Merge pull request #1706 from github/update-v2.3.5-d3314cca2

Merge main into releases/v2

.github/actions/query-filter-test/action.yml

@@ -44,7 +44,7 @@ runs:
       env:
         CODEQL_ACTION_TEST_MODE: "true"
     - name: Check SARIF
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file:  ${{ inputs.sarif-file }}
         queries-run: ${{ inputs.queries-run}}

.github/actions/setup-swift/action.yml

@@ -0,0 +1,37 @@
+name: "Set up Swift"
+description: Sets up an appropriate Swift version if supported on this platform.
+inputs:
+  codeql-path:
+    description: Path to the CodeQL CLI executable.
+    required: true
+runs:
+  using: "composite"
+  steps:
+    - name: Get Swift version
+      id: get_swift_version
+      if: runner.os != 'Windows'
+      shell: bash
+      env: 
+        CODEQL_PATH: ${{ inputs.codeql-path }}
+      run: |
+        if [[ $RUNNER_OS = "macOS" ]]; then
+          PLATFORM="osx64"
+        else # We do not run this step on Windows.
+          PLATFORM="linux64"
+        fi 
+        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
+        if [ $SWIFT_EXTRACTOR_DIR = "null" ]; then
+          VERSION="null"
+        else
+          VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/$PLATFORM/extractor" --version | awk '/version/ { print $3 }')"
+          # Specify 5.7.0, otherwise setup Action will default to latest minor version. 
+          if [ $VERSION = "5.7" ]; then
+            VERSION="5.7.0"
+          fi
+        fi
+        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
+
+    - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+      if: runner.os != 'Windows' && steps.get_swift_version.outputs.version != 'null'
+      with:
+        swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/actions/update-bundle/action.yml

@@ -0,0 +1,14 @@
+name: Update default CodeQL bundle
+description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
+
+runs:
+  using: composite
+  steps:
+    - name: Install ts-node
+      shell: bash
+      run: npm install -g ts-node
+
+    - name: Run update script
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts

.github/actions/update-bundle/index.ts

@@ -0,0 +1,67 @@
+import * as fs from 'fs';
+import * as github from '@actions/github';
+
+interface BundleInfo {
+  bundleVersion: string;
+  cliVersion: string;
+}
+
+interface Defaults {
+  bundleVersion: string;
+  cliVersion: string;
+  priorBundleVersion: string;
+  priorCliVersion: string;
+}
+
+function getCodeQLCliVersionForRelease(release): string {
+  // We do not currently tag CodeQL bundles based on the CLI version they contain.
+  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
+  // This marker file is uploaded as a release asset for all new CodeQL bundles.
+  const cliVersionsFromMarkerFiles = release.assets
+    .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+    .filter((v) => v)
+    .map((v) => v as string);
+  if (cliVersionsFromMarkerFiles.length > 1) {
+    throw new Error(
+      `Release ${release.tag_name} has multiple CLI version marker files.`
+    );
+  } else if (cliVersionsFromMarkerFiles.length === 0) {
+    throw new Error(
+      `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+    );
+  }
+  return cliVersionsFromMarkerFiles[0];
+}
+
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+  return {
+    bundleVersion: release.tag_name,
+    cliVersion: getCodeQLCliVersionForRelease(release)
+  };
+}
+
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+  const release = github.context.payload.release;
+  console.log('Updating default bundle as a result of the following release: ' +
+    `${JSON.stringify(release)}.`)
+
+  const bundleInfo = await getBundleInfoFromRelease(release);
+  return {
+    bundleVersion: bundleInfo.bundleVersion,
+    cliVersion: bundleInfo.cliVersion,
+    priorBundleVersion: currentDefaults.bundleVersion,
+    priorCliVersion: currentDefaults.cliVersion
+  };
+}
+
+async function main() {
+  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+  const newDefaults = await getNewDefaults(previousDefaults);
+  // Update the source file in the repository. Calling workflows should subsequently rebuild
+  // the Action to update `lib/defaults.json`.
+  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}
+
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();

.github/dependabot.yml

@@ -16,6 +16,6 @@ updates:
     schedule:
       interval: weekly
   - package-ecosystem: github-actions
-    directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
     schedule:
       interval: weekly

.github/setup-swift/action.yml

@@ -1,32 +0,0 @@
-name: "Set up Swift"
-description: Performs necessary steps to set up appropriate Swift version.
-inputs:
-  codeql-path:
-    required: true
-runs:
-  using: "composite"
-  steps:
-    - name: Get Swift version
-      id: get_swift_version
-      # We don't support Swift on Windows or prior versions of CLI.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
-      shell: bash
-      env: 
-        CODEQL_PATH: ${{inputs.codeql-path}}
-      run: |
-        if [ $RUNNER_OS = "macOS" ]; then
-          PLATFORM="osx64"
-        else # We do not run this step on Windows.
-          PLATFORM="linux64"
-        fi 
-        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
-        VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/$PLATFORM/extractor" --version | awk '/version/ { print $3 }')"
-        # Specify 5.7.0, otherwise setup Action will default to latest minor version. 
-        if [ $VERSION = "5.7" ]; then
-          VERSION="5.7.0"
-        fi
-        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
-    - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
-      with:
-        swift-version: "${{steps.get_swift_version.outputs.version}}"

.github/workflows/__analyze-ref-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
@@ -25,24 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
         - os: windows-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -62,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: "Analyze: 'ref' and 'sha' from inputs"
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -69,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__autobuild-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - autobuild-action
@@ -32,6 +32,9 @@ jobs:
         - os: windows-latest
           version: latest
     name: autobuild-action
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -39,9 +42,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: csharp

.github/workflows/__config-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Config export
@@ -38,6 +38,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Config export
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,9 +48,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: javascript

.github/workflows/__diagnostics-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Diagnostic export
@@ -25,6 +25,12 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20230317
+        - os: macos-latest
+          version: stable-20230317
+        - os: windows-latest
+          version: stable-20230317
         - os: ubuntu-latest
           version: latest
         - os: macos-latest
@@ -38,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Diagnostic export
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,9 +54,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       id: init
       with:

.github/workflows/__export-file-baseline-information.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Export file baseline information
@@ -32,6 +32,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Export file baseline information
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -39,9 +42,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       id: init
       with:
@@ -49,7 +62,7 @@ jobs:
         tools: ${{ steps.prepare-test.outputs.tools-url }}
       env:
         CODEQL_FILE_BASELINE_INFORMATION: true
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
       with:
         codeql-path: ${{steps.init.outputs.codeql-path}}
     - name: Build code
@@ -70,7 +83,10 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp cs go java js py rb swift"
+        expected_baseline_languages="cpp cs go java js py rb"
+        if [[ $RUNNER_OS != "Windows" ]]; then
+          expected_baseline_languages+=" swift"
+        fi
 
         for lang in ${expected_baseline_languages}; do
           rule_name="${lang}/baseline/expected-extracted-files"
@@ -84,5 +100,4 @@ jobs:
           fi
         done
     env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA.
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__extractor-ram-threads.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Extractor ram and threads options test
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Extractor ram and threads options test
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,9 +38,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: java

.github/workflows/__go-custom-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: Custom queries'
@@ -25,24 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
         - os: windows-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -62,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Go: Custom queries'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -69,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-autobuilder.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with autobuilder step'
@@ -25,18 +25,22 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -50,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with autobuilder step'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,14 +64,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with custom build steps'
@@ -25,18 +25,22 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -50,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with custom build steps'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,14 +64,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with legacy workflow'
@@ -25,18 +25,22 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -50,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with legacy workflow'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,14 +64,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__init-with-registries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Download using registries'
@@ -44,6 +44,10 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Download using registries'
+    permissions:
+      contents: read
+      packages: read
+
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -51,9 +55,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Init with registries
       uses: ./../action/init
       with:
@@ -69,8 +83,8 @@ jobs:
     - name: Verify packages installed
       shell: bash
       run: |
-        PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
+        PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
-        CODEQL_PACK1="$HOME/.codeql/packages/dsp-testing/codeql-pack1"
+        CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
 
         if [[ -d $PRIVATE_PACK ]]
         then

.github/workflows/__javascript-source-root.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Custom source root
@@ -32,6 +32,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Custom source root
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -39,9 +42,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Move codeql-action
       shell: bash
       run: |

.github/workflows/__ml-powered-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - ML-powered queries
@@ -25,12 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
+        - os: ubuntu-latest
-          version: stable-20220120
+          version: stable-20220401
         - os: macos-latest
-          version: stable-20220120
+          version: stable-20220401
-        - os: windows-2019
+        - os: windows-latest
-          version: stable-20220120
+          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -50,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: ML-powered queries
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: javascript
@@ -85,18 +111,19 @@ jobs:
         retention-days: 7
 
     - name: Check sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
     # Running on Windows requires CodeQL CLI 2.9.0+.
-      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
+      if: "!(matrix.version == 'stable-20220401' && runner.os == 'Windows')"
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
+        queries-run: 
+          js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
         queries-not-run: foo,bar
 
     - name: Check results
       env:
       # Running on Windows requires CodeQL CLI 2.9.0+.
-        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' &&
+        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220401' &&
           runner.os == 'Windows') }}
       shell: bash
       run: |

.github/workflows/__multi-language-autodetect.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Multi-language repository
@@ -25,18 +25,22 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -50,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Multi-language repository
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -57,21 +64,26 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       id: init
       with:
         db-location: ${{ runner.temp }}/customDbLocation
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
       with:
         codeql-path: ${{ steps.init.outputs.codeql-path }}
 
@@ -84,7 +96,7 @@ jobs:
       with:
         upload-database: false
 
-    - name: Check language autodetect for all languages excluding Ruby, Swift
+    - name: Check language autodetect for all languages excluding Swift
       shell: bash
       run: |
         CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
@@ -117,12 +129,6 @@ jobs:
           echo "Did not create a database for Python, or created it in the wrong location."
           exit 1
         fi
-
-    - name: Check language autodetect for Ruby
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
-      shell: bash
-      run: |
         RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
         if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
           echo "Did not create a database for Ruby, or created it in the wrong location."
@@ -130,8 +136,9 @@ jobs:
         fi
 
     - name: Check language autodetect for Swift
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
+      if: >-
-        == 'nightly-latest')
+        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || 
+            (runner.os != 'Windows' && matrix.version == 'nightly-latest')
       shell: bash
       run: |
         SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -140,5 +147,4 @@ jobs:
           exit 1
         fi
     env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input passed to the CLI'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config and input passed to the CLI'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -51,13 +54,23 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -69,10 +82,11 @@ jobs:
         upload-database: false
 
     - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-run: 
+          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
         queries-not-run: foo,bar
 
     - name: Assert Results

.github/workflows/__packaging-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config and input'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -51,13 +54,23 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -69,10 +82,11 @@ jobs:
         upload-database: false
 
     - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-run: 
+          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
         queries-not-run: foo,bar
 
     - name: Assert Results

.github/workflows/__packaging-config-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config file'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config file'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -51,9 +54,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging.yml
@@ -68,10 +81,11 @@ jobs:
         upload-database: false
 
     - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-run: 
+          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
         queries-not-run: foo,bar
 
     - name: Assert Results

.github/workflows/__packaging-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Action input'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Action input'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -51,14 +54,24 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging2.yml
         languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
       shell: bash
@@ -68,10 +81,11 @@ jobs:
         output: ${{ runner.temp }}/results
 
     - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-run: 
+          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
         queries-not-run: foo,bar
 
     - name: Assert Results

.github/workflows/__remote-config.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Remote config file
@@ -25,24 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
         - os: windows-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -62,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Remote config file
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -69,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__rubocop-multi-language.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - RuboCop multi-language
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: cached
     name: RuboCop multi-language
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,9 +38,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

.github/workflows/__ruby.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Ruby analysis
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Ruby analysis
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,9 +48,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: ruby

.github/workflows/__split-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Split workflow
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Split workflow
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,13 +48,23 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code

.github/workflows/__submit-sarif-failure.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Submit SARIF after failure
@@ -32,6 +32,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Submit SARIF after failure
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -39,9 +42,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: actions/checkout@v3
     - uses: ./init
       with:

.github/workflows/__swift-custom-build.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Swift analysis using a custom build command
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Swift analysis using a custom build command
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,15 +48,25 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       id: init
       with:
         languages: swift
         tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
       with:
         codeql-path: ${{steps.init.outputs.codeql-path}}
     - name: Check working directory
@@ -75,6 +88,5 @@ jobs:
           exit 1
         fi
     env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__test-autobuild-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Autobuild working directory
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Autobuild working directory
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,9 +38,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup
       shell: bash
       run: |

.github/workflows/__test-local-codeql.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Local CodeQL bundle
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Local CodeQL bundle
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,18 +38,32 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Fetch a CodeQL bundle
       shell: bash
       env:
         CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
       run: |
         wget "$CODEQL_URL"
-    - uses: ./../action/init
+    - id: init
+      uses: ./../action/init
       with:
         tools: ./codeql-bundle.tar.gz
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__test-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Proxy test
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Proxy test
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,9 +38,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         languages: javascript

.github/workflows/__unset-environment.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Test unsetting environment variables
@@ -25,12 +25,14 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: ubuntu-latest
@@ -38,6 +40,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Test unsetting environment variables
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -45,18 +50,27 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
+      id: init
       with:
         db-location: ${{ runner.temp }}/customDbLocation
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
     - name: Build code
       shell: bash
     # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a

.github/workflows/__upload-ref-sha-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
@@ -25,24 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
         - os: windows-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -62,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: "Upload-sarif: 'ref' and 'sha' from inputs"
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -69,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
       with:
         tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__with-checkout-path.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Use a custom `checkout_path`
@@ -25,24 +25,30 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
         - os: ubuntu-latest
           version: stable-20220401
         - os: macos-latest
           version: stable-20220401
         - os: windows-latest
           version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
         - os: ubuntu-latest
           version: cached
         - os: macos-latest
@@ -62,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Use a custom `checkout_path`
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -69,14 +78,19 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
-    - name: Set up Go
+    - name: Set environment variable for Swift enablement
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
+      if: >-
-      uses: actions/setup-go@v4
+        runner.os != 'Windows' && (
-      with:
+            matrix.version == '20220908' ||
-        go-version: ^1.13.1
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: actions/checkout@v3
       with:
         ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6

.github/workflows/codescanning-config-cli.yml

@@ -47,12 +47,12 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
 
     - name: Empty file
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: "{}"
         languages: javascript
@@ -60,31 +60,31 @@ jobs:
 
     - name: Packs from input
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
           }
         languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
     - name: Packs from input with +
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
           }
         languages: javascript
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
     - name: Queries from input
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
@@ -96,7 +96,7 @@ jobs:
 
     - name: Queries from input with +
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
@@ -108,27 +108,27 @@ jobs:
 
     - name: Queries and packs from input with +
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
             "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
           }
         languages: javascript
         queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
     - name: Queries and packs from config
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
             "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }],
             "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
             }
           }
         languages: javascript
@@ -137,7 +137,7 @@ jobs:
 
     - name: Queries and packs from config overriden by input
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
@@ -152,7 +152,7 @@ jobs:
 
     - name: Queries and packs from config merging with input
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
@@ -161,7 +161,7 @@ jobs:
               { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }
             ],
             "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2", "codeql/javascript-queries" ]
             }
           }
         languages: javascript
@@ -172,12 +172,12 @@ jobs:
 
     - name: Multi-language packs from config
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
             "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ],
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ],
               "ruby": ["codeql/ruby-queries"]
             },
             "queries": [
@@ -190,7 +190,7 @@ jobs:
 
     - name: Other config properties
       if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: |
           {
@@ -209,7 +209,7 @@ jobs:
       if: success() || failure()
       env:
         CODEQL_PASS_CONFIG_TO_CLI: false
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: ""
         languages: javascript

.github/workflows/debug-artifacts-failure.yml

@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@v3
       - name: Prepare test
         id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
         with:
           version: latest
       - uses: actions/setup-go@v4

.github/workflows/debug-artifacts.yml

@@ -21,31 +21,17 @@ jobs:
   upload-artifacts:
     strategy:
       matrix:
-        include:
+        os:
-        - os: ubuntu-20.04
+        - ubuntu-latest
-          version: stable-20211005
+        - macos-latest
-        - os: macos-latest
+        version:
-          version: stable-20211005
+        - stable-20220401
-        - os: ubuntu-20.04
+        - stable-20220615
-          version: stable-20220120
+        - stable-20220908
-        - os: macos-latest
+        - stable-20221211
-          version: stable-20220120
+        - cached
-        - os: ubuntu-latest
+        - latest
-          version: stable-20220401
+        - nightly-latest
-        - os: macos-latest
-          version: stable-20220401
-        - os: ubuntu-latest
-          version: cached
-        - os: macos-latest
-          version: cached
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
     name: Upload debug artifacts
     env:
       CODEQL_ACTION_TEST_MODE: true
@@ -56,18 +42,23 @@ jobs:
         uses: actions/checkout@v3
       - name: Prepare test
         id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
         with:
           version: ${{ matrix.version }}
       - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
       - uses: ./../action/init
+        id: init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
           debug: true
           debug-artifact-name: my-debug-artifacts
           debug-database-name: my-db
+      - uses: ./../action/.github/actions/setup-swift
+        if: matrix.version == 'nightly-latest'
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
       - name: Build code
         shell: bash
         run: ./build.sh
@@ -84,17 +75,10 @@ jobs:
       - name: Check expected artifacts exist
         shell: bash
         run: |
-          VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest"
+          VERSIONS="stable-20220401 stable-20220615 stable-20220908 stable-20221211 cached latest nightly-latest"
           LANGUAGES="cpp csharp go java javascript python"
           for version in $VERSIONS; do
-            if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then
+            for os in ubuntu-latest macos-latest; do
-              # Note the absence of the period in "ubuntu-2004": this is present in the image name
-              # but not the artifact name
-              OPERATING_SYSTEMS="ubuntu-2004 macos-latest"
-            else
-              OPERATING_SYSTEMS="ubuntu-latest macos-latest"
-            fi
-            for os in $OPERATING_SYSTEMS; do
               pushd "./my-debug-artifacts-$os-$version"
               echo "Artifacts from version $version on $os:"
               for language in $LANGUAGES; do

.github/workflows/expected-queries-runs.yml

@@ -25,7 +25,7 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: latest
     - uses: ./../action/init
@@ -39,7 +39,7 @@ jobs:
         upload: never
 
     - name: Check Sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
       with:
         sarif-file: ${{ runner.temp }}/results/javascript.sarif
         queries-run: js/incomplete-hostname-regexp,js/path-injection

.github/workflows/post-release-mergeback.yml

@@ -40,7 +40,7 @@ jobs:
 
       - name: Update git config
         run: |
-          git config --global user.email "github-actions@github.com"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
 
       - name: Get version and new branch

.github/workflows/query-filters.yml

@@ -23,12 +23,12 @@ jobs:
       uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
       with:
         version: latest
 
     - name: Check SARIF for default queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
       with:
         sarif-file:  ${{ runner.temp }}/results/javascript.sarif
         queries-run: js/zipslip
@@ -37,7 +37,7 @@ jobs:
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
     - name: Check SARIF for query packs with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
       with:
         sarif-file:  ${{ runner.temp }}/results/javascript.sarif
         queries-run: js/zipslip,javascript/example/empty-or-one-block
@@ -46,7 +46,7 @@ jobs:
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
     - name: Check SARIF for query packs and local queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
       with:
         sarif-file:  ${{ runner.temp }}/results/javascript.sarif
         queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs

.github/workflows/update-bundle.yml

@@ -0,0 +1,91 @@
+name: Update default CodeQL bundle
+
+on:
+  release:
+    # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+    # Note: The prereleased type will not trigger for pre-releases published
+    # from draft releases, but the published type will trigger. If you want a
+    # workflow to run when stable and pre-releases publish, subscribe to
+    # published instead of released and prereleased.
+    #
+    # From https://github.com/orgs/community/discussions/26281
+    # As a work around, in published type workflow,  you could add if condition
+    # to filter pre-release attribute.
+    types: [published]
+
+jobs:
+  update-bundle:
+    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dump environment
+        run: env
+
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github) }}'
+        run: echo "$GITHUB_CONTEXT"
+
+      - uses: actions/checkout@v3
+
+      - name: Update git config
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update bundle
+        uses: ./.github/actions/update-bundle
+
+      - name: Rebuild Action
+        run: npm run build
+
+      - name: Commit and push changes
+        env:
+          RELEASE_TAG: "${{ github.event.release.tag_name }}"
+        run: |
+          git checkout -b "update-bundle/$RELEASE_TAG"
+          git commit -am "Update default bundle to $RELEASE_TAG"
+          git push --set-upstream origin "update-bundle/$RELEASE_TAG"
+
+      - name: Open pull request
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+          pr_url=$(gh pr create \
+            --title "Update default bundle to $cli_version" \
+            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
+            --assignee "$GITHUB_ACTOR" \
+            --draft \
+          )
+          echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
+          echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
+
+      - name: Create changelog note
+        shell: python
+        run: |
+          import os
+          import re
+
+          # Get the PR number from the PR URL.
+          pr_number = os.environ['PR_URL'].split('/')[-1]
+          changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
+
+          # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
+          # Use perl to avoid having to escape the newline character.
+
+          with open('CHANGELOG.md', 'r') as f:
+              changelog = f.read()
+
+          changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
+
+          # Add the changelog note to the bottom of the "[UNRELEASED]" section.
+          changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
+
+          with open('CHANGELOG.md', 'w') as f:
+              f.write(changelog)
+
+      - name: Push changelog note
+        run: |
+          git commit -am "Add changelog note"
+          git push

.github/workflows/update-dependencies.yml

@@ -29,7 +29,7 @@ jobs:
         git checkout "origin/$BRANCH"
         .github/workflows/script/update-node-modules.sh update
         if [ ! -z "$(git status --porcelain)" ]; then
-          git config --global user.email "github-actions@github.com"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
           git add node_modules
           git commit -am "Update checked-in dependencies"

.github/workflows/update-release-branch.yml

@@ -35,7 +35,7 @@ jobs:
 
     - name: Update git config
       run: |
-        git config --global user.email "github-actions@github.com"
+        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
         git config --global user.name "github-actions[bot]"
 
     - name: Update release branch

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -36,7 +36,7 @@ jobs:
         env:
           ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
       - name: Commit Changes
-        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
+        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
         with:
           commit-message: Update supported GitHub Enterprise Server versions.
           title: Update supported GitHub Enterprise Server versions.

CHANGELOG.md

@@ -1,9 +1,51 @@
 # CodeQL Action Changelog
 
-## [UNRELEASED]
+## 2.3.5 - 25 May 2023
+
+- Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
+- Gracefully handle invalid URIs when fingerprinting. [#1694](https://github.com/github/codeql-action/pull/1694)
+
+## 2.3.4 - 24 May 2023
+
+- Updated the SARIF 2.1.0 JSON schema file to the latest from [oasis-tcs/sarif-spec](https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json). [#1668](https://github.com/github/codeql-action/pull/1668)
+- We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. [#1676](https://github.com/github/codeql-action/pull/1676)
+- We are improving the way that [CodeQL bundles](https://github.com/github/codeql-action/releases) are tagged to make it possible to easily identify bundles by their CodeQL semantic version. [#1682](https://github.com/github/codeql-action/pull/1682)
+  - As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example `codeql-bundle-v2.13.4`, instead of timestamps, like `codeql-bundle-20230615`.
+  - This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.
+  - Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a `codeql-bundle-yyyymmdd` pattern, you should update it to also recognize `codeql-bundle-vx.y.z` tags.
+- Remove the requirement for `on.push` and `on.pull_request` to trigger on the same branches. [#1675](https://github.com/github/codeql-action/pull/1675)
+
+## 2.3.3 - 04 May 2023
+
+- Update default CodeQL bundle version to 2.13.1. [#1664](https://github.com/github/codeql-action/pull/1664)
+- You can now configure CodeQL within your code scanning workflow by passing a `config` input to the `init` Action. See [Using a custom configuration file](https://aka.ms/code-scanning-docs/config-file) for more information about configuring code scanning. [#1590](https://github.com/github/codeql-action/pull/1590)
+
+## 2.3.2 - 27 Apr 2023
 
 No user facing changes.
 
+## 2.3.1 - 26 Apr 2023
+
+No user facing changes.
+
+## 2.3.0 - 21 Apr 2023
+
+- Update default CodeQL bundle version to 2.13.0. [#1649](https://github.com/github/codeql-action/pull/1649)
+- Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
+
+## 2.2.12 - 13 Apr 2023
+
+- Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
+- Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)
+
+## 2.2.11 - 06 Apr 2023
+
+No user facing changes.
+
+## 2.2.10 - 05 Apr 2023
+
+- Update default CodeQL bundle version to 2.12.6. [#1629](https://github.com/github/codeql-action/pull/1629)
+
 ## 2.2.9 - 27 Mar 2023
 
 - Customers post-processing the SARIF output of the `analyze` Action before uploading it to Code Scanning will benefit from an improved debugging experience. [#1598](https://github.com/github/codeql-action/pull/1598)

CONTRIBUTING.md

@@ -12,7 +12,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 
 ## Development and Testing
 
-Before you start, ensure that you have a recent version of node (14 or higher) installed, along with a recent version of npm (7 or higher). You can see which version of node is used by the action in `init/action.yml`.
+Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`.
 
 ### Common tasks
 

README.md

@@ -135,7 +135,42 @@ By default, this will override any queries specified in a config file. If you wi
     queries: +<local-or-remote-query>,<another-query>
 ```
 
+### Configuration via `config` input
+
+You can alternatively configure CodeQL using the `config` input to the `init` Action. The value of this input must be a YAML string that follows the configuration file format documented at "[Using a custom configuration file](https://aka.ms/code-scanning-docs/config-file)."
+
+#### Example configuration
+
+```yaml
+- uses: github/codeql-action/init@v2
+  with:
+    languages: ${{ matrix.language }}
+    config: |
+      disable-default-queries: true
+      queries:
+        - uses: security-extended
+        - uses: security-and-quality
+      query-filters:
+        - include:
+      tags: /cwe-020/
+```
+
+
+#### Sharing configuration across multiple repositories
+
+You can use Actions or environment variables to share configuration across multiple repositories and to modify configuration without needing to edit the workflow file.  In the following example, `vars.CODEQL_CONF` is an [Actions configuration variable](https://docs.github.com/en/actions/learn-github-actions/variables#defining-configuration-variables-for-multiple-workflows):
+
+```yaml
+- uses: github/codeql-action/init@v2
+  with:
+    languages: ${{ matrix.language }}
+    config: ${{ vars.CODEQL_CONF }}
+```
+
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).
 
+## Contributing
+
+This project welcomes contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to build, install, and contribute.

init/action.yml

@@ -44,6 +44,9 @@ inputs:
   db-location:
     description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
     required: false
+  config:    
+    description: Configuration passed as a YAML string in the same format as the config-file input. This takes precedence over the config-file input.
+    required: false
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false

lib/actions-util.js

@@ -163,7 +163,7 @@ async function getAnalysisKey() {
     if (analysisKey !== undefined) {
         return analysisKey;
     }
-    const workflowPath = await (0, workflow_1.getWorkflowPath)();
+    const workflowPath = await (0, workflow_1.getWorkflowRelativePath)();
     const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
     analysisKey = `${workflowPath}:${jobName}`;
     core.exportVariable(analysisKeyEnvVar, analysisKey);
@@ -290,11 +290,8 @@ exports.getActionVersion = getActionVersion;
 async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
     const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
     const ref = await getRef();
-    const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
+    const workflowRunID = (0, workflow_1.getWorkflowRunID)();
-    let workflowRunID = -1;
+    const workflowRunAttempt = (0, workflow_1.getWorkflowRunAttempt)();
-    if (workflowRunIDStr) {
-        workflowRunID = parseInt(workflowRunIDStr, 10);
-    }
     const workflowName = process.env["GITHUB_WORKFLOW"] || "";
     const jobName = process.env["GITHUB_JOB"] || "";
     const analysis_key = await getAnalysisKey();
@@ -314,6 +311,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
     }
     const statusReport = {
         workflow_run_id: workflowRunID,
+        workflow_run_attempt: workflowRunAttempt,
         workflow_name: workflowName,
         job_name: jobName,
         analysis_key,

lib/analyze-action-post.js

@@ -31,13 +31,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const util_1 = require("./util");
 async function runWrapper() {
     try {
         await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
     }
     catch (error) {
-        core.setFailed(`analyze post-action step failed: ${error}`);
+        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
-        console.log(error);
     }
 }
 void runWrapper();

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AAEpD,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -155,7 +155,6 @@ async function run() {
         if (hasBadExpectErrorInput()) {
             throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
-        await (0, codeql_1.enrichEnvironment)(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
@@ -164,7 +163,7 @@ async function run() {
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         await runAutobuildIfLegacyGoWorkflow(config, logger);
-        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger);
+        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, features);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
             runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
         }
@@ -205,8 +204,8 @@ async function run() {
         }
         core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
     }
-    catch (origError) {
+    catch (unwrappedError) {
-        const error = origError instanceof Error ? origError : new Error(String(origError));
+        const error = (0, util_1.wrapError)(unwrappedError);
         if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
             hasBadExpectErrorInput()) {
             core.setFailed(error.message);
@@ -239,7 +238,7 @@ async function runWrapper() {
         await exports.runPromise;
     }
     catch (error) {
-        core.setFailed(`analyze action failed: ${error}`);
+        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
     }
     await (0, util_1.checkForTimeout)();
 }

lib/analyze.js

@@ -36,8 +36,8 @@ const yaml = __importStar(require("js-yaml"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
-const sharedEnv = __importStar(require("./shared-environment"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 class CodeQLAnalysisError extends Error {
@@ -48,12 +48,17 @@ class CodeQLAnalysisError extends Error {
     }
 }
 exports.CodeQLAnalysisError = CodeQLAnalysisError;
-async function setupPythonExtractor(logger) {
+async function setupPythonExtractor(logger, features, codeql) {
     const codeqlPython = process.env["CODEQL_PYTHON"];
     if (codeqlPython === undefined || codeqlPython.length === 0) {
         // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
         return;
     }
+    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+        logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
+            "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
+        return;
+    }
     const scriptsFolder = path.resolve(__dirname, "../python-setup");
     let output = "";
     const options = {
@@ -71,7 +76,7 @@ async function setupPythonExtractor(logger) {
     logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
     process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
 }
-async function createdDBForScannedLanguages(codeql, config, logger) {
+async function createdDBForScannedLanguages(codeql, config, logger, features) {
     // Insert the LGTM_INDEX_X env vars at this point so they are set when
     // we extract any scanned languages.
     analysisPaths.includeAndExcludeAnalysisPaths(config);
@@ -80,7 +85,7 @@ async function createdDBForScannedLanguages(codeql, config, logger) {
             !dbIsFinalized(config, language, logger)) {
             logger.startGroup(`Extracting ${language}`);
             if (language === languages_1.Language.python) {
-                await setupPythonExtractor(logger);
+                await setupPythonExtractor(logger, features, codeql);
             }
             await codeql.extractScannedLanguage(config, language);
             logger.endGroup();
@@ -100,10 +105,10 @@ function dbIsFinalized(config, language, logger) {
     }
 }
 exports.dbIsFinalized = dbIsFinalized;
-async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger) {
+async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     const extractionStart = perf_hooks_1.performance.now();
-    await createdDBForScannedLanguages(codeql, config, logger);
+    await createdDBForScannedLanguages(codeql, config, logger, features);
     const extractionTime = perf_hooks_1.performance.now() - extractionStart;
     const trapImportStart = perf_hooks_1.performance.now();
     for (const language of config.languages) {
@@ -272,7 +277,7 @@ function createQuerySuiteContents(queries, queryFilters) {
     return yaml.dump(queries.map((q) => ({ query: q })).concat(queryFilters));
 }
 exports.createQuerySuiteContents = createQuerySuiteContents;
-async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
+async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, features) {
     try {
         await (0, del_1.default)(outputDir, { force: true });
     }
@@ -282,21 +287,14 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
         }
     }
     await fs.promises.mkdir(outputDir, { recursive: true });
-    const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger);
+    const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features);
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     // WARNING: This does not _really_ end tracing, as the tracer will restore its
     // critical environment variables and it'll still be active for all processes
     // launched from this build step.
     // However, it will stop tracing for all steps past the codeql-action/analyze
     // step.
-    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
     // Delete variables as specified by the end-tracing script
     await (0, tracer_config_1.endTracingForCluster)(config);
-    }
-    else {
-        // Delete the tracer config env var to avoid tracing ourselves
-        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-    }
     return timings;
 }
 exports.runFinalize = runFinalize;

lib/autobuild-action.js

@@ -74,10 +74,10 @@ async function run() {
             }
         }
     }
-    catch (error) {
+    catch (unwrappedError) {
-        core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps.  ${error instanceof Error ? error.message : String(error)}`);
+        const error = (0, util_1.wrapError)(unwrappedError);
-        console.log(error);
+        core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. ${error.message}`);
-        await sendCompletedStatusReport(startedAt, languages ?? [], currentLanguage, error instanceof Error ? error : new Error(String(error)));
+        await sendCompletedStatusReport(startedAt, languages ?? [], currentLanguage, error);
         return;
     }
     await sendCompletedStatusReport(startedAt, languages ?? []);
@@ -87,8 +87,7 @@ async function runWrapper() {
         await run();
     }
     catch (error) {
-        core.setFailed(`autobuild action failed. ${error}`);
+        core.setFailed(`autobuild action failed. ${(0, util_1.wrapError)(error).message}`);
-        console.log(error);
     }
 }
 void runWrapper();

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAA0E;AAS1E,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAIgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KACxE;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -23,10 +23,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
@@ -35,10 +34,10 @@ const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
-const shared_environment_1 = require("./shared-environment");
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 class CommandInvocationError extends Error {
     constructor(cmd, args, exitCode, error, output) {
         super(`Failure invoking ${cmd} with arguments ${args}.\n
@@ -61,32 +60,16 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.6.3";
+const CODEQL_MINIMUM_VERSION = "2.8.5";
 /**
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
  * flag is older than the oldest supported version above, it may be removed.
  */
-const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
 const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";
 exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
 const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
-/**
- * This variable controls using the new style of tracing from the CodeQL
- * CLI. In particular, with versions above this we will use both indirect
- * tracing, and multi-language tracing together with database clusters.
- *
- * Note that there were bugs in both of these features that were fixed in
- * release 2.7.0 of the CodeQL CLI, therefore this flag is only enabled for
- * versions above that.
- */
-exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
-/**
- * Versions 2.7.3+ of the CodeQL CLI support build tracing with glibc 2.34 on Linux. Versions before
- * this cannot perform build tracing when running on the Actions `ubuntu-22.04` runner image.
- */
-exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = "2.7.3";
 /**
  * Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
  * resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
@@ -138,8 +121,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
         };
     }
     catch (e) {
-        logger.error(e instanceof Error ? e : new Error(String(e)));
+        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
-        throw new Error("Unable to download and extract CodeQL CLI");
     }
 }
 exports.setupCodeQL = setupCodeQL;
@@ -176,8 +158,6 @@ function setCodeQL(partialCodeql) {
         getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
         getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve("1.0.0"))),
         printVersion: resolveFunction(partialCodeql, "printVersion"),
-        getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
-        databaseInit: resolveFunction(partialCodeql, "databaseInit"),
         databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
         runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
         extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
@@ -193,6 +173,7 @@ function setCodeQL(partialCodeql) {
         databasePrintBaseline: resolveFunction(partialCodeql, "databasePrintBaseline"),
         databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
+        resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
     };
     return cachedCodeQL;
 }
@@ -244,73 +225,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async printVersion() {
             await runTool(cmd, ["version", "--format=json"]);
         },
-        async getTracerEnv(databasePath) {
-            // Write tracer-env.js to a temp location.
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const tracerEnvJs = path.resolve(databasePath, "working", "tracer-env.js");
-            fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
-            fs.writeFileSync(tracerEnvJs, `
-        const fs = require('fs');
-        const env = {};
-        for (let entry of Object.entries(process.env)) {
-          const key = entry[0];
-          const value = entry[1];
-          if (typeof value !== 'undefined' && key !== '_' && !key.startsWith('JAVA_MAIN_CLASS_')) {
-            env[key] = value;
-          }
-        }
-        process.stdout.write(process.argv[2]);
-        fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`);
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const envFile = path.resolve(databasePath, "working", "env.tmp");
-            try {
-                await runTool(cmd, [
-                    "database",
-                    "trace-command",
-                    databasePath,
-                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                    process.execPath,
-                    tracerEnvJs,
-                    envFile,
-                ]);
-            }
-            catch (e) {
-                if (e instanceof CommandInvocationError &&
-                    e.output.includes("undefined symbol: __libc_dlopen_mode, version GLIBC_PRIVATE") &&
-                    process.platform === "linux" &&
-                    !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_TRACING_GLIBC_2_34))) {
-                    throw new util.UserError("The CodeQL CLI is incompatible with the version of glibc on your system. " +
-                        `Please upgrade to CodeQL CLI version ${exports.CODEQL_VERSION_TRACING_GLIBC_2_34} or ` +
-                        "later. If you cannot upgrade to a newer version of the CodeQL CLI, you can " +
-                        `alternatively run your workflow on another runner image such as "ubuntu-20.04" ` +
-                        "that has glibc 2.33 or earlier installed.");
-                }
-                else {
-                    throw e;
-                }
-            }
-            return JSON.parse(fs.readFileSync(envFile, "utf-8"));
-        },
-        async databaseInit(databasePath, language, sourceRoot) {
-            await runTool(cmd, [
-                "database",
-                "init",
-                databasePath,
-                `--language=${language}`,
-                `--source-root=${sourceRoot}`,
-                ...getExtraOptionsFromEnv(["database", "init"]),
-            ]);
-        },
         async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
             const extraArgs = config.languages.map((language) => `--language=${language}`);
             if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
@@ -355,10 +269,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ], { stdin: externalRepositoryToken });
         },
         async runAutobuild(language) {
-            const cmdName = process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh";
+            const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
-            // The autobuilder for Swift is located in the experimental/ directory.
-            const possibleExperimentalDir = language === languages_1.Language.swift ? "experimental" : "";
-            const autobuildCmd = path.join(path.dirname(cmd), possibleExperimentalDir, language, "tools", cmdName);
             // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
             // This is because of an issue with Azure pipelines timing out connections after 4 minutes
             // and Maven not properly handling closed connections
@@ -387,31 +298,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         },
         async extractScannedLanguage(config, language) {
             const databasePath = util.getCodeQLDatabasePath(config, language);
-            // Get extractor location
-            //
-            // Request it using `format=json` so we don't need to strip the trailing new line generated by
-            // the CLI.
-            let extractorPath = "";
-            await new toolrunner.ToolRunner(cmd, [
-                "resolve",
-                "extractor",
-                "--format=json",
-                `--language=${language}`,
-                ...getExtraOptionsFromEnv(["resolve", "extractor"]),
-            ], {
-                silent: true,
-                listeners: {
-                    stdout: (data) => {
-                        extractorPath += data.toString();
-                    },
-                    stderr: (data) => {
-                        process.stderr.write(data);
-                    },
-                },
-            }).exec();
             // Set trace command
             const ext = process.platform === "win32" ? ".cmd" : ".sh";
-            const traceCommand = path.resolve(JSON.parse(extractorPath), "tools", `autobuild${ext}`);
+            const traceCommand = path.resolve(await this.resolveExtractor(language), "tools", `autobuild${ext}`);
             // Run trace command
             await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, [
                 "database",
@@ -509,7 +398,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
             const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
-            const codeqlOutputFile = shouldExportDiagnostics
+            // Update this to take into account the CodeQL version when we have a version with the fix.
+            const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics;
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
                 ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
                 : sarifFile;
             const codeqlArgs = [
@@ -522,12 +413,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 addSnippetsFlag,
                 "--print-diagnostics-summary",
                 "--print-metrics-summary",
+                "--sarif-add-query-help",
                 "--sarif-group-rules-by-pack",
                 ...(await getCodeScanningConfigExportArguments(config, this, features)),
                 ...getExtraOptionsFromEnv(["database", "interpret-results"]),
             ];
-            if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
-                codeqlArgs.push("--sarif-add-query-help");
             if (automationDetailsId !== undefined) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
@@ -546,7 +436,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }
             // capture stdout, which contains analysis summaries
             const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
-            if (shouldExportDiagnostics) {
+            if (shouldWorkaroundInvalidNotifications) {
                 util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
             }
             return returnState.stdout;
@@ -626,14 +516,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
         async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
-            const intermediateSarifFile = path.join(tempDir, "codeql-intermediate-results.sarif");
+            // Update this to take into account the CodeQL version when we have a version with the fix.
+            const shouldWorkaroundInvalidNotifications = true;
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
+                ? path.join(tempDir, "codeql-intermediate-results.sarif")
+                : sarifFile;
             const args = [
                 "database",
                 "export-diagnostics",
                 `${databasePath}`,
                 "--db-cluster",
                 "--format=sarif-latest",
-                `--output=${intermediateSarifFile}`,
+                `--output=${codeqlOutputFile}`,
                 "--sarif-include-diagnostics",
                 "-vvv",
                 ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -642,8 +536,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 args.push("--sarif-category", automationDetailsId);
             }
             await new toolrunner.ToolRunner(cmd, args).exec();
+            if (shouldWorkaroundInvalidNotifications) {
                 // Fix invalid notifications in the SARIF file output by CodeQL.
-            util.fixInvalidNotificationsInFile(intermediateSarifFile, sarifFile, logger);
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+            }
         },
         async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
             const args = [
@@ -659,6 +555,29 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
+        async resolveExtractor(language) {
+            // Request it using `format=json` so we don't need to strip the trailing new line generated by
+            // the CLI.
+            let extractorPath = "";
+            await new toolrunner.ToolRunner(cmd, [
+                "resolve",
+                "extractor",
+                "--format=json",
+                `--language=${language}`,
+                ...getExtraOptionsFromEnv(["resolve", "extractor"]),
+            ], {
+                silent: true,
+                listeners: {
+                    stdout: (data) => {
+                        extractorPath += data.toString();
+                    },
+                    stderr: (data) => {
+                        process.stderr.write(data);
+                    },
+                },
+            }).exec();
+            return JSON.parse(extractorPath);
+        },
     };
     // To ensure that status reports include the CodeQL CLI version wherever
     // possible, we want to call getVersion(), which populates the version value
@@ -844,19 +763,4 @@ async function getCodeScanningConfigExportArguments(config, codeql, features) {
     }
     return [];
 }
-/**
- * Enrich the environment variables with further flags that we cannot
- * know the value of until we know what version of CodeQL we're running.
- */
-async function enrichEnvironment(codeql) {
-    if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_NEW_TRACING)) {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "false");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "false");
-    }
-    else {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "true");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "true");
-    }
-}
-exports.enrichEnvironment = enrichEnvironment;
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -49,20 +49,11 @@ const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-const sampleApiDetails = {
-    auth: "token",
-    url: "https://github.com",
-    apiURL: "https://api.github.com",
-};
 const sampleGHAEApiDetails = {
     auth: "token",
     url: "https://example.githubenterprise.com",
     apiURL: "https://example.githubenterprise.com/api/v3",
 };
-const SAMPLE_DEFAULT_CLI_VERSION = {
-    cliVersion: "2.0.0",
-    variant: util.GitHubVariant.DOTCOM,
-};
 let stubConfig;
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)("1.2.3");
@@ -91,34 +82,13 @@ ava_1.default.beforeEach(() => {
         trapCacheDownloadTime: 0,
     };
 });
-/**
+async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, cliVersion, isPinned, tagName, tmpDir, }) {
- * Mocks the API for downloading the bundle tagged `tagName`.
+    const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
- *
- * @returns the download URL for the bundle. This can be passed to the tools parameter of
- * `codeql.setupCodeQL`.
- */
-function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, repo = "github/codeql-action", platformSpecific = true, tagName, }) {
-    const platform = process.platform === "win32"
-        ? "win64"
-        : process.platform === "linux"
-            ? "linux64"
-            : "osx64";
-    const baseUrl = apiDetails?.url ?? "https://example.com";
-    const relativeUrl = apiDetails
-        ? `/${repo}/releases/download/${tagName}/codeql-bundle${platformSpecific ? `-${platform}` : ""}.tar.gz`
-        : `/download/${tagName}/codeql-bundle.tar.gz`;
-    (0, nock_1.default)(baseUrl)
-        .get(relativeUrl)
-        .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
-    return `${baseUrl}${relativeUrl}`;
-}
-async function installIntoToolcache({ apiDetails = sampleApiDetails, cliVersion, isPinned, tagName, tmpDir, }) {
-    const url = mockDownloadApi({ apiDetails, isPinned, tagName });
     await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, cliVersion !== undefined
         ? { cliVersion, tagName, variant: util.GitHubVariant.GHES }
-        : SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
 }
-function mockReleaseApi({ apiDetails = sampleApiDetails, assetNames, tagName, }) {
+function mockReleaseApi({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, assetNames, tagName, }) {
     return (0, nock_1.default)(apiDetails.apiURL)
         .get(`/repos/github/codeql-action/releases/tags/${tagName}`)
         .reply(200, {
@@ -149,11 +119,11 @@ function mockApiDetails(apiDetails) {
         const versions = ["20200601", "20200610"];
         for (let i = 0; i < versions.length; i++) {
             const version = versions[i];
-            const url = mockDownloadApi({
+            const url = (0, testing_utils_1.mockBundleDownloadApi)({
                 tagName: `codeql-bundle-${version}`,
                 isPinned: false,
             });
-            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
             t.is(result.toolsVersion, `0.0.0-${version}`);
             t.is(result.toolsSource, init_1.ToolsSource.Download);
@@ -170,10 +140,10 @@ function mockApiDetails(apiDetails) {
             isPinned: true,
             tmpDir,
         });
-        const url = mockDownloadApi({
+        const url = (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: "codeql-bundle-20200610",
         });
-        const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
         t.deepEqual(result.toolsVersion, "0.0.0-20200610");
         t.is(result.toolsSource, init_1.ToolsSource.Download);
@@ -198,16 +168,16 @@ for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUN
     (0, ava_1.default)(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
         await util.withTmpDir(async (tmpDir) => {
             (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            mockApiDetails(sampleApiDetails);
+            mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
             sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
             const releaseApiMock = mockReleaseApi({
                 assetNames: [`cli-version-${cliVersion}.txt`],
                 tagName: "codeql-bundle-20200610",
             });
-            const url = mockDownloadApi({
+            const url = (0, testing_utils_1.mockBundleDownloadApi)({
                 tagName: "codeql-bundle-20200610",
             });
-            const result = await codeql.setupCodeQL(url, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(releaseApiMock.isDone(), "Releases API should have been called");
             t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
             t.deepEqual(result.toolsVersion, cliVersion);
@@ -220,19 +190,19 @@ for (const { githubReleases, toolcacheVersion } of [
     // Test that we use the tools from the toolcache when `SAMPLE_DEFAULT_CLI_VERSION` is requested
     // and `SAMPLE_DEFAULT_CLI_VERSION-` is in the toolcache.
     {
-        toolcacheVersion: SAMPLE_DEFAULT_CLI_VERSION.cliVersion,
+        toolcacheVersion: testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion,
     },
     {
         githubReleases: {
-            "codeql-bundle-20230101": `cli-version-${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}.txt`,
+            "codeql-bundle-20230101": `cli-version-${testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion}.txt`,
         },
         toolcacheVersion: "0.0.0-20230101",
     },
     {
-        toolcacheVersion: `${SAMPLE_DEFAULT_CLI_VERSION.cliVersion}-20230101`,
+        toolcacheVersion: `${testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion}-20230101`,
     },
 ]) {
-    (0, ava_1.default)(`uses tools from toolcache when ${SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` +
+    (0, ava_1.default)(`uses tools from toolcache when ${testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` +
         `${toolcacheVersion} is installed`, async (t) => {
         await util.withTmpDir(async (tmpDir) => {
             (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -256,8 +226,8 @@ for (const { githubReleases, toolcacheVersion } of [
                     }))),
                 }));
             }
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
-            t.is(result.toolsVersion, SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
+            t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
             t.is(result.toolsSource, init_1.ToolsSource.Toolcache);
             t.is(result.toolsDownloadDurationMs, undefined);
         });
@@ -272,7 +242,7 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
                 isPinned: true,
                 tmpDir,
             });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, {
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
                 cliVersion: defaults.cliVersion,
                 tagName: defaults.bundleVersion,
                 variant,
@@ -292,10 +262,10 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
                 isPinned: false,
                 tmpDir,
             });
-            mockDownloadApi({
+            (0, testing_utils_1.mockBundleDownloadApi)({
                 tagName: defaults.bundleVersion,
             });
-            const result = await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, variant, {
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
                 cliVersion: defaults.cliVersion,
                 tagName: defaults.bundleVersion,
                 variant,
@@ -316,10 +286,10 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
             isPinned: true,
             tmpDir,
         });
-        mockDownloadApi({
+        (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: defaults.bundleVersion,
         });
-        const result = await codeql.setupCodeQL("latest", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, init_1.ToolsSource.Download);
         t.assert(Number.isInteger(result.toolsDownloadDurationMs));
@@ -375,18 +345,18 @@ for (const isBundleVersionInUrl of [true, false]) {
 (0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        mockApiDetails(sampleApiDetails);
+        mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
         sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
         const releasesApiMock = mockReleaseApi({
             assetNames: ["cli-version-2.12.2.txt"],
             tagName: "codeql-bundle-20230203",
         });
-        mockDownloadApi({
+        (0, testing_utils_1.mockBundleDownloadApi)({
-            repo: "dsp-testing/codeql-cli-nightlies",
+            repo: "codeql-testing/codeql-cli-nightlies",
             platformSpecific: false,
             tagName: "codeql-bundle-20230203",
         });
-        const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(result.toolsVersion, "0.0.0-20230203");
         t.is(result.toolsSource, init_1.ToolsSource.Download);
         t.true(Number.isInteger(result.toolsDownloadDurationMs));
@@ -418,24 +388,6 @@ for (const isBundleVersionInUrl of [true, false]) {
     t.throws(() => codeql.getExtraOptions({ foo: 87 }, ["foo"], []));
     t.throws(() => codeql.getExtraOptions({ "*": [42], foo: { "*": 87, bar: [99] } }, ["foo", "bar"], []));
 });
-(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-    t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
-});
-(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-    t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
-});
 (0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
     await util.withTmpDir(async (tempDir) => {
         const runnerConstructorStub = stubToolRunnerConstructor();

lib/config-utils.js

@@ -932,8 +932,17 @@ function dbLocationOrDefault(dbLocation, tempDir) {
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, configInput, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
     let config;
+    // if configInput is set, it takes precedence over configFile
+    if (configInput) {
+        if (configFile) {
+            logger.warning(`Both a config file and config input were provided. Ignoring config file.`);
+        }
+        configFile = path.resolve(workspacePath, "user-config-from-action.yml");
+        fs.writeFileSync(configFile, configInput);
+        logger.debug(`Using config from action input: ${configFile}`);
+    }
     // If no config file was provided create an empty one
     if (!configFile) {
         logger.debug("No configuration file was provided");

lib/config-utils.test.js

@@ -102,7 +102,7 @@ function mockListLanguages(languages) {
                 return { packs: [] };
             },
         });
-        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
         t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger));
     });
 });
@@ -128,7 +128,7 @@ function mockListLanguages(languages) {
         t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // Sanity check that getConfig returns undefined before we have called initConfig
         t.deepEqual(await configUtils.getConfig(tmpDir, logger), undefined);
-        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
+        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
         // The saved config file should now exist
         t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // And that same newly-initialised config should now be returned by getConfig
@@ -144,7 +144,7 @@ function mockListLanguages(languages) {
 (0, ava_1.default)("load input outside of workspace", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, "../input", undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, "../input", undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -157,7 +157,7 @@ function mockListLanguages(languages) {
         // no filename given, just a repo
         const configFile = "octo-org/codeql-config@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -171,7 +171,7 @@ function mockListLanguages(languages) {
         const configFile = "input";
         t.false(fs.existsSync(path.join(tmpDir, configFile)));
         try {
-            await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -247,7 +247,7 @@ function mockListLanguages(languages) {
         };
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "my-artifact", "my-db", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, undefined, false, false, "my-artifact", "my-db", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Should exactly equal the object we constructed earlier
         t.deepEqual(actualConfig, expectedConfig);
     });
@@ -286,7 +286,7 @@ function mockListLanguages(languages) {
         fs.mkdirSync(path.join(tmpDir, "foo"));
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolve queries was called correctly
         t.deepEqual(resolveQueriesArgs.length, 1);
         t.deepEqual(resolveQueriesArgs[0].queries, [
@@ -332,7 +332,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries
         // and once for `./foo` from the config file.
@@ -368,7 +368,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries and once for `./override`,
         // but won't be called for './foo' from the config file.
@@ -403,7 +403,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for `./workflow-query`,
         // but won't be called for the default one since that was disabled
@@ -432,7 +432,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly:
         // It'll be called once for the default queries,
         // and then once for each of the two queries from the workflow
@@ -474,7 +474,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries,
         // once for each of additional1 and additional2,
@@ -495,6 +495,97 @@ function queriesToResolvedQueryForm(queries) {
         t.true(config.queries["javascript"].custom[2].queries[0].endsWith(`${path.sep}foo`));
     });
 });
+(0, ava_1.default)("Queries can be specified using config input", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const configInput = `
+      name: my config
+      queries:
+        - uses: ./foo
+      packs:
+        javascript:
+          - a/b@1.2.3
+        python:
+          - c/d@1.2.3
+    `;
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        const resolveQueriesArgs = [];
+        const codeQL = (0, codeql_1.setCodeQL)({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+            async packDownload() {
+                return { packs: [] };
+            },
+        });
+        // Only JS, python packs will be ignored
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, configInput, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries
+        // and once for `./foo` from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}foo`));
+        t.deepEqual(config.packs, {
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
+        });
+        // Now check that the end result contains the default queries and the query from config
+        t.deepEqual(config.queries["javascript"].builtin.length, 1);
+        t.deepEqual(config.queries["javascript"].custom.length, 1);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}foo`));
+    });
+});
+(0, ava_1.default)("Using config input and file together, config input should be used.", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        process.env["GITHUB_WORKSPACE"] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo_file`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        const configInput = `
+      name: my config
+      queries:
+        - uses: ./foo
+      packs:
+        javascript:
+          - a/b@1.2.3
+        python:
+          - c/d@1.2.3
+    `;
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        const resolveQueriesArgs = [];
+        const codeQL = (0, codeql_1.setCodeQL)({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+            async packDownload() {
+                return { packs: [] };
+            },
+        });
+        // Only JS, python packs will be ignored
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFilePath, configInput, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries
+        // and once for `./foo` from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}foo`));
+        t.deepEqual(config.packs, {
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
+        });
+        // Now check that the end result contains the default queries and the query from config
+        t.deepEqual(config.queries["javascript"].builtin.length, 1);
+        t.deepEqual(config.queries["javascript"].custom.length, 1);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}foo`));
+    });
+});
 (0, ava_1.default)("Invalid queries in workflow file handled correctly", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         const queries = "foo/bar@v1@v3";
@@ -516,7 +607,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         try {
-            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             t.fail("initConfig did not throw error");
         }
         catch (err) {
@@ -562,7 +653,7 @@ function queriesToResolvedQueryForm(queries) {
         fs.mkdirSync(path.join(tmpDir, "foo/bar/dev"), { recursive: true });
         const configFile = "octo-org/codeql-config/config.yaml@main";
         const languages = "javascript";
-        await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.assert(spyGetContents.called);
     });
 });
@@ -572,7 +663,7 @@ function queriesToResolvedQueryForm(queries) {
         mockGetContents(dummyResponse);
         const repoReference = "octo-org/codeql-config/config.yaml@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -588,7 +679,7 @@ function queriesToResolvedQueryForm(queries) {
         mockGetContents(dummyResponse);
         const repoReference = "octo-org/codeql-config/config.yaml@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -608,7 +699,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -620,7 +711,7 @@ function queriesToResolvedQueryForm(queries) {
     return await util.withTmpDir(async (tmpDir) => {
         const languages = "rubbish,english";
         try {
-            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -651,7 +742,7 @@ function queriesToResolvedQueryForm(queries) {
         const configFile = path.join(tmpDir, "codeql-config.yaml");
         fs.writeFileSync(configFile, inputFileContents);
         const languages = "javascript";
-        const { packs } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
             [languages_1.Language.javascript]: ["a/b@1.2.3"],
         });
@@ -688,7 +779,7 @@ function queriesToResolvedQueryForm(queries) {
         fs.writeFileSync(configFile, inputFileContents);
         fs.mkdirSync(path.join(tmpDir, "foo"));
         const languages = "javascript,python,cpp";
-        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
             [languages_1.Language.javascript]: ["a/b@1.2.3"],
             [languages_1.Language.python]: ["c/d@1.2.3"],
@@ -734,7 +825,7 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
             const inputFile = path.join(tmpDir, configFile);
             fs.writeFileSync(inputFile, inputFileContents, "utf8");
             try {
-                await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+                await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
                 throw new Error("initConfig did not throw error");
             }
             catch (err) {
@@ -991,7 +1082,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
                     return { packs: [] };
                 },
             });
-            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)(isMlPoweredQueriesEnabled ? [feature_flags_1.Feature.MlPoweredQueriesEnabled] : []), (0, logging_1.getRunnerLogger)(true));
+            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)(isMlPoweredQueriesEnabled ? [feature_flags_1.Feature.MlPoweredQueriesEnabled] : []), (0, logging_1.getRunnerLogger)(true));
             if (expectedVersionString !== undefined) {
                 t.deepEqual(packs, {
                     [languages_1.Language.javascript]: [
@@ -1134,7 +1225,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
             {
                 // no slash
                 url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                 token: "not-a-token",
             },
             {
@@ -1200,7 +1291,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
         const registriesInput = yaml.dump([
             {
                 url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                 token: "not-a-token",
             },
             {
@@ -1227,7 +1318,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
         const registriesInput = yaml.dump([
             {
                 // missing url property
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                 token: "not-a-token",
             },
             {
@@ -1252,7 +1343,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
             {
                 // no slash
                 url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                 token: "not-a-token",
             },
         ]);
@@ -1283,7 +1374,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
         const registriesInput = yaml.dump([
             {
                 url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                 token: "not-a-token",
             },
         ]);

lib/debug-artifacts.js

@@ -74,7 +74,6 @@ async function uploadSarifDebugArtifact(config, outputDir) {
 }
 exports.uploadSarifDebugArtifact = uploadSarifDebugArtifact;
 async function uploadLogsDebugArtifact(config) {
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     let toUpload = [];
     for (const language of config.languages) {
         const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
@@ -83,21 +82,12 @@ async function uploadLogsDebugArtifact(config) {
             toUpload = toUpload.concat((0, util_1.listFolder)(logsDirectory));
         }
     }
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
     // Multilanguage tracing: there are additional logs in the root of the cluster
     const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
     if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
         toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
     }
-    }
     await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-    // Before multi-language tracing, we wrote a compound-build-tracer.log in the temp dir
-    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-        const compoundBuildTracerLogDirectory = path.resolve(config.tempDir, "compound-build-tracer.log");
-        if ((0, util_1.doesDirectoryExist)(compoundBuildTracerLogDirectory)) {
-            await uploadDebugArtifacts([compoundBuildTracerLogDirectory], config.tempDir, config.debugArtifactName);
-        }
-    }
 }
 exports.uploadLogsDebugArtifact = uploadLogsDebugArtifact;
 /**

lib/debug-artifacts.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAiE;AAIjE,iCAMgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;QAChE,8EAA8E;QAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;YACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;SAC3E;KACF;IACD,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,sFAAsF;IACtF,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,CAAC,EAAE;QACnE,MAAM,+BAA+B,GAAG,IAAI,CAAC,OAAO,CAClD,MAAM,CAAC,OAAO,EACd,2BAA2B,CAC5B,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,+BAA+B,CAAC,EAAE;YACvD,MAAM,oBAAoB,CACxB,CAAC,+BAA+B,CAAC,EACjC,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;KACF;AACH,CAAC;AA1CD,0DA0CC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;QACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAxBD,0DAwBC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230317",
+    "bundleVersion": "codeql-bundle-20230428",
-    "cliVersion": "2.12.5",
+    "cliVersion": "2.13.1",
-    "priorBundleVersion": "codeql-bundle-20230304",
+    "priorBundleVersion": "codeql-bundle-20230414",
-    "priorCliVersion": "2.12.4"
+    "priorCliVersion": "2.13.0"
 }

lib/feature-flags.js

@@ -40,6 +40,7 @@ var Feature;
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
+    Feature["DisablePythonDependencyInstallation"] = "disable_python_dependency_installation";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
     [Feature.DisableKotlinAnalysisEnabled]: {
@@ -72,6 +73,16 @@ exports.featureConfig = {
         minimumVersion: "2.11.3",
         defaultValue: true,
     },
+    [Feature.DisablePythonDependencyInstallation]: {
+        envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
+        // Although the python extractor only started supporting not extracting installed
+        // dependencies in 2.13.1, the init-action can still benefit from not installing
+        // dependencies no matter what codeql version we are using, so therefore the
+        // minimumVersion is set to 'undefined'. This means that with an old CodeQL version,
+        // packages available with current python3 installation might get extracted.
+        minimumVersion: undefined,
+        defaultValue: false,
+    },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 /**

lib/fingerprints.js

@@ -194,7 +194,14 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
         logger.debug(`Ignoring location as URI "${location.uri}" is invalid`);
         return undefined;
     }
-    let uri = decodeURIComponent(location.uri);
+    let uri;
+    try {
+        uri = decodeURIComponent(location.uri);
+    }
+    catch (e) {
+        logger.debug(`Ignoring location as URI "${location.uri}" is invalid`);
+        return undefined;
+    }
     // Remove a file scheme, and abort if the scheme is anything else
     const fileUriPrefix = "file://";
     if (uri.startsWith(fileUriPrefix)) {

lib/init-action-post-helper.js

@@ -34,9 +34,10 @@ const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 function createFailedUploadFailedSarifResult(error) {
+    const wrappedError = (0, util_1.wrapError)(error);
     return {
-        upload_failed_run_error: error instanceof Error ? error.message : String(error),
+        upload_failed_run_error: wrappedError.message,
-        upload_failed_run_stack_trace: error instanceof Error ? error.stack : undefined,
+        upload_failed_run_stack_trace: wrappedError.stack,
     };
 }
 /**
@@ -51,7 +52,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
     if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
         return { upload_failed_run_skipped_because: "Feature disabled" };
     }
-    const workflow = await (0, workflow_1.getWorkflow)();
+    const workflow = await (0, workflow_1.getWorkflow)(logger);
     const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
     const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
     const shouldUpload = (0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix);
@@ -109,8 +110,9 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     // but we didn't upload anything.
     if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true" &&
         !uploadFailedSarifResult.raw_upload_size_bytes) {
+        const error = JSON.stringify(uploadFailedSarifResult);
         throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
-            `but the result was instead ${uploadFailedSarifResult}.`);
+            `but the result was instead ${error}.`);
     }
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,KAAK,GAAG,CACzC,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAtDD,kBAsDC"}

lib/init-action-post.js

@@ -48,10 +48,10 @@ async function runWrapper() {
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
         uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actions_util_1.printDebugLogs, repositoryNwo, features, logger);
     }
-    catch (e) {
+    catch (unwrappedError) {
-        core.setFailed(e instanceof Error ? e.message : String(e));
+        const error = (0, util_1.wrapError)(unwrappedError);
-        console.log(e);
+        core.setFailed(error.message);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(e), startedAt, String(e), e instanceof Error ? e.stack : undefined));
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(error), startedAt, error.message, error.stack));
         return;
     }
     const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init-post", "success", startedAt);

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAMxE,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,CAAC,CAAC,EACnB,SAAS,EACT,MAAM,CAAC,CAAC,CAAC,EACT,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACzC,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAIgB;AAMhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/init-action.js

@@ -27,7 +27,6 @@ const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
-const codeql_1 = require("./codeql");
 const feature_flags_1 = require("./feature-flags");
 const init_1 = require("./init");
 const languages_1 = require("./languages");
@@ -36,8 +35,8 @@ const repository_1 = require("./repository");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
-async function sendInitStatusReport(actionStatus, startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger) {
+async function sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
-    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", actionStatus, startedAt);
+    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", (0, actions_util_1.getActionsStatus)(error), startedAt, error?.message, error?.stack);
     const workflowLanguages = (0, actions_util_1.getOptionalInput)("languages");
     const initStatusReport = {
         ...statusReportBase,
@@ -116,7 +115,7 @@ async function run() {
     const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
     const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
     try {
-        const workflowErrors = await (0, workflow_1.validateWorkflow)();
+        const workflowErrors = await (0, workflow_1.validateWorkflow)(logger);
         if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
             return;
         }
@@ -129,8 +128,7 @@ async function run() {
         toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
         toolsVersion = initCodeQLResult.toolsVersion;
         toolsSource = initCodeQLResult.toolsSource;
-        await (0, codeql_1.enrichEnvironment)(codeql);
+        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), (0, actions_util_1.getOptionalInput)("config"), getTrapCachingEnabled(), 
-        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
         // Debug mode is enabled if:
         // - The `init` Action is passed `debug: true`.
         // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
@@ -138,20 +136,24 @@ async function run() {
         (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(), (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, features, logger);
         if (config.languages.includes(languages_1.Language.python) &&
             (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
+            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+                logger.info("Skipping python dependency installation");
+            }
+            else {
                 try {
                     await (0, init_1.installPythonDeps)(codeql, logger);
                 }
-            catch (err) {
+                catch (unwrappedError) {
-                const message = err instanceof Error ? err.message : String(err);
+                    const error = (0, util_1.wrapError)(unwrappedError);
-                logger.warning(`${message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
+                    logger.warning(`${error.message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
                 }
             }
         }
-    catch (e) {
+    }
-        const message = e instanceof Error ? e.message : String(e);
+    catch (unwrappedError) {
-        core.setFailed(message);
+        const error = (0, util_1.wrapError)(unwrappedError);
-        console.log(e);
+        core.setFailed(error.message);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "aborted", startedAt, message));
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "aborted", startedAt, error.message, error.stack));
         return;
     }
     try {
@@ -173,26 +175,26 @@ async function run() {
         if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
         }
+        // Disable Python dependency extraction if feature flag set
+        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
+        }
         const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
         const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", registriesInput, features, apiDetails, logger);
         if (tracerConfig !== undefined) {
             for (const [key, value] of Object.entries(tracerConfig.env)) {
                 core.exportVariable(key, value);
             }
-            if (process.platform === "win32" &&
-                !(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-                await (0, init_1.injectWindowsTracer)("Runner.Worker.exe", undefined, config, codeql, tracerConfig);
-            }
         }
         core.setOutput("codeql-path", config.codeQLCmd);
     }
-    catch (error) {
+    catch (unwrappedError) {
-        core.setFailed(String(error));
+        const error = (0, util_1.wrapError)(unwrappedError);
-        console.log(error);
+        core.setFailed(error.message);
-        await sendInitStatusReport((0, actions_util_1.getActionsStatus)(error), startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
+        await sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error);
         return;
     }
-    await sendInitStatusReport("success", startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
+    await sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
 }
 function getTrapCachingEnabled() {
     // If the workflow specified something always respect that
@@ -210,8 +212,7 @@ async function runWrapper() {
         await run();
     }
     catch (error) {
-        core.setFailed(`init action failed: ${error}`);
+        core.setFailed(`init action failed: ${(0, util_1.wrapError)(error).message}`);
-        console.log(error);
     }
     await (0, util_1.checkForTimeout)();
 }

lib/init.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
+exports.installPythonDeps = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -33,7 +33,6 @@ const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 var ToolsSource;
 (function (ToolsSource) {
     ToolsSource["Unknown"] = "UNKNOWN";
@@ -49,9 +48,9 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
     return { codeql, toolsDownloadDurationMs, toolsSource, toolsVersion };
 }
 exports.initCodeQL = initCodeQL;
-async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, configInput, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
     logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
+    const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, configInput, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
     analysisPaths.printPathFiltersWarning(config, logger);
     logger.endGroup();
     return config;
@@ -60,7 +59,6 @@ exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, registriesInput, features, apiDetails, logger) {
     fs.mkdirSync(config.dbLocation, { recursive: true });
     try {
-        if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
         // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
         // So, create it now.
         // If we are parsing the config file in the Action, then the qlconfig file was already created
@@ -78,17 +76,10 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
         // Init a database cluster
         async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
     }
-        else {
-            for (const language of config.languages) {
-                // Init language database
-                await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
-            }
-        }
-    }
     catch (e) {
         throw processError(e);
     }
-    return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql);
+    return await (0, tracer_config_1.getCombinedTracerConfig)(config);
 }
 exports.runInit = runInit;
 /**
@@ -119,89 +110,6 @@ function processError(e) {
     }
     return e;
 }
-// Runs a powershell script to inject the tracer into a parent process
-// so it can tracer future processes, hopefully including the build process.
-// If processName is given then injects into the nearest parent process with
-// this name, otherwise uses the processLevel-th parent if defined, otherwise
-// defaults to the 3rd parent as a rough guess.
-async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
-    let script;
-    if (processName !== undefined) {
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      while ($true) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Found process: $p"
-        if ($p -eq $null) {
-          throw "Could not determine ${processName} process"
-        }
-        if ($p[0].Name -eq "${processName}") {
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    else {
-        // If the level is not defined then guess at the 3rd parent process.
-        // This won't be correct in every setting but it should be enough in most settings,
-        // and overestimating is likely better in this situation so we definitely trace
-        // what we want, though this does run the risk of interfering with future CI jobs.
-        // Note that the default of 3 doesn't work on github actions, so we include a
-        // special case in the script that checks for Runner.Worker.exe so we can still work
-        // on actions if the runner is invoked there.
-        processLevel = processLevel || 3;
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      for ($i = 0; $i -le ${processLevel}; $i++) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Parent process \${i}: $p"
-        if ($p -eq $null) {
-          throw "Process tree ended before reaching required level"
-        }
-        # Special case just in case the runner is used on actions
-        if ($p[0].Name -eq "Runner.Worker.exe") {
-          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } elseif ($p[0].Name -eq "Agent.Worker.exe") {
-          Write-Host "Found Agent.Worker.exe process which means we are running on Azure Pipelines"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1");
-    fs.writeFileSync(injectTracerPath, script);
-    await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
-        "-ExecutionPolicy",
-        "Bypass",
-        "-file",
-        injectTracerPath,
-        path.resolve(path.dirname(codeql.getPath()), "tools", "win64", "tracer.exe"),
-    ], { env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }).exec();
-}
-exports.injectWindowsTracer = injectWindowsTracer;
 async function installPythonDeps(codeql, logger) {
     logger.startGroup("Setup Python dependencies");
     const scriptsFolder = path.resolve(__dirname, "../python-setup");

lib/setup-codeql.js

@@ -139,7 +139,7 @@ async function tryFindCliVersionDotcomOnly(tagName, logger) {
         return tryGetCodeQLCliVersionForRelease(release.data, logger);
     }
     catch (e) {
-        logger.debug(`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${e instanceof Error ? e.message : e}`);
+        logger.debug(`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${(0, util_1.wrapError)(e).message}`);
         return undefined;
     }
 }
@@ -315,6 +315,13 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
         // If a tools URL was provided, then use that.
         tagName = tryGetTagNameFromUrl(toolsInput, logger);
         url = toolsInput;
+        if (tagName) {
+            const bundleVersion = tryGetBundleVersionFromTagName(tagName, logger);
+            // If the bundle version is a semantic version, it is a CLI version number.
+            if (bundleVersion && semver.valid(bundleVersion)) {
+                cliVersion = convertToSemVer(bundleVersion, logger);
+            }
+        }
     }
     else {
         // Otherwise, use the default CLI version passed in.

lib/setup-codeql.test.js

@@ -57,7 +57,7 @@ ava_1.default.beforeEach(() => {
             t.deepEqual(parsedVersion, expectedVersion);
         }
         catch (e) {
-            t.fail(e instanceof Error ? e.message : String(e));
+            t.fail((0, util_1.wrapError)(e).message);
         }
     }
 });
@@ -117,4 +117,14 @@ ava_1.default.beforeEach(() => {
         message: "Failed to find a release of the CodeQL tools that contains CodeQL CLI 2.12.1.",
     });
 });
+(0, ava_1.default)("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const tagName = "codeql-bundle-v1.2.3";
+        (0, testing_utils_1.mockBundleDownloadApi)({ tagName });
+        const source = await setupCodeql.getCodeQLSource(`https://github.com/github/codeql-action/releases/download/${tagName}/codeql-bundle-linux64.tar.gz`, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, util_1.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true));
+        t.is(source.sourceType, "download");
+        t.is(source["cliVersion"], "1.2.3");
+    });
+});
 //# sourceMappingURL=setup-codeql.test.js.map

lib/setup-codeql.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"setup-codeql.test.js","sourceRoot":"","sources":["../src/setup-codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,uCAA4C;AAC5C,4DAA8C;AAC9C,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,CAAC,CAAC,SAAS,CACT,WAAW,CAAC,mBAAmB,CAC7B,mDAAmD,CACpD,EACD,UAAU,CACX,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9B,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,IAAI;YACF,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,CAC/C,OAAO,EACP,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;SACpD;KACF;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,CAAC,CAAC,EAAE,EAAE;IACtC,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;IAErC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAE/B,kCAAkC;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC,CAAC,SAAS,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAErD,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yEAAyE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1F,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,EAAE,CACF,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACD,wBAAwB,CACzB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iFAAiF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClG,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CACT,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACH;QACE,OAAO,EACL,+EAA+E;KAClF,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"setup-codeql.test.js","sourceRoot":"","sources":["../src/setup-codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,uCAA4C;AAC5C,4DAA8C;AAC9C,mDAMyB;AACzB,iCAKgB;AAEhB,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,CAAC,CAAC,SAAS,CACT,WAAW,CAAC,mBAAmB,CAC7B,mDAAmD,CACpD,EACD,UAAU,CACX,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9B,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,IAAI;YACF,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,CAC/C,OAAO,EACP,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,IAAA,gBAAS,EAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SAC9B;KACF;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,CAAC,CAAC,EAAE,EAAE;IACtC,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;IAErC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAE/B,kCAAkC;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC,CAAC,SAAS,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAErD,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yEAAyE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1F,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,EAAE,CACF,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACD,wBAAwB,CACzB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iFAAiF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClG,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CACT,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACH;QACE,OAAO,EACL,+EAA+E;KAClF,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,MAAM,OAAO,GAAG,sBAAsB,CAAC;QACvC,IAAA,qCAAqB,EAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,eAAe,CAC9C,6DAA6D,OAAO,+BAA+B,EACnG,0CAA0B,EAC1B,yCAAyB,EACzB,oBAAa,CAAC,MAAM,EACpB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACpC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/testing-utils.js

@@ -22,15 +22,28 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createFeatures = exports.mockCodeQLVersion = exports.mockLanguagesInRepo = exports.mockFeatureFlagApiEndpoint = exports.getRecordingLogger = exports.setupActionsVars = exports.setupTests = void 0;
+exports.mockBundleDownloadApi = exports.createFeatures = exports.mockCodeQLVersion = exports.mockLanguagesInRepo = exports.mockFeatureFlagApiEndpoint = exports.getRecordingLogger = exports.setupActionsVars = exports.setupTests = exports.SAMPLE_DEFAULT_CLI_VERSION = exports.SAMPLE_DOTCOM_API_DETAILS = void 0;
 const node_util_1 = require("node:util");
+const path_1 = __importDefault(require("path"));
 const github = __importStar(require("@actions/github"));
-const nock = __importStar(require("nock"));
+const nock_1 = __importDefault(require("nock"));
 const sinon = __importStar(require("sinon"));
 const apiClient = __importStar(require("./api-client"));
 const CodeQL = __importStar(require("./codeql"));
 const util_1 = require("./util");
+exports.SAMPLE_DOTCOM_API_DETAILS = {
+    auth: "token",
+    url: "https://github.com",
+    apiURL: "https://api.github.com",
+};
+exports.SAMPLE_DEFAULT_CLI_VERSION = {
+    cliVersion: "2.0.0",
+    variant: util_1.GitHubVariant.DOTCOM,
+};
 function wrapOutput(context) {
     // Function signature taken from Socket.write.
     // Note there are two overloads:
@@ -92,7 +105,7 @@ function setupTests(test) {
             process.stdout.write(t.context.testOutput);
         }
         // Undo any modifications made by nock
-        nock.cleanAll();
+        nock_1.default.cleanAll();
         // Undo any modifications made by sinon
         sinon.restore();
         // Undo any modifications to the env
@@ -196,4 +209,26 @@ function createFeatures(enabledFeatures) {
     };
 }
 exports.createFeatures = createFeatures;
+/**
+ * Mocks the API for downloading the bundle tagged `tagName`.
+ *
+ * @returns the download URL for the bundle. This can be passed to the tools parameter of
+ * `codeql.setupCodeQL`.
+ */
+function mockBundleDownloadApi({ apiDetails = exports.SAMPLE_DOTCOM_API_DETAILS, isPinned, repo = "github/codeql-action", platformSpecific = true, tagName, }) {
+    const platform = process.platform === "win32"
+        ? "win64"
+        : process.platform === "linux"
+            ? "linux64"
+            : "osx64";
+    const baseUrl = apiDetails?.url ?? "https://example.com";
+    const relativeUrl = apiDetails
+        ? `/${repo}/releases/download/${tagName}/codeql-bundle${platformSpecific ? `-${platform}` : ""}.tar.gz`
+        : `/download/${tagName}/codeql-bundle.tar.gz`;
+    (0, nock_1.default)(baseUrl)
+        .get(relativeUrl)
+        .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
+    return `${baseUrl}${relativeUrl}`;
+}
+exports.mockBundleDownloadApi = mockBundleDownloadApi;
 //# sourceMappingURL=testing-utils.js.map

lib/toolrunner-error-catcher.js

@@ -26,6 +26,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.toolrunnerErrorCatcher = void 0;
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
+const util_1 = require("./util");
 /**
  * Wrapper for toolrunner.Toolrunner which checks for specific return code and/or regex matches in console output.
  * Output will be streamed to the live console as well as captured for subsequent processing.
@@ -83,8 +84,7 @@ async function toolrunnerErrorCatcher(commandLine, args, matchers, options) {
         }
     }
     catch (e) {
-        const error = e instanceof Error ? e : new Error(String(e));
+        throw (0, util_1.wrapError)(e);
-        throw error;
     }
 }
 exports.toolrunnerErrorCatcher = toolrunnerErrorCatcher;

lib/toolrunner-error-catcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AASpD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,QAAgB,CAAC;IACrB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CACxC,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;QAET,mEAAmE;QACnE,IAAI,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAEhD,IAAI,QAAQ,EAAE;YACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,QAAQ;oBAC7B,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC;oBACjC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EACjC;oBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClC;aACF;SACF;QAED,qFAAqF;QACrF,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;SAC7B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,QAAQ,EAAE,CACjE,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AAhED,wDAgEC"}
+{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AAGpD,iCAAmC;AAOnC;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,QAAgB,CAAC;IACrB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CACxC,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;QAET,mEAAmE;QACnE,IAAI,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAEhD,IAAI,QAAQ,EAAE;YACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,QAAQ;oBAC7B,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC;oBACjC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EACjC;oBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClC;aACF;SACF;QAED,qFAAqF;QACrF,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;SAC7B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,QAAQ,EAAE,CACjE,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAA,gBAAS,EAAC,CAAC,CAAC,CAAC;KACpB;AACH,CAAC;AA/DD,wDA+DC"}

lib/tracer-config.js

@@ -23,20 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCombinedTracerConfig = exports.concatTracerConfigs = exports.getTracerConfigForLanguage = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
+exports.getCombinedTracerConfig = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const codeql_1 = require("./codeql");
 const languages_1 = require("./languages");
-const util = __importStar(require("./util"));
-const util_1 = require("./util");
-const CRITICAL_TRACER_VARS = new Set([
-    "SEMMLE_PRELOAD_libtrace",
-    "SEMMLE_RUNNER",
-    "SEMMLE_COPY_EXECUTABLES_ROOT",
-    "SEMMLE_DEPTRACE_SOCKET",
-    "SEMMLE_JAVA_TOOL_OPTIONS",
-]);
 async function endTracingForCluster(config) {
     // If there are no traced languages, we don't need to do anything.
     if (!config.languages.some((l) => (0, languages_1.isTracedLanguage)(l)))
@@ -64,162 +54,17 @@ exports.endTracingForCluster = endTracingForCluster;
 async function getTracerConfigForCluster(config) {
     const tracingEnvVariables = JSON.parse(fs.readFileSync(path.resolve(config.dbLocation, "temp/tracingEnvironment/start-tracing.json"), "utf8"));
     return {
-        spec: tracingEnvVariables["ODASA_TRACER_CONFIGURATION"],
         env: tracingEnvVariables,
     };
 }
 exports.getTracerConfigForCluster = getTracerConfigForCluster;
-async function getTracerConfigForLanguage(codeql, config, language) {
+async function getCombinedTracerConfig(config) {
-    const env = await codeql.getTracerEnv(util.getCodeQLDatabasePath(config, language));
-    const spec = env["ODASA_TRACER_CONFIGURATION"];
-    const info = { spec, env: {} };
-    // Extract critical tracer variables from the environment
-    for (const entry of Object.entries(env)) {
-        const key = entry[0];
-        const value = entry[1];
-        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
-        if (key === "ODASA_TRACER_CONFIGURATION") {
-            continue;
-        }
-        // skip undefined values
-        if (typeof value === "undefined") {
-            continue;
-        }
-        // Keep variables that do not exist in current environment. In addition always keep
-        // critical and CODEQL_ variables
-        if (typeof process.env[key] === "undefined" ||
-            CRITICAL_TRACER_VARS.has(key) ||
-            key.startsWith("CODEQL_")) {
-            info.env[key] = value;
-        }
-    }
-    return info;
-}
-exports.getTracerConfigForLanguage = getTracerConfigForLanguage;
-function concatTracerConfigs(tracerConfigs, config, writeBothEnvironments = false) {
-    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
-    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
-    // Merge the environments
-    const env = {};
-    let copyExecutables = false;
-    let envSize = 0;
-    for (const v of Object.values(tracerConfigs)) {
-        for (const e of Object.entries(v.env)) {
-            const name = e[0];
-            const value = e[1];
-            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
-            if (name === "SEMMLE_COPY_EXECUTABLES_ROOT") {
-                copyExecutables = true;
-            }
-            else if (name in env) {
-                if (env[name] !== value) {
-                    throw Error(`Incompatible values in environment parameter ${name}: ${env[name]} and ${value}`);
-                }
-            }
-            else {
-                env[name] = value;
-                envSize += 1;
-            }
-        }
-    }
-    // Concatenate spec files into a new spec file
-    const languages = Object.keys(tracerConfigs);
-    const cppIndex = languages.indexOf("cpp");
-    // Make sure cpp is the last language, if it's present since it must be concatenated last
-    if (cppIndex !== -1) {
-        const lastLang = languages[languages.length - 1];
-        languages[languages.length - 1] = languages[cppIndex];
-        languages[cppIndex] = lastLang;
-    }
-    const totalLines = [];
-    let totalCount = 0;
-    for (const lang of languages) {
-        const lines = fs
-            .readFileSync(tracerConfigs[lang].spec, "utf8")
-            .split(/\r?\n/);
-        const count = parseInt(lines[1], 10);
-        totalCount += count;
-        totalLines.push(...lines.slice(2));
-    }
-    const newLogFilePath = path.resolve(config.tempDir, "compound-build-tracer.log");
-    const spec = path.resolve(config.tempDir, "compound-spec");
-    const compoundTempFolder = path.resolve(config.tempDir, "compound-temp");
-    const newSpecContent = [
-        newLogFilePath,
-        totalCount.toString(10),
-        ...totalLines,
-    ];
-    if (copyExecutables) {
-        env["SEMMLE_COPY_EXECUTABLES_ROOT"] = compoundTempFolder;
-        envSize += 1;
-    }
-    fs.writeFileSync(spec, newSpecContent.join("\n"));
-    if (writeBothEnvironments || process.platform !== "win32") {
-        // Prepare the content of the compound environment file on Unix
-        let buffer = Buffer.alloc(4);
-        buffer.writeInt32LE(envSize, 0);
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const lineBuffer = Buffer.from(`${key}=${value}\0`, "utf8");
-            const sizeBuffer = Buffer.alloc(4);
-            sizeBuffer.writeInt32LE(lineBuffer.length, 0);
-            buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
-        }
-        // Write the compound environment for Unix
-        const envPath = `${spec}.environment`;
-        fs.writeFileSync(envPath, buffer);
-    }
-    if (writeBothEnvironments || process.platform === "win32") {
-        // Prepare the content of the compound environment file on Windows
-        let bufferWindows = Buffer.alloc(0);
-        let length = 0;
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const string = `${key}=${value}\0`;
-            length += string.length;
-            const lineBuffer = Buffer.from(string, "utf16le");
-            bufferWindows = Buffer.concat([bufferWindows, lineBuffer]);
-        }
-        const sizeBuffer = Buffer.alloc(4);
-        sizeBuffer.writeInt32LE(length + 1, 0); // Add one for trailing null character marking end
-        const trailingNull = Buffer.from(`\0`, "utf16le");
-        bufferWindows = Buffer.concat([sizeBuffer, bufferWindows, trailingNull]);
-        // Write the compound environment for Windows
-        const envPathWindows = `${spec}.win32env`;
-        fs.writeFileSync(envPathWindows, bufferWindows);
-    }
-    return { env, spec };
-}
-exports.concatTracerConfigs = concatTracerConfigs;
-async function getCombinedTracerConfig(config, codeql) {
     // Abort if there are no traced languages as there's nothing to do
     const tracedLanguages = config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l));
     if (tracedLanguages.length === 0) {
         return undefined;
     }
-    let mainTracerConfig;
+    const mainTracerConfig = await getTracerConfigForCluster(config);
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        mainTracerConfig = await getTracerConfigForCluster(config);
-    }
-    else {
-        // Get all the tracer configs and combine them together
-        const tracedLanguageConfigs = {};
-        for (const language of tracedLanguages) {
-            tracedLanguageConfigs[language] = await getTracerConfigForLanguage(codeql, config, language);
-        }
-        mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
-        // Add a couple more variables
-        mainTracerConfig.env["ODASA_TRACER_CONFIGURATION"] = mainTracerConfig.spec;
-        const codeQLDir = path.dirname(codeql.getPath());
-        if (process.platform === "darwin") {
-            mainTracerConfig.env["DYLD_INSERT_LIBRARIES"] = path.join(codeQLDir, "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            mainTracerConfig.env["LD_PRELOAD"] = path.join(codeQLDir, "tools", "linux64", "${LIB}trace.so");
-        }
-    }
     // On macos it's necessary to prefix the build command with the runner executable
     // on order to trace when System Integrity Protection is enabled.
     // The executable also exists and works for other platforms so we output this env

lib/tracer-config.test.js

@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
@@ -56,267 +55,35 @@ function getTestConfig(tmpDir) {
         trapCacheDownloadTime: 0,
     };
 }
-// A very minimal setup
-(0, ava_1.default)("getTracerConfigForLanguage - minimal setup", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, { spec: "abc", env: { foo: "bar" } });
-    });
-});
-// Existing vars should not be overwritten, unless they are critical or prefixed with CODEQL_
-(0, ava_1.default)("getTracerConfigForLanguage - existing / critical vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        // Set up some variables in the environment
-        process.env["foo"] = "abc";
-        process.env["SEMMLE_PRELOAD_libtrace"] = "abc";
-        process.env["SEMMLE_RUNNER"] = "abc";
-        process.env["SEMMLE_COPY_EXECUTABLES_ROOT"] = "abc";
-        process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
-        process.env["SEMMLE_JAVA_TOOL_OPTIONS"] = "abc";
-        process.env["CODEQL_VAR"] = "abc";
-        // Now CodeQL returns all these variables, and one more, with different values
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                    baz: "qux",
-                    SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                    SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                    SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                    SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                    SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                    CODEQL_VAR: "CODEQL_VAR",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, {
-            spec: "abc",
-            env: {
-                // Should contain all variables except 'foo', because that already existed in the
-                // environment with a different value, and is not deemed a "critical" variable.
-                baz: "qux",
-                SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                CODEQL_VAR: "CODEQL_VAR",
-            },
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - minimal configs correctly combined", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nabc\ndef\nghi`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - conflicting env vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        // Ok if env vars have the same name and the same value
-        t.deepEqual((0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "b", c: "c" } },
-        }, config).env, {
-            a: "a",
-            b: "b",
-            c: "c",
-        });
-        // Throws if env vars have same name but different values
-        const e = t.throws(() => (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "c" } },
-        }, config));
-        // If e is undefined, then the previous assertion will fail.
-        if (e !== undefined) {
-            t.deepEqual(e.message, "Incompatible values in environment parameter b: b and c");
-        }
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - cpp spec lines come last if present", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ cpp: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nghi\nabc\ndef`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - SEMMLE_COPY_EXECUTABLES_ROOT is updated to point to compound spec", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        const result = (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { SEMMLE_COPY_EXECUTABLES_ROOT: "foo" } },
-        }, config);
-        t.deepEqual(result.env, {
-            a: "a",
-            b: "b",
-            SEMMLE_COPY_EXECUTABLES_ROOT: path.join(tmpDir, "compound-temp"),
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - compound environment file is created correctly", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                foo: "bar_baz",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config, true);
-        // Check binary contents for the Unix file
-        const envPath = `${result.spec}.environment`;
-        t.true(fs.existsSync(envPath));
-        const buffer = fs.readFileSync(envPath);
-        t.deepEqual(buffer.length, 28);
-        t.deepEqual(buffer.readInt32LE(0), 2); // number of env vars
-        t.deepEqual(buffer.readInt32LE(4), 4); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 8, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(buffer.readInt32LE(12), 12); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 16, 28), "foo=bar_baz\0"); // [key]=[value]\0
-        // Check binary contents for the Windows file
-        const envPathWindows = `${result.spec}.win32env`;
-        t.true(fs.existsSync(envPathWindows));
-        const bufferWindows = fs.readFileSync(envPathWindows);
-        t.deepEqual(bufferWindows.length, 38);
-        t.deepEqual(bufferWindows.readInt32LE(0), 4 + 12 + 1); // number of tchars to represent the environment
-        t.deepEqual(bufferWindows.toString("utf16le", 4, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 12, 36), "foo=bar_baz\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 36, 38), "\0"); // trailing null character
-    });
-});
 (0, ava_1.default)("getCombinedTracerConfig - return undefined when no languages are traced languages", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         const config = getTestConfig(tmpDir);
         // No traced languages
         config.languages = [languages_1.Language.javascript, languages_1.Language.python];
-        const codeQL = (0, codeql_1.setCodeQL)({
+        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config), undefined);
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    CODEQL_DIST: "/",
-                    foo: "bar",
-                };
-            },
-        });
-        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL), undefined);
     });
 });
-(0, ava_1.default)("getCombinedTracerConfig - valid spec file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n2\nabc\ndef");
         const bundlePath = path.join(tmpDir, "bundle");
         const codeqlPlatform = process.platform === "win32"
             ? "win64"
             : process.platform === "darwin"
                 ? "osx64"
                 : "linux64";
-        const codeQL = (0, codeql_1.setCodeQL)({
+        const startTracingEnv = {
-            async getTracerEnv() {
+            foo: "bar",
-                return {
-                    ODASA_TRACER_CONFIGURATION: spec,
             CODEQL_DIST: bundlePath,
             CODEQL_PLATFORM: codeqlPlatform,
-                    foo: "bar",
         };
-            },
+        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
-        });
+        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL);
+        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
+        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
+        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config);
         t.notDeepEqual(result, undefined);
-        const expectedEnv = {
+        const expectedEnv = startTracingEnv;
-            foo: "bar",
-            CODEQL_DIST: bundlePath,
-            CODEQL_PLATFORM: codeqlPlatform,
-            ODASA_TRACER_CONFIGURATION: result.spec,
-        };
-        if (process.platform === "darwin") {
-            expectedEnv["DYLD_INSERT_LIBRARIES"] = path.join(path.dirname(codeQL.getPath()), "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            expectedEnv["LD_PRELOAD"] = path.join(path.dirname(codeQL.getPath()), "tools", "linux64", "${LIB}trace.so");
-        }
         if (process.platform === "win32") {
             expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
         }
@@ -327,7 +94,6 @@ function getTestConfig(tmpDir) {
             expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
         }
         t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
             env: expectedEnv,
         });
     });