Merge pull request #1634 from github/update-v2.2.10-66aeadb4c

Merge main into releases/v2
Update changelog for v2.2.10
2025-12-26 09:10:07 +08:00 · 2023-04-05 17:13:56 +01:00 · 2023-04-05 15:35:01 +00:00 · 2023-04-05 10:46:12 +01:00 · 2023-04-04 14:38:19 -07:00 · 2023-04-04 13:39:56 -07:00
83 changed files with 379 additions and 157 deletions
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
--- a/.github/actions/check-sarif/action.yml
+++ b/.github/actions/check-sarif/action.yml
--- a/.github/actions/check-sarif/index.js
+++ b/.github/actions/check-sarif/index.js
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
--- a/.github/actions/query-filter-test/action.yml
+++ b/.github/actions/query-filter-test/action.yml
@@ -44,7 +44,7 @@ runs:
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - name: Check SARIF
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file:  ${{ inputs.sarif-file }}
        queries-run: ${{ inputs.queries-run}}
--- a/.github/actions/setup-swift/action.yml
+++ b/.github/actions/setup-swift/action.yml
--- a/.github/actions/update-bundle/action.yml
+++ b/.github/actions/update-bundle/action.yml
@@ -0,0 +1,14 @@
 name: Update default CodeQL bundle
 description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
 runs:
  using: composite
  steps:
    - name: Install ts-node
      shell: bash
      run: npm install -g ts-node
    - name: Run update script
      working-directory: ${{ github.action_path }}
      shell: bash
      run: ts-node ./index.ts
--- a/.github/actions/update-bundle/index.ts
+++ b/.github/actions/update-bundle/index.ts
@@ -0,0 +1,69 @@
 import * as fs from 'fs';
 import * as github from '@actions/github';
 interface BundleInfo {
  bundleVersion: string;
  cliVersion: string;
 }
 interface Defaults {
  bundleVersion: string;
  cliVersion: string;
  priorBundleVersion: string;
  priorCliVersion: string;
 }
 const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
 function getCodeQLCliVersionForRelease(release): string {
  // We do not currently tag CodeQL bundles based on the CLI version they contain.
  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
  // This marker file is uploaded as a release asset for all new CodeQL bundles.
  const cliVersionsFromMarkerFiles = release.assets
  .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
  .filter((v) => v)
  .map((v) => v as string);
  if (cliVersionsFromMarkerFiles.length > 1) {
    throw new Error(
      `Release ${release.tag_name} has multiple CLI version marker files.`
      );
    } else if (cliVersionsFromMarkerFiles.length === 0) {
      throw new Error(
        `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
        );
      }
      return cliVersionsFromMarkerFiles[0];
    }
    async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
      return {
        bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
        cliVersion: getCodeQLCliVersionForRelease(release)
      };
    }
    async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
      const release = github.context.payload.release;
      console.log('Updating default bundle as a result of the following release: ' +
      `${JSON.stringify(release)}.`)
      const bundleInfo = await getBundleInfoFromRelease(release);
      return {
        bundleVersion: bundleInfo.bundleVersion,
        cliVersion: bundleInfo.cliVersion,
        priorBundleVersion: currentDefaults.bundleVersion,
        priorCliVersion: currentDefaults.cliVersion
      };
    }
    async function main() {
      const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
      const newDefaults = await getNewDefaults(previousDefaults);
      // Update the source file in the repository. Calling workflows should subsequently rebuild
      // the Action to update `lib/defaults.json`.
      fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
    }
    // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
    // So instead we rely on the fact that Node won't exit until the event loop is empty.
    main();
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,6 +16,6 @@ updates:
    schedule:
      interval: weekly
  - package-ecosystem: github-actions
-    directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
    schedule:
      interval: weekly
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -69,7 +69,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -39,7 +39,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -45,7 +45,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -25,6 +25,12 @@ jobs:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-20230317
        - os: macos-latest
          version: stable-20230317
        - os: windows-latest
          version: stable-20230317
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -45,7 +51,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -39,7 +39,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
@@ -49,7 +49,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Build code
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -35,7 +35,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -69,7 +69,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -57,7 +57,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -57,7 +57,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -57,7 +57,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -51,7 +51,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Init with registries
@@ -69,8 +69,8 @@ jobs:
    - name: Verify packages installed
      shell: bash
      run: |
-        PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
+        PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
-        CODEQL_PACK1="$HOME/.codeql/packages/dsp-testing/codeql-pack1"
+        CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
        if [[ -d $PRIVATE_PACK ]]
        then
@@ -117,5 +117,9 @@ jobs:
            cat $QLCONFIG_PATH
            exit 1
        fi
    permissions:
      contents: read
      packages: read
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -39,7 +39,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Move codeql-action
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@@ -57,7 +57,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
@@ -85,7 +85,7 @@ jobs:
        retention-days: 7
    - name: Check sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
      with:
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -57,7 +57,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
@@ -71,7 +71,7 @@ jobs:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -51,13 +51,13 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -69,7 +69,7 @@ jobs:
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -51,13 +51,13 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -69,7 +69,7 @@ jobs:
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -51,7 +51,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
@@ -68,7 +68,7 @@ jobs:
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -51,14 +51,14 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging2.yml
        languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
      shell: bash
@@ -68,7 +68,7 @@ jobs:
        output: ${{ runner.temp }}/results
    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -69,7 +69,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -35,7 +35,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Ruby
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -45,7 +45,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -45,13 +45,13 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -39,7 +39,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: actions/checkout@v3
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -45,7 +45,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
@@ -53,7 +53,7 @@ jobs:
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Check working directory
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -35,7 +35,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Test setup
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -35,7 +35,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Fetch a CodeQL bundle
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -35,7 +35,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -45,7 +45,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -69,7 +69,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -69,7 +69,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -47,12 +47,12 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Empty file
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: "{}"
        languages: javascript
@@ -60,31 +60,31 @@ jobs:
    - name: Packs from input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Queries from input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -96,7 +96,7 @@ jobs:
    - name: Queries from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -108,27 +108,27 @@ jobs:
    - name: Queries and packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Queries and packs from config
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }],
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
            }
          }
        languages: javascript
@@ -137,7 +137,7 @@ jobs:
    - name: Queries and packs from config overriden by input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -152,7 +152,7 @@ jobs:
    - name: Queries and packs from config merging with input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -161,7 +161,7 @@ jobs:
              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }
            ],
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2", "codeql/javascript-queries" ]
            }
          }
        languages: javascript
@@ -172,12 +172,12 @@ jobs:
    - name: Multi-language packs from config
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ],
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ],
              "ruby": ["codeql/ruby-queries"]
            },
            "queries": [
@@ -190,7 +190,7 @@ jobs:
    - name: Other config properties
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -209,7 +209,7 @@ jobs:
      if: success() || failure()
      env:
        CODEQL_PASS_CONFIG_TO_CLI: false
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: ""
        languages: javascript
--- a/.github/workflows/debug-artifacts-failure.yml
+++ b/.github/workflows/debug-artifacts-failure.yml
@@ -36,7 +36,7 @@ jobs:
        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
        with:
          version: latest
      - uses: actions/setup-go@v4
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -56,7 +56,7 @@ jobs:
        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v4
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@@ -25,7 +25,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: latest
    - uses: ./../action/init
@@ -39,7 +39,7 @@ jobs:
        upload: never
    - name: Check Sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/incomplete-hostname-regexp,js/path-injection
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -23,12 +23,12 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: latest
    - name: Check SARIF for default queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip
@@ -37,7 +37,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Check SARIF for query packs with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block
@@ -46,7 +46,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Check SARIF for query packs and local queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -0,0 +1,82 @@
 name: Update default CodeQL bundle
 on:
  release:
    types: [prereleased]
 jobs:
  update-bundle:
    if: startsWith(github.event.release.tag_name, 'codeql-bundle-')
    runs-on: ubuntu-latest
    steps:
      - name: Dump environment
        run: env
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v3
      - name: Update git config
        run: |
          git config --global user.email "github-actions@github.com"
          git config --global user.name "github-actions[bot]"
      - name: Update bundle
        uses: ./.github/actions/update-bundle
      - name: Rebuild Action
        run: npm run build
      - name: Commit and push changes
        env:
          RELEASE_TAG: "${{ github.event.release.tag_name }}"
        run: |
          git checkout -b "update-bundle/$RELEASE_TAG"
          git commit -am "Update default bundle to $RELEASE_TAG"
          git push --set-upstream origin "update-bundle/$RELEASE_TAG"
      - name: Open pull request
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          cli_version=$(jq -r '.cliVersion' src/defaults.json)
          pr_url=$(gh pr create \
            --title "Update default bundle to $cli_version" \
            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
            --assignee "$GITHUB_ACTOR" \
            --draft \
          )
          echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
          echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
      - name: Create changelog note
        shell: python
        run: |
          import os
          import re
          # Get the PR number from the PR URL.
          pr_number = os.environ['PR_URL'].split('/')[-1]
          changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
          # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
          # Use perl to avoid having to escape the newline character.
          with open('CHANGELOG.md', 'r') as f:
              changelog = f.read()
          changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
          # Add the changelog note to the bottom of the "[UNRELEASED]" section.
          changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
          with open('CHANGELOG.md', 'w') as f:
              f.write(changelog)
      - name: Push changelog note
        run: |
          git commit -am "Add changelog note"
          git push
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,8 @@
 # CodeQL Action Changelog
-## [UNRELEASED]
+## 2.2.10 - 05 Apr 2023
-No user facing changes.
+- Update default CodeQL bundle version to 2.12.6. [#1629](https://github.com/github/codeql-action/pull/1629)
 ## 2.2.9 - 27 Mar 2023
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -106,6 +106,11 @@ exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
 * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
 */
 exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
 /**
 * Versions 2.12.6+ of the CodeQL CLI fix a bug where duplicate notification objects could be produced,
 * leading to an invalid SARIF output.
 */
 exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = "2.12.6";
 /**
 * Set up CodeQL CLI access.
 *
@@ -509,7 +514,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        },
        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
            const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
-            const codeqlOutputFile = shouldExportDiagnostics
+            const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
                !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED));
            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
                ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
                : sarifFile;
            const codeqlArgs = [
@@ -546,7 +553,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            }
            // capture stdout, which contains analysis summaries
            const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
-            if (shouldExportDiagnostics) {
+            if (shouldWorkaroundInvalidNotifications) {
                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
            }
            return returnState.stdout;
@@ -626,14 +633,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            await new toolrunner.ToolRunner(cmd, args).exec();
        },
        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
-            const intermediateSarifFile = path.join(tempDir, "codeql-intermediate-results.sarif");
+            const shouldWorkaroundInvalidNotifications = !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED));
            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
                ? path.join(tempDir, "codeql-intermediate-results.sarif")
                : sarifFile;
            const args = [
                "database",
                "export-diagnostics",
                `${databasePath}`,
                "--db-cluster",
                "--format=sarif-latest",
-                `--output=${intermediateSarifFile}`,
+                `--output=${codeqlOutputFile}`,
                "--sarif-include-diagnostics",
                "-vvv",
                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -642,8 +652,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                args.push("--sarif-category", automationDetailsId);
            }
            await new toolrunner.ToolRunner(cmd, args).exec();
-            // Fix invalid notifications in the SARIF file output by CodeQL.
+            if (shouldWorkaroundInvalidNotifications) {
-            util.fixInvalidNotificationsInFile(intermediateSarifFile, sarifFile, logger);
+                // Fix invalid notifications in the SARIF file output by CodeQL.
                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
            }
        },
        async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
            const args = [
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@@ -382,11 +382,11 @@ for (const isBundleVersionInUrl of [true, false]) {
            tagName: "codeql-bundle-20230203",
        });
        mockDownloadApi({
-            repo: "dsp-testing/codeql-cli-nightlies",
+            repo: "codeql-testing/codeql-cli-nightlies",
            platformSpecific: false,
            tagName: "codeql-bundle-20230203",
        });
-        const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.is(result.toolsVersion, "0.0.0-20230203");
        t.is(result.toolsSource, init_1.ToolsSource.Download);
        t.true(Number.isInteger(result.toolsDownloadDurationMs));
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -1134,7 +1134,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            {
                // no slash
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1200,7 +1200,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1227,7 +1227,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                // missing url property
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1252,7 +1252,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            {
                // no slash
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
        ]);
@@ -1283,7 +1283,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
        ]);
--- a/lib/config-utils.test.js.map
+++ b/lib/config-utils.test.js.map
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230317",
+    "bundleVersion": "codeql-bundle-20230403",
-    "cliVersion": "2.12.5",
+    "cliVersion": "2.12.6",
-    "priorBundleVersion": "codeql-bundle-20230304",
+    "priorBundleVersion": "codeql-bundle-20230317",
-    "priorCliVersion": "2.12.4"
+    "priorCliVersion": "2.12.5"
 }
--- a/lib/util.js
+++ b/lib/util.js
@@ -719,6 +719,9 @@ function fixInvalidNotifications(sarif, logger) {
        logger.info(`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
            "objects.");
    }
    else {
        logger.debug("No duplicate locations found in SARIF notification objects.");
    }
    return newSarif;
 }
 exports.fixInvalidNotifications = fixInvalidNotifications;
--- a/lib/util.js.map
+++ b/lib/util.js.map
--- a/lib/util.test.js
+++ b/lib/util.test.js
@@ -363,7 +363,11 @@ const stubLocation = {
    const messages = [];
    const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages));
    t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
-    t.is(messages.length, 0);
+    t.is(messages.length, 1);
    t.deepEqual(messages[0], {
        type: "debug",
        message: "No duplicate locations found in SARIF notification objects.",
    });
 });
 (0, ava_1.default)("fixInvalidNotifications removes duplicate locations", (t) => {
    const messages = [];
--- a/lib/util.test.js.map
+++ b/lib/util.test.js.map
--- a/pr-checks/checks/diagnostics-export.yml
+++ b/pr-checks/checks/diagnostics-export.yml
@@ -1,6 +1,8 @@
 name: "Diagnostic export"
 description: "Tests that manually added diagnostics are correctly exported to SARIF."
-versions: ["latest", "nightly-latest"]
+# Test on 2.12.5 (which requires a workaround in the Action), the latest release, and the latest
 # nightly.
 versions: ["stable-20230317", "latest", "nightly-latest"]
 env:
  CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
 steps:
--- a/pr-checks/checks/export-file-baseline-information.yml
+++ b/pr-checks/checks/export-file-baseline-information.yml
@@ -11,7 +11,7 @@ steps:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
    env:
      CODEQL_FILE_BASELINE_INFORMATION: true
-  - uses: ./../action/.github/setup-swift
+  - uses: ./../action/.github/actions/setup-swift
    with:
      codeql-path: ${{steps.init.outputs.codeql-path}}
  - name: Build code
--- a/pr-checks/checks/init-with-registries.yml
+++ b/pr-checks/checks/init-with-registries.yml
@@ -11,6 +11,10 @@ versions: [
    "nightly-latest",
 ]
 permissions:
  contents: read
  packages: read
 steps:
  - name: Init with registries
    uses: ./../action/init
@@ -27,8 +31,8 @@ steps:
  - name: Verify packages installed
    shell: bash
    run: |
-      PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
+      PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
-      CODEQL_PACK1="$HOME/.codeql/packages/dsp-testing/codeql-pack1"
+      CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
      if [[ -d $PRIVATE_PACK ]]
      then
--- a/pr-checks/checks/ml-powered-queries.yml
+++ b/pr-checks/checks/ml-powered-queries.yml
@@ -28,7 +28,7 @@ steps:
      retention-days: 7
  - name: Check sarif
-    uses: ./../action/.github/check-sarif
+    uses: ./../action/.github/actions/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
    if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
    with:
--- a/pr-checks/checks/multi-language-autodetect.yml
+++ b/pr-checks/checks/multi-language-autodetect.yml
@@ -10,7 +10,7 @@ steps:
      db-location: "${{ runner.temp }}/customDbLocation"
      tools: ${{ steps.prepare-test.outputs.tools-url }}
-  - uses: ./../action/.github/setup-swift
+  - uses: ./../action/.github/actions/setup-swift
    with:
      codeql-path: ${{steps.init.outputs.codeql-path}}
--- a/pr-checks/checks/packaging-codescanning-config-inputs-js.yml
+++ b/pr-checks/checks/packaging-codescanning-config-inputs-js.yml
@@ -9,7 +9,7 @@ steps:
  - uses: ./../action/init
    with:
      config-file: ".github/codeql/codeql-config-packaging3.yml"
-      packs: +dsp-testing/codeql-pack1@1.0.0
+      packs: +codeql-testing/codeql-pack1@1.0.0
      languages: javascript
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - name: Build code
@@ -21,7 +21,7 @@ steps:
      upload-database: false
  - name: Check results
-    uses: ./../action/.github/check-sarif
+    uses: ./../action/.github/actions/check-sarif
    with:
      sarif-file: ${{ runner.temp }}/results/javascript.sarif
      queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/pr-checks/checks/packaging-config-inputs-js.yml
+++ b/pr-checks/checks/packaging-config-inputs-js.yml
@@ -5,7 +5,7 @@ steps:
  - uses: ./../action/init
    with:
      config-file: ".github/codeql/codeql-config-packaging3.yml"
-      packs: +dsp-testing/codeql-pack1@1.0.0
+      packs: +codeql-testing/codeql-pack1@1.0.0
      languages: javascript
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - name: Build code
@@ -17,7 +17,7 @@ steps:
      upload-database: false
  - name: Check results
-    uses: ./../action/.github/check-sarif
+    uses: ./../action/.github/actions/check-sarif
    with:
      sarif-file: ${{ runner.temp }}/results/javascript.sarif
      queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/pr-checks/checks/packaging-config-js.yml
+++ b/pr-checks/checks/packaging-config-js.yml
@@ -16,7 +16,7 @@ steps:
      upload-database: false
  - name: Check results
-    uses: ./../action/.github/check-sarif
+    uses: ./../action/.github/actions/check-sarif
    with:
      sarif-file: ${{ runner.temp }}/results/javascript.sarif
      queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/pr-checks/checks/packaging-inputs-js.yml
+++ b/pr-checks/checks/packaging-inputs-js.yml
@@ -6,7 +6,7 @@ steps:
    with:
      config-file: ".github/codeql/codeql-config-packaging2.yml"
      languages: javascript
-      packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
+      packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - name: Build code
    shell: bash
@@ -16,7 +16,7 @@ steps:
      output: "${{ runner.temp }}/results"
  - name: Check results
-    uses: ./../action/.github/check-sarif
+    uses: ./../action/.github/actions/check-sarif
    with:
      sarif-file: ${{ runner.temp }}/results/javascript.sarif
      queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/pr-checks/checks/split-workflow.yml
+++ b/pr-checks/checks/split-workflow.yml
@@ -6,7 +6,7 @@ steps:
  - uses: ./../action/init
    with:
      config-file: ".github/codeql/codeql-config-packaging3.yml"
-      packs: +dsp-testing/codeql-pack1@1.0.0
+      packs: +codeql-testing/codeql-pack1@1.0.0
      languages: javascript
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - name: Build code
--- a/pr-checks/checks/swift-custom-build.yml
+++ b/pr-checks/checks/swift-custom-build.yml
@@ -11,7 +11,7 @@ steps:
    with:
      languages: swift
      tools: ${{ steps.prepare-test.outputs.tools-url }}
-  - uses: ./../action/.github/setup-swift
+  - uses: ./../action/.github/actions/setup-swift
    with:
      codeql-path: ${{steps.init.outputs.codeql-path}}
  - name: Check working directory
--- a/pr-checks/sync.py
+++ b/pr-checks/sync.py
@@ -79,7 +79,7 @@ for file in os.listdir('checks'):
        {
            'name': 'Prepare test',
            'id': 'prepare-test',
-            'uses': './.github/prepare-test',
+            'uses': './.github/actions/prepare-test',
            'with': {
                'version': '${{ matrix.version }}'
            }
@@ -107,8 +107,10 @@ for file in os.listdir('checks'):
        'name': checkSpecification['name'],
        'timeout-minutes': 45,
        'runs-on': '${{ matrix.os }}',
-        'steps': steps
+        'steps': steps,
    }
    if 'permissions' in checkSpecification:
        checkJob['permissions'] = checkSpecification['permissions']
    for key in ["env", "container", "services"]:
        if key in checkSpecification:
--- a/src/codeql.test.ts
+++ b/src/codeql.test.ts
@@ -554,13 +554,13 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t)
      tagName: "codeql-bundle-20230203",
    });
    mockDownloadApi({
-      repo: "dsp-testing/codeql-cli-nightlies",
+      repo: "codeql-testing/codeql-cli-nightlies",
      platformSpecific: false,
      tagName: "codeql-bundle-20230203",
    });
    const result = await codeql.setupCodeQL(
-      "https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz",
+      "https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz",
      sampleApiDetails,
      tmpDir,
      util.GitHubVariant.DOTCOM,
--- a/src/codeql.ts
+++ b/src/codeql.ts
@@ -319,6 +319,12 @@ export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
 */
 export const CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
 /**
 * Versions 2.12.6+ of the CodeQL CLI fix a bug where duplicate notification objects could be produced,
 * leading to an invalid SARIF output.
 */
 export const CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED = "2.12.6";
 /**
 * Set up CodeQL CLI access.
 *
@@ -878,7 +884,13 @@ export async function getCodeQLForCmd(
        Feature.ExportDiagnosticsEnabled,
        this
      );
-      const codeqlOutputFile = shouldExportDiagnostics
+      const shouldWorkaroundInvalidNotifications =
        shouldExportDiagnostics &&
        !(await util.codeQlVersionAbove(
          this,
          CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
        ));
      const codeqlOutputFile = shouldWorkaroundInvalidNotifications
        ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
        : sarifFile;
      const codeqlArgs = [
@@ -924,7 +936,7 @@ export async function getCodeQLForCmd(
        errorMatchers
      );
-      if (shouldExportDiagnostics) {
+      if (shouldWorkaroundInvalidNotifications) {
        util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
      }
@@ -1027,17 +1039,21 @@ export async function getCodeQLForCmd(
      tempDir: string,
      logger: Logger
    ): Promise<void> {
-      const intermediateSarifFile = path.join(
+      const shouldWorkaroundInvalidNotifications =
-        tempDir,
+        !(await util.codeQlVersionAbove(
-        "codeql-intermediate-results.sarif"
+          this,
-      );
+          CODEQL_VERSION_DUPLICATE_NOTIFICATIONS_FIXED
        ));
      const codeqlOutputFile = shouldWorkaroundInvalidNotifications
        ? path.join(tempDir, "codeql-intermediate-results.sarif")
        : sarifFile;
      const args = [
        "database",
        "export-diagnostics",
        `${databasePath}`,
        "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
        "--format=sarif-latest",
-        `--output=${intermediateSarifFile}`,
+        `--output=${codeqlOutputFile}`,
        "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
        "-vvv",
        ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -1047,12 +1063,10 @@ export async function getCodeQLForCmd(
      }
      await new toolrunner.ToolRunner(cmd, args).exec();
-      // Fix invalid notifications in the SARIF file output by CodeQL.
+      if (shouldWorkaroundInvalidNotifications) {
-      util.fixInvalidNotificationsInFile(
+        // Fix invalid notifications in the SARIF file output by CodeQL.
-        intermediateSarifFile,
+        util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
-        sarifFile,
+      }
        logger
      );
    },
    async diagnosticsExport(
      sarifFile: string,
--- a/src/config-utils.test.ts
+++ b/src/config-utils.test.ts
@@ -2307,7 +2307,7 @@ test("downloadPacks-with-registries", async (t) => {
      {
        // no slash
        url: "http://ghcr.io",
-        packages: ["codeql/*", "dsp-testing/*"],
+        packages: ["codeql/*", "codeql-testing/*"],
        token: "not-a-token",
      },
      {
@@ -2397,7 +2397,7 @@ test("downloadPacks-with-registries fails on 2.10.3", async (t) => {
    const registriesInput = yaml.dump([
      {
        url: "http://ghcr.io",
-        packages: ["codeql/*", "dsp-testing/*"],
+        packages: ["codeql/*", "codeql-testing/*"],
        token: "not-a-token",
      },
      {
@@ -2439,7 +2439,7 @@ test("downloadPacks-with-registries fails with invalid registries block", async
    const registriesInput = yaml.dump([
      {
        // missing url property
-        packages: ["codeql/*", "dsp-testing/*"],
+        packages: ["codeql/*", "codeql-testing/*"],
        token: "not-a-token",
      },
      {
@@ -2478,7 +2478,7 @@ test("no generateRegistries when CLI is too old", async (t) => {
      {
        // no slash
        url: "http://ghcr.io",
-        packages: ["codeql/*", "dsp-testing/*"],
+        packages: ["codeql/*", "codeql-testing/*"],
        token: "not-a-token",
      },
    ]);
@@ -2527,7 +2527,7 @@ test("generateRegistries prefers original CODEQL_REGISTRIES_AUTH", async (t) =>
    const registriesInput = yaml.dump([
      {
        url: "http://ghcr.io",
-        packages: ["codeql/*", "dsp-testing/*"],
+        packages: ["codeql/*", "codeql-testing/*"],
        token: "not-a-token",
      },
    ]);
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-20230317",
+  "bundleVersion": "codeql-bundle-20230403",
-  "cliVersion": "2.12.5",
+  "cliVersion": "2.12.6",
-  "priorBundleVersion": "codeql-bundle-20230304",
+  "priorBundleVersion": "codeql-bundle-20230317",
-  "priorCliVersion": "2.12.4"
+  "priorCliVersion": "2.12.5"
 }
--- a/src/util.test.ts
+++ b/src/util.test.ts
@@ -441,7 +441,11 @@ test("fixInvalidNotifications leaves notifications with unique locations alone",
    getRecordingLogger(messages)
  );
  t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
-  t.is(messages.length, 0);
+  t.is(messages.length, 1);
  t.deepEqual(messages[0], {
    type: "debug",
    message: "No duplicate locations found in SARIF notification objects.",
  });
 });
 test("fixInvalidNotifications removes duplicate locations", (t) => {
--- a/src/util.ts
+++ b/src/util.ts
@@ -875,6 +875,8 @@ export function fixInvalidNotifications(
      `Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
        "objects."
    );
  } else {
    logger.debug("No duplicate locations found in SARIF notification objects.");
  }
  return newSarif;
 }
--- a/tests/multi-language-repo/.github/codeql/codeql-config-packaging.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-packaging.yml
@@ -3,9 +3,9 @@ name: Pack testing in the CodeQL Action
 disable-default-queries: true
 packs:
  javascript:
-    - dsp-testing/codeql-pack1@1.0.0
+    - codeql-testing/codeql-pack1@1.0.0
-    - dsp-testing/codeql-pack2
+    - codeql-testing/codeql-pack2
-    - dsp-testing/codeql-pack3:other-query.ql
+    - codeql-testing/codeql-pack3:other-query.ql
 paths-ignore:
  - tests
--- a/tests/multi-language-repo/.github/codeql/codeql-config-packaging3.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-packaging3.yml
@@ -3,8 +3,8 @@ name: Pack testing in the CodeQL Action
 disable-default-queries: true
 packs:
  javascript:
-    - dsp-testing/codeql-pack2
+    - codeql-testing/codeql-pack2
-    - dsp-testing/codeql-pack3:other-query.ql
+    - codeql-testing/codeql-pack3:other-query.ql
 paths-ignore:
  - tests
  - lib
--- a/tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-query-filters2.yml
@@ -5,7 +5,7 @@ disable-default-queries: true
 packs:
  javascript:
    - codeql/javascript-queries
-    - dsp-testing/codeql-pack1@1.0.0
+    - codeql-testing/codeql-pack1@1.0.0
 query-filters:
 # This should run js/path-injection and js/zipslip
--- a/tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-query-filters3.yml
@@ -15,7 +15,7 @@ queries:
 packs:
  javascript:
    - codeql/javascript-queries
-    - dsp-testing/codeql-pack1@1.0.0
+    - codeql-testing/codeql-pack1@1.0.0
 query-filters:
 # This should run js/path-injection and js/zipslip
--- a/tests/multi-language-repo/.github/codeql/codeql-config-registries.yml
+++ b/tests/multi-language-repo/.github/codeql/codeql-config-registries.yml
@@ -3,5 +3,5 @@ name: Pack testing in the CodeQL Action
 disable-default-queries: true
 packs:
  javascript:
-    - dsp-testing/private-pack
+    - codeql-testing/private-pack
-    - dsp-testing/codeql-pack1
+    - codeql-testing/codeql-pack1
--- a/tests/multi-language-repo/.github/codeql/multi-language-packs-config.yml
+++ b/tests/multi-language-repo/.github/codeql/multi-language-packs-config.yml
@@ -1,7 +1,7 @@
 packs:
  javascript:
-    - dsp-testing/codeql-pack1@1.0.0
+    - codeql-testing/codeql-pack1@1.0.0
-    - dsp-testing/codeql-pack2
+    - codeql-testing/codeql-pack2
  ruby:
    - codeql/ruby-queries
--- a/tests/multi-language-repo/.github/codeql/queries-and-packs-config.yml
+++ b/tests/multi-language-repo/.github/codeql/queries-and-packs-config.yml
@@ -1,7 +1,7 @@
 packs:
  javascript:
-    - dsp-testing/codeql-pack1@1.0.0
+    - codeql-testing/codeql-pack1@1.0.0
-    - dsp-testing/codeql-pack2
+    - codeql-testing/codeql-pack2
 queries:
  - uses: ./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql
Author	SHA1	Message	Date
Alexander Eyers-Taylor	8c8d71dde4	Merge pull request #1634 from github/update-v2.2.10-66aeadb4c Merge main into releases/v2	2023-04-05 17:13:56 +01:00
github-actions[bot]	d53297ef61	Update changelog for v2.2.10	2023-04-05 15:35:01 +00:00
Henry Mercer	66aeadb4c9	Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli Skip the SARIF notification object workaround for CLIs that have fixed this bug	2023-04-05 10:46:12 +01:00
Andrew Eisenberg	fa7cce4d4b	Merge pull request #1632 from github/aeisenberg/codeql-testing-org Move to the codeql-testing org	2023-04-04 14:38:19 -07:00
Andrew Eisenberg	2754e10472	Move to the codeql-testing org Refer to the packages in codeql-testing, not in dsp-testing.	2023-04-04 13:39:56 -07:00
Henry Mercer	3bba073180	Skip the SARIF notification object workaround for fixed CLIs	2023-04-04 18:19:05 +01:00
Alexander Eyers-Taylor	ae0109a777	Merge pull request #1629 from github/alexet/update-2.12.6-2 Update default CodeQL bundle version to 2.12.6	2023-04-04 16:32:13 +01:00
Alexander Eyers-Taylor	9c869ebf0d	Update default CodeQL bundle version to 2.12.6	2023-04-04 16:01:04 +01:00
Henry Mercer	f0a422fa27	Merge pull request #1630 from github/henrymercer/automate-bundle-upgrade Automate the bundle upgrade	2023-04-03 20:07:03 +01:00
Henry Mercer	98173be3f0	Add a comment about `lib/defaults.json`	2023-04-03 19:39:22 +01:00
Henry Mercer	f6091a09eb	Use `tee` when setting env vars to improve debugging	2023-04-03 19:34:20 +01:00
Henry Mercer	a86046f817	Explain CLI version marker files	2023-04-03 19:32:03 +01:00
Henry Mercer	33f30874a7	Format `.github/actions/update-bundle/index.ts`	2023-04-03 19:30:07 +01:00
Henry Mercer	1c0a788663	Add workflow to automatically update the bundle	2023-04-03 19:10:01 +01:00
Henry Mercer	e85546ccca	Move internal Actions into `.github/actions` This is a more standard location for these custom Actions.	2023-04-03 18:29:29 +01:00