Merge main into releases/v2 (#1287)

* Update changelog and version after v2.1.26

* Update checked-in dependencies

* Don't check for Go logs on failure (#1279)

* Update supported GitHub Enterprise Server versions. (#1275)

Co-authored-by: GitHub <noreply@github.com>

* TRAP Caching: Add timeouts to upload/download operations

* Add logging statements declaring state of the cli_config_file_enabled

It's possible to determine this otherwise, but this makes it easier to
spot.

* Avoid using single value as array

The user config parser in the CLI doesn't yet support it.

* Extract logging statements to separate function

* Correctly report CodeQL version when using cache (#1259)

* Correctly report CodeQL version when using cache

* Add JS generated files

* Add test for return value of `setupCodeQL`

* Fill in missing return value comment

* Convert "Invalid source root" errors to UserErrors

* Add changelog note for Go extraction reconciliation (#1286)

* Add changelog note for Go extraction reconciliation

* Update CHANGELOG.md

Co-authored-by: Henry Mercer <henrymercer@github.com>

* Update CHANGELOG.md

Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>

* Tweaks from PR review

Co-authored-by: Henry Mercer <henrymercer@github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>

* Update changelog for v2.1.27

Co-authored-by: github-actions[bot] <github-actions@github.com>
Co-authored-by: Chuan-kai Lin <cklin@github.com>
Co-authored-by: Angela P Wen <angelapwen@github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: GitHub <noreply@github.com>
Co-authored-by: Edoardo Pirovano <edoardo.pirovano@gmail.com>
Co-authored-by: Edoardo Pirovano <6748066+edoardopirovano@users.noreply.github.com>
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
Co-authored-by: Henry Mercer <henrymercer@github.com>

.github/workflows/debug-artifacts-failure.yml

@@ -79,7 +79,7 @@ jobs:
                 echo "Missing database initialization logs"
                 exit 1
               fi
-              if [[ ! -d "$language/log" ]] ; then
+              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
                 echo "Missing logs for $language"
                 exit 1
               fi

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CodeQL Action Changelog
 
+## 2.1.27 - 06 Oct 2022
+
+- We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please [file an issue](https://github.com/github/codeql-action/issues) or open a private ticket with GitHub Support and request an escalation to engineering.
+
 ## 2.1.26 - 29 Sep 2022
 
 - Update default CodeQL bundle version to 2.11.0. [#1267](https://github.com/github/codeql-action/pull/1267)

lib/analyze.js

@@ -136,6 +136,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         config.paths, config.pathsIgnore, config.languages, logger);
     }
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    await util.logCodeScanningConfigInCli(codeql, featureFlags, logger);
     for (const language of config.languages) {
         const queries = config.queries[language];
         const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.7", "minimumVersion": "3.3" }
+{ "maximumVersion": "3.7", "minimumVersion": "3.2" }

lib/codeql.js

@@ -224,7 +224,7 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
- * @returns
+ * @returns a { CodeQL, toolsVersion } object.
  */
 async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, featureFlags, logger, checkVersion) {
     try {
@@ -267,6 +267,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, featureFlags
                     if (fs.existsSync(path.join(tmpCodeqlFolder, "pinned-version"))) {
                         logger.debug(`CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`);
                         codeqlFolder = tmpCodeqlFolder;
+                        codeqlURLVersion = codeqlVersions[0];
                     }
                 }
             }

lib/codeql.test.js

@@ -95,7 +95,7 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
     (0, nock_1.default)(baseUrl)
         .get(relativeUrl)
         .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
-    await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureFlags !== null && featureFlags !== void 0 ? featureFlags : (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+    return await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureFlags !== null && featureFlags !== void 0 ? featureFlags : (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
 }
 (0, ava_1.default)("download codeql bundle cache", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
@@ -103,8 +103,9 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
         const versions = ["20200601", "20200610"];
         for (let i = 0; i < versions.length; i++) {
             const version = versions[i];
-            await mockApiAndSetupCodeQL({ version, tmpDir });
+            const codeQLConfig = await mockApiAndSetupCodeQL({ version, tmpDir });
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
+            t.deepEqual(codeQLConfig.toolsVersion, version);
         }
         t.is(toolcache.findAllVersions("CodeQL").length, 2);
     });
@@ -112,26 +113,33 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({ version: "20200610", tmpDir });
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const unpinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200610",
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
+        t.deepEqual(unpinnedCodeQLConfig.toolsVersion, "20200610");
     });
 });
 (0, ava_1.default)("don't download codeql bundle cache with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(codeQLConfig.toolsVersion, "0.0.0-20200601");
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
     });
@@ -139,14 +147,19 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)("download codeql bundle cache with different version cached (not pinned)", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({ version: "20200601", tmpDir });
+        const cachedCodeQLConfig = await mockApiAndSetupCodeQL({
+            version: "20200601",
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({
+        t.deepEqual(cachedCodeQLConfig.toolsVersion, "20200601");
+        const codeQLConfig = await mockApiAndSetupCodeQL({
             version: defaults.bundleVersion,
             tmpDir,
             apiDetails: sampleApiDetails,
             toolsInput: { input: undefined },
         });
+        t.deepEqual(codeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
@@ -154,18 +167,20 @@ async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDi
 (0, ava_1.default)('download codeql bundle cache with pinned different version cached if "latest" tools specified', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await mockApiAndSetupCodeQL({
+        const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
             version: "20200601",
             isPinned: true,
             tmpDir,
         });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await mockApiAndSetupCodeQL({
+        t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
+        const latestCodeQLConfig = await mockApiAndSetupCodeQL({
             version: defaults.bundleVersion,
             apiDetails: sampleApiDetails,
             toolsInput: { input: "latest" },
             tmpDir,
         });
+        t.deepEqual(latestCodeQLConfig.toolsVersion, defaults.bundleVersion.replace("codeql-bundle-", ""));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });

lib/config-utils.js

@@ -908,6 +908,7 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
     // When using the codescanning config in the CLI, pack downloads
     // happen in the CLI during the `database init` command, so no need
     // to download them here.
+    await (0, util_1.logCodeScanningConfigInCli)(codeQL, featureFlags, logger);
     if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureFlags))) {
         const registries = parseRegistries(registriesInput);
         await downloadPacks(codeQL, config.languages, config.packs, registries, apiDetails, config.tempDir, logger);

lib/init.js

@@ -47,7 +47,6 @@ async function initConfig(languagesInput, queriesInput, packsInput, registriesIn
 }
 exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, processLevel, featureFlags, logger) {
-    var _a, _b;
     fs.mkdirSync(config.dbLocation, { recursive: true });
     try {
         if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
@@ -62,24 +61,41 @@ async function runInit(codeql, config, sourceRoot, processName, processLevel, fe
         }
     }
     catch (e) {
-        // Handle the situation where init is called twice
-        // for the same database in the same job.
-        if (e instanceof Error &&
-            ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
-            e.message.includes("exists and is not an empty directory.")) {
-            throw new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
-        }
-        else if (e instanceof Error &&
-            ((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("is not compatible with this CodeQL CLI"))) {
-            throw new util.UserError(e.message);
-        }
-        else {
-            throw e;
-        }
+        throw processError(e);
     }
     return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql, await util.isGoExtractionReconciliationEnabled(featureFlags), logger);
 }
 exports.runInit = runInit;
+/**
+ * Possibly convert this error into a UserError in order to avoid
+ * counting this error towards our internal error budget.
+ *
+ * @param e The error to possibly convert to a UserError.
+ *
+ * @returns A UserError if the error is a known error that can be
+ *         attributed to the user, otherwise the original error.
+ */
+function processError(e) {
+    var _a, _b, _c, _d;
+    if (!(e instanceof Error)) {
+        return e;
+    }
+    if (
+    // Init action called twice
+    ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
+        ((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("exists and is not an empty directory."))) {
+        return new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
+    }
+    if (
+    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
+    ((_c = e.message) === null || _c === void 0 ? void 0 : _c.includes("is not compatible with this CodeQL CLI")) ||
+        (
+        // Expected source location for database creation does not exist
+        (_d = e.message) === null || _d === void 0 ? void 0 : _d.includes("Invalid source root"))) {
+        return new util.UserError(e.message);
+    }
+    return e;
+}
 // Runs a powershell script to inject the tracer into a parent process
 // so it can tracer future processes, hopefully including the build process.
 // If processName is given then injects into the nearest parent process with

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,eAAmC,EACnC,UAA8B,EAC9B,UAA8B,EAC9B,kBAA2B,EAC3B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,eAAe,EACf,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA5CD,gCA4CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC,EAChC,YAA0B,EAC1B,MAAc;;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,MAAM,CACP,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,kDAAkD;QAClD,yCAAyC;QACzC,IACE,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAA;YACnD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAC3D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CACtB,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;aAAM,IACL,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,wCAAwC,CAAC,CAAA,EAC7D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACrC;aAAM;YACL,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,MAAM,IAAA,uCAAuB,EAClC,MAAM,EACN,MAAM,EACN,MAAM,IAAI,CAAC,mCAAmC,CAAC,YAAY,CAAC,EAC5D,MAAM,CACP,CAAC;AACJ,CAAC;AA1DD,0BA0DC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;gBACpE,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAzCD,8CAyCC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,eAAmC,EACnC,UAA8B,EAC9B,UAA8B,EAC9B,kBAA2B,EAC3B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,eAAe,EACf,UAAU,EACV,UAAU,EACV,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA5CD,gCA4CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC,EAChC,YAA0B,EAC1B,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,YAAY,EACZ,MAAM,CACP,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,YAAY,CAAC,CAAC,CAAC,CAAC;KACvB;IACD,OAAO,MAAM,IAAA,uCAAuB,EAClC,MAAM,EACN,MAAM,EACN,MAAM,IAAI,CAAC,mCAAmC,CAAC,YAAY,CAAC,EAC5D,MAAM,CACP,CAAC;AACJ,CAAC;AAzCD,0BAyCC;AAED;;;;;;;;GAQG;AACH,SAAS,YAAY,CAAC,CAAM;;IAC1B,IAAI,CAAC,CAAC,CAAC,YAAY,KAAK,CAAC,EAAE;QACzB,OAAO,CAAC,CAAC;KACV;IAED;IACE,2BAA2B;IAC3B,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC;SACnD,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,uCAAuC,CAAC,CAAA,EAC5D;QACA,OAAO,IAAI,IAAI,CAAC,SAAS,CACvB,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;KACH;IAED;IACE,+EAA+E;IAC/E,CAAA,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,wCAAwC,CAAC;;QAC7D,gEAAgE;QAChE,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,qBAAqB,CAAC,CAAA,EAC1C;QACA,OAAO,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;KACtC;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE;gBACpE,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAzCD,8CAyCC"}

lib/trap-caching.js

@@ -37,6 +37,11 @@ const CACHE_SIZE_MB = 1024;
 // This constant sets the minimum size in megabytes of a TRAP
 // cache for us to consider it worth uploading.
 const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
+// The maximum number of milliseconds to wait for TRAP cache
+// uploads or downloads to complete before continuing. Note
+// this timeout is per operation, so will be run as many
+// times as there are languages with TRAP caching enabled.
+const MAX_CACHE_OPERATION_MS = 120000; // Two minutes
 async function getTrapCachingExtractorConfigArgs(config) {
     const result = [];
     for (const language of config.languages)
@@ -95,9 +100,11 @@ async function downloadTrapCaches(codeql, languages, logger) {
         // The SHA from the base of the PR is the most similar commit we might have a cache for
         const preferredKey = await cacheKey(codeql, language, baseSha);
         logger.info(`Looking in Actions cache for TRAP cache with key ${preferredKey}`);
-        const found = await cache.restoreCache([cacheDir], preferredKey, [
+        const found = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.restoreCache([cacheDir], preferredKey, [
             await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
-        ]);
+        ]), () => {
+            logger.info(`Timed out waiting for TRAP cache download for ${language}, will continue without it`);
+        });
         if (found === undefined) {
             // We didn't find a TRAP cache in the Actions cache, so the directory on disk is
             // still just an empty directory. There's no reason to tell the extractor to use it,
@@ -119,7 +126,6 @@ exports.downloadTrapCaches = downloadTrapCaches;
 async function uploadTrapCaches(codeql, config, logger) {
     if (!(await actionsUtil.isAnalyzingDefaultBranch()))
         return false; // Only upload caches from the default branch
-    const toAwait = [];
     for (const language of config.languages) {
         const cacheDir = config.trapCaches[language];
         if (cacheDir === undefined)
@@ -135,9 +141,10 @@ async function uploadTrapCaches(codeql, config, logger) {
         }
         const key = await cacheKey(codeql, language, process.env.GITHUB_SHA || "unknown");
         logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-        toAwait.push(cache.saveCache([cacheDir], key));
+        await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, cache.saveCache([cacheDir], key), () => {
+            logger.info(`Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`);
+        });
     }
-    await Promise.all(toAwait);
     return true;
 }
 exports.uploadTrapCaches = uploadTrapCaches;

lib/util.js

@@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.tryGetFolderBytes = exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.withTimeout = exports.tryGetFolderBytes = exports.isGoExtractionReconciliationEnabled = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -679,6 +679,15 @@ async function useCodeScanningConfigInCli(codeql, featureFlags) {
     return await codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_CONFIG_FILES);
 }
 exports.useCodeScanningConfigInCli = useCodeScanningConfigInCli;
+async function logCodeScanningConfigInCli(codeql, featureFlags, logger) {
+    if (await useCodeScanningConfigInCli(codeql, featureFlags)) {
+        logger.info("Code Scanning configuration file being processed in the codeql CLI.");
+    }
+    else {
+        logger.info("Code Scanning configuration file being processed in the codeql-action.");
+    }
+}
+exports.logCodeScanningConfigInCli = logCodeScanningConfigInCli;
 /*
  * Returns whether the path in the argument represents an existing directory.
  */
@@ -735,4 +744,23 @@ async function tryGetFolderBytes(cacheDir, logger) {
     }
 }
 exports.tryGetFolderBytes = tryGetFolderBytes;
+/**
+ * Run a promise for a given amount of time, and if it doesn't resolve within
+ * that time, call the provided callback and then return undefined.
+ *
+ * @param timeoutMs The timeout in milliseconds.
+ * @param promise The promise to run.
+ * @param onTimeout A callback to call if the promise times out.
+ * @returns The result of the promise, or undefined if the promise times out.
+ */
+async function withTimeout(timeoutMs, promise, onTimeout) {
+    const timeout = new Promise((resolve) => {
+        setTimeout(() => {
+            onTimeout();
+            resolve(undefined);
+        }, timeoutMs);
+    });
+    return await Promise.race([promise, timeout]);
+}
+exports.withTimeout = withTimeout;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -396,4 +396,32 @@ function mockVersion(version) {
         },
     };
 }
+const longTime = 999999;
+const shortTime = 10;
+(0, ava_1.default)("withTimeout on long task", async (t) => {
+    let longTaskTimedOut = false;
+    const longTask = new Promise((resolve) => {
+        setTimeout(() => {
+            resolve(42);
+        }, longTime);
+    });
+    const result = await util.withTimeout(shortTime, longTask, () => {
+        longTaskTimedOut = true;
+    });
+    t.deepEqual(longTaskTimedOut, true);
+    t.deepEqual(result, undefined);
+});
+(0, ava_1.default)("withTimeout on short task", async (t) => {
+    let shortTaskTimedOut = false;
+    const shortTask = new Promise((resolve) => {
+        setTimeout(() => {
+            resolve(99);
+        }, shortTime);
+    });
+    const result = await util.withTimeout(longTime, shortTask, () => {
+        shortTaskTimedOut = true;
+    });
+    t.deepEqual(shortTaskTimedOut, false);
+    t.deepEqual(result, 99);
+});
 //# sourceMappingURL=util.test.js.map

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.26",
+  "version": "2.1.27",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.26",
+  "version": "2.1.27",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.26",
+      "version": "2.1.27",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.0.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.26",
+  "version": "2.1.27",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

src/analyze.ts

@@ -239,6 +239,9 @@ export async function runQueries(
   }
 
   const codeql = await getCodeQL(config.codeQLCmd);
+
+  await util.logCodeScanningConfigInCli(codeql, featureFlags, logger);
+
   for (const language of config.languages) {
     const queries = config.queries[language];
     const queryFilters = validateQueryFilters(

src/api-compatibility.json

@@ -1 +1 @@
-{"maximumVersion": "3.7", "minimumVersion": "3.3"}
+{"maximumVersion": "3.7", "minimumVersion": "3.2"}

src/codeql.test.ts

@@ -81,7 +81,7 @@ async function mockApiAndSetupCodeQL({
   tmpDir: string;
   toolsInput?: { input?: string };
   version: string;
-}) {
+}): Promise<{ codeql: codeql.CodeQL; toolsVersion: string }> {
   const platform =
     process.platform === "win32"
       ? "win64"
@@ -104,7 +104,7 @@ async function mockApiAndSetupCodeQL({
       )
     );
 
-  await codeql.setupCodeQL(
+  return await codeql.setupCodeQL(
     toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`,
     apiDetails ?? sampleApiDetails,
     tmpDir,
@@ -124,8 +124,9 @@ test("download codeql bundle cache", async (t) => {
     for (let i = 0; i < versions.length; i++) {
       const version = versions[i];
 
-      await mockApiAndSetupCodeQL({ version, tmpDir });
+      const codeQLConfig = await mockApiAndSetupCodeQL({ version, tmpDir });
       t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
+      t.deepEqual(codeQLConfig.toolsVersion, version);
     }
 
     t.is(toolcache.findAllVersions("CodeQL").length, 2);
@@ -136,15 +137,20 @@ test("download codeql bundle cache explicitly requested with pinned different ve
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({ version: "20200610", tmpDir });
+    const unpinnedCodeQLConfig = await mockApiAndSetupCodeQL({
+      version: "20200610",
+      tmpDir,
+    });
     t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
+    t.deepEqual(unpinnedCodeQLConfig.toolsVersion, "20200610");
   });
 });
 
@@ -152,15 +158,16 @@ test("don't download codeql bundle cache with pinned different version cached",
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await codeql.setupCodeQL(
+    const codeQLConfig = await codeql.setupCodeQL(
       undefined,
       sampleApiDetails,
       tmpDir,
@@ -169,6 +176,7 @@ test("don't download codeql bundle cache with pinned different version cached",
       getRunnerLogger(true),
       false
     );
+    t.deepEqual(codeQLConfig.toolsVersion, "0.0.0-20200601");
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 
@@ -180,16 +188,24 @@ test("download codeql bundle cache with different version cached (not pinned)",
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({ version: "20200601", tmpDir });
+    const cachedCodeQLConfig = await mockApiAndSetupCodeQL({
+      version: "20200601",
+      tmpDir,
+    });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(cachedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({
+    const codeQLConfig = await mockApiAndSetupCodeQL({
       version: defaults.bundleVersion,
       tmpDir,
       apiDetails: sampleApiDetails,
       toolsInput: { input: undefined },
     });
+    t.deepEqual(
+      codeQLConfig.toolsVersion,
+      defaults.bundleVersion.replace("codeql-bundle-", "")
+    );
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 
@@ -201,20 +217,25 @@ test('download codeql bundle cache with pinned different version cached if "late
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
-    await mockApiAndSetupCodeQL({
+    const pinnedCodeQLConfig = await mockApiAndSetupCodeQL({
       version: "20200601",
       isPinned: true,
       tmpDir,
     });
 
     t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+    t.deepEqual(pinnedCodeQLConfig.toolsVersion, "20200601");
 
-    await mockApiAndSetupCodeQL({
+    const latestCodeQLConfig = await mockApiAndSetupCodeQL({
       version: defaults.bundleVersion,
       apiDetails: sampleApiDetails,
       toolsInput: { input: "latest" },
       tmpDir,
     });
+    t.deepEqual(
+      latestCodeQLConfig.toolsVersion,
+      defaults.bundleVersion.replace("codeql-bundle-", "")
+    );
 
     const cachedVersions = toolcache.findAllVersions("CodeQL");
 

src/codeql.ts

@@ -421,7 +421,7 @@ async function getCodeQLBundleDownloadURL(
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
- * @returns
+ * @returns a { CodeQL, toolsVersion } object.
  */
 export async function setupCodeQL(
   codeqlURL: string | undefined,
@@ -479,6 +479,7 @@ export async function setupCodeQL(
               `CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`
             );
             codeqlFolder = tmpCodeqlFolder;
+            codeqlURLVersion = codeqlVersions[0];
           }
         }
       }

src/config-utils.ts

@@ -24,6 +24,7 @@ import {
   codeQlVersionAbove,
   getMlPoweredJsQueriesPack,
   GitHubVersion,
+  logCodeScanningConfigInCli,
   ML_POWERED_JS_QUERIES_PACK_NAME,
   useCodeScanningConfigInCli,
 } from "./util";
@@ -1704,6 +1705,8 @@ export async function initConfig(
   // When using the codescanning config in the CLI, pack downloads
   // happen in the CLI during the `database init` command, so no need
   // to download them here.
+  await logCodeScanningConfigInCli(codeQL, featureFlags, logger);
+
   if (!(await useCodeScanningConfigInCli(codeQL, featureFlags))) {
     const registries = parseRegistries(registriesInput);
     await downloadPacks(

src/init.ts

@@ -117,24 +117,7 @@ export async function runInit(
       }
     }
   } catch (e) {
-    // Handle the situation where init is called twice
-    // for the same database in the same job.
-    if (
-      e instanceof Error &&
-      e.message?.includes("Refusing to create databases") &&
-      e.message.includes("exists and is not an empty directory.")
-    ) {
-      throw new util.UserError(
-        `Is the "init" action called twice in the same job? ${e.message}`
-      );
-    } else if (
-      e instanceof Error &&
-      e.message?.includes("is not compatible with this CodeQL CLI")
-    ) {
-      throw new util.UserError(e.message);
-    } else {
-      throw e;
-    }
+    throw processError(e);
   }
   return await getCombinedTracerConfig(
     config,
@@ -144,6 +127,42 @@ export async function runInit(
   );
 }
 
+/**
+ * Possibly convert this error into a UserError in order to avoid
+ * counting this error towards our internal error budget.
+ *
+ * @param e The error to possibly convert to a UserError.
+ *
+ * @returns A UserError if the error is a known error that can be
+ *         attributed to the user, otherwise the original error.
+ */
+function processError(e: any): Error {
+  if (!(e instanceof Error)) {
+    return e;
+  }
+
+  if (
+    // Init action called twice
+    e.message?.includes("Refusing to create databases") &&
+    e.message?.includes("exists and is not an empty directory.")
+  ) {
+    return new util.UserError(
+      `Is the "init" action called twice in the same job? ${e.message}`
+    );
+  }
+
+  if (
+    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
+    e.message?.includes("is not compatible with this CodeQL CLI") ||
+    // Expected source location for database creation does not exist
+    e.message?.includes("Invalid source root")
+  ) {
+    return new util.UserError(e.message);
+  }
+
+  return e;
+}
+
 // Runs a powershell script to inject the tracer into a parent process
 // so it can tracer future processes, hopefully including the build process.
 // If processName is given then injects into the nearest parent process with

src/trap-caching.ts

@@ -8,7 +8,7 @@ import { CodeQL, CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES } from "./codeql";
 import { Config } from "./config-utils";
 import { Language } from "./languages";
 import { Logger } from "./logging";
-import { codeQlVersionAbove, tryGetFolderBytes } from "./util";
+import { codeQlVersionAbove, tryGetFolderBytes, withTimeout } from "./util";
 
 // This constant should be bumped if we make a breaking change
 // to how the CodeQL Action stores or retrieves the TRAP cache,
@@ -24,6 +24,12 @@ const CACHE_SIZE_MB = 1024;
 // cache for us to consider it worth uploading.
 const MINIMUM_CACHE_MB_TO_UPLOAD = 10;
 
+// The maximum number of milliseconds to wait for TRAP cache
+// uploads or downloads to complete before continuing. Note
+// this timeout is per operation, so will be run as many
+// times as there are languages with TRAP caching enabled.
+const MAX_CACHE_OPERATION_MS = 120_000; // Two minutes
+
 export async function getTrapCachingExtractorConfigArgs(
   config: Config
 ): Promise<string[]> {
@@ -107,9 +113,17 @@ export async function downloadTrapCaches(
     logger.info(
       `Looking in Actions cache for TRAP cache with key ${preferredKey}`
     );
-    const found = await cache.restoreCache([cacheDir], preferredKey, [
-      await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
-    ]);
+    const found = await withTimeout(
+      MAX_CACHE_OPERATION_MS,
+      cache.restoreCache([cacheDir], preferredKey, [
+        await cachePrefix(codeql, language), // Fall back to any cache with the right key prefix
+      ]),
+      () => {
+        logger.info(
+          `Timed out waiting for TRAP cache download for ${language}, will continue without it`
+        );
+      }
+    );
     if (found === undefined) {
       // We didn't find a TRAP cache in the Actions cache, so the directory on disk is
       // still just an empty directory. There's no reason to tell the extractor to use it,
@@ -136,7 +150,6 @@ export async function uploadTrapCaches(
 ): Promise<boolean> {
   if (!(await actionsUtil.isAnalyzingDefaultBranch())) return false; // Only upload caches from the default branch
 
-  const toAwait: Array<Promise<number>> = [];
   for (const language of config.languages) {
     const cacheDir = config.trapCaches[language];
     if (cacheDir === undefined) continue;
@@ -159,9 +172,16 @@ export async function uploadTrapCaches(
       process.env.GITHUB_SHA || "unknown"
     );
     logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
-    toAwait.push(cache.saveCache([cacheDir], key));
+    await withTimeout(
+      MAX_CACHE_OPERATION_MS,
+      cache.saveCache([cacheDir], key),
+      () => {
+        logger.info(
+          `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`
+        );
+      }
+    );
   }
-  await Promise.all(toAwait);
   return true;
 }
 

src/util.test.ts

@@ -601,3 +601,34 @@ function mockVersion(version) {
     },
   } as CodeQL;
 }
+
+const longTime = 999_999;
+const shortTime = 10;
+
+test("withTimeout on long task", async (t) => {
+  let longTaskTimedOut = false;
+  const longTask = new Promise((resolve) => {
+    setTimeout(() => {
+      resolve(42);
+    }, longTime);
+  });
+  const result = await util.withTimeout(shortTime, longTask, () => {
+    longTaskTimedOut = true;
+  });
+  t.deepEqual(longTaskTimedOut, true);
+  t.deepEqual(result, undefined);
+});
+
+test("withTimeout on short task", async (t) => {
+  let shortTaskTimedOut = false;
+  const shortTask = new Promise((resolve) => {
+    setTimeout(() => {
+      resolve(99);
+    }, shortTime);
+  });
+  const result = await util.withTimeout(longTime, shortTask, () => {
+    shortTaskTimedOut = true;
+  });
+  t.deepEqual(shortTaskTimedOut, false);
+  t.deepEqual(result, 99);
+});

src/util.ts

@@ -817,6 +817,22 @@ export async function useCodeScanningConfigInCli(
   return await codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES);
 }
 
+export async function logCodeScanningConfigInCli(
+  codeql: CodeQL,
+  featureFlags: FeatureFlags,
+  logger: Logger
+) {
+  if (await useCodeScanningConfigInCli(codeql, featureFlags)) {
+    logger.info(
+      "Code Scanning configuration file being processed in the codeql CLI."
+    );
+  } else {
+    logger.info(
+      "Code Scanning configuration file being processed in the codeql-action."
+    );
+  }
+}
+
 /*
  * Returns whether the path in the argument represents an existing directory.
  */
@@ -878,3 +894,27 @@ export async function tryGetFolderBytes(
     return undefined;
   }
 }
+
+/**
+ * Run a promise for a given amount of time, and if it doesn't resolve within
+ * that time, call the provided callback and then return undefined.
+ *
+ * @param timeoutMs The timeout in milliseconds.
+ * @param promise The promise to run.
+ * @param onTimeout A callback to call if the promise times out.
+ * @returns The result of the promise, or undefined if the promise times out.
+ */
+export async function withTimeout<T>(
+  timeoutMs: number,
+  promise: Promise<T>,
+  onTimeout: () => void
+): Promise<T | undefined> {
+  const timeout: Promise<undefined> = new Promise((resolve) => {
+    setTimeout(() => {
+      onTimeout();
+      resolve(undefined);
+    }, timeoutMs);
+  });
+
+  return await Promise.race([promise, timeout]);
+}

tests/multi-language-repo/.github/codeql/codeql-config-query-filters1.yml

@@ -3,8 +3,10 @@ name: "Check SARIF for default queries with Single include, Single exclude"
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+        - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+        - js/path-injection

tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml

@@ -10,12 +10,15 @@ packs:
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+        - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+        - js/path-injection
 
 # Query from extra pack
 - include:
-    id: javascript/example/empty-or-one-block
+    id:
+        - javascript/example/empty-or-one-block

tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml

@@ -20,16 +20,20 @@ packs:
 query-filters:
 # This should run js/path-injection and js/zipslip
 - include:
-    tags contain: external/cwe/cwe-022
+    tags contain:
+      - external/cwe/cwe-022
 
 # Removes js/path-injection
 - exclude:
-    id: js/path-injection
+    id:
+      - js/path-injection
 
 # Query from extra pack
 - include:
-    id: javascript/example/empty-or-one-block
+    id:
+      - javascript/example/empty-or-one-block
 
 # Local query
 - include:
-    id: inrepo-javascript-querypack/show-ifs
+    id:
+      - inrepo-javascript-querypack/show-ifs