
+++ b/lib/api-client.js
@@ -11,13 +11,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const octokit = __importStar(require("@octokit/rest"));
+const github = __importStar(require("@actions/github"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
-const githubAPIURL = process.env["GITHUB_API_URL"] || "https://api.github.com";
-exports.client = new octokit.Octokit({
-    auth: core.getInput("token"),
-    baseUrl: githubAPIURL,
-    userAgent: "CodeQL Action",
-    log: console_log_level_1.default({ level: "debug" })
-});
+exports.getApiClient = function () {
+    return new github.GitHub(core.getInput('token'), {
+        userAgent: "CodeQL Action",
+        log: console_log_level_1.default({ level: "debug" })
+    });
+};
 //# sourceMappingURL=api-client.js.map
--- a/lib/api-client.js.map
+++ b/lib/api-client.js.map
@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,uDAAyC;AACzC,0EAAgD;AAEhD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,wBAAwB,CAAC;AAClE,QAAA,MAAM,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC;IACxC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC5B,OAAO,EAAE,YAAY;IACrB,SAAS,EAAE,eAAe;IAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;CACzC,CAAC,CAAC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAEnC,QAAA,YAAY,GAAG;IAC1B,OAAO,IAAI,MAAM,CAAC,MAAM,CACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB;QACE,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACP,CAAC,CAAC"}
--- a/lib/autobuild.js
+++ b/lib/autobuild.js
@@ -8,8 +8,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const path = __importStar(require("path"));
+const codeql_1 = require("./codeql");
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 async function run() {
@@ -33,18 +32,8 @@ async function run() {
            core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
        }
        core.startGroup(`Attempting to automatically build ${language} code`);
-        // TODO: share config accross actions better via env variables
-        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
-        const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
-        const autobuildCmd = path.join(path.dirname(codeqlCmd), language, 'tools', cmdName);
-        // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
-        // This is because of an issue with Azure pipelines timing out connections after 4 minutes
-        // and Maven not properly handling closed connections
-        // Otherwise long build processes will timeout when pulling down Java packages
-        // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
-        let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
-        process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
-        await exec.exec(autobuildCmd);
+        const codeQL = codeql_1.getCodeQL();
+        await codeQL.runAutobuild(language);
        core.endGroup();
    }
    catch (error) {
--- a/lib/autobuild.js.map
+++ b/lib/autobuild.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,2CAA6B;AAE7B,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,8DAA8D;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAExE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;QAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAGpF,+DAA+D;QAC/D,0FAA0F;QAC1F,qDAAqD;QACrD,8EAA8E;QAC9E,gHAAgH;QAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,qCAAqC;AACrC,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -0,0 +1,184 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
+const toolcache = __importStar(require("@actions/tool-cache"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const semver = __importStar(require("semver"));
+const util = __importStar(require("./util"));
+/**
+ * Environment variable used to store the location of the CodeQL CLI executable.
+ * Value is set by setupCodeQL and read by getCodeQL.
+ */
+const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
+async function setupCodeQL() {
+    try {
+        const codeqlURL = core.getInput('tools', { required: true });
+        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
+        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
+        if (codeqlFolder) {
+            core.debug(`CodeQL found in cache ${codeqlFolder}`);
+        }
+        else {
+            const codeqlPath = await toolcache.downloadTool(codeqlURL);
+            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
+            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
+        }
+        let codeqlCmd = path.join(codeqlFolder, 'codeql', 'codeql');
+        if (process.platform === 'win32') {
+            codeqlCmd += ".exe";
+        }
+        else if (process.platform !== 'linux' && process.platform !== 'darwin') {
+            throw new Error("Unsupported plaform: " + process.platform);
+        }
+        core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd);
+        return getCodeQLForCmd(codeqlCmd);
+    }
+    catch (e) {
+        core.error(e);
+        throw new Error("Unable to download and extract CodeQL CLI");
+    }
+}
+exports.setupCodeQL = setupCodeQL;
+function getCodeQLURLVersion(url) {
+    const match = url.match(/\/codeql-bundle-(.*)\//);
+    if (match === null || match.length < 2) {
+        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
+    }
+    let version = match[1];
+    if (!semver.valid(version)) {
+        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
+        version = '0.0.0-' + version;
+    }
+    const s = semver.clean(version);
+    if (!s) {
+        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
+    }
+    return s;
+}
+exports.getCodeQLURLVersion = getCodeQLURLVersion;
+function getCodeQL() {
+    const codeqlCmd = util.getRequiredEnvParam(CODEQL_ACTION_CMD);
+    return getCodeQLForCmd(codeqlCmd);
+}
+exports.getCodeQL = getCodeQL;
+function getCodeQLForCmd(cmd) {
+    return {
+        getDir: function () {
+            return path.dirname(cmd);
+        },
+        printVersion: async function () {
+            await exec.exec(cmd, [
+                'version',
+                '--format=json'
+            ]);
+        },
+        getTracerEnv: async function (databasePath, compilerSpec) {
+            let envFile = path.resolve(databasePath, 'working', 'env.tmp');
+            const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
+            await exec.exec(cmd, [
+                'database',
+                'trace-command',
+                databasePath,
+                ...compilerSpecArg,
+                process.execPath,
+                path.resolve(__dirname, 'tracer-env.js'),
+                envFile
+            ]);
+            return JSON.parse(fs.readFileSync(envFile, 'utf-8'));
+        },
+        databaseInit: async function (databasePath, language, sourceRoot) {
+            await exec.exec(cmd, [
+                'database',
+                'init',
+                databasePath,
+                '--language=' + language,
+                '--source-root=' + sourceRoot,
+            ]);
+        },
+        runAutobuild: async function (language) {
+            const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
+            const autobuildCmd = path.join(path.dirname(cmd), language, 'tools', cmdName);
+            // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
+            // This is because of an issue with Azure pipelines timing out connections after 4 minutes
+            // and Maven not properly handling closed connections
+            // Otherwise long build processes will timeout when pulling down Java packages
+            // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
+            let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
+            process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
+            await exec.exec(autobuildCmd);
+        },
+        extractScannedLanguage: async function (databasePath, language) {
+            // Get extractor location
+            let extractorPath = '';
+            await exec.exec(cmd, [
+                'resolve',
+                'extractor',
+                '--format=json',
+                '--language=' + language
+            ], {
+                silent: true,
+                listeners: {
+                    stdout: (data) => { extractorPath += data.toString(); },
+                    stderr: (data) => { process.stderr.write(data); }
+                }
+            });
+            // Set trace command
+            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
+            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
+            // Run trace command
+            await exec.exec(cmd, [
+                'database',
+                'trace-command',
+                databasePath,
+                '--',
+                traceCommand
+            ]);
+        },
+        finalizeDatabase: async function (databasePath) {
+            await exec.exec(cmd, [
+                'database',
+                'finalize',
+                databasePath
+            ]);
+        },
+        resolveQueries: async function (queries) {
+            let output = '';
+            await exec.exec(cmd, [
+                'resolve',
+                'queries',
+                ...queries,
+                '--format=bylanguage'
+            ], {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    }
+                }
+            });
+            return JSON.parse(output);
+        },
+        databaseAnalyze: async function (databasePath, sarifFile, querySuite) {
+            await exec.exec(cmd, [
+                'database',
+                'analyze',
+                util.getMemoryFlag(),
+                util.getThreadsFlag(),
+                databasePath,
+                '--format=sarif-latest',
+                '--output=' + sarifFile,
+                '--no-sarif-add-snippets',
+                querySuite
+            ]);
+        }
+    };
+}
+//# sourceMappingURL=codeql.js.map
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@@ -0,0 +1,60 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolcache = __importStar(require("@actions/tool-cache"));
+const ava_1 = __importDefault(require("ava"));
+const nock_1 = __importDefault(require("nock"));
+const path = __importStar(require("path"));
+const codeql = __importStar(require("./codeql"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default('download codeql bundle cache', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
+        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
+        const versions = ['20200601', '20200610'];
+        for (let i = 0; i < versions.length; i++) {
+            const version = versions[i];
+            nock_1.default('https://example.com')
+                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
+                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
+            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
+            await codeql.setupCodeQL();
+            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
+        }
+        const cachedVersions = toolcache.findAllVersions('CodeQL');
+        t.is(cachedVersions.length, 2);
+    });
+});
+ava_1.default('parse codeql bundle url version', t => {
+    const tests = {
+        '20200601': '0.0.0-20200601',
+        '20200601.0': '0.0.0-20200601.0',
+        '20200601.0.0': '20200601.0.0',
+        '1.2.3': '1.2.3',
+        '1.2.3-alpha': '1.2.3-alpha',
+        '1.2.3-beta.1': '1.2.3-beta.1',
+    };
+    for (const [version, expectedVersion] of Object.entries(tests)) {
+        const url = `https://github.com/.../codeql-bundle-${version}/...`;
+        try {
+            const parsedVersion = codeql.getCodeQLURLVersion(url);
+            t.deepEqual(parsedVersion, expectedVersion);
+        }
+        catch (e) {
+            t.fail(e.message);
+        }
+    }
+});
+//# sourceMappingURL=codeql.test.js.map
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@@ -12,6 +12,7 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
+const api = __importStar(require("./api-client"));
 const util = __importStar(require("./util"));
 const NAME_PROPERTY = 'name';
 const DISPLAY_DEFAULT_QUERIES_PROPERTY = 'disable-default-queries';
@@ -104,6 +105,52 @@ class Config {
    }
 }
 exports.Config = Config;
+// Regex validating stars in paths or paths-ignore entries.
+// The intention is to only allow ** to appear when immediately
+// preceded and followed by a slash.
+const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
+// Characters that are supported by filters in workflows, but not by us.
+// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+const filterPatternCharactersRegex = /.*[\?\+\[\]!].*/;
+// Checks that a paths of paths-ignore entry is valid, possibly modifying it
+// to make it valid, or if not possible then throws an error.
+function validateAndSanitisePath(originalPath, propertyName, configFile) {
+    // Take a copy so we don't modify the original path, so we can still construct error messages
+    let path = originalPath;
+    // All paths are relative to the src root, so strip off leading slashes.
+    while (path.charAt(0) === '/') {
+        path = path.substring(1);
+    }
+    // Trailing ** are redundant, so strip them off
+    if (path.endsWith('/**')) {
+        path = path.substring(0, path.length - 2);
+    }
+    // An empty path is not allowed as it's meaningless
+    if (path === '') {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" is not an invalid path. ' +
+            'It is not necessary to include it, and it is not allowed to exclude it.'));
+    }
+    // Check for illegal uses of **
+    if (path.match(pathStarsRegex)) {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an invalid "**" wildcard. ' +
+            'They must be immediately preceeded and followed by a slash as in "/**/", or come at the start or end.'));
+    }
+    // Check for other regex characters that we don't support.
+    // Output a warning so the user knows, but otherwise continue normally.
+    if (path.match(filterPatternCharactersRegex)) {
+        core.warning(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an unsupported character. ' +
+            'The filter pattern characters ?, +, [, ], ! are not supported and will be matched literally.'));
+    }
+    // Ban any uses of backslash for now.
+    // This may not play nicely with project layouts.
+    // This restriction can be lifted later if we determine they are ok.
+    if (path.indexOf('\\') !== -1) {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an "\\" character. These are not allowed in filters. ' +
+            'If running on windows we recommend using "/" instead for path filters.'));
+    }
+    return path;
+}
+exports.validateAndSanitisePath = validateAndSanitisePath;
 function getNameInvalid(configFile) {
    return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
 }
@@ -146,10 +193,24 @@ function getConfigFileDoesNotExistErrorMessage(configFile) {
    return 'The configuration file "' + configFile + '" does not exist';
 }
 exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
+function getConfigFileRepoFormatInvalidMessage(configFile) {
+    let error = 'The configuration file "' + configFile + '" is not a supported remote file reference.';
+    error += ' Expected format <owner>/<repository>/<file-path>@<ref>';
+    return error;
+}
+exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
+function getConfigFileFormatInvalidMessage(configFile) {
+    return 'The configuration file "' + configFile + '" could not be read';
+}
+exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
+function getConfigFileDirectoryGivenMessage(configFile) {
+    return 'The configuration file "' + configFile + '" looks like a directory, not a file';
+}
+exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
 function getConfigFilePropertyError(configFile, property, error) {
    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
 }
-function initConfig() {
+async function initConfig() {
    let configFile = core.getInput('config-file');
    const config = new Config();
    // If no config file was provided create an empty one
@@ -157,18 +218,16 @@ function initConfig() {
        core.debug('No configuration file was provided');
        return config;
    }
-    // Treat the config file as relative to the workspace
-    const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
-    configFile = path.resolve(workspacePath, configFile);
-    // Error if the config file is now outside of the workspace
-    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
+    let parsedYAML;
+    if (isLocal(configFile)) {
+        // Treat the config file as relative to the workspace
+        const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
+        configFile = path.resolve(workspacePath, configFile);
+        parsedYAML = getLocalConfig(configFile, workspacePath);
    }
-    // Error if the file does not exist
-    if (!fs.existsSync(configFile)) {
-        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
+    else {
+        parsedYAML = await getRemoteConfig(configFile);
    }
-    const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
    if (NAME_PROPERTY in parsedYAML) {
        if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
            throw new Error(getNameInvalid(configFile));
@@ -203,7 +262,7 @@ function initConfig() {
            if (typeof path !== "string" || path === '') {
                throw new Error(getPathsIgnoreInvalid(configFile));
            }
-            config.pathsIgnore.push(path);
+            config.pathsIgnore.push(validateAndSanitisePath(path, PATHS_IGNORE_PROPERTY, configFile));
        });
    }
    if (PATHS_PROPERTY in parsedYAML) {
@@ -214,11 +273,55 @@ function initConfig() {
            if (typeof path !== "string" || path === '') {
                throw new Error(getPathsInvalid(configFile));
            }
-            config.paths.push(path);
+            config.paths.push(validateAndSanitisePath(path, PATHS_PROPERTY, configFile));
        });
    }
    return config;
 }
+function isLocal(configPath) {
+    // If the path starts with ./, look locally
+    if (configPath.indexOf("./") === 0) {
+        return true;
+    }
+    return (configPath.indexOf("@") === -1);
+}
+function getLocalConfig(configFile, workspacePath) {
+    // Error if the config file is now outside of the workspace
+    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
+        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
+    }
+    // Error if the file does not exist
+    if (!fs.existsSync(configFile)) {
+        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
+    }
+    return yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
+}
+async function getRemoteConfig(configFile) {
+    // retrieve the various parts of the config location, and ensure they're present
+    const format = new RegExp('(?<owner>[^/]+)/(?<repo>[^/]+)/(?<path>[^@]+)@(?<ref>.*)');
+    const pieces = format.exec(configFile);
+    // 5 = 4 groups + the whole expression
+    if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
+        throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
+    }
+    const response = await api.getApiClient().repos.getContents({
+        owner: pieces.groups.owner,
+        repo: pieces.groups.repo,
+        path: pieces.groups.path,
+        ref: pieces.groups.ref,
+    });
+    let fileContents;
+    if ("content" in response.data && response.data.content !== undefined) {
+        fileContents = response.data.content;
+    }
+    else if (Array.isArray(response.data)) {
+        throw new Error(getConfigFileDirectoryGivenMessage(configFile));
+    }
+    else {
+        throw new Error(getConfigFileFormatInvalidMessage(configFile));
+    }
+    return yaml.safeLoad(Buffer.from(fileContents, 'base64').toString('binary'));
+}
 function getConfigFolder() {
    return util.getRequiredEnvParam('RUNNER_TEMP');
 }
@@ -242,7 +345,7 @@ async function loadConfig() {
        return JSON.parse(configString);
    }
    else {
-        const config = initConfig();
+        const config = await initConfig();
        core.debug('Initialized config:');
        core.debug(JSON.stringify(config));
        await saveConfig(config);
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
@@ -9,14 +6,20 @@ var __importStar = (this && this.__importStar) || function (mod) {
    result["default"] = mod;
    return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const sinon_1 = __importDefault(require("sinon"));
+const api = __importStar(require("./api-client"));
 const configUtils = __importStar(require("./config-utils"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 function setInput(name, value) {
    // Transformation copied from
    // https://github.com/actions/toolkit/blob/05e39f551d33e1688f61b209ab5cdd335198f1b8/packages/core/src/core.ts#L69
@@ -28,6 +31,16 @@ function setInput(name, value) {
        delete process.env[envVar];
    }
 }
+function mockGetContents(content) {
+    // Passing an auth token is required, so we just use a dummy value
+    let client = new github.GitHub('123');
+    const response = {
+        data: content
+    };
+    const spyGetContents = sinon_1.default.stub(client.repos, "getContents").resolves(response);
+    sinon_1.default.stub(api, "getApiClient").value(() => client);
+    return spyGetContents;
+}
 ava_1.default("load empty config", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
        process.env['RUNNER_TEMP'] = tmpDir;
@@ -65,6 +78,21 @@ ava_1.default("load input outside of workspace", async (t) => {
        }
    });
 });
+ava_1.default("load non-local input with invalid repo syntax", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        // no filename given, just a repo
+        setInput('config-file', 'octo-org/codeql-config@main');
+        try {
+            await configUtils.loadConfig();
+            throw new Error('loadConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileRepoFormatInvalidMessage('octo-org/codeql-config@main')));
+        }
+    });
+});
 ava_1.default("load non-existent input", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
        process.env['RUNNER_TEMP'] = tmpDir;
@@ -114,6 +142,65 @@ ava_1.default("load non-empty input", async (t) => {
        t.deepEqual(actualConfig, expectedConfig);
    });
 });
+ava_1.default("API client used when reading remote config", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      disable-default-queries: true
+      queries:
+        - uses: ./
+      paths-ignore:
+        - a
+        - b
+      paths:
+        - c/d`;
+        const dummyResponse = {
+            content: Buffer.from(inputFileContents).toString("base64"),
+        };
+        const spyGetContents = mockGetContents(dummyResponse);
+        setInput('config-file', 'octo-org/codeql-config/config.yaml@main');
+        await configUtils.loadConfig();
+        t.assert(spyGetContents.called);
+    });
+});
+ava_1.default("Remote config handles the case where a directory is provided", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const dummyResponse = []; // directories are returned as arrays
+        mockGetContents(dummyResponse);
+        const repoReference = 'octo-org/codeql-config/config.yaml@main';
+        setInput('config-file', repoReference);
+        try {
+            await configUtils.loadConfig();
+            throw new Error('loadConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileDirectoryGivenMessage(repoReference)));
+        }
+    });
+});
+ava_1.default("Invalid format of remote config handled correctly", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const dummyResponse = {
+        // note no "content" property here
+        };
+        mockGetContents(dummyResponse);
+        const repoReference = 'octo-org/codeql-config/config.yaml@main';
+        setInput('config-file', repoReference);
+        try {
+            await configUtils.loadConfig();
+            throw new Error('loadConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileFormatInvalidMessage(repoReference)));
+        }
+    });
+});
 function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGenerator) {
    ava_1.default("load invalid input - " + testName, async (t) => {
        return await util.withTmpDir(async (tmpDir) => {
@@ -161,4 +248,41 @@ doInvalidQueryUsesTest("foo@master", c => configUtils.getQueryUsesInvalid(c, "fo
 doInvalidQueryUsesTest("https://github.com/foo/bar@master", c => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
 doInvalidQueryUsesTest("./foo", c => configUtils.getLocalPathDoesNotExist(c, "foo"));
 doInvalidQueryUsesTest("./..", c => configUtils.getLocalPathOutsideOfRepository(c, ".."));
+const validPaths = [
+    'foo',
+    'foo/',
+    'foo/**',
+    'foo/**/',
+    'foo/**/**',
+    'foo/**/bar/**/baz',
+    '**/',
+    '**/foo',
+    '/foo',
+];
+const invalidPaths = [
+    'a/***/b',
+    'a/**b',
+    'a/b**',
+    '**',
+];
+ava_1.default('path validations', t => {
+    // Dummy values to pass to validateAndSanitisePath
+    const propertyName = 'paths';
+    const configFile = './.github/codeql/config.yml';
+    for (const path of validPaths) {
+        t.truthy(configUtils.validateAndSanitisePath(path, propertyName, configFile));
+    }
+    for (const path of invalidPaths) {
+        t.throws(() => configUtils.validateAndSanitisePath(path, propertyName, configFile));
+    }
+});
+ava_1.default('path sanitisation', t => {
+    // Dummy values to pass to validateAndSanitisePath
+    const propertyName = 'paths';
+    const configFile = './.github/codeql/config.yml';
+    // Valid paths are not modified
+    t.deepEqual(configUtils.validateAndSanitisePath('foo/bar', propertyName, configFile), 'foo/bar');
+    // Trailing stars are stripped
+    t.deepEqual(configUtils.validateAndSanitisePath('foo/**', propertyName, configFile), 'foo/');
+});
 //# sourceMappingURL=config-utils.test.js.map
--- a/lib/config-utils.test.js.map
+++ b/lib/config-utils.test.js.map
--- a/lib/external-queries.test.js
+++ b/lib/external-queries.test.js
@@ -17,7 +17,7 @@ const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
    let config = new configUtils.Config();
    config.externalQueries = [
--- a/lib/external-queries.test.js.map
+++ b/lib/external-queries.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACvB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAC9F,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACvB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAC9F,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/finalize-db.js
+++ b/lib/finalize-db.js
@@ -8,10 +8,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
 const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const sharedEnv = __importStar(require("./shared-environment"));
@@ -36,57 +36,30 @@ function queryIsDisabled(language, query) {
    return (DISABLED_BUILTIN_QUERIES[language] || [])
        .some(disabledQuery => query.endsWith(disabledQuery));
 }
-async function createdDBForScannedLanguages(codeqlCmd, databaseFolder) {
+async function createdDBForScannedLanguages(databaseFolder) {
    const scannedLanguages = process.env[sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES];
    if (scannedLanguages) {
+        const codeql = codeql_1.getCodeQL();
        for (const language of scannedLanguages.split(',')) {
            core.startGroup('Extracting ' + language);
-            // Get extractor location
-            let extractorPath = '';
-            await exec.exec(codeqlCmd, ['resolve', 'extractor', '--format=json', '--language=' + language], {
-                silent: true,
-                listeners: {
-                    stdout: (data) => { extractorPath += data.toString(); },
-                    stderr: (data) => { process.stderr.write(data); }
-                }
-            });
-            // Set trace command
-            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
-            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
-            // Run trace command
-            await exec.exec(codeqlCmd, ['database', 'trace-command', path.join(databaseFolder, language), '--', traceCommand]);
+            await codeql.extractScannedLanguage(path.join(databaseFolder, language), language);
            core.endGroup();
        }
    }
 }
-async function finalizeDatabaseCreation(codeqlCmd, databaseFolder) {
-    await createdDBForScannedLanguages(codeqlCmd, databaseFolder);
+async function finalizeDatabaseCreation(databaseFolder) {
+    await createdDBForScannedLanguages(databaseFolder);
    const languages = process.env[sharedEnv.CODEQL_ACTION_LANGUAGES] || '';
+    const codeql = codeql_1.getCodeQL();
    for (const language of languages.split(',')) {
        core.startGroup('Finalizing ' + language);
-        await exec.exec(codeqlCmd, ['database', 'finalize', path.join(databaseFolder, language)]);
+        await codeql.finalizeDatabase(path.join(databaseFolder, language));
        core.endGroup();
    }
 }
-async function runResolveQueries(codeqlCmd, queries) {
-    let output = '';
-    const options = {
-        listeners: {
-            stdout: (data) => {
-                output += data.toString();
-            }
-        }
-    };
-    await exec.exec(codeqlCmd, [
-        'resolve',
-        'queries',
-        ...queries,
-        '--format=bylanguage'
-    ], options);
-    return JSON.parse(output);
-}
-async function resolveQueryLanguages(codeqlCmd, config) {
+async function resolveQueryLanguages(config) {
    let res = new Map();
+    const codeql = codeql_1.getCodeQL();
    if (!config.disableDefaultQueries || config.additionalSuites.length !== 0) {
        const suites = [];
        for (const language of await util.getLanguages()) {
@@ -97,7 +70,7 @@ async function resolveQueryLanguages(codeqlCmd, config) {
                suites.push(language + '-' + additionalSuite + '.qls');
            }
        }
-        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, suites);
+        const resolveQueriesOutputObject = await codeql.resolveQueries(suites);
        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
            if (res[language] === undefined) {
                res[language] = [];
@@ -106,7 +79,7 @@ async function resolveQueryLanguages(codeqlCmd, config) {
        }
    }
    if (config.additionalQueries.length !== 0) {
-        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, config.additionalQueries);
+        const resolveQueriesOutputObject = await codeql.resolveQueries(config.additionalQueries);
        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
            if (res[language] === undefined) {
                res[language] = [];
@@ -127,8 +100,9 @@ async function resolveQueryLanguages(codeqlCmd, config) {
    return res;
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
-    const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
+async function runQueries(databaseFolder, sarifFolder, config) {
+    const queriesPerLanguage = await resolveQueryLanguages(config);
+    const codeql = codeql_1.getCodeQL();
    for (let database of fs.readdirSync(databaseFolder)) {
        core.startGroup('Analyzing ' + database);
        const queries = queriesPerLanguage[database] || [];
@@ -142,17 +116,7 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
        fs.writeFileSync(querySuite, querySuiteContents);
        core.debug('Query suite file for ' + database + '...\n' + querySuiteContents);
        const sarifFile = path.join(sarifFolder, database + '.sarif');
-        await exec.exec(codeqlCmd, [
-            'database',
-            'analyze',
-            util.getMemoryFlag(),
-            util.getThreadsFlag(),
-            path.join(databaseFolder, database),
-            '--format=sarif-latest',
-            '--output=' + sarifFile,
-            '--no-sarif-add-snippets',
-            querySuite
-        ]);
+        await codeql.databaseAnalyze(path.join(databaseFolder, database), sarifFile, querySuite);
        core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
        core.endGroup();
    }
@@ -165,15 +129,14 @@ async function run() {
        const config = await configUtils.loadConfig();
        core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
        const databaseFolder = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_DATABASE_DIR);
        const sarifFolder = core.getInput('output');
        await io.mkdirP(sarifFolder);
        core.info('Finalizing database creation');
-        await finalizeDatabaseCreation(codeqlCmd, databaseFolder);
+        await finalizeDatabaseCreation(databaseFolder);
        await externalQueries.checkoutExternalQueries(config);
        core.info('Analyzing database');
-        await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
+        await runQueries(databaseFolder, sarifFolder, config);
        if ('true' === core.getInput('upload')) {
            if (!await upload_lib.upload(sarifFolder)) {
                await util.reportActionFailed('finish', 'upload');
--- a/lib/finalize-db.js.map
+++ b/lib/finalize-db.js.map
--- a/lib/fingerprints.test.js
+++ b/lib/fingerprints.test.js
@@ -15,7 +15,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const fingerprints = __importStar(require("./fingerprints"));
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 function testHash(t, input, expectedHashes) {
    let index = 0;
    let callback = function (lineNumber, hash) {
--- a/lib/fingerprints.test.js.map
+++ b/lib/fingerprints.test.js.map
--- a/lib/setup-tracer.js
+++ b/lib/setup-tracer.js
@@ -13,8 +13,8 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const analysisPaths = __importStar(require("./analysis-paths"));
+const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
-const setuptools = __importStar(require("./setup-tools"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
@@ -28,12 +28,7 @@ const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
    'SEMMLE_JAVA_TOOL_OPTIONS'
 ]);
 async function tracerConfig(codeql, database, compilerSpec) {
-    const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
-    let envFile = path.resolve(database, 'working', 'env.tmp');
-    await exec.exec(codeql.cmd, ['database', 'trace-command', database,
-        ...compilerSpecArg,
-        process.execPath, path.resolve(__dirname, 'tracer-env.js'), envFile]);
-    const env = JSON.parse(fs.readFileSync(envFile, 'utf-8'));
+    const env = await codeql.getTracerEnv(database, compilerSpec);
    const config = env['ODASA_TRACER_CONFIGURATION'];
    const info = { spec: config, env: {} };
    // Extract critical tracer variables from the environment
@@ -151,8 +146,8 @@ async function run() {
    try {
        const sourceRoot = path.resolve();
        core.startGroup('Setup CodeQL tools');
-        const codeqlSetup = await setuptools.setupCodeQL();
-        await exec.exec(codeqlSetup.cmd, ['version', '--format=json']);
+        const codeql = await codeql_1.setupCodeQL();
+        await codeql.printVersion();
        core.endGroup();
        // Forward Go flags
        const goFlags = process.env['GOFLAGS'];
@@ -171,16 +166,10 @@ async function run() {
        for (let language of languages) {
            const languageDatabase = path.join(databaseFolder, language);
            // Init language database
-            await exec.exec(codeqlSetup.cmd, [
-                'database',
-                'init',
-                languageDatabase,
-                '--language=' + language,
-                '--source-root=' + sourceRoot,
-            ]);
+            await codeql.databaseInit(languageDatabase, language, sourceRoot);
            // TODO: add better detection of 'traced languages' instead of using a hard coded list
            if (['cpp', 'java', 'csharp'].includes(language)) {
-                const config = await tracerConfig(codeqlSetup, languageDatabase);
+                const config = await tracerConfig(codeql, languageDatabase);
                tracedLanguages[language] = config;
            }
            else {
@@ -196,16 +185,16 @@ async function run() {
                }
                core.exportVariable('ODASA_TRACER_CONFIGURATION', mainTracerConfig.spec);
                if (process.platform === 'darwin') {
-                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeqlSetup.tools, 'osx64', 'libtrace.dylib'));
+                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeql.getDir(), 'tools', 'osx64', 'libtrace.dylib'));
                }
                else if (process.platform === 'win32') {
                    await exec.exec('powershell', [
                        path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
-                        path.resolve(codeqlSetup.tools, 'win64', 'tracer.exe'),
+                        path.resolve(codeql.getDir(), 'tools', 'win64', 'tracer.exe'),
                    ], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
                }
                else {
-                    core.exportVariable('LD_PRELOAD', path.join(codeqlSetup.tools, 'linux64', '${LIB}trace.so'));
+                    core.exportVariable('LD_PRELOAD', path.join(codeql.getDir(), 'tools', 'linux64', '${LIB}trace.so'));
                }
            }
        }
@@ -213,7 +202,6 @@ async function run() {
        core.exportVariable(sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES, tracedLanguageKeys.join(','));
        // TODO: make this a "private" environment variable of the action
        core.exportVariable(sharedEnv.CODEQL_ACTION_DATABASE_DIR, databaseFolder);
-        core.exportVariable(sharedEnv.CODEQL_ACTION_CMD, codeqlSetup.cmd);
    }
    catch (error) {
        core.setFailed(error.message);
--- a/lib/setup-tracer.js.map
+++ b/lib/setup-tracer.js.map
--- a/lib/shared-environment.js
+++ b/lib/shared-environment.js
@@ -1,6 +1,5 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
 exports.CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
 exports.CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
 exports.CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';
--- a/lib/shared-environment.js.map
+++ b/lib/shared-environment.js.map
@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,iBAAiB,GAAG,mBAAmB,CAAC;AACxC,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
--- a/lib/testing-utils.js
+++ b/lib/testing-utils.js
@@ -1,5 +1,9 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const sinon_1 = __importDefault(require("sinon"));
 function wrapOutput(context) {
    // Function signature taken from Socket.write.
    // Note there are two overloads:
@@ -25,7 +29,7 @@ function wrapOutput(context) {
        return true;
    };
 }
-function silenceDebugOutput(test) {
+function setupTests(test) {
    const typedTest = test;
    typedTest.beforeEach(t => {
        t.context.testOutput = "";
@@ -43,6 +47,9 @@ function silenceDebugOutput(test) {
            process.stdout.write(t.context.testOutput);
        }
    });
+    typedTest.afterEach.always(() => {
+        sinon_1.default.restore();
+    });
 }
-exports.silenceDebugOutput = silenceDebugOutput;
+exports.setupTests = setupTests;
 //# sourceMappingURL=testing-utils.js.map
--- a/lib/testing-utils.js.map
+++ b/lib/testing-utils.js.map
@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;AAIA,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAvBD,gDAuBC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;AACA,kDAA0B;AAI1B,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE;QAC9B,eAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AA3BD,gCA2BC"}
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -57,7 +57,7 @@ async function uploadPayload(payload) {
    // minutes, but just waiting a little bit could maybe help.
    const backoffPeriods = [1, 5, 15];
    for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
-        const response = await api.client.request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
+        const response = await api.getApiClient().request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
            owner: owner,
            repo: repo,
            data: payload,
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@@ -13,7 +13,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default('validateSarifFileSchema - valid', t => {
    const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
    t.true(uploadLib.validateSarifFileSchema(inputFile));
--- a/lib/upload-lib.test.js.map
+++ b/lib/upload-lib.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAAmD;AACnD,wDAA0C;AAE1C,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAA2C;AAC3C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
--- a/lib/util.js
+++ b/lib/util.js
@@ -69,7 +69,7 @@ async function getLanguagesInRepo() {
        let owner = repo_nwo[0];
        let repo = repo_nwo[1];
        core.debug(`GitHub repo ${owner} ${repo}`);
-        const response = await api.client.request("GET /repos/:owner/:repo/languages", ({
+        const response = await api.getApiClient().request("GET /repos/:owner/:repo/languages", ({
            owner,
            repo
        }));
@@ -161,13 +161,14 @@ async function getWorkflowPath() {
    const owner = repo_nwo[0];
    const repo = repo_nwo[1];
    const run_id = Number(getRequiredEnvParam('GITHUB_RUN_ID'));
-    const runsResponse = await api.client.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+    const apiClient = api.getApiClient();
+    const runsResponse = await apiClient.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
        owner,
        repo,
        run_id
    });
    const workflowUrl = runsResponse.data.workflow_url;
-    const workflowResponse = await api.client.request('GET ' + workflowUrl);
+    const workflowResponse = await apiClient.request('GET ' + workflowUrl);
    return workflowResponse.data.path;
 }
 /**
@@ -227,6 +228,7 @@ async function createStatusReport(actionName, status, cause, exception) {
    }
    const workflowName = process.env['GITHUB_WORKFLOW'] || '';
    const jobName = process.env['GITHUB_JOB'] || '';
+    const analysis_key = await getAnalysisKey();
    const languages = (await getLanguages()).sort().join(',');
    const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT] || new Date().toISOString();
    core.exportVariable(sharedEnv.CODEQL_ACTION_STARTED_AT, startedAt);
@@ -234,6 +236,7 @@ async function createStatusReport(actionName, status, cause, exception) {
        workflow_run_id: workflowRunID,
        workflow_name: workflowName,
        job_name: jobName,
+        analysis_key: analysis_key,
        languages: languages,
        commit_oid: commitOid,
        ref: ref,
@@ -268,7 +271,7 @@ async function sendStatusReport(statusReport) {
    core.debug('Sending status report: ' + statusReportJSON);
    const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
    const [owner, repo] = nwo.split("/");
-    const statusResponse = await api.client.request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
+    const statusResponse = await api.getApiClient().request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
        owner: owner,
        repo: repo,
        data: statusReportJSON,
--- a/lib/util.js.map
+++ b/lib/util.js.map
--- a/lib/util.test.js
+++ b/lib/util.test.js
@@ -15,7 +15,7 @@ const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default('getToolNames', t => {
    const input = fs.readFileSync(__dirname + '/../src/testdata/tool-names.sarif', 'utf8');
    const toolNames = util.getToolNames(input);
--- a/lib/util.test.js.map
+++ b/lib/util.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC"}
--- a/node_modules/@actions/github/README.md
+++ b/node_modules/@actions/github/README.md
@@ -0,0 +1,74 @@
+# `@actions/github`
+
+> A hydrated Octokit client.
+
+## Usage
+
+Returns an authenticated Octokit client that follows the machine [proxy settings](https://help.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners). See https://octokit.github.io/rest.js for the API.
+
+```js
+const github = require('@actions/github');
+const core = require('@actions/core');
+
+async function run() {
+    // This should be a token with access to your repository scoped in as a secret.
+    // The YML workflow will need to set myToken with the GitHub Secret Token
+    // myToken: ${{ secrets.GITHUB_TOKEN }}
+    // https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token#about-the-github_token-secret
+    const myToken = core.getInput('myToken');
+
+    const octokit = new github.GitHub(myToken);
+
+    const { data: pullRequest } = await octokit.pulls.get({
+        owner: 'octokit',
+        repo: 'rest.js',
+        pull_number: 123,
+        mediaType: {
+          format: 'diff'
+        }
+    });
+
+    console.log(pullRequest);
+}
+
+run();
+```
+
+You can pass client options, as specified by [Octokit](https://octokit.github.io/rest.js/), as a second argument to the `GitHub` constructor.
+
+You can also make GraphQL requests. See https://github.com/octokit/graphql.js for the API.
+
+```js
+const result = await octokit.graphql(query, variables);
+```
+
+Finally, you can get the context of the current action:
+
+```js
+const github = require('@actions/github');
+
+const context = github.context;
+
+const newIssue = await octokit.issues.create({
+  ...context.repo,
+  title: 'New issue!',
+  body: 'Hello Universe!'
+});
+```
+
+## Webhook payload typescript definitions
+
+The npm module `@octokit/webhooks` provides type definitions for the response payloads. You can cast the payload to these types for better type information.
+
+First, install the npm module `npm install @octokit/webhooks`
+
+Then, assert the type based on the eventName
+```ts
+import * as core from '@actions/core'
+import * as github from '@actions/github'
+import * as Webhooks from '@octokit/webhooks'
+if (github.context.eventName === 'push') {
+  const pushPayload = github.context.payload as Webhooks.WebhookPayloadPush
+  core.info(`The head commit is: ${pushPayload.head}`)
+}
+```
--- a/node_modules/@actions/github/lib/context.d.ts
+++ b/node_modules/@actions/github/lib/context.d.ts
@@ -0,0 +1,26 @@
+import { WebhookPayload } from './interfaces';
+export declare class Context {
+    /**
+     * Webhook payload object that triggered the workflow
+     */
+    payload: WebhookPayload;
+    eventName: string;
+    sha: string;
+    ref: string;
+    workflow: string;
+    action: string;
+    actor: string;
+    /**
+     * Hydrate the context from the environment
+     */
+    constructor();
+    get issue(): {
+        owner: string;
+        repo: string;
+        number: number;
+    };
+    get repo(): {
+        owner: string;
+        repo: string;
+    };
+}
--- a/node_modules/@actions/github/lib/context.js
+++ b/node_modules/@actions/github/lib/context.js
@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = require("fs");
+const os_1 = require("os");
+class Context {
+    /**
+     * Hydrate the context from the environment
+     */
+    constructor() {
+        this.payload = {};
+        if (process.env.GITHUB_EVENT_PATH) {
+            if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) {
+                this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));
+            }
+            else {
+                const path = process.env.GITHUB_EVENT_PATH;
+                process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`);
+            }
+        }
+        this.eventName = process.env.GITHUB_EVENT_NAME;
+        this.sha = process.env.GITHUB_SHA;
+        this.ref = process.env.GITHUB_REF;
+        this.workflow = process.env.GITHUB_WORKFLOW;
+        this.action = process.env.GITHUB_ACTION;
+        this.actor = process.env.GITHUB_ACTOR;
+    }
+    get issue() {
+        const payload = this.payload;
+        return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number });
+    }
+    get repo() {
+        if (process.env.GITHUB_REPOSITORY) {
+            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
+            return { owner, repo };
+        }
+        if (this.payload.repository) {
+            return {
+                owner: this.payload.repository.owner.login,
+                repo: this.payload.repository.name
+            };
+        }
+        throw new Error("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
+    }
+}
+exports.Context = Context;
+//# sourceMappingURL=context.js.map
--- a/node_modules/@actions/github/lib/context.js.map
+++ b/node_modules/@actions/github/lib/context.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":";;AAEA,2BAA2C;AAC3C,2BAAsB;AAEtB,MAAa,OAAO;IAalB;;OAEG;IACH;QACE,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,IAAI,eAAU,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE;gBAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CACvB,iBAAY,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAC,QAAQ,EAAE,MAAM,EAAC,CAAC,CAChE,CAAA;aACF;iBAAM;gBACL,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;gBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,kBAAkB,QAAG,EAAE,CAAC,CAAA;aACvE;SACF;QACD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAA2B,CAAA;QACxD,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAyB,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAuB,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAsB,CAAA;IACjD,CAAC;IAED,IAAI,KAAK;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,uCACK,IAAI,CAAC,IAAI,KACZ,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,CAAC,MAAM,IAClE;IACH,CAAC;IAED,IAAI,IAAI;QACN,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9D,OAAO,EAAC,KAAK,EAAE,IAAI,EAAC,CAAA;SACrB;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YAC3B,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK;gBAC1C,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI;aACnC,CAAA;SACF;QAED,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;IACH,CAAC;CACF;AA9DD,0BA8DC"}
--- a/node_modules/@actions/github/lib/github.d.ts
+++ b/node_modules/@actions/github/lib/github.d.ts
@@ -0,0 +1,27 @@
+import { graphql as GraphQL } from '@octokit/graphql/dist-types/types';
+import { Octokit } from '@octokit/rest';
+import * as Context from './context';
+export declare const context: Context.Context;
+export declare class GitHub extends Octokit {
+    graphql: GraphQL;
+    /**
+     * Sets up the REST client and GraphQL client with auth and proxy support.
+     * The parameter `token` or `opts.auth` must be supplied. The GraphQL client
+     * authorization is not setup when `opts.auth` is a function or object.
+     *
+     * @param token  Auth token
+     * @param opts   Octokit options
+     */
+    constructor(token: string, opts?: Omit<Octokit.Options, 'auth'>);
+    constructor(opts: Octokit.Options);
+    /**
+     * Disambiguates the constructor overload parameters
+     */
+    private static disambiguate;
+    private static getOctokitOptions;
+    private static getGraphQL;
+    private static getAuthString;
+    private static getProxyAgent;
+    private static getApiBaseUrl;
+    private static getGraphQLBaseUrl;
+}
--- a/node_modules/@actions/github/lib/github.js
+++ b/node_modules/@actions/github/lib/github.js
@@ -0,0 +1,108 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Originally pulled from https://github.com/JasonEtco/actions-toolkit/blob/master/src/github.ts
+const graphql_1 = require("@octokit/graphql");
+const rest_1 = require("@octokit/rest");
+const Context = __importStar(require("./context"));
+const httpClient = __importStar(require("@actions/http-client"));
+// We need this in order to extend Octokit
+rest_1.Octokit.prototype = new rest_1.Octokit();
+exports.context = new Context.Context();
+class GitHub extends rest_1.Octokit {
+    constructor(token, opts) {
+        super(GitHub.getOctokitOptions(GitHub.disambiguate(token, opts)));
+        this.graphql = GitHub.getGraphQL(GitHub.disambiguate(token, opts));
+    }
+    /**
+     * Disambiguates the constructor overload parameters
+     */
+    static disambiguate(token, opts) {
+        return [
+            typeof token === 'string' ? token : '',
+            typeof token === 'object' ? token : opts || {}
+        ];
+    }
+    static getOctokitOptions(args) {
+        const token = args[0];
+        const options = Object.assign({}, args[1]); // Shallow clone - don't mutate the object provided by the caller
+        // Base URL - GHES or Dotcom
+        options.baseUrl = options.baseUrl || this.getApiBaseUrl();
+        // Auth
+        const auth = GitHub.getAuthString(token, options);
+        if (auth) {
+            options.auth = auth;
+        }
+        // Proxy
+        const agent = GitHub.getProxyAgent(options.baseUrl, options);
+        if (agent) {
+            // Shallow clone - don't mutate the object provided by the caller
+            options.request = options.request ? Object.assign({}, options.request) : {};
+            // Set the agent
+            options.request.agent = agent;
+        }
+        return options;
+    }
+    static getGraphQL(args) {
+        const defaults = {};
+        defaults.baseUrl = this.getGraphQLBaseUrl();
+        const token = args[0];
+        const options = args[1];
+        // Authorization
+        const auth = this.getAuthString(token, options);
+        if (auth) {
+            defaults.headers = {
+                authorization: auth
+            };
+        }
+        // Proxy
+        const agent = GitHub.getProxyAgent(defaults.baseUrl, options);
+        if (agent) {
+            defaults.request = { agent };
+        }
+        return graphql_1.graphql.defaults(defaults);
+    }
+    static getAuthString(token, options) {
+        // Validate args
+        if (!token && !options.auth) {
+            throw new Error('Parameter token or opts.auth is required');
+        }
+        else if (token && options.auth) {
+            throw new Error('Parameters token and opts.auth may not both be specified');
+        }
+        return typeof options.auth === 'string' ? options.auth : `token ${token}`;
+    }
+    static getProxyAgent(destinationUrl, options) {
+        var _a;
+        if (!((_a = options.request) === null || _a === void 0 ? void 0 : _a.agent)) {
+            if (httpClient.getProxyUrl(destinationUrl)) {
+                const hc = new httpClient.HttpClient();
+                return hc.getAgent(destinationUrl);
+            }
+        }
+        return undefined;
+    }
+    static getApiBaseUrl() {
+        return process.env['GITHUB_API_URL'] || 'https://api.github.com';
+    }
+    static getGraphQLBaseUrl() {
+        let url = process.env['GITHUB_GRAPHQL_URL'] || 'https://api.github.com/graphql';
+        // Shouldn't be a trailing slash, but remove if so
+        if (url.endsWith('/')) {
+            url = url.substr(0, url.length - 1);
+        }
+        // Remove trailing "/graphql"
+        if (url.toUpperCase().endsWith('/GRAPHQL')) {
+            url = url.substr(0, url.length - '/graphql'.length);
+        }
+        return url;
+    }
+}
+exports.GitHub = GitHub;
+//# sourceMappingURL=github.js.map
--- a/node_modules/@actions/github/lib/github.js.map
+++ b/node_modules/@actions/github/lib/github.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":";;;;;;;;;AAAA,gGAAgG;AAChG,8CAAwC;AAUxC,wCAAqC;AACrC,mDAAoC;AAEpC,iEAAkD;AAElD,0CAA0C;AAC1C,cAAO,CAAC,SAAS,GAAG,IAAI,cAAO,EAAE,CAAA;AAEpB,QAAA,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAA;AAE5C,MAAa,MAAO,SAAQ,cAAO;IAiBjC,YAAY,KAA+B,EAAE,IAAsB;QACjE,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAA;QAEjE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;IACpE,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CACzB,KAA+B,EAC/B,IAAsB;QAEtB,OAAO;YACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACtC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;SAC/C,CAAA;IACH,CAAC;IAEO,MAAM,CAAC,iBAAiB,CAC9B,IAA+B;QAE/B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,qBAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,iEAAiE;QAE9F,4BAA4B;QAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,CAAA;QAEzD,OAAO;QACP,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACjD,IAAI,IAAI,EAAE;YACR,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC5D,IAAI,KAAK,EAAE;YACT,iEAAiE;YACjE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,mBAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAA;YAE7D,gBAAgB;YAChB,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;SAC9B;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,IAA+B;QACvD,MAAM,QAAQ,GAA6B,EAAE,CAAA;QAC7C,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAEvB,gBAAgB;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC/C,IAAI,IAAI,EAAE;YACR,QAAQ,CAAC,OAAO,GAAG;gBACjB,aAAa,EAAE,IAAI;aACpB,CAAA;SACF;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC7D,IAAI,KAAK,EAAE;YACT,QAAQ,CAAC,OAAO,GAAG,EAAC,KAAK,EAAC,CAAA;SAC3B;QAED,OAAO,iBAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,KAAa,EACb,OAAwB;QAExB,gBAAgB;QAChB,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;SAC5D;aAAM,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE;YAChC,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;SACF;QAED,OAAO,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,cAAsB,EACtB,OAAwB;;QAExB,IAAI,QAAC,OAAO,CAAC,OAAO,0CAAE,KAAK,CAAA,EAAE;YAC3B,IAAI,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE;gBAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,CAAA;gBACtC,OAAO,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;aACnC;SACF;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,aAAa;QAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,wBAAwB,CAAA;IAClE,CAAC;IAEO,MAAM,CAAC,iBAAiB;QAC9B,IAAI,GAAG,GACL,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gCAAgC,CAAA;QAEvE,kDAAkD;QAClD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACrB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;SACpC;QAED,6BAA6B;QAC7B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;YAC1C,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;SACpD;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxID,wBAwIC"}
--- a/node_modules/@actions/github/lib/interfaces.d.ts
+++ b/node_modules/@actions/github/lib/interfaces.d.ts
@@ -0,0 +1,36 @@
+export interface PayloadRepository {
+    [key: string]: any;
+    full_name?: string;
+    name: string;
+    owner: {
+        [key: string]: any;
+        login: string;
+        name?: string;
+    };
+    html_url?: string;
+}
+export interface WebhookPayload {
+    [key: string]: any;
+    repository?: PayloadRepository;
+    issue?: {
+        [key: string]: any;
+        number: number;
+        html_url?: string;
+        body?: string;
+    };
+    pull_request?: {
+        [key: string]: any;
+        number: number;
+        html_url?: string;
+        body?: string;
+    };
+    sender?: {
+        [key: string]: any;
+        type: string;
+    };
+    action?: string;
+    installation?: {
+        id: number;
+        [key: string]: any;
+    };
+}
--- a/node_modules/@actions/github/lib/interfaces.js
+++ b/node_modules/@actions/github/lib/interfaces.js
@@ -0,0 +1,4 @@
+"use strict";
+/* eslint-disable @typescript-eslint/no-explicit-any */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=interfaces.js.map
--- a/node_modules/@actions/github/lib/interfaces.js.map
+++ b/node_modules/@actions/github/lib/interfaces.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":";AAAA,uDAAuD"}
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/LICENSE
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/LICENSE
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/README.md
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/README.md
@@ -99,17 +99,14 @@ If your target runtime environments supports async iterators (such as most moder

 ```js
 const parameters = {
-  owner: "octocat",
-  repo: "hello-world",
-  since: "2010-10-01",
-  per_page: 100
-};
-for await (const response of octokit.paginate.iterator(
-  "GET /repos/:owner/:repo/issues",
-  parameters
-)) {
+    owner: "octocat",
+    repo: "hello-world",
+    since: "2010-10-01",
+    per_page: 100
+  }
+for await (const response of octokit.paginate.iterator("GET /repos/:owner/:repo/issues", parameters)) {
  // do whatever you want with each response, break out of the loop, etc.
-  console.log(response.data.title);
+  console.log(response.data.title)
 }
 ```

--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-node/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-node/index.js
@@ -2,26 +2,32 @@

 Object.defineProperty(exports, '__esModule', { value: true });

-const VERSION = "2.0.2";
+const VERSION = "1.1.2";

 /**
 * Some “list” response that can be paginated have a different response structure
 *
 * They have a `total_count` key in the response (search also has `incomplete_results`,
 * /installation/repositories also has `repository_selection`), as well as a key with
- * the list of the items which name varies from endpoint to endpoint.
+ * the list of the items which name varies from endpoint to endpoint:
+ *
+ * - https://developer.github.com/v3/search/#example (key `items`)
+ * - https://developer.github.com/v3/checks/runs/#response-3 (key: `check_runs`)
+ * - https://developer.github.com/v3/checks/suites/#response-1 (key: `check_suites`)
+ * - https://developer.github.com/v3/apps/installations/#list-repositories (key: `repositories`)
+ * - https://developer.github.com/v3/apps/installations/#list-installations-for-a-user (key `installations`)
 *
 * Octokit normalizes these responses so that paginated results are always returned following
 * the same structure. One challenge is that if the list response has only one page, no Link
 * header is provided, so this header alone is not sufficient to check wether a response is
- * paginated or not.
- *
- * We check if a "total_count" key is present in the response data, but also make sure that
- * a "url" property is not, as the "Get the combined status for a specific ref" endpoint would
- * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+ * paginated or not. For the exceptions with the namespace, a fallback check for the route
+ * paths has to be added in order to normalize the response. We cannot check for the total_count
+ * property because it also exists in the response of Get the combined status for a specific ref.
 */
+const REGEX = [/^\/search\//, /^\/repos\/[^/]+\/[^/]+\/commits\/[^/]+\/(check-runs|check-suites)([^/]|$)/, /^\/installation\/repositories([^/]|$)/, /^\/user\/installations([^/]|$)/, /^\/repos\/[^/]+\/[^/]+\/actions\/secrets([^/]|$)/, /^\/repos\/[^/]+\/[^/]+\/actions\/workflows(\/[^/]+\/runs)?([^/]|$)/, /^\/repos\/[^/]+\/[^/]+\/actions\/runs(\/[^/]+\/(artifacts|jobs))?([^/]|$)/];
 function normalizePaginatedListResponse(octokit, url, response) {
-  const responseNeedsNormalization = "total_count" in response.data && !("url" in response.data);
+  const path = url.replace(octokit.request.endpoint.DEFAULTS.baseUrl, "");
+  const responseNeedsNormalization = REGEX.find(regex => regex.test(path));
  if (!responseNeedsNormalization) return; // keep the additional properties intact as there is currently no other way
  // to retrieve the same information.

@@ -44,6 +50,13 @@ function normalizePaginatedListResponse(octokit, url, response) {
  }

  response.data.total_count = totalCount;
+  Object.defineProperty(response.data, namespaceKey, {
+    get() {
+      octokit.log.warn(`[@octokit/paginate-rest] "response.data.${namespaceKey}" is deprecated for "GET ${path}". Get the results directly from "response.data"`);
+      return Array.from(data);
+    }
+
+  });
 }

 function iterator(octokit, route, parameters) {
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-node/index.js.map
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-node/index.js.map
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/normalize-paginated-list-response.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/normalize-paginated-list-response.js
@@ -3,19 +3,33 @@
 *
 * They have a `total_count` key in the response (search also has `incomplete_results`,
 * /installation/repositories also has `repository_selection`), as well as a key with
- * the list of the items which name varies from endpoint to endpoint.
+ * the list of the items which name varies from endpoint to endpoint:
+ *
+ * - https://developer.github.com/v3/search/#example (key `items`)
+ * - https://developer.github.com/v3/checks/runs/#response-3 (key: `check_runs`)
+ * - https://developer.github.com/v3/checks/suites/#response-1 (key: `check_suites`)
+ * - https://developer.github.com/v3/apps/installations/#list-repositories (key: `repositories`)
+ * - https://developer.github.com/v3/apps/installations/#list-installations-for-a-user (key `installations`)
 *
 * Octokit normalizes these responses so that paginated results are always returned following
 * the same structure. One challenge is that if the list response has only one page, no Link
 * header is provided, so this header alone is not sufficient to check wether a response is
- * paginated or not.
- *
- * We check if a "total_count" key is present in the response data, but also make sure that
- * a "url" property is not, as the "Get the combined status for a specific ref" endpoint would
- * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+ * paginated or not. For the exceptions with the namespace, a fallback check for the route
+ * paths has to be added in order to normalize the response. We cannot check for the total_count
+ * property because it also exists in the response of Get the combined status for a specific ref.
 */
+const REGEX = [
+    /^\/search\//,
+    /^\/repos\/[^/]+\/[^/]+\/commits\/[^/]+\/(check-runs|check-suites)([^/]|$)/,
+    /^\/installation\/repositories([^/]|$)/,
+    /^\/user\/installations([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/secrets([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/workflows(\/[^/]+\/runs)?([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/runs(\/[^/]+\/(artifacts|jobs))?([^/]|$)/
+];
 export function normalizePaginatedListResponse(octokit, url, response) {
-    const responseNeedsNormalization = "total_count" in response.data && !("url" in response.data);
+    const path = url.replace(octokit.request.endpoint.DEFAULTS.baseUrl, "");
+    const responseNeedsNormalization = REGEX.find(regex => regex.test(path));
    if (!responseNeedsNormalization)
        return;
    // keep the additional properties intact as there is currently no other way
@@ -36,4 +50,10 @@ export function normalizePaginatedListResponse(octokit, url, response) {
        response.data.repository_selection = repositorySelection;
    }
    response.data.total_count = totalCount;
+    Object.defineProperty(response.data, namespaceKey, {
+        get() {
+            octokit.log.warn(`[@octokit/paginate-rest] "response.data.${namespaceKey}" is deprecated for "GET ${path}". Get the results directly from "response.data"`);
+            return Array.from(data);
+        }
+    });
 }
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/types.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/types.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/version.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/version.js
@@ -0,0 +1 @@
+export const VERSION = "1.1.2";
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts
@@ -3,16 +3,20 @@
 *
 * They have a `total_count` key in the response (search also has `incomplete_results`,
 * /installation/repositories also has `repository_selection`), as well as a key with
- * the list of the items which name varies from endpoint to endpoint.
+ * the list of the items which name varies from endpoint to endpoint:
+ *
+ * - https://developer.github.com/v3/search/#example (key `items`)
+ * - https://developer.github.com/v3/checks/runs/#response-3 (key: `check_runs`)
+ * - https://developer.github.com/v3/checks/suites/#response-1 (key: `check_suites`)
+ * - https://developer.github.com/v3/apps/installations/#list-repositories (key: `repositories`)
+ * - https://developer.github.com/v3/apps/installations/#list-installations-for-a-user (key `installations`)
 *
 * Octokit normalizes these responses so that paginated results are always returned following
 * the same structure. One challenge is that if the list response has only one page, no Link
 * header is provided, so this header alone is not sufficient to check wether a response is
- * paginated or not.
- *
- * We check if a "total_count" key is present in the response data, but also make sure that
- * a "url" property is not, as the "Get the combined status for a specific ref" endpoint would
- * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+ * paginated or not. For the exceptions with the namespace, a fallback check for the route
+ * paths has to be added in order to normalize the response. We cannot check for the total_count
+ * property because it also exists in the response of Get the combined status for a specific ref.
 */
 import { Octokit } from "@octokit/core";
 import { OctokitResponse } from "./types";
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/version.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/version.d.ts
@@ -0,0 +1 @@
+export declare const VERSION = "1.1.2";
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-web/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-web/index.js
@@ -1,23 +1,37 @@
-const VERSION = "2.0.2";
+const VERSION = "1.1.2";

 /**
 * Some “list” response that can be paginated have a different response structure
 *
 * They have a `total_count` key in the response (search also has `incomplete_results`,
 * /installation/repositories also has `repository_selection`), as well as a key with
- * the list of the items which name varies from endpoint to endpoint.
+ * the list of the items which name varies from endpoint to endpoint:
+ *
+ * - https://developer.github.com/v3/search/#example (key `items`)
+ * - https://developer.github.com/v3/checks/runs/#response-3 (key: `check_runs`)
+ * - https://developer.github.com/v3/checks/suites/#response-1 (key: `check_suites`)
+ * - https://developer.github.com/v3/apps/installations/#list-repositories (key: `repositories`)
+ * - https://developer.github.com/v3/apps/installations/#list-installations-for-a-user (key `installations`)
 *
 * Octokit normalizes these responses so that paginated results are always returned following
 * the same structure. One challenge is that if the list response has only one page, no Link
 * header is provided, so this header alone is not sufficient to check wether a response is
- * paginated or not.
- *
- * We check if a "total_count" key is present in the response data, but also make sure that
- * a "url" property is not, as the "Get the combined status for a specific ref" endpoint would
- * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+ * paginated or not. For the exceptions with the namespace, a fallback check for the route
+ * paths has to be added in order to normalize the response. We cannot check for the total_count
+ * property because it also exists in the response of Get the combined status for a specific ref.
 */
+const REGEX = [
+    /^\/search\//,
+    /^\/repos\/[^/]+\/[^/]+\/commits\/[^/]+\/(check-runs|check-suites)([^/]|$)/,
+    /^\/installation\/repositories([^/]|$)/,
+    /^\/user\/installations([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/secrets([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/workflows(\/[^/]+\/runs)?([^/]|$)/,
+    /^\/repos\/[^/]+\/[^/]+\/actions\/runs(\/[^/]+\/(artifacts|jobs))?([^/]|$)/
+];
 function normalizePaginatedListResponse(octokit, url, response) {
-    const responseNeedsNormalization = "total_count" in response.data && !("url" in response.data);
+    const path = url.replace(octokit.request.endpoint.DEFAULTS.baseUrl, "");
+    const responseNeedsNormalization = REGEX.find(regex => regex.test(path));
    if (!responseNeedsNormalization)
        return;
    // keep the additional properties intact as there is currently no other way
@@ -38,6 +52,12 @@ function normalizePaginatedListResponse(octokit, url, response) {
        response.data.repository_selection = repositorySelection;
    }
    response.data.total_count = totalCount;
+    Object.defineProperty(response.data, namespaceKey, {
+        get() {
+            octokit.log.warn(`[@octokit/paginate-rest] "response.data.${namespaceKey}" is deprecated for "GET ${path}". Get the results directly from "response.data"`);
+            return Array.from(data);
+        }
+    });
 }

 function iterator(octokit, route, parameters) {
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-web/index.js.map
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-web/index.js.map
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/package.json
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@octokit/plugin-paginate-rest",
  "description": "Octokit plugin to paginate REST API endpoint responses",
-  "version": "2.0.2",
+  "version": "1.1.2",
  "license": "MIT",
  "files": [
    "dist-*/",
@@ -22,18 +22,18 @@
  "devDependencies": {
    "@octokit/core": "^2.0.0",
    "@pika/pack": "^0.5.0",
-    "@pika/plugin-build-node": "^0.9.0",
-    "@pika/plugin-build-web": "^0.9.0",
-    "@pika/plugin-ts-standard-pkg": "^0.9.0",
+    "@pika/plugin-build-node": "^0.8.1",
+    "@pika/plugin-build-web": "^0.8.1",
+    "@pika/plugin-ts-standard-pkg": "^0.8.1",
    "@types/fetch-mock": "^7.3.1",
-    "@types/jest": "^25.1.0",
+    "@types/jest": "^24.0.18",
    "@types/node": "^13.1.0",
-    "fetch-mock": "^9.0.0",
+    "fetch-mock": "^8.0.0",
    "jest": "^24.9.0",
    "prettier": "^1.18.2",
    "semantic-release": "^17.0.0",
    "semantic-release-plugin-update-version-in-files": "^1.0.0",
-    "ts-jest": "^25.1.0",
+    "ts-jest": "^24.1.0",
    "typescript": "^3.7.2"
  },
  "publishConfig": {
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/LICENSE
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/LICENSE
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/README.md
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/README.md
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js.map
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-node/index.js.map
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/rest-endpoint-methods-types.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/rest-endpoint-methods-types.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js
@@ -0,0 +1,38 @@
+import { Deprecation } from "deprecation";
+import endpointsByScope from "./generated/endpoints";
+import { VERSION } from "./version";
+import { registerEndpoints } from "./register-endpoints";
+/**
+ * This plugin is a 1:1 copy of internal @octokit/rest plugins. The primary
+ * goal is to rebuild @octokit/rest on top of @octokit/core. Once that is
+ * done, we will remove the registerEndpoints methods and return the methods
+ * directly as with the other plugins. At that point we will also remove the
+ * legacy workarounds and deprecations.
+ *
+ * See the plan at
+ * https://github.com/octokit/plugin-rest-endpoint-methods.js/pull/1
+ */
+export function restEndpointMethods(octokit) {
+    // @ts-ignore
+    octokit.registerEndpoints = registerEndpoints.bind(null, octokit);
+    registerEndpoints(octokit, endpointsByScope);
+    // Aliasing scopes for backward compatibility
+    // See https://github.com/octokit/rest.js/pull/1134
+    [
+        ["gitdata", "git"],
+        ["authorization", "oauthAuthorizations"],
+        ["pullRequests", "pulls"]
+    ].forEach(([deprecatedScope, scope]) => {
+        Object.defineProperty(octokit, deprecatedScope, {
+            get() {
+                octokit.log.warn(
+                // @ts-ignore
+                new Deprecation(`[@octokit/plugin-rest-endpoint-methods] "octokit.${deprecatedScope}.*" methods are deprecated, use "octokit.${scope}.*" instead`));
+                // @ts-ignore
+                return octokit[scope];
+            }
+        });
+    });
+    return {};
+}
+restEndpointMethods.VERSION = VERSION;
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/register-endpoints.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/register-endpoints.js
@@ -0,0 +1,60 @@
+import { Deprecation } from "deprecation";
+export function registerEndpoints(octokit, routes) {
+    Object.keys(routes).forEach(namespaceName => {
+        if (!octokit[namespaceName]) {
+            octokit[namespaceName] = {};
+        }
+        Object.keys(routes[namespaceName]).forEach(apiName => {
+            const apiOptions = routes[namespaceName][apiName];
+            const endpointDefaults = ["method", "url", "headers"].reduce((map, key) => {
+                if (typeof apiOptions[key] !== "undefined") {
+                    map[key] = apiOptions[key];
+                }
+                return map;
+            }, {});
+            endpointDefaults.request = {
+                validate: apiOptions.params
+            };
+            let request = octokit.request.defaults(endpointDefaults);
+            // patch request & endpoint methods to support deprecated parameters.
+            // Not the most elegant solution, but we don’t want to move deprecation
+            // logic into octokit/endpoint.js as it’s out of scope
+            const hasDeprecatedParam = Object.keys(apiOptions.params || {}).find(key => apiOptions.params[key].deprecated);
+            if (hasDeprecatedParam) {
+                const patch = patchForDeprecation.bind(null, octokit, apiOptions);
+                request = patch(octokit.request.defaults(endpointDefaults), `.${namespaceName}.${apiName}()`);
+                request.endpoint = patch(request.endpoint, `.${namespaceName}.${apiName}.endpoint()`);
+                request.endpoint.merge = patch(request.endpoint.merge, `.${namespaceName}.${apiName}.endpoint.merge()`);
+            }
+            if (apiOptions.deprecated) {
+                octokit[namespaceName][apiName] = Object.assign(function deprecatedEndpointMethod() {
+                    octokit.log.warn(new Deprecation(`[@octokit/rest] ${apiOptions.deprecated}`));
+                    octokit[namespaceName][apiName] = request;
+                    return request.apply(null, arguments);
+                }, request);
+                return;
+            }
+            octokit[namespaceName][apiName] = request;
+        });
+    });
+}
+function patchForDeprecation(octokit, apiOptions, method, methodName) {
+    const patchedMethod = (options) => {
+        options = Object.assign({}, options);
+        Object.keys(options).forEach(key => {
+            if (apiOptions.params[key] && apiOptions.params[key].deprecated) {
+                const aliasKey = apiOptions.params[key].alias;
+                octokit.log.warn(new Deprecation(`[@octokit/rest] "${key}" parameter is deprecated for "${methodName}". Use "${aliasKey}" instead`));
+                if (!(aliasKey in options)) {
+                    options[aliasKey] = options[key];
+                }
+                delete options[key];
+            }
+        });
+        return method(options);
+    };
+    Object.keys(method).forEach(key => {
+        patchedMethod[key] = method[key];
+    });
+    return patchedMethod;
+}
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/types.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/types.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
@@ -0,0 +1 @@
+export const VERSION = "2.4.0";
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/endpoints.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/endpoints.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/rest-endpoint-methods-types.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/rest-endpoint-methods-types.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/register-endpoints.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/register-endpoints.d.ts
@@ -0,0 +1 @@
+export declare function registerEndpoints(octokit: any, routes: any): void;
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts
@@ -0,0 +1,4 @@
+import { RestEndpointMethods } from "./generated/rest-endpoint-methods-types";
+export declare type Api = {
+    registerEndpoints: (endpoints: any) => void;
+} & RestEndpointMethods;
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/version.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/version.d.ts
@@ -0,0 +1 @@
+export declare const VERSION = "2.4.0";
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-web/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-web/index.js
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-web/index.js.map
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-web/index.js.map
--- a/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/package.json
+++ b/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@octokit/plugin-rest-endpoint-methods",
  "description": "Octokit plugin adding one method for all of api.github.com REST API endpoints",
-  "version": "3.3.1",
+  "version": "2.4.0",
  "license": "MIT",
  "files": [
    "dist-*/",
@@ -25,15 +25,14 @@
    "@octokit/core": "^2.1.2",
    "@octokit/graphql": "^4.3.1",
    "@pika/pack": "^0.5.0",
-    "@pika/plugin-build-node": "^0.9.0",
-    "@pika/plugin-build-web": "^0.9.0",
-    "@pika/plugin-ts-standard-pkg": "^0.9.0",
+    "@pika/plugin-build-node": "^0.7.1",
+    "@pika/plugin-build-web": "^0.7.1",
+    "@pika/plugin-ts-standard-pkg": "^0.7.1",
    "@types/fetch-mock": "^7.3.1",
    "@types/jest": "^25.1.0",
    "@types/node": "^13.1.0",
-    "fetch-mock": "^9.0.0",
-    "fs-extra": "^8.1.0",
-    "jest": "^25.1.0",
+    "fetch-mock": "^8.0.0",
+    "jest": "^24.9.0",
    "lodash.camelcase": "^4.3.0",
    "lodash.set": "^4.3.2",
    "lodash.upperfirst": "^4.3.1",
--- a/node_modules/@actions/github/node_modules/@octokit/rest/LICENSE
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/LICENSE
--- a/node_modules/@actions/github/node_modules/@octokit/rest/README.md
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/README.md
--- a/node_modules/@actions/github/node_modules/@octokit/rest/index.d.ts
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/index.d.ts
--- a/node_modules/@actions/github/node_modules/@octokit/rest/index.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/index.js
@@ -0,0 +1,43 @@
+const { requestLog } = require("@octokit/plugin-request-log");
+const {
+  restEndpointMethods
+} = require("@octokit/plugin-rest-endpoint-methods");
+
+const Core = require("./lib/core");
+
+const CORE_PLUGINS = [
+  require("./plugins/authentication"),
+  require("./plugins/authentication-deprecated"), // deprecated: remove in v17
+  requestLog,
+  require("./plugins/pagination"),
+  restEndpointMethods,
+  require("./plugins/validate"),
+
+  require("octokit-pagination-methods") // deprecated: remove in v17
+];
+
+const OctokitRest = Core.plugin(CORE_PLUGINS);
+
+function DeprecatedOctokit(options) {
+  const warn =
+    options && options.log && options.log.warn
+      ? options.log.warn
+      : console.warn;
+  warn(
+    '[@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead'
+  );
+  return new OctokitRest(options);
+}
+
+const Octokit = Object.assign(DeprecatedOctokit, {
+  Octokit: OctokitRest
+});
+
+Object.keys(OctokitRest).forEach(key => {
+  /* istanbul ignore else */
+  if (OctokitRest.hasOwnProperty(key)) {
+    Octokit[key] = OctokitRest[key];
+  }
+});
+
+module.exports = Octokit;
--- a/node_modules/@actions/github/node_modules/@octokit/rest/lib/constructor.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/lib/constructor.js
@@ -0,0 +1,29 @@
+module.exports = Octokit;
+
+const { request } = require("@octokit/request");
+const Hook = require("before-after-hook");
+
+const parseClientOptions = require("./parse-client-options");
+
+function Octokit(plugins, options) {
+  options = options || {};
+  const hook = new Hook.Collection();
+  const log = Object.assign(
+    {
+      debug: () => {},
+      info: () => {},
+      warn: console.warn,
+      error: console.error
+    },
+    options && options.log
+  );
+  const api = {
+    hook,
+    log,
+    request: request.defaults(parseClientOptions(options, log, hook))
+  };
+
+  plugins.forEach(pluginFunction => pluginFunction(api, options));
+
+  return api;
+}
--- a/node_modules/@actions/github/node_modules/@octokit/rest/lib/core.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/lib/core.js
@@ -0,0 +1,3 @@
+const factory = require("./factory");
+
+module.exports = factory();
--- a/node_modules/@actions/github/node_modules/@octokit/rest/lib/factory.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/lib/factory.js
@@ -0,0 +1,10 @@
+module.exports = factory;
+
+const Octokit = require("./constructor");
+const registerPlugin = require("./register-plugin");
+
+function factory(plugins) {
+  const Api = Octokit.bind(null, plugins || []);
+  Api.plugin = registerPlugin.bind(null, plugins || []);
+  return Api;
+}
--- a/node_modules/@actions/github/node_modules/@octokit/rest/lib/parse-client-options.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/lib/parse-client-options.js
@@ -0,0 +1,89 @@
+module.exports = parseOptions;
+
+const { Deprecation } = require("deprecation");
+const { getUserAgent } = require("universal-user-agent");
+const once = require("once");
+
+const pkg = require("../package.json");
+
+const deprecateOptionsTimeout = once((log, deprecation) =>
+  log.warn(deprecation)
+);
+const deprecateOptionsAgent = once((log, deprecation) => log.warn(deprecation));
+const deprecateOptionsHeaders = once((log, deprecation) =>
+  log.warn(deprecation)
+);
+
+function parseOptions(options, log, hook) {
+  if (options.headers) {
+    options.headers = Object.keys(options.headers).reduce((newObj, key) => {
+      newObj[key.toLowerCase()] = options.headers[key];
+      return newObj;
+    }, {});
+  }
+
+  const clientDefaults = {
+    headers: options.headers || {},
+    request: options.request || {},
+    mediaType: {
+      previews: [],
+      format: ""
+    }
+  };
+
+  if (options.baseUrl) {
+    clientDefaults.baseUrl = options.baseUrl;
+  }
+
+  if (options.userAgent) {
+    clientDefaults.headers["user-agent"] = options.userAgent;
+  }
+
+  if (options.previews) {
+    clientDefaults.mediaType.previews = options.previews;
+  }
+
+  if (options.timeZone) {
+    clientDefaults.headers["time-zone"] = options.timeZone;
+  }
+
+  if (options.timeout) {
+    deprecateOptionsTimeout(
+      log,
+      new Deprecation(
+        "[@octokit/rest] new Octokit({timeout}) is deprecated. Use {request: {timeout}} instead. See https://github.com/octokit/request.js#request"
+      )
+    );
+    clientDefaults.request.timeout = options.timeout;
+  }
+
+  if (options.agent) {
+    deprecateOptionsAgent(
+      log,
+      new Deprecation(
+        "[@octokit/rest] new Octokit({agent}) is deprecated. Use {request: {agent}} instead. See https://github.com/octokit/request.js#request"
+      )
+    );
+    clientDefaults.request.agent = options.agent;
+  }
+
+  if (options.headers) {
+    deprecateOptionsHeaders(
+      log,
+      new Deprecation(
+        "[@octokit/rest] new Octokit({headers}) is deprecated. Use {userAgent, previews} instead. See https://github.com/octokit/request.js#request"
+      )
+    );
+  }
+
+  const userAgentOption = clientDefaults.headers["user-agent"];
+  const defaultUserAgent = `octokit.js/${pkg.version} ${getUserAgent()}`;
+
+  clientDefaults.headers["user-agent"] = [userAgentOption, defaultUserAgent]
+    .filter(Boolean)
+    .join(" ");
+
+  clientDefaults.request.hook = hook.bind(null, "request");
+
+  return clientDefaults;
+}
--- a/node_modules/@actions/github/node_modules/@octokit/rest/lib/register-plugin.js
+++ b/node_modules/@actions/github/node_modules/@octokit/rest/lib/register-plugin.js
@@ -0,0 +1,9 @@
+module.exports = registerPlugin;
+
+const factory = require("./factory");
+
+function registerPlugin(plugins, pluginFunction) {
+  return factory(
+    plugins.includes(pluginFunction) ? plugins : plugins.concat(pluginFunction)
+  );
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
jhutchings1	526f19341b	Update codeql.ts	2020-07-11 13:28:32 -07:00
jhutchings1	ea8c11c723	Update codeql.ts	2020-07-11 13:22:57 -07:00
jhutchings1	df49e473c8	Update codeql.ts	2020-07-11 13:17:46 -07:00
jhutchings1	8d49f67955	Remove try/catch	2020-07-11 13:12:15 -07:00
jhutchings1	dc2f0c2f5f	Debug	2020-07-11 13:08:34 -07:00
jhutchings1	5767c8ebfc	Update codeql.ts	2020-07-11 12:59:51 -07:00
jhutchings1	fde574ae22	Update codeql.ts	2020-07-11 12:54:20 -07:00
jhutchings1	3b632c3106	Try listener option	2020-07-11 12:51:26 -07:00
jhutchings1	b63d497b0e	Test	2020-07-11 12:43:17 -07:00
jhutchings1	f1569d58df	Try additional debugging	2020-07-11 12:20:52 -07:00
jhutchings1	f2c8606b17	Add debug statements	2020-07-11 12:18:01 -07:00
jhutchings1	066d9716c6	Fix issue with error detection	2020-07-11 12:13:09 -07:00
jhutchings1	642850bff5	Add special case for "No code seen" error	2020-07-11 12:08:45 -07:00
jhutchings1	5fa6bd2622	Update autobuild and analysis path error messages.	2020-07-11 11:45:36 -07:00
jhutchings1	278f870907	Add help URL to languages error	2020-07-11 11:40:35 -07:00
Robert	c3dcf26eaf	Merge pull request #103 from github/lgtm_filters Add support for LGTM_INDEX_FILTERS	2020-07-10 15:47:16 +01:00
Robert Brignull	189b6ef4bf	ban / as a path	2020-07-10 15:33:03 +01:00
Robert Brignull	1a4c658bbf	Merge branch 'main' into lgtm_filters	2020-07-10 15:01:22 +01:00
Robert	ec154779ac	Merge pull request #100 from github/github_proxy Use @actions/github as a wrapper around octokit in order to support proxies	2020-07-10 14:37:22 +01:00
Robert Brignull	ca775cfb2e	remove bypass-proxy test	2020-07-10 12:58:18 +01:00
Robert Brignull	fb9f2af49f	adjust comments	2020-07-10 11:08:29 +01:00
Robert Brignull	60126bfb39	ban backslashes	2020-07-09 18:27:46 +01:00
Robert Brignull	24367a89b5	move checking to when env vars are constructed	2020-07-09 18:05:54 +01:00
Robert Brignull	70980b9f32	Make characters completely illegal on windows	2020-07-09 17:40:26 +01:00
Robert Brignull	bf5b437adb	output better errors	2020-07-09 17:01:53 +01:00
Robert Brignull	b6efd2e6de	Merge remote-tracking branch 'origin/main' into github_proxy	2020-07-09 16:37:52 +01:00
Robert Brignull	8a6b404471	add tests	2020-07-09 16:36:49 +01:00
Robert Brignull	d781c667b1	Merge branch 'main' into lgtm_filters	2020-07-09 10:30:20 +01:00
Robert Brignull	56417be251	filter ** paths	2020-07-08 16:33:00 +01:00
Robert Brignull	abf6f239fa	trim leading slashes	2020-07-08 16:22:29 +01:00
Robert Brignull	9fb69dda17	clarify error slightly more	2020-07-08 15:11:29 +01:00
Robert Brignull	dcebdd6441	give better error messages	2020-07-08 15:06:45 +01:00
Robert	56e74b9096	Merge pull request #102 from github/exclude-lib Exclude lib directory from analysis	2020-07-08 10:32:12 +01:00
Robert Brignull	13ee335beb	Merge remote-tracking branch 'origin/main' into github_proxy	2020-07-07 18:34:09 +01:00
Robert Brignull	07caa0f5cf	pull out mockGetContents method	2020-07-07 18:32:29 +01:00
Robert Brignull	f77ab09bf4	add sinon types	2020-07-07 18:32:18 +01:00
Robert	8d908eeab3	Update codeql-config.yml	2020-07-07 13:09:32 +01:00
Robert	cfcff89771	Merge pull request #101 from github/workflow_dispatch Add workflow_dispatch event	2020-07-07 11:39:47 +01:00
Robert Brignull	fe3dbb7e64	Add support for LGTM_INDEX_FILTERS	2020-07-07 11:37:56 +01:00
Robert	1aeb7665e7	Add workflow_dispatch event	2020-07-07 10:24:41 +01:00
Robert Brignull	0086c2ecdb	use @actions/github	2020-07-06 16:25:26 +01:00
Robert	9da537eb33	Merge pull request #93 from github/codeql_mock Introduce wrapper around codeql	2020-07-06 10:38:41 +01:00
Robert Brignull	5ab09ae291	Make parameter names more descriptive	2020-07-02 14:45:14 +01:00
Robert Brignull	c41d287cae	Introduce wrapper around codeql	2020-07-02 14:25:08 +01:00
Sam Partington	8947510a57	Merge pull request #96 from github/pr-template-test-builds Remove test builds section of PR template	2020-07-02 14:23:33 +01:00
Sam Partington	5d84e87b3d	Merge branch 'main' into pr-template-test-builds	2020-07-02 14:11:18 +01:00
Sam Partington	9bc459c5f1	Merge pull request #95 from github/merge-help Add details of who will merge (CONTRIBUTING.md)	2020-07-02 13:46:52 +01:00
Sam Partington	77e9a735f6	Merge branch 'main' into merge-help	2020-07-02 13:42:20 +01:00
Sam Partington	57a57713c3	Remove test builds section of PR template This is covered by the CI checks now	2020-07-02 13:37:46 +01:00
Sam Partington	a0bf50cb7b	Add details of who will merge (CONTRIBUTING.md)	2020-07-02 13:35:29 +01:00
Robert	72803c4251	Merge pull request #90 from github/analysis_key_status add analysis_key to status reports	2020-07-02 11:48:14 +01:00
Robert	eaf6649611	Merge branch 'main' into analysis_key_status	2020-07-02 11:34:08 +01:00
Sam Partington	55a6f9e0a8	Merge pull request #94 from github/developer-docs Add development instructions to CONTRIBUTING.md	2020-07-02 11:07:06 +01:00
Sam Partington	dfed1f7eea	Point people at init/action.yml for node version https://github.com/github/codeql-action/pull/94#discussion_r448502825	2020-07-02 10:55:00 +01:00
Sam Partington	580e603e94	Add development instructions to CONTRIBUTING.md	2020-07-01 14:32:04 +01:00
Robert	de7ff148e5	Merge pull request #91 from github/codeql-bundle-20200630 Update codeql bundle	2020-07-01 09:55:41 +01:00
Robert	480467971e	Merge branch 'main' into codeql-bundle-20200630	2020-06-30 16:03:24 +01:00
Sam Partington	e2a8f32427	Merge pull request #87 from github/support-remote-config Allow config files to be from a remote repository	2020-06-30 15:19:23 +01:00
Sam Partington	260a93fe06	Merge branch 'main' into support-remote-config	2020-06-30 14:57:35 +01:00
Sam Partington	dc2678801a	Use right SHA in integration test `1bb294af6b (r40266717)`	2020-06-30 14:37:27 +01:00
Sam Partington	c953f77bb6	Merge pull request #92 from github/use-checkout-v2 Use v2 of checkout action	2020-06-30 14:33:21 +01:00
Sam Partington	aa6c2c5bda	Fix URL in integration test https://github.com/github/codeql-action/runs/822529558?check_suite_focus=true#step:4:43	2020-06-30 14:32:36 +01:00
Sam Partington	a52f1a55ed	Fix workflow name	2020-06-30 14:17:37 +01:00
Sam Partington	1bb294af6b	Combine integration tests for simplicity https://github.com/github/codeql-action/pull/87#issuecomment-651757413	2020-06-30 14:15:51 +01:00
Sam Partington	25a0a6baed	Use v2 of checkout action	2020-06-30 14:11:08 +01:00
Sam Partington	4b37db72e4	Add integration test for retrieval of remote config https://github.com/github/codeql-action/pull/87#pullrequestreview-439357075	2020-06-30 12:22:08 +01:00
Robert	04b2540e30	Update codeql bundle	2020-06-30 11:39:56 +01:00
Robert Brignull	0e3f8311ed	add analysis_key to status reports	2020-06-29 11:24:04 +01:00
Sam Partington	ca76a2ca94	Add .DS_Store files from node module https://github.com/github/codeql-action/pull/87/checks?check_run_id=811678038	2020-06-29 09:18:18 +01:00
Sam Partington	6afe41036b	Update node modules https://github.com/github/codeql-action/pull/87/checks?check_run_id=811666672	2020-06-26 16:27:11 +01:00
Sam Partington	ee4cc86b19	Merge branch 'main' into support-remote-config	2020-06-26 16:14:32 +01:00
Sam Partington	0607771cc2	Make remote config retrieval more robust	2020-06-26 16:14:15 +01:00
Sam Partington	51becd2cf8	Bring error message method name inline with others	2020-06-26 15:44:57 +01:00
Sam Partington	a66f2b0b11	Remove redundant comment	2020-06-26 15:44:13 +01:00
Sam Partington	7c00663f08	Remove tests of internal function now its behaviour has been verified	2020-06-26 14:46:53 +01:00
Sam Partington	f8c87948ab	Use new API client From https://github.com/github/codeql-action/pull/82	2020-06-26 14:45:37 +01:00
Sam Partington	9566d8c220	Merge branch 'main' into support-remote-config	2020-06-26 13:48:59 +01:00
Sam Partington	366d8a32d1	Retrieve remote configuration where specified	2020-06-26 11:49:00 +01:00
Sam Partington	388403b46e	Add a test that an Octokit request is made for remote config	2020-06-25 15:10:17 +01:00
Sam Partington	32c9898fa4	Fix regex	2020-06-25 15:10:17 +01:00
Sam Partington	56292b1fa3	Reset mocks in test so they don't leak into later test	2020-06-25 15:10:17 +01:00
Sam Partington	a19d19e0a3	Add validation of remote config location, no retrieval yet	2020-06-25 13:21:46 +01:00
Sam Partington	153a598a97	Add a new function used to determine where to retrieve config from	2020-06-24 16:15:25 +01:00
Sam Partington	f4cf65ca2d	Add a test that Octokit isn't used for local config	2020-06-24 14:42:29 +01:00
Sam Partington	b0af5695e6	Add sinon package for mocking	2020-06-24 14:34:08 +01:00
Sam Partington	43c1bea680	Run npm install so have clear baseline	2020-06-24 14:33:14 +01:00
				`@@ -0,0 +1 @@`
				{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":";;AAEA,2BAA2C;AAC3C,2BAAsB;AAEtB,MAAa,OAAO;IAalB;;OAEG;IACH;QACE,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,IAAI,eAAU,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE;gBAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CACvB,iBAAY,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAC,QAAQ,EAAE,MAAM,EAAC,CAAC,CAChE,CAAA;aACF;iBAAM;gBACL,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;gBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,kBAAkB,QAAG,EAAE,CAAC,CAAA;aACvE;SACF;QACD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAA2B,CAAA;QACxD,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAyB,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAuB,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAsB,CAAA;IACjD,CAAC;IAED,IAAI,KAAK;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,uCACK,IAAI,CAAC,IAAI,KACZ,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,CAAC,MAAM,IAClE;IACH,CAAC;IAED,IAAI,IAAI;QACN,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9D,OAAO,EAAC,KAAK,EAAE,IAAI,EAAC,CAAA;SACrB;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YAC3B,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK;gBAC1C,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI;aACnC,CAAA;SACF;QAED,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;IACH,CAAC;CACF;AA9DD,0BA8DC"}
				`@@ -0,0 +1 @@`
				{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":";;;;;;;;;AAAA,gGAAgG;AAChG,8CAAwC;AAUxC,wCAAqC;AACrC,mDAAoC;AAEpC,iEAAkD;AAElD,0CAA0C;AAC1C,cAAO,CAAC,SAAS,GAAG,IAAI,cAAO,EAAE,CAAA;AAEpB,QAAA,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAA;AAE5C,MAAa,MAAO,SAAQ,cAAO;IAiBjC,YAAY,KAA+B,EAAE,IAAsB;QACjE,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAA;QAEjE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;IACpE,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CACzB,KAA+B,EAC/B,IAAsB;QAEtB,OAAO;YACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACtC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;SAC/C,CAAA;IACH,CAAC;IAEO,MAAM,CAAC,iBAAiB,CAC9B,IAA+B;QAE/B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,qBAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,iEAAiE;QAE9F,4BAA4B;QAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,CAAA;QAEzD,OAAO;QACP,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACjD,IAAI,IAAI,EAAE;YACR,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC5D,IAAI,KAAK,EAAE;YACT,iEAAiE;YACjE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,mBAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAA;YAE7D,gBAAgB;YAChB,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;SAC9B;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,IAA+B;QACvD,MAAM,QAAQ,GAA6B,EAAE,CAAA;QAC7C,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAEvB,gBAAgB;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC/C,IAAI,IAAI,EAAE;YACR,QAAQ,CAAC,OAAO,GAAG;gBACjB,aAAa,EAAE,IAAI;aACpB,CAAA;SACF;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC7D,IAAI,KAAK,EAAE;YACT,QAAQ,CAAC,OAAO,GAAG,EAAC,KAAK,EAAC,CAAA;SAC3B;QAED,OAAO,iBAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,KAAa,EACb,OAAwB;QAExB,gBAAgB;QAChB,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;SAC5D;aAAM,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE;YAChC,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;SACF;QAED,OAAO,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,cAAsB,EACtB,OAAwB;;QAExB,IAAI,QAAC,OAAO,CAAC,OAAO,0CAAE,KAAK,CAAA,EAAE;YAC3B,IAAI,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE;gBAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,CAAA;gBACtC,OAAO,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;aACnC;SACF;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,aAAa;QAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,wBAAwB,CAAA;IAClE,CAAC;IAEO,MAAM,CAAC,iBAAiB;QAC9B,IAAI,GAAG,GACL,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gCAAgC,CAAA;QAEvE,kDAAkD;QAClD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACrB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;SACpC;QAED,6BAA6B;QAC7B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;YAC1C,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;SACpD;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxID,wBAwIC"}
				`@@ -0,0 +1 @@`
				`{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":";AAAA,uDAAuD"}`
				`@@ -0,0 +1 @@`
				`export declare function registerEndpoints(octokit: any, routes: any): void;`