update required checks script to handle new release branch

improve handling of changelog processing for backports

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node16
+  using: node20
   main: index.js

.github/actions/release-branches/action.yml

@@ -0,0 +1,25 @@
+name: 'Release branches'
+description: 'Determine branches for release & backport'
+inputs:
+  major_version:
+    description: 'The version as extracted from the package.json file'
+    required: true
+  latest_tag:
+    description: 'The most recent tag published to the repository'
+    required: true
+outputs:
+  backport_source_branch:
+    description: "The release branch for the given tag"
+    value: ${{ steps.branches.outputs.backport_source_branch }}
+  backport_target_branches:
+    description: "JSON encoded list of branches to target with backports"
+    value: ${{ steps.branches.outputs.backport_target_branches }}
+runs:
+  using: "composite"
+  steps:
+    - id: branches
+      run: |
+        python ${{ github.action_path }}/release-branches.py \
+            --major-version ${{ inputs.major_version }} \
+            --latest-tag ${{ inputs.latest_tag }}
+      shell: bash

.github/actions/release-branches/release-branches.py

@@ -0,0 +1,48 @@
+import argparse
+import json
+import os
+import subprocess
+
+# Name of the remote
+ORIGIN = 'origin'
+
+OLDEST_SUPPORTED_MAJOR_VERSION = 2
+
+def main():
+
+  parser = argparse.ArgumentParser()
+  parser.add_argument("--major-version", required=True, type=str, help="The major version of the release")
+  parser.add_argument("--latest-tag", required=True, type=str, help="The most recent tag published to the repository")
+  args = parser.parse_args()
+
+  major_version = args.major_version
+  latest_tag = args.latest_tag
+
+  print("major_version: " + major_version)
+  print("latest_tag: " + latest_tag)
+
+  # If this is a primary release, we backport to all supported branches,
+  # so we check whether the major_version taken from the package.json
+  # is greater than or equal to the latest tag pulled from the repo.
+  # For example...
+  #     'v1' >= 'v2' is False # we're operating from an older release branch and should not backport
+  #     'v2' >= 'v2' is True  # the normal case where we're updating the current version
+  #     'v3' >= 'v2' is True  # in this case we are making the first release of a new major version
+  consider_backports = ( major_version >= latest_tag.split(".")[0] )
+
+  with open(os.environ["GITHUB_OUTPUT"], "a") as f:
+
+    f.write(f"backport_source_branch=releases/{major_version}\n")
+
+    backport_target_branches = []
+
+    if consider_backports:
+      for i in range(int(major_version.strip("v"))-1, 0, -1):
+        branch_name = f"releases/v{i}"
+        if i >= OLDEST_SUPPORTED_MAJOR_VERSION:
+          backport_target_branches.append(branch_name)
+
+    f.write("backport_target_branches="+json.dumps(backport_target_branches)+"\n")
+
+if __name__ == "__main__":
+  main()

.github/actions/release-initialise/action.yml

@@ -0,0 +1,33 @@
+name: 'Prepare release job'
+description: 'Prepare for updating a release branch'
+
+runs:
+  using: "composite"
+  steps:
+
+    - name: Dump environment
+      run: env
+      shell: bash
+
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: '${{ toJson(github) }}'
+      run: echo "$GITHUB_CONTEXT"
+      shell: bash
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.8
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install PyGithub==1.55 requests
+      shell: bash
+
+    - name: Update git config
+      run: |
+        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+        git config --global user.name "github-actions[bot]"
+      shell: bash

.github/actions/setup-swift/action.yml

@@ -24,9 +24,11 @@ runs:
             VERSION="5.7.0"
           elif [ $VERSION = "5.8" ]; then
             VERSION="5.8.0"
-          # setup-swift does not yet support v5.8.1 Remove this when it does.
-          elif [ $VERSION = "5.8.1" ]; then
-            VERSION="5.8.0"
+          elif [ $VERSION = "5.9" ]; then
+            VERSION="5.9.0"
+          # setup-swift does not yet support v5.9.1 Remove this when it does.
+          elif [ $VERSION = "5.9.1" ]; then
+            VERSION="5.9.0"
           fi 
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT

.github/update-release-branch.py

@@ -1,5 +1,6 @@
 import argparse
 import datetime
+import re
 from github import Github
 import json
 import os
@@ -13,8 +14,9 @@ No user facing changes.
 
 """
 
-SOURCE_BRANCH = 'main'
-TARGET_BRANCH = 'releases/v2'
+# NB: This exact commit message is used to find commits for reverting during backports.
+# Changing it requires a transition period where both old and new versions are supported.
+BACKPORT_COMMIT_MESSAGE = 'Update version and changelog for v'
 
 # Name of the remote
 ORIGIN = 'origin'
@@ -34,7 +36,9 @@ def branch_exists_on_remote(branch_name):
   return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
 
 # Opens a PR from the given branch to the target branch
-def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conductor):
+def open_pr(
+  repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch,
+  conductor, is_primary_release, conflicted_files):
   # Sort the commits into the pull requests that introduced them,
   # and any commits that don't have a pull request
   pull_requests = []
@@ -56,7 +60,7 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct
 
   # Start constructing the body text
   body = []
-  body.append(f'Merging {source_branch_short_sha} into {TARGET_BRANCH}.')
+  body.append(f'Merging {source_branch_short_sha} into {target_branch}.')
 
   body.append('')
   body.append(f'Conductor for this PR is @{conductor}.')
@@ -79,20 +83,38 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct
 
   body.append('')
   body.append('Please do the following:')
+  if len(conflicted_files) > 0:
+    body.append(' - [ ] Ensure `package.json` file contains the correct version.')
+    body.append(' - [ ] Add commits to this branch to resolve the merge conflicts ' +
+      'in the following files:')
+    body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
+    body.append(' - [ ] Ensure another maintainer has reviewed the additional commits you added to this ' +
+      'branch to resolve the merge conflicts.')
   body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.')
   body.append(' - [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.')
-  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {TARGET_BRANCH} branch.')
+  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {target_branch} branch.')
   body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.')
-  body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.')
-  body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.')
 
-  title = f'Merge {SOURCE_BRANCH} into {TARGET_BRANCH}'
+  if not is_primary_release:
+    body.append(' - [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.')
+    body.append(' - [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.')
+
+  body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.')
+  body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.')
+
+  if is_primary_release:
+    body.append(' - [ ] Merge the mergeback PR that will automatically be created once this PR is merged.')
+    body.append(' - [ ] Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.')
+
+  title = f'Merge {source_branch} into {target_branch}'
+  labels = ['Update dependencies'] if not is_primary_release else []
 
   # Create the pull request
   # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
   # a maintainer can take the PR out of draft, thereby triggering the PR checks.
-  pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=TARGET_BRANCH, draft=True)
-  print(f'Created PR #{pr.number}')
+  pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True)
+  pr.add_to_labels(*labels)
+  print(f'Created PR #{str(pr.number)}')
 
   # Assign the conductor
   pr.add_to_assignees(conductor)
@@ -102,10 +124,10 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, conduct
 # since the last release to the target branch.
 # This will not include any commits that exist on the target branch
 # that aren't on the source branch.
-def get_commit_difference(repo):
+def get_commit_difference(repo, source_branch, target_branch):
   # Passing split nothing means that the empty string splits to nothing: compare `''.split() == []`
   # to `''.split('\n') == ['']`.
-  commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{TARGET_BRANCH}..{ORIGIN}/{SOURCE_BRANCH}').strip().split()
+  commits = run_git('log', '--pretty=format:%H', f'{ORIGIN}/{target_branch}..{ORIGIN}/{source_branch}').strip().split()
 
   # Convert to full-fledged commit objects
   commits = [repo.get_commit(c) for c in commits]
@@ -153,6 +175,60 @@ def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
 
+def process_changelog_for_backports(source_branch_major_version, target_branch_major_version):
+
+  # changelog entries can use the following format to indicate
+  # that they only apply to newer versions
+  some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]')
+
+  output = ''
+
+  with open('CHANGELOG.md', 'r') as f:
+
+    # until we find the first section, just duplicate all lines
+    while True:
+      line = f.readline()
+      if not line:
+        raise Exception('Could not find any change sections in CHANGELOG.md') # EOF
+
+      output += line
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        # we have found the first section, so now handle things differently
+        break
+
+    # found_content tracks whether we hit two headings in a row
+    found_content = False
+    output += '\n'
+    while True:
+      line = f.readline()
+      if not line:
+        break # EOF
+      line = line.rstrip('\n')
+
+      # filter out changenote entries that apply only to newer versions
+      match = some_versions_only_regex.search(line)
+      if match:
+        if int(target_branch_major_version) < int(match.group(1)):
+          continue
+
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        if found_content == False:
+          # we have found two headings in a row, so we need to add the placeholder message.
+          output += 'No user facing changes.\n'
+        found_content = False
+        output += f'\n{line}\n\n'
+      else:
+        if line.strip() != '':
+          found_content = True
+          # we use the original line here, rather than the stripped version
+          # so that we preserve indentation
+          output += line + '\n'
+
+    with open('CHANGELOG.md', 'w') as f:
+      f.write(output)
+
 def update_changelog(version):
   if (os.path.exists('CHANGELOG.md')):
     content = ''
@@ -182,6 +258,24 @@ def main():
     required=True,
     help='The nwo of the repository, for example github/codeql-action.'
   )
+  parser.add_argument(
+    '--source-branch',
+    type=str,
+    required=True,
+    help='Source branch for release branch update.'
+  )
+  parser.add_argument(
+    '--target-branch',
+    type=str,
+    required=True,
+    help='Target branch for release branch update.'
+  )
+  parser.add_argument(
+    '--is-primary-release',
+    action='store_true',
+    default=False,
+    help='Whether this update is the primary release for the current major version.'
+  )
   parser.add_argument(
     '--conductor',
     type=str,
@@ -191,24 +285,38 @@ def main():
 
   args = parser.parse_args()
 
+  source_branch = args.source_branch
+  target_branch = args.target_branch
+  is_primary_release = args.is_primary_release
+
   repo = Github(args.github_token).get_repo(args.repository_nwo)
-  version = get_current_version()
+
+  # the target branch will be of the form releases/vN, where N is the major version number
+  target_branch_major_version = target_branch.strip('releases/v')
+
+  # split version into major, minor, patch
+  _, v_minor, v_patch = get_current_version().split('.')
+
+  version = f"{target_branch_major_version}.{v_minor}.{v_patch}"
 
   # Print what we intend to go
-  print(f'Considering difference between {SOURCE_BRANCH} and {TARGET_BRANCH}...')
-  source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{SOURCE_BRANCH}').strip()
-  print(f'Current head of {SOURCE_BRANCH} is {source_branch_short_sha}.')
+  print(f'Considering difference between {source_branch} and {target_branch}...')
+  source_branch_short_sha = run_git('rev-parse', '--short', f'{ORIGIN}/{source_branch}').strip()
+  print(f'Current head of {source_branch} is {source_branch_short_sha}.')
 
   # See if there are any commits to merge in
-  commits = get_commit_difference(repo=repo)
+  commits = get_commit_difference(repo=repo, source_branch=source_branch, target_branch=target_branch)
   if len(commits) == 0:
-    print(f'No commits to merge from {SOURCE_BRANCH} to {TARGET_BRANCH}.')
+    print(f'No commits to merge from {source_branch} to {target_branch}.')
     return
 
+  # define distinct prefix in order to support specific pr checks on backports
+  branch_prefix = 'update' if is_primary_release else 'backport'
+
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = f'update-v{version}-{source_branch_short_sha}'
+  new_branch_name = f'{branch_prefix}-v{version}-{source_branch_short_sha}'
   print(f'Branch name is {new_branch_name}.')
 
   # Check if the branch already exists. If so we can abort as this script
@@ -220,17 +328,74 @@ def main():
   # Create the new branch and push it to the remote
   print(f'Creating branch {new_branch_name}.')
 
-  # If we're performing a standard release, there won't be any new commits on the target branch,
-  # as these will have already been merged back into the source branch. Therefore we can just
-  # start from the source branch.
-  run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{SOURCE_BRANCH}')
+  # The process of creating the v{Older} release can run into merge conflicts. We commit the unresolved
+  # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to
+  # reconstruct the release manually)
+  conflicted_files = []
 
-  print('Updating changelog')
-  update_changelog(version)
+  if not is_primary_release:
 
-  # Create a commit that updates the CHANGELOG
-  run_git('add', 'CHANGELOG.md')
-  run_git('commit', '-m', f'Update changelog for v{version}')
+    # the source branch will be of the form releases/vN, where N is the major version number
+    source_branch_major_version = source_branch.strip('releases/v')
+
+    # If we're performing a backport, start from the target branch
+    print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch')
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}')
+
+    # Revert the commit that we made as part of the last release that updated the version number and
+    # changelog to refer to {older}.x.x variants. This avoids merge conflicts in the changelog and
+    # package.json files when we merge in the v{latest} branch.
+    # This commit will not exist the first time we release the v{N-1} branch from the v{N} branch, so we
+    # use `git log --grep` to conditionally revert the commit.
+    print('Reverting the version number and changelog updates from the last release to avoid conflicts')
+    vOlder_update_commits = run_git('log', '--grep', f'^{BACKPORT_COMMIT_MESSAGE}', '--format=%H').split()
+
+    if len(vOlder_update_commits) > 0:
+      print(f'  Reverting {vOlder_update_commits[0]}')
+      # Only revert the newest commit as older ones will already have been reverted in previous
+      # releases.
+      run_git('revert', vOlder_update_commits[0], '--no-edit')
+
+      # Also revert the "Update checked-in dependencies" commit created by Actions.
+      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
+      print(f'  Reverting {update_dependencies_commit}')
+      run_git('revert', update_dependencies_commit, '--no-edit')
+
+    else:
+      print('  Nothing to revert.')
+
+    print(f'Merging {ORIGIN}/{source_branch} into the release prep branch')
+    # Commit any conflicts (see the comment for `conflicted_files`)
+    run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True)
+    conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines()
+    if len(conflicted_files) > 0:
+      run_git('add', '.')
+      run_git('commit', '--no-edit')
+
+    # Migrate the package version number from a vLatest version number to a vOlder version number
+    print(f'Setting version number to {version}')
+    subprocess.check_output(['npm', 'version', version, '--no-git-tag-version'])
+    run_git('add', 'package.json', 'package-lock.json')
+
+    # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
+    print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')
+    process_changelog_for_backports(source_branch_major_version, target_branch_major_version)
+
+    # Amend the commit generated by `npm version` to update the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'{BACKPORT_COMMIT_MESSAGE}{version}')
+  else:
+    # If we're performing a standard release, there won't be any new commits on the target branch,
+    # as these will have already been merged back into the source branch. Therefore we can just
+    # start from the source branch.
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{source_branch}')
+
+    print('Updating changelog')
+    update_changelog(version)
+
+    # Create a commit that updates the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'Update changelog for v{version}')
 
   run_git('push', ORIGIN, new_branch_name)
 
@@ -240,7 +405,11 @@ def main():
     commits,
     source_branch_short_sha,
     new_branch_name,
+    source_branch=source_branch,
+    target_branch=target_branch,
     conductor=args.conductor,
+    is_primary_release=is_primary_release,
+    conflicted_files=conflicted_files
   )
 
 if __name__ == '__main__':

.github/workflows/__all-platform-bundle.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__analyze-ref-input.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__autobuild-action.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__config-export.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -76,7 +92,7 @@ jobs:
         path: ${{ runner.temp }}/results/javascript.sarif
         retention-days: 7
     - name: Check config properties appear in SARIF
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       env:
         SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
       with:

.github/workflows/__cpp-deptrace-disabled.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__cpp-deptrace-enabled.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__diagnostics-export.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -98,7 +114,7 @@ jobs:
         path: ${{ runner.temp }}/results/javascript.sarif
         retention-days: 7
     - name: Check diagnostics appear in SARIF
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       env:
         SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
       with:

.github/workflows/__export-file-baseline-information.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__extractor-ram-threads.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-custom-queries.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -70,7 +86,7 @@ jobs:
         output: ${{ runner.temp }}/results
         upload-database: false
     - name: Check diagnostic appears in SARIF
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       env:
         SARIF_PATH: ${{ runner.temp }}/results/go.sarif
       with:

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-autobuilder.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__init-with-registries.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -51,6 +51,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__javascript-source-root.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__language-aliases.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__multi-language-autodetect.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-config-inputs-js.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-config-js.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-inputs-js.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__remote-config.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__resolve-environment-action.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -56,6 +56,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__rubocop-multi-language.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__ruby.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__scaling-reserved-ram.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__split-workflow.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__submit-sarif-failure.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__swift-custom-build.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-autobuild-working-dir.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-local-codeql.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-proxy.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__unset-environment.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -48,6 +48,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__upload-ref-sha-input.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__with-checkout-path.yml

@@ -12,7 +12,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -96,27 +112,34 @@ jobs:
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Delete original checkout
+      shell: bash
+      run: |
+        # delete the original checkout so we don't accidentally use it.
+        # Actions does not support deleting the current working directory, so we
+        # delete the contents of the directory instead.
+        rm -rf ./* .github .git
+  # Check out the actions repo again, but at a different location.
+  # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
     - uses: actions/checkout@v4
       with:
         ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
         path: x/y/z/some-path
+
     - uses: ./../action/init
       with:
         tools: ${{ steps.prepare-test.outputs.tools-url }}
       # it's enough to test one compiled language and one interpreted language
         languages: csharp,javascript
-        source-path: x/y/z/some-path/tests/multi-language-repo
+        source-root: x/y/z/some-path/tests/multi-language-repo
         debug: true
-    - name: Build code (non-windows)
+
+    - name: Build code
       shell: bash
-      if: ${{ runner.os != 'Windows' }}
+      working-directory: x/y/z/some-path/tests/multi-language-repo
       run: |
-        $CODEQL_RUNNER x/y/z/some-path/tests/multi-language-repo/build.sh
-    - name: Build code (windows)
-      shell: bash
-      if: ${{ runner.os == 'Windows' }}
-      run: |
-        x/y/z/some-path/tests/multi-language-repo/build.sh
+        ./build.sh
+
     - uses: ./../action/analyze
       with:
         checkout_path: x/y/z/some-path/tests/multi-language-repo

.github/workflows/codeql.yml

@@ -2,9 +2,9 @@ name: "CodeQL action"
 
 on:
   push:
-    branches: [main, releases/v2]
+    branches: [main, releases/v*]
   pull_request:
-    branches: [main, releases/v2]
+    branches: [main, releases/v*]
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]

.github/workflows/codescanning-config-cli.yml

@@ -9,7 +9,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened

.github/workflows/debug-artifacts-failure.yml

@@ -10,7 +10,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -39,9 +39,20 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: latest
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -52,7 +63,7 @@ jobs:
         shell: bash
         run: ./build.sh
       - uses: ./../action/analyze
-        id: analysis  
+        id: analysis
         with:
           expect-error: true
           ram: 1

.github/workflows/debug-artifacts.yml

@@ -9,7 +9,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -46,9 +46,20 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: ${{ matrix.version }}
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         id: init
         with:
@@ -63,7 +74,7 @@ jobs:
         shell: bash
         run: ./build.sh
       - uses: ./../action/analyze
-        id: analysis  
+        id: analysis
   download-and-check-artifacts:
     name: Download and check debug artifacts
     needs: upload-artifacts

.github/workflows/expected-queries-runs.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened

.github/workflows/post-release-mergeback.yml

@@ -1,9 +1,9 @@
-# This workflow runs after a release of the action. It:
-# 1. Merges any changes from the release back into the main branch. Typically, this is just a single
-#    commit that updates the changelog.
-# 2. Tags the merge commit on the release branch that represents the new release with an `v2.x.y`
+# This workflow runs after a merge to any release branch of the action. It:
+# 1. Tags the merge commit on the release branch that represents the new release with an `vN.x.y`
 #    tag
-# 3. Updates the `v2` tag to refer to this merge commit.
+# 2. Updates the `vN` tag to refer to this merge commit.
+# 3. Iff vN == vLatest, merges any changes from the release back into the main branch.
+#    Typically, this is two commits – one to update the version number and one to update dependencies.
 name: Tag release and merge back
 
 on:
@@ -16,7 +16,7 @@ on:
 
   push:
     branches:
-      - releases/v2
+      - releases/v*
 
 jobs:
   merge-back:
@@ -36,6 +36,8 @@ jobs:
         run: echo "${GITHUB_CONTEXT}"
 
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
       - uses: actions/setup-node@v4
 
       - name: Update git config
@@ -51,6 +53,8 @@ jobs:
           short_sha="${GITHUB_SHA:0:8}"
           NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
           echo "newBranch=${NEW_BRANCH}" >> $GITHUB_OUTPUT
+          LATEST_RELEASE_BRANCH=$(git branch -r | grep -E "origin/releases/v[0-9]+$" | sed 's/origin\///g' | sort -V | tail -1 | xargs)
+          echo "latest_release_branch=${LATEST_RELEASE_BRANCH}" >> $GITHUB_OUTPUT
 
       - name: Dump branches
         env:
@@ -59,6 +63,8 @@ jobs:
           echo "BASE_BRANCH ${BASE_BRANCH}"
           echo "HEAD_BRANCH ${HEAD_BRANCH}"
           echo "NEW_BRANCH ${NEW_BRANCH}"
+          echo "LATEST_RELEASE_BRANCH ${LATEST_RELEASE_BRANCH}"
+          echo "GITHUB_REF ${GITHUB_REF}"
 
       - name: Create mergeback branch
         env:
@@ -89,8 +95,6 @@ jobs:
         env:
           VERSION: ${{ steps.getVersion.outputs.version }}
         run: |
-          # Unshallow the repo in order to allow pushes
-          git fetch --unshallow
           # Create the `vx.y.z` tag
           git tag --annotate "${VERSION}" --message "${VERSION}"
           # Update the `vx` tag
@@ -99,13 +103,13 @@ jobs:
           git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force
           # Push the tags, using:
           # - `--atomic` to make sure we either update both tags or neither (an intermediate state,
-          #   e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in
-          #   unwanted Dependabot updates, e.g. from v2 to v2.x.y)
-          # - `--force` since we're overwriting the `vx` tag
+          #   e.g. where we update the vN.x.y tag on the remote but not the vN tag, could result in
+          #   unwanted Dependabot updates, e.g. from vN to vN.x.y)
+          # - `--force` since we're overwriting the `vN` tag
           git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
 
       - name: Create mergeback branch
-        if: steps.check.outputs.exists != 'true'
+        if: ${{ steps.check.outputs.exists != 'true' && endsWith(github.ref_name, steps.getVersion.outputs.latest_release_branch) }}
         env:
           VERSION: "${{ steps.getVersion.outputs.version }}"
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
@@ -129,8 +133,8 @@ jobs:
           # Update the version number ready for the next release
           npm version patch --no-git-tag-version
 
-          # Update the changelog
-          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md
+          # Update the changelog, adding a new version heading directly above the most recent existing one
+          awk '!f && /##/{print "'"## [UNRELEASED]\n\nNo user facing changes.\n"'"; f=1}1' CHANGELOG.md > temp && mv temp CHANGELOG.md
           git add .
           git commit -m "Update changelog and version after ${VERSION}"
 

.github/workflows/pr-checks.yml

@@ -2,7 +2,7 @@ name: PR Checks
 
 on:
   push:
-    branches: [main, releases/v2]
+    branches: [main, releases/v*]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -15,6 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 45
 
+    strategy:
+      matrix:
+        node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -22,6 +26,28 @@ jobs:
       - name: Lint
         run: npm run-script lint
 
+      - name: Update version of @types/node
+        if: matrix.node-types-version != 'current'
+        env:
+          NODE_TYPES_VERSION: ${{ matrix.node-types-version }}
+        run: |
+          # Export `NODE_TYPES_VERSION` so it's available to jq
+          export NODE_TYPES_VERSION="${NODE_TYPES_VERSION}"
+          contents=$(jq '.devDependencies."@types/node" = env.NODE_TYPES_VERSION' package.json)
+          echo "${contents}" > package.json
+          # Usually we run `npm install` on macOS to ensure that we pick up macOS-only dependencies.
+          # However we're not checking in the updated lockfile here, so it's fine to run
+          # `npm install` on Linux.
+          npm install
+
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git config --global user.email "github-actions@github.com"
+            git config --global user.name "github-actions[bot]"
+            # The period in `git add --all .` ensures that we stage deleted files too.
+            git add --all .
+            git commit -m "Use @types/node=${NODE_TYPES_VERSION}"
+          fi
+
       - name: Check generated JS
         run: .github/workflows/script/check-js.sh
 
@@ -45,7 +71,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 
@@ -69,6 +95,18 @@ jobs:
     timeout-minutes: 45
 
     steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+
       - uses: actions/checkout@v4
       - name: npm test
         run: |
@@ -76,3 +114,44 @@ jobs:
           # we won't be able to find them on Windows.
           npm config set script-shell bash
           npm test
+
+  check-node-version:
+    if: ${{ github.event.pull_request }}
+    name: Check Action Node versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    env:
+      BASE_REF: ${{ github.base_ref }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - id: head-version
+        name: Verify all Actions use the same Node version
+        run: |
+          NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "NODE_VERSION: ${NODE_VERSION}"
+          if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then
+            echo "::error::More than one node version used in 'action.yml' files."
+            exit 1
+          fi
+          echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
+
+      - id: checkout-base
+        name: 'Backport: Check out base ref'
+        if: ${{ startsWith(github.head_ref, 'backport-') }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BASE_REF }}
+
+      - name: 'Backport: Verify Node versions unchanged'
+        if: steps.checkout-base.outcome == 'success'
+        env:
+          HEAD_VERSION: ${{ steps.head-version.outputs.node_version }}
+        run: |
+          BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "HEAD_VERSION: ${HEAD_VERSION}"
+          echo "BASE_VERSION: ${BASE_VERSION}"
+          if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then
+            echo "::error::Cannot change the Node version of an Action in a backport PR."
+            exit 1
+          fi

.github/workflows/python-deps.yml

@@ -2,7 +2,7 @@ name: Test Python Package Installation
 
 on:
   push:
-    branches: [main, releases/v2]
+    branches: [main, releases/v*]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -36,6 +36,18 @@ jobs:
       PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: |
+        matrix.os == 'macos-latest' && (
+        matrix.version == 'stable-20220908' ||
+        matrix.version == 'stable-20221211' ||
+        matrix.version == 'stable-20230418' ||
+        matrix.version == 'stable-v2.13.5' ||
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
@@ -139,7 +151,7 @@ jobs:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/python312-windows.yml

@@ -2,7 +2,7 @@ name: Test that the workaround for python 3.12 on windows works
 
 on:
   push:
-    branches: [main, releases/v2]
+    branches: [main, releases/v*]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -18,7 +18,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: 3.12
 
@@ -38,4 +38,5 @@ jobs:
     - name: Analyze
       uses: ./../action/analyze
       with:
+        upload: false
         upload-database: false

.github/workflows/query-filters.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened

.github/workflows/rebuild.yml

@@ -31,7 +31,7 @@ jobs:
           npm run build
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 

.github/workflows/script/update-required-checks.sh

@@ -23,15 +23,22 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 
-echo "{\"contexts\": ${CHECKS}}" > checks.json
-
-for BRANCH in main releases/v2; do
+for BRANCH in main releases/v2 releases/v3; do
   echo "Updating $BRANCH"
+  echo "{\"contexts\": ${CHECKS}}" > checks.json
+
+  # we need to special case the JS checks for releases/v2
+  if [ "$BRANCH" == "releases/v2" ]; then
+    # we remove entries matching "Check JS (*" and add "Check JS" to the list
+    PROCESSED_CHECKS="$(echo "$CHECKS" | jq --compact-output --raw-output 'map(select(. | contains("Check JS (") | not)) + ["Check JS"] | unique | sort' )"
+    echo "{\"contexts\": ${PROCESSED_CHECKS}}" > checks.json
+  fi
   gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
+  # cat checks.json | jq > checks-"${BRANCH//\//-}".json
 done
 
 rm checks.json

.github/workflows/test-codeql-bundle-all.yml

@@ -9,7 +9,7 @@ on:
   push:
     branches:
     - main
-    - releases/v2
+    - releases/v*
   pull_request:
     types:
     - opened
@@ -53,4 +53,4 @@ jobs:
       with:
         upload-database: false
     env:
-      CODEQL_ACTION_TEST_MODE: true
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/update-release-branch.yml

@@ -1,46 +1,131 @@
 name: Update release branch
 on:
   # You can trigger this workflow via workflow dispatch to start a release.
-  # This will open a PR to update the v2 release branch.
+  # This will open a PR to update the latest release branch.
   workflow_dispatch:
 
+  # When a release is complete this workflow will open up backport PRs to older release branches.
+  # NB while it will trigger on any release branch update, the backport job will not proceed for
+  # anything other than than releases/v{latest}
+  push:
+    branches:
+      - releases/*
+
 jobs:
+
+  prepare:
+    runs-on: ubuntu-latest
+    if: github.repository == 'github/codeql-action'
+    outputs:
+      version: ${{ steps.versions.outputs.version }}
+      major_version: ${{ steps.versions.outputs.major_version }}
+      latest_tag: ${{ steps.versions.outputs.latest_tag }}
+      backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }}
+      backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Need full history for calculation of diffs
+    - uses: ./.github/actions/release-initialise
+
+    - name: Get version tags
+      id: versions
+      run: |
+        VERSION="v$(jq '.version' -r 'package.json')"
+        echo "version=${VERSION}" >> $GITHUB_OUTPUT
+        MAJOR_VERSION=$(cut -d '.' -f1 <<< "${VERSION}")
+        echo "major_version=${MAJOR_VERSION}" >> $GITHUB_OUTPUT
+        LATEST_TAG=$(git tag --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+' | head -1)
+        echo "latest_tag=${LATEST_TAG}" >> $GITHUB_OUTPUT
+
+    - id: branches
+      name: Determine older release branches
+      uses: ./.github/actions/release-branches
+      with:
+        major_version: ${{ steps.versions.outputs.major_version }}
+        latest_tag: ${{ steps.versions.outputs.latest_tag }}
+
+    - name: debug logging
+      run: |
+        echo 'version: ${{ steps.versions.outputs.version }}'
+        echo 'major_version: ${{ steps.versions.outputs.major_version }}'
+        echo 'latest_tag: ${{ steps.versions.outputs.latest_tag }}'
+        echo 'backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }}'
+        echo 'backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }}'
+
   update:
     timeout-minutes: 45
     runs-on: ubuntu-latest
-    if: github.repository == 'github/codeql-action'
+    if: github.event_name == 'workflow_dispatch'
+    needs: [prepare]
+    env:
+      REF_NAME: "${{ github.ref_name }}"
+      REPOSITORY: "${{ github.repository }}"
+      MAJOR_VERSION: "${{ needs.prepare.outputs.major_version }}"
+      LATEST_TAG: "${{ needs.prepare.outputs.latest_tag }}"
     steps:
-    - name: Dump environment
-      run: env
-
-    - name: Dump GitHub context
-      env:
-        GITHUB_CONTEXT: '${{ toJson(github) }}'
-      run: echo "$GITHUB_CONTEXT"
-
     - uses: actions/checkout@v4
       with:
-        # Need full history so we calculate diffs
-        fetch-depth: 0
+        fetch-depth: 0  # Need full history for calculation of diffs
+    - uses: ./.github/actions/release-initialise
 
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: 3.8
-
-    - name: Install dependencies
+    # when the workflow has been manually triggered on main,
+    # we know that we definitely want the release branch to exist
+    - name: Ensure release branch exists
       run: |
-        python -m pip install --upgrade pip
-        pip install PyGithub==1.55 requests
+        echo "MAJOR_VERSION ${MAJOR_VERSION}"
+        RELEASE_BRANCH=releases/${MAJOR_VERSION}
+        if git checkout $RELEASE_BRANCH > /dev/null 2>&1; then
+            echo "Branch $RELEASE_BRANCH already exists"
+            echo ""
+        else
+            echo "Creating $RELEASE_BRANCH branch"
+            git checkout -b ${RELEASE_BRANCH} ${LATEST_TAG}
+            git push --set-upstream origin ${RELEASE_BRANCH}
+            git branch --show-current
+            echo ""
+        fi
+        echo "Returning to branch: ${REF_NAME}"
+        git checkout ${REF_NAME}
 
-    - name: Update git config
-      run: |
-        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-        git config --global user.name "github-actions[bot]"
-
-    - name: Update release branch
+    - name: Update current release branch
+      if: github.event_name == 'workflow_dispatch'
       run: |
+        echo SOURCE_BRANCH=${REF_NAME}
+        echo TARGET_BRANCH=releases/${MAJOR_VERSION}
         python .github/update-release-branch.py \
           --github-token ${{ secrets.GITHUB_TOKEN }} \
           --repository-nwo ${{ github.repository }} \
+          --source-branch '${{ env.REF_NAME }}' \
+          --target-branch 'releases/${{ env.MAJOR_VERSION }}' \
+          --is-primary-release \
+          --conductor ${GITHUB_ACTOR}
+
+  backport:
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    needs: [prepare]
+    if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }}
+    strategy:
+      fail-fast: false
+      matrix:
+        target_branch: ${{ fromJson(needs.prepare.outputs.backport_target_branches) }}
+    env:
+      SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
+      TARGET_BRANCH: ${{ matrix.target_branch }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Need full history for calculation of diffs
+    - uses: ./.github/actions/release-initialise
+
+    - name: Update older release branch
+      run: |
+        echo SOURCE_BRANCH=${SOURCE_BRANCH}
+        echo TARGET_BRANCH=${TARGET_BRANCH}
+        python .github/update-release-branch.py \
+          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --repository-nwo ${{ github.repository }} \
+          --source-branch ${SOURCE_BRANCH} \
+          --target-branch ${TARGET_BRANCH} \
           --conductor ${GITHUB_ACTOR}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action

CHANGELOG.md

@@ -2,10 +2,39 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
+
 ## [UNRELEASED]
 
 No user facing changes.
 
+## 3.22.11 - 13 Dec 2023
+
+- [v3+ only] The CodeQL Action now runs on Node.js v20. [#2006](https://github.com/github/codeql-action/pull/2006)
+
+## 2.22.10 - 12 Dec 2023
+
+- Update default CodeQL bundle version to 2.15.4. [#2016](https://github.com/github/codeql-action/pull/2016)
+
+## 2.22.9 - 07 Dec 2023
+
+No user facing changes.
+
+## 2.22.8 - 23 Nov 2023
+
+- Update default CodeQL bundle version to 2.15.3. [#2001](https://github.com/github/codeql-action/pull/2001)
+
+## 2.22.7 - 16 Nov 2023
+
+- Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. [#1993](https://github.com/github/codeql-action/pull/1993)
+  - If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
+  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace `github/codeql-action/*@v2` by `github/codeql-action/*@v2.22.7` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
+
+## 2.22.6 - 14 Nov 2023
+
+- Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a [`setup-python`](https://github.com/actions/setup-python) step to your code scanning workflow before the step that invokes `github/codeql-action/init`.
+- Update default CodeQL bundle version to 2.15.2. [#1978](https://github.com/github/codeql-action/pull/1978)
+
 ## 2.22.5 - 27 Oct 2023
 
 No user facing changes.
@@ -16,7 +45,7 @@ No user facing changes.
 - Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
   - All code scanning workflows should continue to succeed regardless of the warning.
   - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
-  - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
+  - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959).
 
 ## 2.22.3 - 13 Oct 2023
 

CONTRIBUTING.md

@@ -72,11 +72,13 @@ Once the mergeback has been merged to `main`, the release is complete.
 
 ## Keeping the PR checks up to date (admin access required)
 
-Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the required checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
 
 1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
 2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
-3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
+3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v2`, and `v2` have been updated.
+
+Note that the `update-required-checks.sh` script should be updated when there are new diversions between the checks on different release branches.
 
 ## Deprecating a CodeQL version (write access required)
 
@@ -99,6 +101,21 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH
     - Add a changelog note announcing the new minimum version of CodeQL that is now required.
     - Example PR: https://github.com/github/codeql-action/pull/1907
 
+## Deprecating a CodeQL Action version (write access required)
+
+We sometimes maintain multiple versions of the CodeQL Action to enable customers on older but still supported versions of GitHub Enterprise Server (GHES) to continue to benefit from the latest CodeQL improvements. To accomplish this, the release process automation listens to updates to the release branch for the newest supported version.  When this branch is updated, the release process automatically opens backport PRs to update the release branches for older versions.
+
+We typically deprecate older versions of the Action once all supported GHES versions are compatible with the version of Node.js we are using on `main`.
+
+To deprecate an older version of the Action:
+
+1. Notify any users who are still pinned to the `vN` tag of the deprecated version of the Action, giving as much notice as is practical.
+   - Add a changelog note announcing the deprecation.
+   - Implement an Actions warning for customers using the deprecated version.
+1. Wait for the deprecation period to pass.
+1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
+1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
+
 ## Resources
 
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)

analyze/action.yml

@@ -84,6 +84,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: "node16"
+  using: node20
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -13,5 +13,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: 'node16'
+  using: node20
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -109,6 +109,6 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: 'node16'
+  using: node20
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/actions-util.js

@@ -177,7 +177,7 @@ async function getRef() {
     const hasShaInput = !!shaInput;
     // If one of 'ref' or 'sha' are provided, both are required
     if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
-        throw new Error("Both 'ref' and 'sha' are required if one of them is provided.");
+        throw new util_1.UserError("Both 'ref' and 'sha' are required if one of them is provided.");
     }
     const ref = refInput || getRefFromEnv();
     const sha = shaInput || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IACE,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC;QACvC,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACvC;QACA,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACzD;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;KAC5E;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AAjCD,wEAiCC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IACE,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC;QACvC,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACvC,CAAC;QACD,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAC7E,CAAC;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAjCD,wEAiCC"}

lib/analyze-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}
+{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAlBD,kBAkBC"}

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAC7E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze.js

@@ -41,6 +41,7 @@ const languages_1 = require("./languages");
 const tracer_config_1 = require("./tracer-config");
 const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
     constructor(queriesStatusReport, message) {
         super(message);
@@ -173,7 +174,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 if (!hasBuiltinQueries &&
                     !hasCustomQueries &&
                     !hasPackWithCustomQueries) {
-                    throw new Error(`Unable to analyze ${language} as no queries were selected for this language`);
+                    throw new util_1.UserError(`Unable to analyze ${language} as no queries were selected for this language`);
                 }
                 const customQueryIndices = [];
                 for (let i = 0; i < queries.custom.length; ++i) {
@@ -355,7 +356,7 @@ function validateQueryFilters(queryFilters) {
         return [];
     }
     if (!Array.isArray(queryFilters)) {
-        throw new Error(`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`);
+        throw new util_1.UserError(`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`);
     }
     const errors = [];
     for (const qf of queryFilters) {
@@ -368,7 +369,7 @@ function validateQueryFilters(queryFilters) {
         }
     }
     if (errors.length) {
-        throw new Error(`Invalid query filter.\n${errors.join("\n")}`);
+        throw new util_1.UserError(`Invalid query filter.\n${errors.join("\n")}`);
     }
     return queryFilters;
 }

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE;QACxD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;KACvC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE;QACpE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;KACvC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,WAAW,EAAE;QACtE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,CAAC;KACrC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE;QACpE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;KAC3C;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AA7BD,0DA6BC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;KACH;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,OAAO,WAAW,CAAC;KACpB;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;YACjD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE;gBAChC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;aAC5C;iBAAM;gBACL,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;aACjC;SACF;KACF;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,WAAW,EAAE,CAAC;QACvE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AA7BD,0DA6BC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.11", "minimumVersion": "3.7" }
+{ "maximumVersion": "3.12", "minimumVersion": "3.7" }

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAKgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;aAC9C;SACF;KACF;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KACxE;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAKgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/autobuild.js

@@ -51,11 +51,11 @@ async function determineAutobuildLanguages(config, logger) {
      * For example, consider a user with the following workflow file:
      *
      * ```yml
-     * - uses: github/codeql-action/init@v2
+     * - uses: github/codeql-action/init@v3
      *   with:
      *     languages: go, java
-     * - uses: github/codeql-action/autobuild@v2
-     * - uses: github/codeql-action/analyze@v2
+     * - uses: github/codeql-action/autobuild@v3
+     * - uses: github/codeql-action/analyze@v3
      * ```
      *
      * - With Go extraction disabled, we will run the Java autobuilder in the

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAA0B,EAC1B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE;QACvB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;KAClB;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE;QAChD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;KAChD;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE;QACpE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;KAC7B;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE;QAC1C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;KACH;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtFD,kEAsFC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IAC7D,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE;QACtE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B;YACA,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACtC;aAAM;YACL,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SACrC;KACF;SAAM;QACL,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACtC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE;QAC7B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACzC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;QAC5B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;KAC1D;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAA0B,EAC1B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtFD,kEAsFC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IAC7D,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}

lib/codeql.js

@@ -77,15 +77,15 @@ const CODEQL_MINIMUM_VERSION = "2.10.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.10.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.11.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.6";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-09-12";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
 /*
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
@@ -161,7 +161,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
             codeqlCmd += ".exe";
         }
         else if (process.platform !== "linux" && process.platform !== "darwin") {
-            throw new Error(`Unsupported platform: ${process.platform}`);
+            throw new util.UserError(`Unsupported platform: ${process.platform}`);
         }
         cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
         return {
@@ -356,19 +356,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             await runTool(autobuildCmd);
         },
         async extractScannedLanguage(config, language) {
-            const databasePath = util.getCodeQLDatabasePath(config, language);
-            // Set trace command
-            const ext = process.platform === "win32" ? ".cmd" : ".sh";
-            const traceCommand = path.resolve(await this.resolveExtractor(language), "tools", `autobuild${ext}`);
-            // Run trace command
             await runTool(cmd, [
                 "database",
                 "trace-command",
+                "--index-traceless-dbs",
                 ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
                 ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                databasePath,
-                "--",
-                traceCommand,
+                util.getCodeQLDatabasePath(config, language),
             ]);
         },
         async finalizeDatabase(databasePath, threadsFlag, memoryFlag) {
@@ -470,7 +464,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "run-queries",
                 ...flags,
                 databasePath,
-                "--min-disk-free=1024",
+                "--min-disk-free=1024", // Try to leave at least 1GB free
                 "-v",
                 ...getExtraOptionsFromEnv(["database", "run-queries"]),
             ];
@@ -640,10 +634,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "database",
                 "export-diagnostics",
                 `${databasePath}`,
-                "--db-cluster",
+                "--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
                 "--format=sarif-latest",
                 `--output=${codeqlOutputFile}`,
-                "--sarif-include-diagnostics",
+                "--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
                 "-vvv",
                 ...getExtraOptionsFromEnv(["diagnostics", "export"]),
             ];
@@ -705,7 +699,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
     // CodeQL object is created.
     if (checkVersion &&
         !(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
-        throw new Error(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
+        throw new util.UserError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
     }
     else if (checkVersion &&
         process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
@@ -719,7 +713,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             "version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
             "input to use the default version.\n\n" +
             "Alternatively, if you want to continue using CodeQL CLI version " +
-            `${result.version}, you can replace 'github/codeql-action/*@v2' by ` +
+            `${result.version}, you can replace 'github/codeql-action/*@v3' by ` +
             `'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
             "continue using this version of the CodeQL Action.");
         core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");

lib/database-upload.js.map

@@ -1 +1 @@
-{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI;gBACF,MAAM,MAAM,CAAC,OAAO,CAClB,+HAA+H,EAC/H;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;aAChE;oBAAS;gBACR,mBAAmB,CAAC,KAAK,EAAE,CAAC;aAC7B;SACF;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAjED,0CAiEC"}
+{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE,CAAC;QACpD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,+HAA+H,EAC/H;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC;AAjED,0CAiEC"}

lib/debug-artifacts.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EACvB,EAAE,eAAe,EAAE,IAAI,EAAE,CAC1B,CAAC;AACJ,CAAC;AA5BD,oDA4BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;QACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAxBD,0DAwBC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;QACJ,CAAC;IACH,CAAC;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EACvB,EAAE,eAAe,EAAE,IAAI,EAAE,CAC1B,CAAC;AACJ,CAAC;AA5BD,oDA4BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE,CAAC;YACtC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAxBD,0DAwBC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;gBAC7C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AA1BD,8EA0BC"}

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.15.1",
-    "cliVersion": "2.15.1",
-    "priorBundleVersion": "codeql-bundle-v2.15.0",
-    "priorCliVersion": "2.15.0"
+    "bundleVersion": "codeql-bundle-v2.15.4",
+    "cliVersion": "2.15.4",
+    "priorBundleVersion": "codeql-bundle-v2.15.3",
+    "priorCliVersion": "2.15.3"
 }

lib/diagnostics.js.map

@@ -1 +1 @@
-{"version":3,"file":"diagnostics.js","sourceRoot":"","sources":["../src/diagnostics.ts"],"names":[],"mappings":";;;;;;AAAA,2BAA8C;AAC9C,gDAAwB;AAIxB,uCAA6C;AAC7C,iCAA+C;AAmD/C;;;;;;;GAOG;AACH,SAAgB,cAAc,CAC5B,EAAU,EACV,IAAY,EACZ,OAA+C,SAAS;IAExD,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtD,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE;KACtC,CAAC;AACJ,CAAC;AAVD,wCAUC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAC3B,MAAc,EACd,QAAkB,EAClB,UAA6B;IAE7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,eAAe,GAAG,cAAI,CAAC,OAAO,CAClC,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,EACvC,YAAY,EACZ,eAAe,CAChB,CAAC;IAEF,IAAI;QACF,gDAAgD;QAChD,IAAA,cAAS,EAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,cAAI,CAAC,OAAO,CAC3B,eAAe,EACf,iBAAiB,UAAU,CAAC,SAAS,OAAO,CAC7C,CAAC;QAEF,IAAA,kBAAa,EAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;KACrD;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,CAAC,OAAO,CAAC,mDAAmD,GAAG,EAAE,CAAC,CAAC;KAC1E;AACH,CAAC;AAzBD,sCAyBC"}
+{"version":3,"file":"diagnostics.js","sourceRoot":"","sources":["../src/diagnostics.ts"],"names":[],"mappings":";;;;;;AAAA,2BAA8C;AAC9C,gDAAwB;AAIxB,uCAA6C;AAC7C,iCAA+C;AAmD/C;;;;;;;GAOG;AACH,SAAgB,cAAc,CAC5B,EAAU,EACV,IAAY,EACZ,OAA+C,SAAS;IAExD,OAAO;QACL,GAAG,IAAI;QACP,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtD,MAAM,EAAE,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE;KACtC,CAAC;AACJ,CAAC;AAVD,wCAUC;AAED;;;;;GAKG;AACH,SAAgB,aAAa,CAC3B,MAAc,EACd,QAAkB,EAClB,UAA6B;IAE7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,eAAe,GAAG,cAAI,CAAC,OAAO,CAClC,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,EACvC,YAAY,EACZ,eAAe,CAChB,CAAC;IAEF,IAAI,CAAC;QACH,gDAAgD;QAChD,IAAA,cAAS,EAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEhD,MAAM,QAAQ,GAAG,cAAI,CAAC,OAAO,CAC3B,eAAe,EACf,iBAAiB,UAAU,CAAC,SAAS,OAAO,CAC7C,CAAC;QAEF,IAAA,kBAAa,EAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,OAAO,CAAC,mDAAmD,GAAG,EAAE,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAzBD,sCAyBC"}

lib/external-queries.js

@@ -28,6 +28,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
+const util_1 = require("./util");
 /**
  * Check out repository at the given ref, and return the directory of the checkout.
  */
@@ -36,7 +37,7 @@ async function checkoutExternalRepository(repository, ref, apiDetails, tempDir,
     const checkoutLocation = path.join(tempDir, repository, ref);
     if (!checkoutLocation.startsWith(tempDir)) {
         // this still permits locations that mess with sibling repositories in `tempDir`, but that is acceptable
-        throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`);
+        throw new util_1.UserError(`'${repository}@${ref}' is not a valid repository and reference.`);
     }
     if (!fs.existsSync(checkoutLocation)) {
         const repoCloneURL = buildCheckoutURL(repository, apiDetails);

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAKpD;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,UAAwC,EACxC,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CACb,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAClE,CAAC;KACH;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,YAAY,GAAG,gBAAgB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YAChE,OAAO;YACP,YAAY;YACZ,gBAAgB;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YAChE,eAAe,gBAAgB,EAAE;YACjC,aAAa,gBAAgB,OAAO;YACpC,UAAU;YACV,GAAG;SACJ,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAlCD,gEAkCC;AAED,SAAgB,gBAAgB,CAC9B,UAAkB,EAClB,UAAwC;IAExC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,gBAAgB,KAAK,SAAS,EAAE;QAC7C,YAAY,CAAC,QAAQ,GAAG,gBAAgB,CAAC;QACzC,YAAY,CAAC,QAAQ,GAAG,UAAU,CAAC,gBAAgB,CAAC;KACrD;IACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;QACxC,YAAY,CAAC,QAAQ,IAAI,GAAG,CAAC;KAC9B;IACD,YAAY,CAAC,QAAQ,IAAI,GAAG,UAAU,EAAE,CAAC;IACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC;AAdD,4CAcC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAIpD,iCAAmC;AAEnC;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,UAAwC,EACxC,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1C,wGAAwG;QACxG,MAAM,IAAI,gBAAS,CACjB,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAClE,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,gBAAgB,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YAChE,OAAO;YACP,YAAY;YACZ,gBAAgB;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE;YAChE,eAAe,gBAAgB,EAAE;YACjC,aAAa,gBAAgB,OAAO;YACpC,UAAU;YACV,GAAG;SACJ,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAlCD,gEAkCC;AAED,SAAgB,gBAAgB,CAC9B,UAAkB,EAClB,UAAwC;IAExC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC9C,YAAY,CAAC,QAAQ,GAAG,gBAAgB,CAAC;QACzC,YAAY,CAAC,QAAQ,GAAG,UAAU,CAAC,gBAAgB,CAAC;IACtD,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,YAAY,CAAC,QAAQ,IAAI,GAAG,CAAC;IAC/B,CAAC;IACD,YAAY,CAAC,QAAQ,IAAI,GAAG,UAAU,EAAE,CAAC;IACzC,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;AACjC,CAAC;AAdD,4CAcC"}

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AACpD,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,OAAO,EACP;oBACE,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CACF,CAAC,IAAI,EAAE,CAAC;aACV;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC7B,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,4BAA4B,CAC7B,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,oCAAoC,CACrC,CAAC;IAEF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,+CAA+C,CAChD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,uDAAuD,CACxD,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AACpD,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,OAAO,EACP;oBACE,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CACF,CAAC,IAAI,EAAE,CAAC;YACX,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;YACV,CAAC;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC7B,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,4BAA4B,CAC7B,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,oCAAoC,CACrC,CAAC;IAEF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,+CAA+C,CAChD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,uDAAuD,CACxD,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/init-action-post-helper.js

@@ -24,12 +24,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.run = exports.tryUploadSarifIfRunFailed = void 0;
-const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
+const repository_1 = require("./repository");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -73,10 +74,12 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
         // We call 'database export-diagnostics' to find any per-database diagnostics.
         await codeql.databaseExportDiagnostics(databasePath, sarifFile, category, config.tempDir, logger);
     }
-    core.info(`Uploading failed SARIF file ${sarifFile}`);
+    logger.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger, { considerInvalidRequestUserError: false });
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
-    return uploadResult?.statusReport ?? {};
+    return uploadResult
+        ? { ...uploadResult.statusReport, sarifID: uploadResult.sarifID }
+        : {};
 }
 async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
     if (process.env[environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
@@ -114,9 +117,12 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
         throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
             `but the result was instead ${error}.`);
     }
+    if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
+        await removeUploadedSarif(uploadFailedSarifResult, logger);
+    }
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
-        core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
+        logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
         await uploadDatabaseBundleDebugArtifact(config, logger);
         await uploadLogsDebugArtifact(config);
         await printDebugLogs(config);
@@ -124,4 +130,55 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     return uploadFailedSarifResult;
 }
 exports.run = run;
+async function removeUploadedSarif(uploadFailedSarifResult, logger) {
+    const sarifID = uploadFailedSarifResult.sarifID;
+    if (sarifID) {
+        logger.startGroup("Deleting failed SARIF upload");
+        logger.info(`In test mode, therefore deleting the failed analysis to avoid impacting tool status for the Action repository. SARIF ID to delete: ${sarifID}.`);
+        const client = (0, api_client_1.getApiClient)();
+        try {
+            const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+            // Wait to make sure the analysis is ready for download before requesting it.
+            await (0, util_1.delay)(5000);
+            // Get the analysis associated with the uploaded sarif
+            const analysisInfo = await client.request("GET /repos/:owner/:repo/code-scanning/analyses?sarif_id=:sarif_id", {
+                owner: repositoryNwo.owner,
+                repo: repositoryNwo.repo,
+                sarif_id: sarifID,
+            });
+            // Delete the analysis.
+            if (analysisInfo.data.length === 1) {
+                const analysis = analysisInfo.data[0];
+                logger.info(`Analysis ID to delete: ${analysis.id}.`);
+                try {
+                    await client.request("DELETE /repos/:owner/:repo/code-scanning/analyses/:analysis_id?confirm_delete", {
+                        owner: repositoryNwo.owner,
+                        repo: repositoryNwo.repo,
+                        analysis_id: analysis.id,
+                    });
+                    logger.info(`Analysis deleted.`);
+                }
+                catch (e) {
+                    const origMessage = (0, util_1.getErrorMessage)(e);
+                    const newMessage = origMessage.includes("No analysis found for analysis ID")
+                        ? `Analysis ${analysis.id} does not exist. It was likely already deleted.`
+                        : origMessage;
+                    throw new Error(newMessage);
+                }
+            }
+            else {
+                throw new Error(`Expected to find exactly one analysis with sarif_id ${sarifID}. Found ${analysisInfo.data.length}.`);
+            }
+        }
+        catch (e) {
+            throw new Error(`Failed to delete uploaded SARIF analysis. Reason: ${(0, util_1.getErrorMessage)(e)}`);
+        }
+        finally {
+            logger.endGroup();
+        }
+    }
+    else {
+        logger.warning("Could not delete the uploaded SARIF analysis because a SARIF ID wasn't provided by the API when uploading the SARIF file.");
+    }
+}
 //# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post-helper.test.js

@@ -92,14 +92,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -115,14 +115,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -141,14 +141,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -194,14 +194,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
             },
             {
                 name: "Initialize CodeQL",
-                uses: "github/codeql-action/init@v2",
+                uses: "github/codeql-action/init@v3",
                 with: {
                     languages: "javascript",
                 },
             },
             {
                 name: "Perform CodeQL Analysis",
-                uses: "github/codeql-action/analyze@v2",
+                uses: "github/codeql-action/analyze@v3",
                 with: {
                     category: "my-category",
                     upload: uploadInput,
@@ -225,14 +225,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "/language:${{ matrix.language }}",
             },
@@ -251,14 +251,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 upload: "${{ matrix.language != 'csharp' }}",
             },
@@ -341,6 +341,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
     const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)(features), (0, logging_1.getRunnerLogger)(true));
     if (expectUpload) {
         t.deepEqual(result, {
+            sarifID: "42",
             raw_upload_size_bytes: 20,
             zipped_upload_size_bytes: 10,
         });

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,iCAKgB;AAMhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,iCAKgB;AAMhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}