Print codeql stderr output

2025-12-13 19:17:12 +08:00 · 2023-01-25 13:14:45 -08:00
6593 changed files with 1539731 additions and 1501133 deletions
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -22,7 +22,6 @@
        }],
        "import/no-amd": "error",
        "import/no-commonjs": "error",
        "import/no-cycle": "error",
        "import/no-dynamic-require": "error",
        // Disable the rule that checks that devDependencies aren't imported since we use a single
        // linting configuration file for both source and test code.
@@ -34,12 +33,6 @@
            "alphabetize": {"order": "asc"},
            "newlines-between": "always"
        }],
        "max-len": ["error", {
            "code": 120,
            "ignoreUrls": true,
            "ignoreStrings": true,
            "ignoreTemplateLiterals": true
        }],
        "no-async-foreach/no-async-foreach": "error",
        "no-console": "off",
        "no-sequences": "error",
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,3 +0,0 @@
 # .git-blame-ignore-revs
 # Added trailing commas to adhere to new eslint rules
 b16296be30e150034524d6dd0b0418fc6b184267
--- a/.github/actions/check-sarif/action.yml
+++ b/.github/actions/check-sarif/action.yml
@@ -1,20 +0,0 @@
 name: Check SARIF
 description: Checks a SARIF file to see if certain queries were run and others were not run.
 inputs:
  sarif-file:
    required: true
    description: The SARIF file to check
  queries-run:
    required: true
    description: |
      Comma separated list of query ids that should be included in this SARIF file.
  queries-not-run:
    required: true
    description: |
      Comma separated list of query ids that should NOT be included in this SARIF file.
 runs:
  using: node16
  main: index.js
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
@@ -1,60 +0,0 @@
 name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
  version:
    description: "The version of the CodeQL CLI to use. Can be 'latest', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
    required: true
  use-all-platform-bundle:
    description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
    default: 'false'
    required: false
 outputs:
  tools-url:
    description: "The value that should be passed as the 'tools' input of the 'init' step."
    value: ${{ steps.get-url.outputs.tools-url }}
 runs:
  using: composite
  steps:
    - name: Move codeql-action
      shell: bash
      run: |
        mkdir ../action
        mv * .github ../action/
        mv ../action/tests/multi-language-repo/{*,.github} .
        mv ../action/.github/workflows .github
    - id: get-url
      name: Determine URL
      shell: bash
      run: |
        set -e # Fail this Action if `gh release list` fails.
        if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
          artifact_name="codeql-bundle.tar.gz"
        elif [[ "$RUNNER_OS" == "Linux" ]]; then
          artifact_name="codeql-bundle-linux64.tar.gz"
        elif [[ "$RUNNER_OS" == "macOS" ]]; then
          artifact_name="codeql-bundle-osx64.tar.gz"
        elif [[ "$RUNNER_OS" == "Windows" ]]; then
          artifact_name="codeql-bundle-win64.tar.gz"
        else
          echo "::error::Unrecognized OS $RUNNER_OS"
          exit 1
        fi
        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
          tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version-manual/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "latest" ]]; then
          echo "tools-url=latest" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "default" ]]; then
          echo "tools-url=" >> $GITHUB_OUTPUT
        else
          echo "::error::Unrecognized version specified!"
          exit 1
        fi
--- a/.github/actions/query-filter-test/action.yml
+++ b/.github/actions/query-filter-test/action.yml
@@ -1,54 +0,0 @@
 name: Query Filter Test
 description: Runs a test of query filters using the check SARIF action
 inputs:
  sarif-file:
    required: true
    description: The SARIF file to check
  queries-run:
    required: true
    description: |
      Comma separated list of query ids that should be included in this SARIF file.
  queries-not-run:
    required: true
    description: |
      Comma separated list of query ids that should NOT be included in this SARIF file.
  config-file:
    required: true
    description: |
      The location of the codeql configuration file to use.
  tools:
    required: true
    description: |
      The url of codeql to use.
 runs:
  using: composite
  steps:
    - uses: ./../action/init
      with:
        languages: javascript
        config-file: ${{ inputs.config-file }}
        tools: ${{ inputs.tools }}
        db-location: ${{ runner.temp }}/query-filter-test
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: never
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - name: Check SARIF
      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file:  ${{ inputs.sarif-file }}
        queries-run: ${{ inputs.queries-run}}
        queries-not-run: ${{ inputs.queries-not-run}}
    - name: Cleanup after test
      shell: bash
      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP/query-filter-test"
--- a/.github/actions/setup-swift/action.yml
+++ b/.github/actions/setup-swift/action.yml
@@ -1,37 +0,0 @@
 name: "Set up Swift on Linux"
 description: Sets up an appropriate Swift version on Linux.
 inputs:
  codeql-path:
    description: Path to the CodeQL CLI executable.
    required: true
 runs:
  using: "composite"
  steps:
    - name: Get Swift version
      id: get_swift_version
      if: runner.os == 'Linux'
      shell: bash
      env: 
        CODEQL_PATH: ${{ inputs.codeql-path }}
      run: |
        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
        if [ $SWIFT_EXTRACTOR_DIR = "null" ]; then
          VERSION="null"
        else
          VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/linux64/extractor" --version | awk '/version/ { print $3 }')"
          # Specify 5.x.0, otherwise setup Action will default to latest minor version. 
          if [ $VERSION = "5.7" ]; then
            VERSION="5.7.0"
          elif [ $VERSION = "5.8" ]; then
            VERSION="5.8.0"
          # setup-swift does not yet support v5.8.1 Remove this when it does.
          elif [ $VERSION = "5.8.1" ]; then
            VERSION="5.8.0"
          fi 
        fi
        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
    - uses: swift-actions/setup-swift@f51889efb55dccf13be0ee727e3d6c89a096fb4c # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
      if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
      with:
        swift-version: "${{ steps.get_swift_version.outputs.version }}"
--- a/.github/actions/update-bundle/action.yml
+++ b/.github/actions/update-bundle/action.yml
@@ -1,14 +0,0 @@
 name: Update default CodeQL bundle
 description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
 runs:
  using: composite
  steps:
    - name: Install ts-node
      shell: bash
      run: npm install -g ts-node
    - name: Run update script
      working-directory: ${{ github.action_path }}
      shell: bash
      run: ts-node ./index.ts
--- a/.github/actions/update-bundle/index.ts
+++ b/.github/actions/update-bundle/index.ts
@@ -1,67 +0,0 @@
 import * as fs from 'fs';
 import * as github from '@actions/github';
 interface BundleInfo {
  bundleVersion: string;
  cliVersion: string;
 }
 interface Defaults {
  bundleVersion: string;
  cliVersion: string;
  priorBundleVersion: string;
  priorCliVersion: string;
 }
 function getCodeQLCliVersionForRelease(release): string {
  // We do not currently tag CodeQL bundles based on the CLI version they contain.
  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
  // This marker file is uploaded as a release asset for all new CodeQL bundles.
  const cliVersionsFromMarkerFiles = release.assets
    .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
    .filter((v) => v)
    .map((v) => v as string);
  if (cliVersionsFromMarkerFiles.length > 1) {
    throw new Error(
      `Release ${release.tag_name} has multiple CLI version marker files.`
    );
  } else if (cliVersionsFromMarkerFiles.length === 0) {
    throw new Error(
      `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
    );
  }
  return cliVersionsFromMarkerFiles[0];
 }
 async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
  return {
    bundleVersion: release.tag_name,
    cliVersion: getCodeQLCliVersionForRelease(release)
  };
 }
 async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
  const release = github.context.payload.release;
  console.log('Updating default bundle as a result of the following release: ' +
    `${JSON.stringify(release)}.`)
  const bundleInfo = await getBundleInfoFromRelease(release);
  return {
    bundleVersion: bundleInfo.bundleVersion,
    cliVersion: bundleInfo.cliVersion,
    priorBundleVersion: currentDefaults.bundleVersion,
    priorCliVersion: currentDefaults.cliVersion
  };
 }
 async function main() {
  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
  const newDefaults = await getNewDefaults(previousDefaults);
  // Update the source file in the repository. Calling workflows should subsequently rebuild
  // the Action to update `lib/defaults.json`.
  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
 }
 // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
 // So instead we rely on the fact that Node won't exit until the event loop is empty.
 main();
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
--- a/.github/check-sarif/action.yml
+++ b/.github/check-sarif/action.yml
@@ -0,0 +1,20 @@
 name: Check SARIF
 description: Checks a SARIF file to see if certain queries were run and others were not run.
 inputs:
  sarif-file:
    required: true
    description: The SARIF file to check
  queries-run:
    required: true
    description: |
      Comma separated list of query ids that should be included in this SARIF file.
  queries-not-run:
    required: true
    description: |
      Comma separated list of query ids that should NOT be included in this SARIF file.
 runs:
  using: node12
  main: index.js
--- a/.github/actions/check-sarif/index.js
+++ b/.github/actions/check-sarif/index.js
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -7,7 +7,6 @@ queries:
  # we include both even though one is a superset of the
  # other, because we're testing the parsing logic and
  # that the suites exist in the codeql bundle.
  - uses: security-experimental
  - uses: security-extended
  - uses: security-and-quality
 paths-ignore:
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,31 +6,12 @@ updates:
      interval: weekly
    labels:
      - Update dependencies
    # Ignore incompatible dependency updates
    ignore:
-      # There is a type incompatibility issue between v0.0.9 and our other dependencies.
+      - dependency-name: "*"
-      - dependency-name: "@octokit/plugin-retry"
+        update-types:
-        versions: ["~6.0.0"]
+          - version-update:semver-minor
-      # v7 requires ESM
+          - version-update:semver-patch
      - dependency-name: "del"
        versions: ["^7.0.0"]
    groups:
      npm:
        patterns:
          - "*"
  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      interval: weekly
    groups:
      actions:
        patterns:
          - "*"
  - package-ecosystem: github-actions
    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
    schedule:
      interval: weekly
    groups:
      actions-setup-swift:
        patterns:
          - "*"
--- a/.github/prepare-test/action.yml
+++ b/.github/prepare-test/action.yml
@@ -0,0 +1,42 @@
 name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
  version:
    description: "The version of the CodeQL CLI to use. Can be 'latest', 'cached', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
    required: true
 outputs:
  tools-url:
    description: "The value that should be passed as the 'tools' input of the 'init' step."
    value: ${{ steps.get-url.outputs.tools-url }}
 runs:
  using: composite
  steps:
    - name: Move codeql-action
      shell: bash
      run: |
        mkdir ../action
        mv * .github ../action/
        mv ../action/tests/multi-language-repo/{*,.github} .
        mv ../action/.github/workflows .github
    - id: get-url
      name: Determine URL
      shell: bash
      run: |
        set -e # Fail this Action if `gh release list` fails.
        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
          export LATEST=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$LATEST/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
          export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$VERSION-manual/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
          export VERSION=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$VERSION/codeql-bundle.tar.gz" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "latest" ]]; then
          echo "tools-url=latest" >> $GITHUB_OUTPUT
        elif [[ ${{ inputs.version }} == "cached" ]]; then
          echo "tools-url=" >> $GITHUB_OUTPUT
        else
          echo "::error::Unrecognized version specified!"
          exit 1
        fi
--- a/.github/query-filter-test/action.yml
+++ b/.github/query-filter-test/action.yml
@@ -0,0 +1,54 @@
 name: Query Filter Test
 description: Runs a test of query filters using the check SARIF action
 inputs:
  sarif-file:
    required: true
    description: The SARIF file to check
  queries-run:
    required: true
    description: |
      Comma separated list of query ids that should be included in this SARIF file.
  queries-not-run:
    required: true
    description: |
      Comma separated list of query ids that should NOT be included in this SARIF file.
  config-file:
    required: true
    description: |
      The location of the codeql configuration file to use.
  tools:
    required: true
    description: |
      The url of codeql to use.
 runs:
  using: composite
  steps:
    - uses: ./../action/init
      with:
        languages: javascript
        config-file: ${{ inputs.config-file }}
        tools: ${{ inputs.tools }}
        db-location: ${{ runner.temp }}/query-filter-test
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
        upload: false
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - name: Check SARIF
      uses: ./../action/.github/check-sarif
      with:
        sarif-file:  ${{ inputs.sarif-file }}
        queries-run: ${{ inputs.queries-run}}
        queries-not-run: ${{ inputs.queries-not-run}}
    - name: Cleanup after test
      shell: bash
      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP/query-filter-test"
--- a/.github/setup-swift/action.yml
+++ b/.github/setup-swift/action.yml
@@ -0,0 +1,32 @@
 name: "Set up Swift"
 description: Performs necessary steps to set up appropriate Swift version.
 inputs:
  codeql-path:
    required: true
 runs:
  using: "composite"
  steps:
    - name: Get Swift version
      id: get_swift_version
      # We don't support Swift on Windows or prior versions of CLI.
      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
      shell: bash
      env: 
        CODEQL_PATH: ${{inputs.codeql-path}}
      run: |
        if [ $RUNNER_OS = "macOS" ]; then
          PLATFORM="osx64"
        else # We do not run this step on Windows.
          PLATFORM="linux64"
        fi 
        SWIFT_EXTRACTOR_DIR="$("$CODEQL_PATH" resolve languages --format json | jq -r '.swift[0]')"
        VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/$PLATFORM/extractor" --version | awk '/version/ { print $3 }')"
        # Specify 5.7.0, otherwise setup Action will default to latest minor version. 
        if [ $VERSION = "5.7" ]; then
          VERSION="5.7.0"
        fi
        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
    - uses: swift-actions/setup-swift@194625b58a582570f61cc707c3b558086c26b723
      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
      with:
        swift-version: "${{steps.get_swift_version.outputs.version}}"
--- a/.github/update-release-branch.py
+++ b/.github/update-release-branch.py
@@ -161,7 +161,7 @@ def update_changelog(version):
  else:
    content = EMPTY_CHANGELOG
-  newContent = content.replace('[UNRELEASED]', f'{version} - {get_today_string()}', 1)
+  newContent = content.replace('[UNRELEASED]', f'${version} - {get_today_string()}', 1)
  with open('CHANGELOG.md', 'w') as f:
    f.write(newContent)
--- a/.github/workflows/__all-platform-bundle.yml
+++ b/.github/workflows/__all-platform-bundle.yml
@@ -1,67 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - All-platform bundle
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  all-platform-bundle:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: nightly-latest
    name: All-platform bundle
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'true'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - id: init
      uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
@@ -25,35 +25,58 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: default
+          version: stable-20211005
        - os: macos-latest
-          version: default
+          version: stable-20211005
        - os: windows-2019
          version: stable-20211005
        - os: ubuntu-20.04
          version: stable-20220120
        - os: macos-latest
          version: stable-20220120
        - os: windows-2019
          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
-          version: default
+          version: stable-20220401
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-latest
          version: cached
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: "Analyze: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -65,7 +88,6 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
    env:
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - autobuild-action
@@ -32,28 +32,16 @@ jobs:
        - os: windows-latest
          version: latest
    name: autobuild-action
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: csharp
@@ -68,8 +56,6 @@ jobs:
        CORECLR_PROFILER: ''
        CORECLR_PROFILER_PATH_64: ''
    - uses: ./../action/analyze
      with:
        upload-database: false
    - name: Check database
      shell: bash
      run: |
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -1,106 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Config export
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  config-export:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: Config export
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
        queries: security-extended
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
        name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
        path: ${{ runner.temp }}/results/javascript.sarif
        retention-days: 7
    - name: Check config properties appear in SARIF
      uses: actions/github-script@v6
      env:
        SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
      with:
        script: |
          const fs = require('fs');
          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
          const run = sarif.runs[0];
          const configSummary = run.properties.codeqlConfigSummary;
          if (configSummary === undefined) {
            core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
          }
          if (configSummary.disableDefaultQueries !== false) {
            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + 
              `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
          }
          const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
          // Use JSON.stringify to deep-equal the arrays.
          if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + 
              `${JSON.stringify(configSummary.queries)}.`);
          }
          core.info('Finished config export tests.');
    env:
      CODEQL_PASS_CONFIG_TO_CLI: true
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__cpp-deptrace-disabled.yml
+++ b/.github/workflows/__cpp-deptrace-disabled.yml
@@ -1,78 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  cpp-deptrace-disabled:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: latest
        - os: ubuntu-latest
          version: default
        - os: ubuntu-latest
          version: nightly-latest
    name: 'C/C++: disabling autoinstalling dependencies (Linux)'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
        cp -a ../action/tests/cpp-autobuild autobuild-dir
    - uses: ./../action/init
      with:
        languages: cpp
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
      with:
        working-directory: autobuild-dir
      env:
        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
    - shell: bash
      run: |
        if ls /usr/bin/errno; then
          echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
          exit 1
        fi
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
+++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
@@ -1,76 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  cpp-deptrace-enabled-on-macos:
    strategy:
      matrix:
        include:
        - os: macos-latest
          version: nightly-latest
    name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
        cp -a ../action/tests/cpp-autobuild autobuild-dir
    - uses: ./../action/init
      with:
        languages: cpp
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
      with:
        working-directory: autobuild-dir
      env:
        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
    - shell: bash
      run: |
        if ! ls /usr/bin/errno; then
          echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
        else
          echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
          exit 1
        fi
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__cpp-deptrace-enabled.yml
+++ b/.github/workflows/__cpp-deptrace-enabled.yml
@@ -1,78 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  cpp-deptrace-enabled:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: latest
        - os: ubuntu-latest
          version: default
        - os: ubuntu-latest
          version: nightly-latest
    name: 'C/C++: autoinstalling dependencies (Linux)'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
        cp -a ../action/tests/cpp-autobuild autobuild-dir
    - uses: ./../action/init
      with:
        languages: cpp
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
      with:
        working-directory: autobuild-dir
      env:
        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
    - shell: bash
      run: |
        if ! ls /usr/bin/errno; then
          echo "Did not autoinstall errno"
          exit 1
        fi
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -1,152 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Diagnostic export
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  diagnostics-export:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-20230317
        - os: macos-latest
          version: stable-20230317
        - os: windows-latest
          version: stable-20230317
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: Diagnostic export
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Add test diagnostics
      shell: bash
      env:
        CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
      run: |
        for i in {1..2}; do
          # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
          # produces an invalid diagnostic with multiple identical location objects.
          "$CODEQL_PATH" database add-diagnostic \
            "$RUNNER_TEMP/codeql_databases/javascript" \
            --file-path /path/to/file \
            --plaintext-message "Plaintext message $i" \
            --source-id "lang/diagnostics/example" \
            --source-name "Diagnostic name" \
            --ready-for-status-page
        done
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
        name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
        path: ${{ runner.temp }}/results/javascript.sarif
        retention-days: 7
    - name: Check diagnostics appear in SARIF
      uses: actions/github-script@v6
      env:
        SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
      with:
        script: |
          const fs = require('fs');
          function checkStatusPageNotification(n) {
            const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
            if (n.message.text !== expectedMessage) {
              core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
            }
            if (n.locations.length !== 1) {
              core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
            }
          }
          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
          const run = sarif.runs[0];
          const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
          const statusPageNotifications = toolExecutionNotifications.filter(n =>
            n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
          );
          if (statusPageNotifications.length !== 1) {
            core.setFailed(
              'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
                `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
                `${statusPageNotifications.length}. All notification reporting descriptors: ` + 
                `${JSON.stringify(toolExecutionNotifications)}.`
            );
          }
          checkStatusPageNotification(statusPageNotifications[0]);
          const notifications = run.tool.driver.notifications;
          const diagnosticNotification = notifications.filter(n =>
            n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
              n.fullDescription.text === 'Diagnostic name'
          );
          if (diagnosticNotification.length !== 1) {
            core.setFailed(
              'Expected exactly one notification for this diagnostic in the ' +
                `'runs[].tool.driver.notifications[]' SARIF property, but found ` +
                `${diagnosticNotification.length}. All notifications: ` +
                `${JSON.stringify(notifications)}.`
            );
          }
          core.info('Finished diagnostic export test');
    env:
      CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Export file baseline information
@@ -32,42 +32,34 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: Export file baseline information
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
+      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
    - uses: ./../action/.github/setup-swift
      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
+        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
@@ -78,13 +70,10 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="c csharp go java kotlin javascript python ruby"
+        expected_baseline_languages="cpp cs go java js py rb swift"
        if [[ $RUNNER_OS != "Windows" ]]; then
          expected_baseline_languages+=" swift"
        fi
        for lang in ${expected_baseline_languages}; do
-          rule_name="cli/expected-extracted-files/${lang}"
+          rule_name="${lang}/baseline/expected-extracted-files"
          found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
            select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
          if [[ "${found_notification}" != "true" ]]; then
@@ -95,5 +84,5 @@ jobs:
          fi
        done
    env:
-      CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
+      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Extractor ram and threads options test
@@ -28,28 +28,16 @@ jobs:
        - os: ubuntu-latest
          version: latest
    name: Extractor ram and threads options test
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: java
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Go: Custom queries'
@@ -25,42 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: windows-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: windows-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: windows-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: windows-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -74,28 +62,21 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Go: Custom queries'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
@@ -105,8 +86,6 @@ jobs:
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
@@ -1,96 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: 'PR Check - Go: diagnostic when Go is changed after init step'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  go-indirect-tracing-workaround-diagnostic:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-v2.14.6
    name: 'Go: diagnostic when Go is changed after init step'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/setup-go@v4
      with:
      # We need a Go version that ships with statically linked binaries on Linux
        go-version: '>=1.21.0'
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
  # Deliberately change Go after the `init` step
    - uses: actions/setup-go@v4
      with:
        go-version: '1.20'
    - name: Build code
      shell: bash
      run: go build main.go
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Check diagnostic appears in SARIF
      uses: actions/github-script@v6
      env:
        SARIF_PATH: ${{ runner.temp }}/results/go.sarif
      with:
        script: |
          const fs = require('fs');
          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
          const run = sarif.runs[0];
          const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
          const statusPageNotifications = toolExecutionNotifications.filter(n =>
            n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage
          );
          if (statusPageNotifications.length !== 1) {
            core.setFailed(
              'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
                `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
                `${statusPageNotifications.length}. All notification reporting descriptors: ` +
                `${JSON.stringify(toolExecutionNotifications)}.`
            );
          }
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__go-indirect-tracing-workaround.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround.yml
@@ -1,94 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: 'PR Check - Go: workaround for indirect tracing'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  go-indirect-tracing-workaround:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-v2.14.6
    name: 'Go: workaround for indirect tracing'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/setup-go@v4
      with:
      # We need a Go version that ships with statically linked binaries on Linux
        go-version: '>=1.21.0'
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
      shell: bash
      run: go build main.go
    - uses: ./../action/analyze
      with:
        upload-database: false
    - shell: bash
      run: |
        if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
          echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \
            "CODEQL_ACTION_GO_BINARY environment variable is not set."
          exit 1
        fi
        if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then
          echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist."
          exit 1
        fi
        # Once we start running Bash 4.2 in all environments, we can replace the
        # `! -z` flag with the more elegant `-v` which confirms that the variable
        # is actually unset and not potentially set to a blank value.
        if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
          echo "Expected the Go autobuilder not to be run, but the" \
            "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
          exit 1
        fi
        cd "$RUNNER_TEMP/codeql_databases"
        if [[ ! -d go ]]; then
          echo "Did not find a Go database"
          exit 1
        fi
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Go: tracing with autobuilder step'
@@ -25,30 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -58,39 +50,27 @@ jobs:
        - os: macos-latest
          version: nightly-latest
    name: 'Go: tracing with autobuilder step'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/setup-go@v4
      with:
-        go-version: ~1.21.1
+        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
    - uses: ./../action/analyze
      with:
        upload-database: false
    - shell: bash
      run: |
        if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Go: tracing with custom build steps'
@@ -25,30 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -58,31 +50,21 @@ jobs:
        - os: macos-latest
          version: nightly-latest
    name: 'Go: tracing with custom build steps'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/setup-go@v4
      with:
-        go-version: ~1.21.1
+        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
@@ -91,8 +73,6 @@ jobs:
      shell: bash
      run: go build main.go
    - uses: ./../action/analyze
      with:
        upload-database: false
    - shell: bash
      run: |
        # Once we start running Bash 4.2 in all environments, we can replace the
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Go: tracing with legacy workflow'
@@ -25,30 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -58,38 +50,26 @@ jobs:
        - os: macos-latest
          version: nightly-latest
    name: 'Go: tracing with legacy workflow'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/setup-go@v4
      with:
-        go-version: ~1.21.1
+        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        upload-database: false
    - shell: bash
      run: |
        cd "$RUNNER_TEMP/codeql_databases"
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Packaging: Download using registries'
@@ -25,18 +25,6 @@ jobs:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: windows-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,29 +32,16 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Packaging: Download using registries'
    permissions:
      contents: read
      packages: read
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Init with registries
      uses: ./../action/init
      with:
@@ -82,8 +57,8 @@ jobs:
    - name: Verify packages installed
      shell: bash
      run: |
-        PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
+        PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
-        CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
+        CODEQL_PACK1="$HOME/.codeql/packages/dsp-testing/codeql-pack1"
        if [[ -d $PRIVATE_PACK ]]
        then
@@ -100,35 +75,5 @@ jobs:
            echo "::error $CODEQL_PACK1 pack was not installed."
            exit 1
        fi
    - name: Verify qlconfig.yml file was created
      shell: bash
      run: |
        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
        echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
        if [[ -f $QLCONFIG_PATH ]]
        then
            echo "qlconfig.yml file was created."
        else
            echo "::error qlconfig.yml file was not created."
            exit 1
        fi
    - name: Verify contents of qlconfig.yml
    # yq is not available on windows
      if: runner.os != 'Windows'
      shell: bash
      run: |
        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
        cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
        if [[ $? -eq 0 ]]
        then
            echo "Registry was added to qlconfig.yml file."
        else
            echo "::error Registry was not added to qlconfig.yml file."
            echo "Contents of qlconfig.yml file:"
            cat $QLCONFIG_PATH
            exit 1
        fi
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Custom source root
@@ -28,32 +28,20 @@ jobs:
        - os: ubuntu-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
    name: Custom source root
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Move codeql-action
      shell: bash
      run: |
@@ -66,9 +54,8 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        upload-database: false
        skip-queries: true
-        upload: never
+        upload: false
    - name: Assert database exists
      shell: bash
      run: |
--- a/.github/workflows/__language-aliases.yml
+++ b/.github/workflows/__language-aliases.yml
@@ -1,69 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Language aliases
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  language-aliases:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: latest
    name: Language aliases
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: C#,java-kotlin,swift,typescript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Check languages
      run: |
        expected_languages="csharp,java,swift,javascript"
        actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)
        if [ "$expected_languages" != "$actual_languages" ]; then
          echo "Resolved languages did not match expected list. " \
            "Expected languages: $expected_languages. Actual languages: $actual_languages."
          exit 1
        fi
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@@ -0,0 +1,135 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - ML-powered queries
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  ml-powered-queries:
    strategy:
      matrix:
        include:
        - os: ubuntu-20.04
          version: stable-20220120
        - os: macos-latest
          version: stable-20220120
        - os: windows-2019
          version: stable-20220120
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-latest
          version: cached
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: ML-powered queries
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Set up Go
      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
      uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
      with:
        languages: javascript
        queries: security-extended
        source-root: ./../action/tests/ml-powered-queries-repo
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
        name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
        path: ${{ runner.temp }}/results/javascript.sarif
        retention-days: 7
    - name: Check sarif
      uses: ./../action/.github/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
        queries-not-run: foo,bar
    - name: Check results
      env:
      # Running on Windows requires CodeQL CLI 2.9.0+.
        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' &&
          runner.os == 'Windows') }}
      shell: bash
      run: |
        echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}"
        cd "$RUNNER_TEMP/results"
        # We should run at least the ML-powered queries in `expected_rules`.
        expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
        for rule in ${expected_rules}; do
          found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
            flatten | .[].id] | any(. == $rule)' javascript.sarif)
          echo "Did find rule '${rule}': ${found_rule}"
          if [[ "${found_rule}" != "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
            echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
            exit 1
          elif [[ "${found_rule}" == "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
            echo "Found rule '${rule}' in the SARIF output which shouldn't have been part of the analysis."
            exit 1
          fi
        done
        # We should have at least one alert from an ML-powered query.
        num_alerts=$(jq '[.runs[0].results[] |
          select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
          javascript.sarif)
        echo "Found ${num_alerts} alerts from ML-powered queries.";
        if [[ "${num_alerts}" -eq 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
          echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
          exit 1
        elif [[ "${num_alerts}" -ne 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
          echo "Expected not to find any alerts from an ML-powered query but found ${num_alerts}."
          exit 1
        fi
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Multi-language repository
@@ -25,30 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -58,37 +50,30 @@ jobs:
        - os: macos-latest
          version: nightly-latest
    name: Multi-language repository
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
+    - uses: ./../action/.github/setup-swift
      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
+        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Build code
      shell: bash
@@ -96,10 +81,8 @@ jobs:
    - uses: ./../action/analyze
      id: analysis
      with:
        upload-database: false
-    - name: Check language autodetect for all languages excluding Swift
+    - name: Check language autodetect for all languages excluding Ruby, Swift
      shell: bash
      run: |
        CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
@@ -132,6 +115,12 @@ jobs:
          echo "Did not create a database for Python, or created it in the wrong location."
          exit 1
        fi
    - name: Check language autodetect for Ruby
      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
        == 'nightly-latest')
      shell: bash
      run: |
        RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
        if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
          echo "Did not create a database for Ruby, or created it in the wrong location."
@@ -139,9 +128,8 @@ jobs:
        fi
    - name: Check language autodetect for Swift
-      if: >-
+      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || 
+        == 'nightly-latest')
            (runner.os != 'Windows' && matrix.version == 'nightly-latest')
      shell: bash
      run: |
        SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -150,4 +138,5 @@ jobs:
          exit 1
        fi
    env:
      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Packaging: Config and input passed to the CLI'
@@ -32,11 +32,11 @@ jobs:
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: windows-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,32 +44,20 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Packaging: Config and input passed to the CLI'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -78,14 +66,12 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
+      uses: ./../action/.github/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
        queries-not-run: foo,bar
    - name: Assert Results
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Packaging: Config and input'
@@ -32,11 +32,11 @@ jobs:
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: windows-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,32 +44,20 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Packaging: Config and input'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -78,14 +66,12 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
+      uses: ./../action/.github/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
        queries-not-run: foo,bar
    - name: Assert Results
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Packaging: Config file'
@@ -32,11 +32,11 @@ jobs:
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: windows-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,28 +44,16 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Packaging: Config file'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging.yml
@@ -77,14 +65,12 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
+      uses: ./../action/.github/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
        queries-not-run: foo,bar
    - name: Assert Results
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: 'PR Check - Packaging: Action input'
@@ -32,11 +32,11 @@ jobs:
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: windows-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,33 +44,21 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: 'Packaging: Action input'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging2.yml
        languages: javascript
-        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
      shell: bash
@@ -80,11 +68,10 @@ jobs:
        output: ${{ runner.temp }}/results
    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
+      uses: ./../action/.github/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
        queries-not-run: foo,bar
    - name: Assert Results
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Remote config file
@@ -25,42 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: windows-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: windows-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: windows-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: windows-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -74,28 +62,21 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: Remote config file
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__resolve-environment-action.yml
+++ b/.github/workflows/__resolve-environment-action.yml
@@ -1,103 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Resolve environment
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  resolve-environment-action:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-v2.13.4
        - os: macos-latest
          version: stable-v2.13.4
        - os: windows-latest
          version: stable-v2.13.4
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: windows-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: Resolve environment
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
          }}
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Resolve environment for Go
      uses: ./../action/resolve-environment
      id: resolve-environment-go
      with:
        language: go
    - name: Fail if Go configuration missing
      if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go)
      run: exit 1
    - name: Resolve environment for JavaScript/TypeScript
      if: matrix.version != 'stable-v2.13.4'
      uses: ./../action/resolve-environment
      id: resolve-environment-js
      with:
        language: javascript-typescript
    - name: Fail if JavaScript/TypeScript configuration present
      if: matrix.version != 'stable-v2.13.4' && 
        fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
      run: exit 1
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - RuboCop multi-language
@@ -26,30 +26,18 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: default
+          version: cached
    name: RuboCop multi-language
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Set up Ruby
      uses: ruby/setup-ruby@v1
      with:
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Ruby analysis
@@ -30,44 +30,30 @@ jobs:
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Ruby analysis
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: ruby
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      id: analysis
      with:
        upload-database: false
    - name: Check database
      shell: bash
      run: |
--- a/.github/workflows/__scaling-reserved-ram.yml
+++ b/.github/workflows/__scaling-reserved-ram.yml
@@ -1,103 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Scaling reserved RAM
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  scaling-reserved-ram:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-20220908
        - os: macos-latest
          version: stable-20220908
        - os: ubuntu-latest
          version: stable-20221211
        - os: macos-latest
          version: stable-20221211
        - os: ubuntu-latest
          version: stable-20230418
        - os: macos-latest
          version: stable-20230418
        - os: ubuntu-latest
          version: stable-v2.13.5
        - os: macos-latest
          version: stable-v2.13.5
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Scaling reserved RAM
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      id: analysis
      with:
        upload-database: false
    env:
      CODEQL_ACTION_SCALING_RESERVED_RAM: true
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Split workflow
@@ -30,40 +30,28 @@ jobs:
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Split workflow
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -73,7 +61,6 @@ jobs:
      with:
        skip-queries: true
        output: ${{ runner.temp }}/results
        upload-database: false
    - name: Assert No Results
      shell: bash
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Submit SARIF after failure
@@ -28,33 +28,21 @@ jobs:
        - os: ubuntu-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
    name: Submit SARIF after failure
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - uses: actions/checkout@v3
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v4
    - uses: ./init
      with:
        languages: javascript
--- a/.github/workflows/__swift-autobuild.yml
+++ b/.github/workflows/__swift-autobuild.yml
@@ -0,0 +1,70 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Swift analysis using autobuild
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  swift-autobuild:
    strategy:
      matrix:
        include:
        - os: macos-latest
          version: latest
        - os: macos-latest
          version: cached
        - os: macos-latest
          version: nightly-latest
    name: Swift analysis using autobuild
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      id: init
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/.github/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Check working directory
      shell: bash
      run: pwd
    - uses: ./../action/autobuild
      timeout-minutes: 10
    - uses: ./../action/analyze
      id: analysis
    - name: Check database
      shell: bash
      run: |
        SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
        if [[ ! -d "$SWIFT_DB" ]]; then
          echo "Did not create a database for Swift."
          exit 1
        fi
    env:
      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Swift analysis using a custom build command
@@ -30,42 +30,30 @@ jobs:
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Swift analysis using a custom build command
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
+    - uses: ./../action/.github/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Check working directory
@@ -76,8 +64,6 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      id: analysis
      with:
        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -87,5 +73,6 @@ jobs:
          exit 1
        fi
    env:
      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Autobuild working directory
@@ -28,28 +28,16 @@ jobs:
        - os: ubuntu-latest
          version: latest
    name: Autobuild working directory
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
@@ -65,8 +53,6 @@ jobs:
      with:
        working-directory: autobuild-dir
    - uses: ./../action/analyze
      with:
        upload-database: false
    - name: Check database
      shell: bash
      run: |
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Local CodeQL bundle
@@ -28,46 +28,28 @@ jobs:
        - os: ubuntu-latest
          version: nightly-latest
    name: Local CodeQL bundle
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Fetch a CodeQL bundle
      shell: bash
      env:
        CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
      run: |
        wget "$CODEQL_URL"
-    - id: init
+    - uses: ./../action/init
      uses: ./../action/init
      with:
-        tools: ./codeql-bundle-linux64.tar.gz
+        tools: ./codeql-bundle.tar.gz
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Proxy test
@@ -28,35 +28,21 @@ jobs:
        - os: ubuntu-latest
          version: latest
    name: Proxy test
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: 'false'
    - name: Set environment variable for Swift enablement
      if: >-
        runner.os != 'Windows' && (
            matrix.version == '20220908' ||
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        upload-database: false
    env:
      https_proxy: http://squid-proxy:3128
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Test unsetting environment variables
@@ -25,53 +25,38 @@ jobs:
    strategy:
      matrix:
        include:
        - os: ubuntu-20.04
          version: stable-20211005
        - os: ubuntu-20.04
          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20220908
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-20221211
+          version: cached
        - os: ubuntu-latest
          version: stable-20230418
        - os: ubuntu-latest
          version: stable-v2.13.5
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
    name: Test unsetting environment variables
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
    # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
@@ -80,8 +65,6 @@ jobs:
        ./build.sh
    - uses: ./../action/analyze
      id: analysis
      with:
        upload-database: false
    - shell: bash
      run: |
        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
@@ -25,35 +25,58 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: default
+          version: stable-20211005
        - os: macos-latest
-          version: default
+          version: stable-20211005
        - os: windows-2019
          version: stable-20211005
        - os: ubuntu-20.04
          version: stable-20220120
        - os: macos-latest
          version: stable-20220120
        - os: windows-2019
          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
-          version: default
+          version: stable-20220401
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-latest
          version: cached
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: "Upload-sarif: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
            matrix.version == '20221211'
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -65,10 +88,9 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-        upload: never
+        upload: false
    - uses: ./../action/upload-sarif
      with:
        ref: refs/heads/main
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Use a custom `checkout_path`
@@ -25,42 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20220908
+          version: stable-20211005
        - os: macos-latest
-          version: stable-20220908
+          version: stable-20211005
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20220908
+          version: stable-20211005
-        - os: ubuntu-latest
+        - os: ubuntu-20.04
-          version: stable-20221211
+          version: stable-20220120
        - os: macos-latest
-          version: stable-20221211
+          version: stable-20220120
-        - os: windows-latest
+        - os: windows-2019
-          version: stable-20221211
+          version: stable-20220120
        - os: ubuntu-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: windows-latest
-          version: stable-20230418
+          version: stable-20220401
        - os: ubuntu-latest
-          version: stable-v2.13.5
+          version: cached
        - os: macos-latest
-          version: stable-v2.13.5
+          version: cached
        - os: windows-latest
-          version: stable-v2.13.5
+          version: cached
        - os: ubuntu-latest
          version: stable-v2.14.6
        - os: macos-latest
          version: stable-v2.14.6
        - os: windows-latest
          version: stable-v2.14.6
        - os: ubuntu-latest
          version: default
        - os: macos-latest
          version: default
        - os: windows-latest
          version: default
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -74,29 +62,22 @@ jobs:
        - os: windows-latest
          version: nightly-latest
    name: Use a custom `checkout_path`
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
+    - name: Set up Go
-    - name: Set environment variable for Swift enablement
+      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      if: >-
+      uses: actions/setup-go@v3
-        runner.os != 'Windows' && (
+      with:
-            matrix.version == '20220908' ||
+        go-version: ^1.13.1
-            matrix.version == '20221211'
+    - uses: actions/checkout@v3
        )
      shell: bash
      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v4
      with:
        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
        path: x/y/z/some-path
@@ -122,8 +103,7 @@ jobs:
        checkout_path: x/y/z/some-path/tests/multi-language-repo
        ref: v1.1.0
        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
-        upload: never
+        upload: false
        upload-database: false
    - uses: ./../action/upload-sarif
      with:
--- a/.github/workflows/check-expected-release-files.yml
+++ b/.github/workflows/check-expected-release-files.yml
@@ -15,7 +15,7 @@ jobs:
    steps:
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Check Expected Release Files
        run: |
          bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -11,7 +11,6 @@ on:
  schedule:
    # Weekly on Sunday.
    - cron: '30 1 * * 0'
  workflow_dispatch:
 env:
  CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks
@@ -27,7 +26,7 @@ jobs:
      security-events: write
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Init with default CodeQL bundle from the VM image
      id: init-default
      uses: ./init
@@ -74,7 +73,7 @@ jobs:
    needs: [check-codeql-versions]
    strategy:
      matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13]
+        os: [ubuntu-latest,windows-latest,macos-latest]
        tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
    runs-on: ${{ matrix.os }}
@@ -83,7 +82,7 @@ jobs:
    steps:
    - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: ./init
      id: init
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -30,9 +30,9 @@ jobs:
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
-          version: default
+          version: cached
        - os: macos-latest
-          version: default
+          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
@@ -44,15 +44,15 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Empty file
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: "{}"
        languages: javascript
@@ -60,31 +60,31 @@ jobs:
    - name: Packs from input
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
+        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Queries from input
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -96,7 +96,7 @@ jobs:
    - name: Queries from input with +
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -108,27 +108,27 @@ jobs:
    - name: Queries and packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
-            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
          }
        languages: javascript
        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
-        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
+        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Queries and packs from config
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }],
            "packs": {
-              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
            }
          }
        languages: javascript
@@ -137,7 +137,7 @@ jobs:
    - name: Queries and packs from config overriden by input
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -152,7 +152,7 @@ jobs:
    - name: Queries and packs from config merging with input
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -161,7 +161,7 @@ jobs:
              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }
            ],
            "packs": {
-              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2", "codeql/javascript-queries" ]
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
            }
          }
        languages: javascript
@@ -172,12 +172,12 @@ jobs:
    - name: Multi-language packs from config
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "packs": {
-              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ],
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ],
              "ruby": ["codeql/ruby-queries"]
            },
            "queries": [
@@ -190,7 +190,7 @@ jobs:
    - name: Other config properties
      if: success() || failure()
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -209,7 +209,7 @@ jobs:
      if: success() || failure()
      env:
        CODEQL_PASS_CONFIG_TO_CLI: false
-      uses: ./../action/.github/actions/check-codescanning-config
+      uses: ./../action/.github/check-codescanning-config
      with:
        expected-config-file-contents: ""
        languages: javascript
--- a/.github/workflows/debug-artifacts-failure.yml
+++ b/.github/workflows/debug-artifacts-failure.yml
@@ -33,13 +33,13 @@ jobs:
      - name: Dump GitHub event
        run: cat "${GITHUB_EVENT_PATH}"
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/actions/prepare-test
+        uses: ./.github/prepare-test
        with:
          version: latest
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v3
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -21,18 +21,31 @@ jobs:
  upload-artifacts:
    strategy:
      matrix:
-        os:
+        include:
-        - ubuntu-latest
+        - os: ubuntu-20.04
-        - macos-latest
+          version: stable-20211005
-        version:
+        - os: macos-latest
-        - stable-20220908
+          version: stable-20211005
-        - stable-20221211
+        - os: ubuntu-20.04
-        - stable-20230418
+          version: stable-20220120
-        - stable-v2.13.5
+        - os: macos-latest
-        - stable-v2.14.6
+          version: stable-20220120
-        - default
+        - os: ubuntu-latest
-        - latest
+          version: stable-20220401
-        - nightly-latest
+        - os: macos-latest
          version: stable-20220401
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -40,25 +53,21 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/actions/prepare-test
+        uses: ./.github/prepare-test
        with:
          version: ${{ matrix.version }}
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v3
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        id: init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
      - uses: ./../action/.github/actions/setup-swift
        with:
          codeql-path: ${{ steps.init.outputs.codeql-path }}
      - name: Build code
        shell: bash
        run: ./build.sh
@@ -75,11 +84,18 @@ jobs:
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-20220908 stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
+          VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
-            for os in ubuntu-latest macos-latest; do
+            if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then
-              pushd "./my-debug-artifacts-$os-${version//./}"
+              # Note the absence of the period in "ubuntu-2004": this is present in the image name
              # but not the artifact name
              OPERATING_SYSTEMS="ubuntu-2004 macos-latest"
            else
              OPERATING_SYSTEMS="ubuntu-latest macos-latest"
            fi
            for os in $OPERATING_SYSTEMS; do
              pushd "./my-debug-artifacts-$os-$version"
              echo "Artifacts from version $version on $os:"
              for language in $LANGUAGES; do
                echo "- Checking $language"
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@@ -22,10 +22,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: latest
    - uses: ./../action/init
@@ -36,10 +36,10 @@ jobs:
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
-        upload: never
+        upload: false
    - name: Check Sarif
-      uses: ./../action/.github/actions/check-sarif
+      uses: ./../action/.github/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/incomplete-hostname-regexp,js/path-injection
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@@ -35,12 +35,12 @@ jobs:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "${GITHUB_CONTEXT}"
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v3
      - name: Update git config
        run: |
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.email "github-actions@github.com"
          git config --global user.name "github-actions[bot]"
      - name: Get version and new branch
@@ -130,7 +130,7 @@ jobs:
          npm version patch --no-git-tag-version
          # Update the changelog
-          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md
+          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md
          git add .
          git commit -m "Update changelog and version after ${VERSION}"
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -17,7 +17,7 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Lint
        run: npm run-script lint
@@ -31,7 +31,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: Check node modules up to date
        run: .github/workflows/script/check-node-modules.sh
@@ -42,18 +42,17 @@ jobs:
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
-          python-version: 3.11
+          python-version: 3.8
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
-          # When updating this, update the autogenerated code header in `sync.py` too.
+          pip install ruamel.yaml
          pip install ruamel.yaml==0.17.31
      # Ensure the generated PR check workflows are up to date.
      - name: Verify PR checks up to date
@@ -69,7 +68,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: npm test
        run: |
          # Run any commands referenced in package.json using Bash, otherwise
--- a/.github/workflows/python-deps.yml
+++ b/.github/workflows/python-deps.yml
@@ -37,7 +37,7 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: ./init
@@ -72,7 +72,7 @@ jobs:
    - name: Verify packages installed
      run: |
-        $GITHUB_WORKSPACE/python-setup/tests/check_requests.sh ${PYTHON_VERSION} 2.31.0
+        $GITHUB_WORKSPACE/python-setup/tests/check_requests_2_26_0.sh ${PYTHON_VERSION}
  # This one shouldn't fail, but also won't install packages
  test-setup-python-scripts-non-standard-location:
@@ -84,7 +84,7 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: ./init
@@ -137,7 +137,7 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - uses: actions/setup-python@v4
      with:
@@ -170,5 +170,5 @@ jobs:
    - name: Verify packages installed
      run: |
-        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests.ps1"
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_2_26_0.ps1"
-        powershell -File $cmd $Env:PYTHON_VERSION 2.31.0
+        powershell -File $cmd $Env:PYTHON_VERSION
--- a/.github/workflows/python312-windows.yml
+++ b/.github/workflows/python312-windows.yml
@@ -1,41 +0,0 @@
 name: Test that the workaround for python 3.12 on windows works
 on:
  push:
    branches: [main, releases/v2]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
  schedule:
    # Weekly on Monday.
    - cron: '0 0 * * 1'
  workflow_dispatch:
 jobs:
  test-setup-python-scripts:
    timeout-minutes: 45
    runs-on: windows-latest
    steps:
    - uses: actions/setup-python@v4
      with:
        python-version: 3.12
    - uses: actions/checkout@v4
    - name: Prepare test
      uses: ./.github/actions/prepare-test
      with:
        version: default
    - name: Initialize CodeQL
      uses: ./../action/init
      with:
        tools: latest
        languages: python
    - name: Analyze
      uses: ./../action/analyze
      with:
        upload-database: false
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -20,15 +20,15 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/actions/prepare-test
+      uses: ./.github/prepare-test
      with:
        version: latest
    - name: Check SARIF for default queries with Single include, Single exclude
-      uses: ./../action/.github/actions/query-filter-test
+      uses: ./../action/.github/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip
@@ -37,7 +37,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Check SARIF for query packs with Single include, Single exclude
-      uses: ./../action/.github/actions/query-filter-test
+      uses: ./../action/.github/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block
@@ -46,7 +46,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Check SARIF for query packs and local queries with Single include, Single exclude
-      uses: ./../action/.github/actions/query-filter-test
+      uses: ./../action/.github/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
--- a/.github/workflows/rebuild.yml
+++ b/.github/workflows/rebuild.yml
@@ -1,60 +0,0 @@
 name: Rebuild Action
 on:
  pull_request:
    types: [labeled]
 jobs:
  rebuild:
    name: Rebuild Action
    runs-on: ubuntu-latest
    if: github.event.label.name == 'Rebuild'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}
      - name: Remove label
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
        run: |
          gh pr edit --repo github/codeql-action "$PR_NUMBER" \
            --remove-label "Rebuild"
      - name: Compile TypeScript
        run: |
          npm install
          npm run lint -- --fix
          npm run build
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: 3.11
      - name: Generate workflows
        run: |
          cd pr-checks
          python -m pip install --upgrade pip
          pip install ruamel.yaml==0.17.31
          python3 sync.py
      - name: Check for changes and push
        env:
          BRANCH: ${{ github.event.pull_request.head.ref }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
        run: |
          if [ ! -z "$(git status --porcelain)" ]; then
            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
            git config --global user.name "github-actions[bot]"
            git commit -am "Rebuild"
            git push origin "HEAD:$BRANCH"
            echo "Pushed a commit to rebuild the Action." \
              "Please mark the PR as ready for review to trigger PR checks." |
              gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER"
            gh pr ready --undo --repo github/codeql-action "$PR_NUMBER"
          fi
--- a/.github/workflows/script/check-node-modules.sh
+++ b/.github/workflows/script/check-node-modules.sh
@@ -7,9 +7,13 @@ if [ ! -z "$(git status --porcelain)" ]; then
    >&2 echo "Failed: Repo should be clean before testing!"
    exit 1
 fi
-
+# When updating this, make sure to update the npm version in
-"$(dirname "$0")/update-node-modules.sh" check-only
+# `.github/workflows/update-dependencies.yml` too.
-
+sudo npm install --force -g npm@9.2.0
 # Reinstall modules and then clean to remove absolute paths
 # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
 npm ci
 npm run removeNPMAbsolutePaths
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then
    # If we get a fail here then the PR needs attention
--- a/.github/workflows/script/update-node-modules.sh
+++ b/.github/workflows/script/update-node-modules.sh
@@ -1,18 +0,0 @@
 if [ "$1" != "update" && "$1" != "check-only" ]; then
    >&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'"
    exit 1
 fi
 sudo npm install --force -g npm@9.2.0
 # clean the npm cache to ensure we don't have any files owned by root
 sudo npm cache clean --force
 if [ "$1" = "update" ]; then
    npm install
 fi
 # Reinstall modules and then clean to remove absolute paths
 # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
 npm ci
 npm run removeNPMAbsolutePaths
--- a/.github/workflows/test-codeql-bundle-all.yml
+++ b/.github/workflows/test-codeql-bundle-all.yml
@@ -1,56 +0,0 @@
 name: 'PR Check - CodeQL Bundle All'
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
  # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
  # workaround for our PR checks.
  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
 on:
  push:
    branches:
    - main
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  test-codeql-bundle-all:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: nightly-latest
    name: 'CodeQL Bundle All'
    permissions:
      contents: read
      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
        use-all-platform-bundle: true
    - id: init
      uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
      with:
        upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -1,91 +0,0 @@
 name: Update default CodeQL bundle
 on:
  release:
    # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
    # Note: The prereleased type will not trigger for pre-releases published
    # from draft releases, but the published type will trigger. If you want a
    # workflow to run when stable and pre-releases publish, subscribe to
    # published instead of released and prereleased.
    #
    # From https://github.com/orgs/community/discussions/26281
    # As a work around, in published type workflow,  you could add if condition
    # to filter pre-release attribute.
    types: [published]
 jobs:
  update-bundle:
    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
    runs-on: ubuntu-latest
    steps:
      - name: Dump environment
        run: env
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
      - name: Update git config
        run: |
          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config --global user.name "github-actions[bot]"
      - name: Update bundle
        uses: ./.github/actions/update-bundle
      - name: Rebuild Action
        run: npm run build
      - name: Commit and push changes
        env:
          RELEASE_TAG: "${{ github.event.release.tag_name }}"
        run: |
          git checkout -b "update-bundle/$RELEASE_TAG"
          git commit -am "Update default bundle to $RELEASE_TAG"
          git push --set-upstream origin "update-bundle/$RELEASE_TAG"
      - name: Open pull request
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          cli_version=$(jq -r '.cliVersion' src/defaults.json)
          pr_url=$(gh pr create \
            --title "Update default bundle to $cli_version" \
            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
            --assignee "$GITHUB_ACTOR" \
            --draft \
          )
          echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
          echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
      - name: Create changelog note
        shell: python
        run: |
          import os
          import re
          # Get the PR number from the PR URL.
          pr_number = os.environ['PR_URL'].split('/')[-1]
          changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
          # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
          # Use perl to avoid having to escape the newline character.
          with open('CHANGELOG.md', 'r') as f:
              changelog = f.read()
          changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
          # Add the changelog note to the bottom of the "[UNRELEASED]" section.
          changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
          with open('CHANGELOG.md', 'w') as f:
              f.write(changelog)
      - name: Push changelog note
        run: |
          git commit -am "Add changelog note"
          git push
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -11,32 +11,32 @@ jobs:
    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v3
    - name: Remove PR label
      env:
        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
        REPOSITORY: '${{ github.repository }}'
        PR_NUMBER: '${{ github.event.pull_request.number }}'
        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
      run: |
        gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE
    - name: Push updated dependencies
      env:
        BRANCH: '${{ github.head_ref }}'
        GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
      run: |
        git fetch origin "$BRANCH" --depth=1
        git checkout "origin/$BRANCH"
-        .github/workflows/script/update-node-modules.sh update
+        # When updating this, make sure to update the npm version in
        # `.github/workflows/script/check-node-modules.sh` too.
        sudo npm install --force -g npm@9.2.0
        npm install
        npm ci
        npm run removeNPMAbsolutePaths
        if [ ! -z "$(git status --porcelain)" ]; then
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.email "github-actions@github.com"
          git config --global user.name "github-actions[bot]"
          git add node_modules
          git commit -am "Update checked-in dependencies"
          git push origin "HEAD:$BRANCH"
          echo "Pushed a commit to update the checked-in dependencies." \
            "Please mark the PR as ready for review to trigger PR checks." |
            gh pr comment --body-file - --repo github/codeql-action "${{ github.event.pull_request.number }}"
          gh pr ready --undo --repo github/codeql-action "${{ github.event.pull_request.number }}"
        fi
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -18,7 +18,7 @@ jobs:
        GITHUB_CONTEXT: '${{ toJson(github) }}'
      run: echo "$GITHUB_CONTEXT"
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
      with:
        # Need full history so we calculate diffs
        fetch-depth: 0
@@ -35,7 +35,7 @@ jobs:
    - name: Update git config
      run: |
-        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+        git config --global user.email "github-actions@github.com"
        git config --global user.name "github-actions[bot]"
    - name: Update release branch
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -3,7 +3,6 @@ name: Update Supported Enterprise Server Versions
 on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:
 jobs:
  update-supported-enterprise-server-versions:
@@ -18,9 +17,9 @@ jobs:
        with:
          python-version: "3.7"
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Checkout Enterprise Releases
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
        with:
          repository: github/enterprise-releases
          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
@@ -35,30 +34,14 @@ jobs:
          npm run build
        env:
          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
-
+      - name: Commit Changes
-      - name: Update git config
+        uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
-        run: |
+        with:
-          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          commit-message: Update supported GitHub Enterprise Server versions.
-          git config --global user.name "github-actions[bot]"
+          title: Update supported GitHub Enterprise Server versions.
-
+          body: ""
-      - name: Commit changes and open PR
+          author: GitHub <noreply@github.com>
          branch: update-supported-enterprise-server-versions
          draft: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          if [[ -z $(git status --porcelain) ]]; then
            echo "No changes to commit"
          else
            git checkout -b update-supported-enterprise-server-versions
            git add .
            git commit --message "Update supported GitHub Enterprise Server versions"
            git push origin update-supported-enterprise-server-versions
            body="This PR updates the list of supported GitHub Enterprise Server versions, either because a new "
            body+="version is about to be feature frozen, or because an old release has been deprecated.\n\n"
            body+="If an old release has been deprecated, please follow the instructions in CONTRIBUTING.md to "
            body+="deprecate the corresponding version of CodeQL."
            gh pr create --draft \
              --title "Update supported GitHub Enterprise Server versions" \
              --body "$body"
          fi
--- a/.github/workflows/update-supported-enterprise-server-versions/update.py
+++ b/.github/workflows/update-supported-enterprise-server-versions/update.py
@@ -15,11 +15,6 @@ def main():
 	api_compatibility_data = json.loads(_API_COMPATIBILITY_PATH.read_text())
 	releases = json.loads(_RELEASE_FILE_PATH.read_text())
 	# Remove GHES version using a previous version numbering scheme.
 	if "11.10" in releases:
 		del releases["11.10"]
 	oldest_supported_release = None
 	newest_supported_release = semver.VersionInfo.parse(api_compatibility_data["maximumVersion"] + ".0")
@@ -35,10 +30,7 @@ def main():
 		if oldest_supported_release is None or release_version < oldest_supported_release:
 			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
-			# The GHES version is not actually end of life until the end of the day specified by
+			if end_of_life_date > datetime.date.today():
 			# `end_of_life_date`. Wait an extra week to be safe.
 			is_end_of_life = datetime.date.today() > end_of_life_date + datetime.timedelta(weeks=1)
 			if not is_end_of_life:
 				oldest_supported_release = release_version
 	api_compatibility_data = {
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,20 +0,0 @@
 repos:
  - repo: local
    hooks:
      - id: compile-ts
        name: Compile typescript
        files: \.[tj]s$
        language: system
        entry: npm run build
        pass_filenames: false
      - id: lint-ts
        name: Lint typescript code
        files: \.ts$
        language: system
        entry: npm run lint -- --fix
      - id: pr-checks-sync
        name: Synchronize PR check workflows
        files: ^.github/workflows/__.*\.yml$|^pr-checks
        language: system
        entry: python3 pr-checks/sync.py
        pass_filenames: false
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -6,14 +6,5 @@
    // transpiled JavaScript
    "lib": true,
-  },
+  }
  // Installing a new Node package often triggers VS Code's git limit warnings as there is typically
  // an intermediate stage where many files are modified. This setting suppresses these warnings.
  "git.ignoreLimitWarning": true,
  // Use the vendored TypeScript version to have a consistent development experience across
  // machines.
  "typescript.tsdk": "node_modules/typescript/lib",
  "[typescript]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode"
  },
 }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,220 +1,7 @@
 # CodeQL Action Changelog
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 ## [UNRELEASED]
 No user facing changes.
 ## 2.22.5 - 27 Oct 2023
 No user facing changes.
 ## 2.22.4 - 20 Oct 2023
 - Update default CodeQL bundle version to 2.15.1. [#1953](https://github.com/github/codeql-action/pull/1953)
 - Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
  - All code scanning workflows should continue to succeed regardless of the warning.
  - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
  - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
 ## 2.22.3 - 13 Oct 2023
 - Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. [#1945](https://github.com/github/codeql-action/pull/1945)
 ## 2.22.2 - 12 Oct 2023
 - Update default CodeQL bundle version to 2.15.0. [#1938](https://github.com/github/codeql-action/pull/1938)
 - Improve the log output when an error occurs in an invocation of the CodeQL CLI. [#1927](https://github.com/github/codeql-action/pull/1927)
 ## 2.22.1 - 09 Oct 2023
 - Add a workaround for Python 3.12, which is not supported in CodeQL CLI version 2.14.6 or earlier. If you are running an analysis on Windows and using Python 3.12 or later, the CodeQL Action will switch to running Python 3.11. In this case, if Python 3.11 is not found, then the workflow will fail. [#1928](https://github.com/github/codeql-action/pull/1928)
 ## 2.22.0 - 06 Oct 2023
 - The CodeQL Action now requires CodeQL version 2.10.5 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.21.8. [#1907](https://github.com/github/codeql-action/pull/1907)
 - The CodeQL Action no longer runs ML-powered queries. For more information, including details on our investment in AI-powered security technology, see ["CodeQL code scanning deprecates ML-powered alerts."](https://github.blog/changelog/2023-09-29-codeql-code-scanning-deprecates-ml-powered-alerts/) [#1910](https://github.com/github/codeql-action/pull/1910)
 - Fix a bug which prevented tracing of projects using Go 1.21 and above on Linux. [#1909](https://github.com/github/codeql-action/pull/1909)
 ## 2.21.9 - 27 Sep 2023
 - Update default CodeQL bundle version to 2.14.6. [#1897](https://github.com/github/codeql-action/pull/1897)
 - We are rolling out a feature in October 2023 that will improve the success rate of C/C++ autobuild. [#1889](https://github.com/github/codeql-action/pull/1889)
 - We are rolling out a feature in October 2023 that will provide specific file coverage information for C and C++, Java and Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of these pairs of languages is grouped together. [#1903](https://github.com/github/codeql-action/pull/1903)
 - Add a warning to help customers avoid inadvertently analyzing the same CodeQL language in multiple matrix jobs. [#1901](https://github.com/github/codeql-action/pull/1901)
 ## 2.21.8 - 19 Sep 2023
 - Add a deprecation warning for customers using CodeQL version 2.10.4 and earlier. These versions of CodeQL were discontinued on 12 September 2023 alongside GitHub Enterprise Server 3.6, and will be unsupported by the next minor release of the CodeQL Action. [#1884](https://github.com/github/codeql-action/pull/1884)
  - If you are using one of these versions, please update to CodeQL CLI version 2.10.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.9.5 and 2.10.4, you can replace `github/codeql-action/*@v2` by `github/codeql-action/*@v2.21.7` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 - Enable the following language aliases when using CodeQL 2.14.4 and later: `c-cpp` for C/C++ analysis, `java-kotlin` for Java/Kotlin analysis, and `javascript-typescript` for JavaScript/TypeScript analysis. [#1883](https://github.com/github/codeql-action/pull/1883)
 ## 2.21.7 - 14 Sep 2023
 - Update default CodeQL bundle version to 2.14.5. [#1882](https://github.com/github/codeql-action/pull/1882)
 ## 2.21.6 - 13 Sep 2023
 - Better error message when there is a failure to determine the merge base of the code to analysis. [#1860](https://github.com/github/codeql-action/pull/1860)
 - Improve the calculation of default amount of RAM used for query execution on GitHub Enterprise Server. This now reduces in proportion to the runner's total memory to better account for system memory usage, helping to avoid out-of-memory failures on larger runners. This feature is already available to GitHub.com users. [#1866](https://github.com/github/codeql-action/pull/1866)
 - Enable improved file coverage information for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#1867](https://github.com/github/codeql-action/pull/1867)
 - Update default CodeQL bundle version to 2.14.4. [#1873](https://github.com/github/codeql-action/pull/1873)
 ## 2.21.5 - 28 Aug 2023
 - Update default CodeQL bundle version to 2.14.3. [#1845](https://github.com/github/codeql-action/pull/1845)
 - Fixed a bug in CodeQL Action 2.21.3 onwards that affected beta support for [Project Lombok](https://projectlombok.org/) when analyzing Java. The environment variable `CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS` will now be respected if it was manually configured in the workflow. [#1844](https://github.com/github/codeql-action/pull/1844)
 - Enable support for Kotlin 1.9.20 when running with CodeQL CLI v2.13.4 through v2.14.3. [#1853](https://github.com/github/codeql-action/pull/1853)
 ## 2.21.4 - 14 Aug 2023
 - Update default CodeQL bundle version to 2.14.2. [#1831](https://github.com/github/codeql-action/pull/1831)
 - Log a warning if the amount of available disk space runs low during a code scanning run. [#1825](https://github.com/github/codeql-action/pull/1825)
 - When downloading CodeQL bundle version 2.13.4 and later, cache these bundles in the Actions tool cache using a simpler version number. [#1832](https://github.com/github/codeql-action/pull/1832)
 - Fix an issue that first appeared in CodeQL Action v2.21.2 that prevented CodeQL invocations from being logged. [#1833](https://github.com/github/codeql-action/pull/1833)
 - We are rolling out a feature in August 2023 that will improve the quality of file coverage information. [#1835](https://github.com/github/codeql-action/pull/1835)
 ## 2.21.3 - 08 Aug 2023
 - We are rolling out a feature in August 2023 that will improve multi-threaded performance on larger runners. [#1817](https://github.com/github/codeql-action/pull/1817)
 - We are rolling out a feature in August 2023 that adds beta support for [Project Lombok](https://projectlombok.org/) when analyzing Java. [#1809](https://github.com/github/codeql-action/pull/1809)
 - Reduce disk space usage when downloading the CodeQL bundle. [#1820](https://github.com/github/codeql-action/pull/1820)
 ## 2.21.2 - 28 Jul 2023
 - Update default CodeQL bundle version to 2.14.1. [#1797](https://github.com/github/codeql-action/pull/1797)
 - Avoid duplicating the analysis summary within the logs. [#1811](https://github.com/github/codeql-action/pull/1811)
 ## 2.21.1 - 26 Jul 2023
 - Improve the handling of fatal errors from the CodeQL CLI. [#1795](https://github.com/github/codeql-action/pull/1795)
 - Add the `sarif-output` output to the analyze action that contains the path to the directory of the generated SARIF. [#1799](https://github.com/github/codeql-action/pull/1799)
 ## 2.21.0 - 19 Jul 2023
 - CodeQL Action now requires CodeQL CLI 2.9.4 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.20.4. [#1724](https://github.com/github/codeql-action/pull/1724)
 ## 2.20.4 - 14 Jul 2023
 - This is the last release of the Action that supports CodeQL CLI versions 2.8.5 to 2.9.3. These versions of the CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 and will not be supported by the next release of the CodeQL Action (2.21.0).
  - If you are using one of these versions, please update to CodeQL CLI version 2.9.4 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.8.5 and 2.9.3, you can replace 'github/codeql-action/*@v2' by 'github/codeql-action/*@v2.20.4' in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 - We are rolling out a feature in July 2023 that will slightly reduce the default amount of RAM used for query execution, in proportion to the runner's total memory. This will help to avoid out-of-memory failures on larger runners. [#1760](https://github.com/github/codeql-action/pull/1760)
 - Update default CodeQL bundle version to 2.14.0. [#1762](https://github.com/github/codeql-action/pull/1762)
 ## 2.20.3 - 06 Jul 2023
 - Update default CodeQL bundle version to 2.13.5. [#1743](https://github.com/github/codeql-action/pull/1743)
 ## 2.20.2 - 03 Jul 2023
 No user facing changes.
 ## 2.20.1 - 21 Jun 2023
 - Update default CodeQL bundle version to 2.13.4. [#1721](https://github.com/github/codeql-action/pull/1721)
 - Experimental: add a new `resolve-environment` action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.
 ## 2.20.0 - 13 Jun 2023
 - Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in [#1729](https://github.com/github/codeql-action/pull/1729)
 ## 2.3.6 - 01 Jun 2023
 - Update default CodeQL bundle version to 2.13.3. [#1698](https://github.com/github/codeql-action/pull/1698)
 ## 2.3.5 - 25 May 2023
 - Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
 - Gracefully handle invalid URIs when fingerprinting. [#1694](https://github.com/github/codeql-action/pull/1694)
 ## 2.3.4 - 24 May 2023
 - Updated the SARIF 2.1.0 JSON schema file to the latest from [oasis-tcs/sarif-spec](https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json). [#1668](https://github.com/github/codeql-action/pull/1668)
 - We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. [#1676](https://github.com/github/codeql-action/pull/1676)
 - We are improving the way that [CodeQL bundles](https://github.com/github/codeql-action/releases) are tagged to make it possible to easily identify bundles by their CodeQL semantic version. [#1682](https://github.com/github/codeql-action/pull/1682)
  - As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example `codeql-bundle-v2.13.4`, instead of timestamps, like `codeql-bundle-20230615`.
  - This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.
  - Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a `codeql-bundle-yyyymmdd` pattern, you should update it to also recognize `codeql-bundle-vx.y.z` tags.
 - Remove the requirement for `on.push` and `on.pull_request` to trigger on the same branches. [#1675](https://github.com/github/codeql-action/pull/1675)
 ## 2.3.3 - 04 May 2023
 - Update default CodeQL bundle version to 2.13.1. [#1664](https://github.com/github/codeql-action/pull/1664)
 - You can now configure CodeQL within your code scanning workflow by passing a `config` input to the `init` Action. See [Using a custom configuration file](https://aka.ms/code-scanning-docs/config-file) for more information about configuring code scanning. [#1590](https://github.com/github/codeql-action/pull/1590)
 ## 2.3.2 - 27 Apr 2023
 No user facing changes.
 ## 2.3.1 - 26 Apr 2023
 No user facing changes.
 ## 2.3.0 - 21 Apr 2023
 - Update default CodeQL bundle version to 2.13.0. [#1649](https://github.com/github/codeql-action/pull/1649)
 - Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
 ## 2.2.12 - 13 Apr 2023
 - Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
 - Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)
 ## 2.2.11 - 06 Apr 2023
 No user facing changes.
 ## 2.2.10 - 05 Apr 2023
 - Update default CodeQL bundle version to 2.12.6. [#1629](https://github.com/github/codeql-action/pull/1629)
 ## 2.2.9 - 27 Mar 2023
 - Customers post-processing the SARIF output of the `analyze` Action before uploading it to Code Scanning will benefit from an improved debugging experience. [#1598](https://github.com/github/codeql-action/pull/1598)
  - The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using `upload: false`. Previously, this was only available for customers using the default value of the `upload` input.
  - The `upload` input to the `analyze` Action now accepts the following values:
    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
 ## 2.2.8 - 22 Mar 2023
 - Update default CodeQL bundle version to 2.12.5. [#1585](https://github.com/github/codeql-action/pull/1585)
 ## 2.2.7 - 15 Mar 2023
 No user facing changes.
 ## 2.2.6 - 10 Mar 2023
 - Update default CodeQL bundle version to 2.12.4. [#1561](https://github.com/github/codeql-action/pull/1561)
 ## 2.2.5 - 24 Feb 2023
 - Update default CodeQL bundle version to 2.12.3. [#1543](https://github.com/github/codeql-action/pull/1543)
 ## 2.2.4 - 10 Feb 2023
 No user facing changes.
 ## 2.2.3 - 08 Feb 2023
 - Update default CodeQL bundle version to 2.12.2. [#1518](https://github.com/github/codeql-action/pull/1518)
 ## 2.2.2 - 06 Feb 2023
 - Fix an issue where customers using the CodeQL Action with the [CodeQL Action sync tool](https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access) would not be able to obtain the CodeQL tools. [#1517](https://github.com/github/codeql-action/pull/1517)
 ## 2.2.1 - 27 Jan 2023
 No user facing changes.
 ## 2.2.0 - 26 Jan 2023
 - Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. [#1475](https://github.com/github/codeql-action/pull/1475)
  - This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions [runner images](https://github.com/actions/runner-images).
  - **No change is required for the majority of workflows**, including:
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -12,7 +12,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 ## Development and Testing
-Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`.
+Before you start, ensure that you have a recent version of node (14 or higher) installed, along with a recent version of npm (7 or higher). You can see which version of node is used by the action in `init/action.yml`.
 ### Common tasks
@@ -67,8 +67,12 @@ Here are a few things you can do that will increase the likelihood of your pull
    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
    Approve the mergeback PR and automerge it.
 1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.
-Once the mergeback has been merged to `main`, the release is complete.
+    Review the checklist items in the pull request description.
    Once you've checked off all the items, approve the PR and automerge it.
 1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
 ## Keeping the PR checks up to date (admin access required)
@@ -78,27 +82,6 @@ Since the `codeql-action` runs most of its testing through individual Actions wo
 2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
 3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
 ## Deprecating a CodeQL version (write access required)
 We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GHES) version that it first shipped in is deprecated.
 1. Work out the next minimum version of CodeQL. This is the version that shipped in the version of GHES after the one that has just been deprecated.
 1. Notify users using the old version of CodeQL about the deprecation.
    - Update `CODEQL_NEXT_MINIMUM_VERSION`, `GHES_VERSION_MOST_RECENTLY_DEPRECATED`, and `GHES_MOST_RECENT_DEPRECATION_DATE` in `src/codeql.ts` to reflect the new minimum version of CodeQL and the GHES version that has just been deprecated.
    - Add a changelog note announcing the deprecation.
    - Example PR: https://github.com/github/codeql-action/pull/1884
 1. Release the Action, or wait for the next scheduled release of the Action, then wait at least a week so users have time to see and act on the deprecation warning.
 1. Remove support for the old version of CodeQL.
    - Bump `CODEQL_MINIMUM_VERSION` in `src/codeql.ts` to the new minimum version of CodeQL.
    - Remove any code that is only needed to support the old version of CodeQL. This is often behind a version guard, so look for instances of version numbers between the old minimum version and the new minimum version in the codebase. A good place to start is the list of version numbers in `src/codeql.ts`.
    - Update the default set of CodeQL test versions in `pr-checks/sync.py`.
        - Remove the old minimum version of CodeQL.
        - Add the latest patch release for any new CodeQL minor version series that have shipped in GHES.
        - Run the script to update the generated PR checks.
    - Do the same for PR checks that aren't auto-generated.
    - Add a changelog note announcing the new minimum version of CodeQL that is now required.
    - Example PR: https://github.com/github/codeql-action/pull/1907
 ## Resources
 - [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
--- a/README.md
+++ b/README.md
@@ -1,18 +1,9 @@
 # CodeQL Action
-This action runs GitHub's industry-leading semantic code analysis engine, [CodeQL](https://codeql.github.com/), against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
+This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).
 ## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
 Announcement for users of this Action and code scanning workflows on GitHub.com:
 - You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
 - All code scanning workflows should continue to succeed regardless of the warning.
 - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
 For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
 ## License
 This project is released under the [MIT License](LICENSE).
@@ -21,14 +12,130 @@ The underlying CodeQL CLI, used in this action, is licensed under the [GitHub Co
 ## Usage
-We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "[Configuring default setup for code scanning](https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
+This is a short walkthrough, but for more information read [configuring code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning).
-You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
+To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template:
 ```yaml
 name: "Code Scanning - Action"
 on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  schedule:
    #        ┌───────────── minute (0 - 59)
    #        │  ┌───────────── hour (0 - 23)
    #        │  │ ┌───────────── day of the month (1 - 31)
    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
    #        │  │ │ │ │
    #        │  │ │ │ │
    #        │  │ │ │ │
    #        *  * * * *
    - cron: '30 1 * * 0'
 jobs:
  CodeQL-Build:
    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
    runs-on: ubuntu-latest
    permissions:
      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: read
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        # Override language selection by uncommenting this and choosing your languages
        # with:
        #   languages: go, javascript, csharp, python, cpp, java, ruby
      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
      # If this step fails, then you should remove it and run the build manually (see below).
      - name: Autobuild
        uses: github/codeql-action/autobuild@v2
      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
      # ✏️ If the Autobuild fails above, remove it and uncomment the following
      #    three lines and modify them (or add more) to build your code if your
      #    project uses a compiled language
      #- run: |
      #     make bootstrap
      #     make release
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2
 ```
 If you prefer to integrate this within an existing CI workflow, it should end up looking something like this:
 ```yaml
 - name: Initialize CodeQL
  uses: github/codeql-action/init@v2
  with:
    languages: go, javascript
 # Here is where you build your code
 - run: |
    make bootstrap
    make release
 - name: Perform CodeQL Analysis
  uses: github/codeql-action/analyze@v2
 ```
 ### Configuration file
 Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
 ```yaml
 - uses: github/codeql-action/init@v2
  with:
    config-file: ./.github/codeql/codeql-config.yml
 ```
 The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.
 ```yaml
 - uses: github/codeql-action/init@v2
  with:
    config-file: owner/repo/codeql-config.yml@branch
    external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
 ```
 For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
 If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
 ```yaml
 - uses: github/codeql-action/init@v2
  with:
    queries: <local-or-remote-query>,<another-query>
 ```
 By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
 ```yaml
 - uses: github/codeql-action/init@v2
  with:
    queries: +<local-or-remote-query>,<another-query>
 ```
 ## Troubleshooting
-Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).
+Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).
 ## Contributing
 This project welcomes contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to build, install, and contribute.
--- a/analyze/action.yml
+++ b/analyze/action.yml
@@ -10,14 +10,10 @@ inputs:
    required: false
    default: "../results"
  upload:
-    description: >-
+    description: Upload the SARIF file to Code Scanning
      Upload the SARIF file to Code Scanning.
      Defaults to 'always' which uploads the SARIF file to Code Scanning for successful and failed runs.
      'failure-only' only uploads debugging information to Code Scanning if the workflow run fails, for users post-processing the SARIF file before uploading it to Code Scanning.
      'never' avoids uploading the SARIF file to Code Scanning, even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    required: false
    # If changing this, make sure to update workflow.ts accordingly.
-    default: "always"
+    default: "true"
  cleanup-level:
    description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
    required: false
@@ -79,8 +75,6 @@ inputs:
 outputs:
  db-locations:
    description: A map from language to absolute path for each database created by CodeQL.
  sarif-output:
    description: Absolute, local path to the directory containing the generated SARIF file.
  sarif-id:
    description: The ID of the uploaded SARIF file.
 runs:
--- a/init/action.yml
+++ b/init/action.yml
@@ -7,8 +7,7 @@ inputs:
    required: false
    # If not specified the Action will check in several places until it finds the CodeQL tools.
  languages:
-    description: |
+    description: The languages to be analysed
      A comma-separated value of the languages to be analysed e.g. python,javascript
    required: false
  token:
    description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
@@ -45,9 +44,6 @@ inputs:
  db-location:
    description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
    required: false
  config:
    description: Configuration passed as a YAML string in the same format as the config-file input. This takes precedence over the config-file input.
    required: false
  queries:
    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
    required: false
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
@@ -23,13 +19,17 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getFileType = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 /**
@@ -38,13 +38,9 @@ const pkg = require("../package.json");
 *
 * This allows us to get stronger type checking of required/optional inputs.
 */
-const getRequiredInput = function (name) {
+function getRequiredInput(name) {
-    const value = core.getInput(name);
+    return core.getInput(name, { required: true });
-    if (!value) {
+}
        throw new util_1.UserError(`Input required and not supplied: ${name}`);
    }
    return value;
 };
 exports.getRequiredInput = getRequiredInput;
 /**
 * Wrapper around core.getInput that converts empty inputs to undefined.
@@ -75,7 +71,6 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
    // the merge commit, which must mean that git is available.
    // Even if this does go wrong, it's not a huge problem for the alerts to
    // reported on the merge commit.
    let stderr = "";
    try {
        let commitOid = "";
        await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), ["rev-parse", ref], {
@@ -85,7 +80,7 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
                    commitOid += data.toString();
                },
                stderr: (data) => {
-                    stderr += data.toString();
+                    process.stderr.write(data);
                },
            },
            cwd: checkoutPath,
@@ -93,13 +88,9 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
        return commitOid.trim();
    }
    catch (e) {
-        if (stderr.includes("not a git repository")) {
+        core.info("Could not determine current commit SHA using git. Continuing with data from user input or environment.");
-            core.info("Could not determine current commit SHA using git. Continuing with data from user input or environment. " +
+        core.debug(`Reason: ${e.message}`);
-                "The checkout path provided to the action does not appear to be a git repository.");
+        core.debug(e.stack || "NO STACK");
        }
        else {
            core.info(`Could not determine current commit SHA using git. Continuing with data from user input or environment. ${stderr}`);
        }
        return (0, exports.getOptionalInput)("sha") || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
    }
 };
@@ -108,13 +99,12 @@ exports.getCommitOid = getCommitOid;
 * If the action was triggered by a pull request, determine the commit sha of the merge base.
 * Returns undefined if run by other triggers or the merge base cannot be determined.
 */
-const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
+const determineMergeBaseCommitOid = async function () {
-    if (getWorkflowEventName() !== "pull_request") {
+    if (workflowEventName() !== "pull_request") {
        return undefined;
    }
    const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
-    const checkoutPath = checkoutPathOverride ?? (0, exports.getOptionalInput)("checkout_path");
+    const checkoutPath = (0, exports.getOptionalInput)("checkout_path");
    let stderr = "";
    try {
        let commitOid = "";
        let baseOid = "";
@@ -136,7 +126,7 @@ const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
                    }
                },
                stderr: (data) => {
-                    stderr += data.toString();
+                    process.stderr.write(data);
                },
            },
            cwd: checkoutPath,
@@ -150,18 +140,57 @@ const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
        return undefined;
    }
    catch (e) {
-        if (stderr.includes("not a git repository")) {
+        core.info(`Failed to call git to determine merge base. Continuing with data from environment: ${e}`);
-            core.info("The checkout path provided to the action does not appear to be a git repository. " +
+        core.info(e.stack || "NO STACK");
                "Will calculate the merge base on the server.");
        }
        else {
            core.info(`Failed to call git to determine merge base. Will calculate the merge base on ` +
                `the server. Reason: ${stderr}`);
        }
        return undefined;
    }
 };
 exports.determineMergeBaseCommitOid = determineMergeBaseCommitOid;
 /**
 * Get the analysis key parameter for the current job.
 *
 * This will combine the workflow path and current job name.
 * Computing this the first time requires making requests to
 * the github API, but after that the result will be cached.
 */
 async function getAnalysisKey() {
    const analysisKeyEnvVar = "CODEQL_ACTION_ANALYSIS_KEY";
    let analysisKey = process.env[analysisKeyEnvVar];
    if (analysisKey !== undefined) {
        return analysisKey;
    }
    const workflowPath = await (0, workflow_1.getWorkflowPath)();
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    analysisKey = `${workflowPath}:${jobName}`;
    core.exportVariable(analysisKeyEnvVar, analysisKey);
    return analysisKey;
 }
 exports.getAnalysisKey = getAnalysisKey;
 async function getAutomationID() {
    const analysis_key = await getAnalysisKey();
    const environment = getRequiredInput("matrix");
    return computeAutomationID(analysis_key, environment);
 }
 exports.getAutomationID = getAutomationID;
 function computeAutomationID(analysis_key, environment) {
    let automationID = `${analysis_key}/`;
    const matrix = (0, util_1.parseMatrixInput)(environment);
    if (matrix !== undefined) {
        // the id has to be deterministic so we sort the fields
        for (const entry of Object.entries(matrix).sort()) {
            if (typeof entry[1] === "string") {
                automationID += `${entry[0]}:${entry[1]}/`;
            }
            else {
                // In code scanning we just handle the string values,
                // the rest get converted to the empty string
                automationID += `${entry[0]}:/`;
            }
        }
    }
    return automationID;
 }
 exports.computeAutomationID = computeAutomationID;
 /**
 * Get the ref currently being analyzed.
 */
@@ -232,40 +261,207 @@ function getRefFromEnv() {
    }
    return refEnv;
 }
 function getActionsStatus(error, otherFailureCause) {
    if (error || otherFailureCause) {
        return error instanceof util_1.UserError ? "user-error" : "failure";
    }
    else {
        return "success";
    }
 }
 exports.getActionsStatus = getActionsStatus;
 function getActionVersion() {
    return pkg.version;
 }
 exports.getActionVersion = getActionVersion;
 /**
- * Returns the name of the event that triggered this workflow.
+ * Compose a StatusReport.
 *
- * This will be "dynamic" for default setup workflow runs.
+ * @param actionName The name of the action, e.g. 'init', 'finish', 'upload-sarif'
 * @param status The status. Must be 'success', 'failure', or 'starting'
 * @param startedAt The time this action started executing.
 * @param cause  Cause of failure (only supply if status is 'failure')
 * @param exception Exception (only supply if status is 'failure')
 */
-function getWorkflowEventName() {
+async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
-    return (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_NAME");
+    const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
    const ref = await getRef();
    const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
    let workflowRunID = -1;
    if (workflowRunIDStr) {
        workflowRunID = parseInt(workflowRunIDStr, 10);
    }
    const workflowName = process.env["GITHUB_WORKFLOW"] || "";
    const jobName = process.env["GITHUB_JOB"] || "";
    const analysis_key = await getAnalysisKey();
    let workflowStartedAt = process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT];
    if (workflowStartedAt === undefined) {
        workflowStartedAt = actionStartedAt.toISOString();
        core.exportVariable(sharedEnv.CODEQL_WORKFLOW_STARTED_AT, workflowStartedAt);
    }
    const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
    const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
    const actionRef = process.env["GITHUB_ACTION_REF"];
    const testingEnvironment = process.env[sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT] || "";
    // re-export the testing environment variable so that it is available to subsequent steps,
    // even if it was only set for this step
    if (testingEnvironment !== "") {
        core.exportVariable(sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT, testingEnvironment);
    }
    const statusReport = {
        workflow_run_id: workflowRunID,
        workflow_name: workflowName,
        job_name: jobName,
        analysis_key,
        commit_oid: commitOid,
        ref,
        action_name: actionName,
        action_ref: actionRef,
        action_oid: "unknown",
        started_at: workflowStartedAt,
        action_started_at: actionStartedAt.toISOString(),
        status,
        testing_environment: testingEnvironment,
        runner_os: runnerOs,
        action_version: getActionVersion(),
    };
    // Add optional parameters
    if (cause) {
        statusReport.cause = cause;
    }
    if (exception) {
        statusReport.exception = exception;
    }
    if (status === "success" ||
        status === "failure" ||
        status === "aborted" ||
        status === "user-error") {
        statusReport.completed_at = new Date().toISOString();
    }
    const matrix = getRequiredInput("matrix");
    if (matrix) {
        statusReport.matrix_vars = matrix;
    }
    if ("RUNNER_ARCH" in process.env) {
        // RUNNER_ARCH is available only in GHES 3.4 and later
        // Values other than X86, X64, ARM, or ARM64 are discarded server side
        statusReport.runner_arch = process.env["RUNNER_ARCH"];
    }
    if (runnerOs === "Windows" || runnerOs === "macOS") {
        statusReport.runner_os_release = os.release();
    }
    if (codeQlCliVersion !== undefined) {
        statusReport.codeql_version = codeQlCliVersion;
    }
    return statusReport;
 }
-exports.getWorkflowEventName = getWorkflowEventName;
+exports.createStatusReportBase = createStatusReportBase;
 const GENERIC_403_MSG = "The repo on which this action is running is not opted-in to CodeQL code scanning.";
 const GENERIC_404_MSG = "Not authorized to use the CodeQL code scanning feature on this repo.";
 const OUT_OF_DATE_MSG = "CodeQL Action is out-of-date. Please upgrade to the latest version of codeql-action.";
 const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code scanning endpoint. Please update to a compatible version of codeql-action.";
 /**
- * Returns whether the current workflow is executing a local copy of the Action, e.g. we're running
+ * Send a status report to the code_scanning/analysis/status endpoint.
- * a workflow on the codeql-action repo itself.
+ *
 * Optionally checks the response from the API endpoint and sets the action
 * as failed if the status report failed. This is only expected to be used
 * when sending a 'starting' report.
 *
 * Returns whether sending the status report was successful of not.
 */
 async function sendStatusReport(statusReport) {
    const statusReportJSON = JSON.stringify(statusReport);
    core.debug(`Sending status report: ${statusReportJSON}`);
    // If in test mode we don't want to upload the results
    if ((0, util_1.isInTestMode)()) {
        core.debug("In test mode. Status reports are not uploaded.");
        return true;
    }
    const nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY");
    const [owner, repo] = nwo.split("/");
    const client = api.getApiClient();
    try {
        await client.request("PUT /repos/:owner/:repo/code-scanning/analysis/status", {
            owner,
            repo,
            data: statusReportJSON,
        });
        return true;
    }
    catch (e) {
        console.log(e);
        if ((0, util_1.isHTTPError)(e)) {
            switch (e.status) {
                case 403:
                    if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
                        core.setFailed('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                            "Uploading Code Scanning results requires write access. " +
                            'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
                            "See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.");
                    }
                    else {
                        core.setFailed(e.message || GENERIC_403_MSG);
                    }
                    return false;
                case 404:
                    core.setFailed(GENERIC_404_MSG);
                    return false;
                case 422:
                    // schema incompatibility when reporting status
                    // this means that this action version is no longer compatible with the API
                    // we still want to continue as it is likely the analysis endpoint will work
                    if ((0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL") !== util_1.GITHUB_DOTCOM_URL) {
                        core.debug(INCOMPATIBLE_MSG);
                    }
                    else {
                        core.debug(OUT_OF_DATE_MSG);
                    }
                    return true;
            }
        }
        // something else has gone wrong and the request/response will be logged by octokit
        // it's possible this is a transient error and we should continue scanning
        core.error("An unexpected error occurred when sending code scanning status report.");
        return true;
    }
 }
 exports.sendStatusReport = sendStatusReport;
 function workflowEventName() {
    // If the original event is dynamic CODESCANNING_EVENT_NAME will contain the right info (push/pull_request)
    if (process.env["GITHUB_EVENT_NAME"] === "dynamic") {
        const value = process.env["CODESCANNING_EVENT_NAME"];
        if (value === undefined || value.length === 0) {
            return process.env["GITHUB_EVENT_NAME"];
        }
        return value;
    }
    return process.env["GITHUB_EVENT_NAME"];
 }
 exports.workflowEventName = workflowEventName;
 // Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
 function workflowIsTriggeredByPushEvent() {
    return workflowEventName() === "push";
 }
 // Is dependabot the actor that triggered the current workflow run.
 function isDependabotActor() {
    return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
 }
 // Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
 // as opposed to running a remote action (i.e. when another repo references us)
 function isRunningLocalAction() {
    const relativeScriptPath = getRelativeScriptPath();
    return (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath));
 }
 exports.isRunningLocalAction = isRunningLocalAction;
-/**
+// Get the location where the action is running from.
- * Get the location where the Action is running from.
+// This can be used to get the actions name or tell if we're running a local action.
 *
 * This can be used to get the Action's name or tell if we're running a local Action.
 */
 function getRelativeScriptPath() {
    const runnerTemp = (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
    const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
    return path.relative(actionsDirectory, __filename);
 }
 exports.getRelativeScriptPath = getRelativeScriptPath;
-/** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
+// Reads the contents of GITHUB_EVENT_PATH as a JSON object
 function getWorkflowEvent() {
    const eventJsonFile = (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_PATH");
    try {
@@ -278,24 +474,16 @@ function getWorkflowEvent() {
 function removeRefsHeadsPrefix(ref) {
    return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }
-/**
+// Is the version of the repository we are currently analyzing from the default branch,
- * Returns whether we are analyzing the default branch for the repository.
+// or alternatively from another branch or a pull request.
 *
 * This first checks the environment variable `CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH`. This
 * environment variable can be set in cases where repository information might not be available, for
 * example dynamic workflows.
 */
 async function isAnalyzingDefaultBranch() {
    if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") {
        return true;
    }
    // Get the current ref and trim and refs/heads/ prefix
    let currentRef = await getRef();
    currentRef = removeRefsHeadsPrefix(currentRef);
    const event = getWorkflowEvent();
    let defaultBranch = event?.repository?.default_branch;
-    if (getWorkflowEventName() === "schedule") {
+    if (process.env.GITHUB_EVENT_NAME === "schedule") {
-        defaultBranch = removeRefsHeadsPrefix(getRefFromEnv());
+        defaultBranch = removeRefsHeadsPrefix((0, util_1.getRequiredEnvParam)("GITHUB_REF"));
    }
    return currentRef === defaultBranch;
 }
@@ -329,85 +517,4 @@ async function printDebugLogs(config) {
    }
 }
 exports.printDebugLogs = printDebugLogs;
 /**
 * Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload
 * inputs appropriately.
 */
 function getUploadValue(input) {
    switch (input) {
        case undefined:
        case "true":
        case "always":
            return "always";
        case "false":
        case "failure-only":
            return "failure-only";
        case "never":
            return "never";
        default:
            core.warning(`Unrecognized 'upload' input to 'analyze' Action: ${input}. Defaulting to 'always'.`);
            return "always";
    }
 }
 exports.getUploadValue = getUploadValue;
 /**
 * Get the workflow run ID.
 */
 function getWorkflowRunID() {
    const workflowRunIdString = (0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID");
    const workflowRunID = parseInt(workflowRunIdString, 10);
    if (Number.isNaN(workflowRunID)) {
        throw new Error(`GITHUB_RUN_ID must define a non NaN workflow run ID. Current value is ${workflowRunIdString}`);
    }
    if (workflowRunID < 0) {
        throw new Error(`GITHUB_RUN_ID must be a non-negative integer. Current value is ${workflowRunIdString}`);
    }
    return workflowRunID;
 }
 exports.getWorkflowRunID = getWorkflowRunID;
 /**
 * Get the workflow run attempt number.
 */
 function getWorkflowRunAttempt() {
    const workflowRunAttemptString = (0, util_1.getRequiredEnvParam)("GITHUB_RUN_ATTEMPT");
    const workflowRunAttempt = parseInt(workflowRunAttemptString, 10);
    if (Number.isNaN(workflowRunAttempt)) {
        throw new Error(`GITHUB_RUN_ATTEMPT must define a non NaN workflow run attempt. Current value is ${workflowRunAttemptString}`);
    }
    if (workflowRunAttempt <= 0) {
        throw new Error(`GITHUB_RUN_ATTEMPT must be a positive integer. Current value is ${workflowRunAttemptString}`);
    }
    return workflowRunAttempt;
 }
 exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
 /**
 * Tries to obtain the output of the `file` command for the file at the specified path.
 * The output will vary depending on the type of `file`, which operating system we are running on, etc.
 */
 const getFileType = async (filePath) => {
    let stderr = "";
    let stdout = "";
    try {
        // The `file` command will output information about the type of file pointed at by `filePath`.
        // For binary files, this may include e.g. whether they are static of dynamic binaries.
        // The `-L` switch instructs the command to follow symbolic links.
        await new toolrunner.ToolRunner(await safeWhich.safeWhich("file"), ["-L", filePath], {
            silent: true,
            listeners: {
                stdout: (data) => {
                    stdout += data.toString();
                },
                stderr: (data) => {
                    stderr += data.toString();
                },
            },
        }).exec();
        return stdout.trim();
    }
    catch (e) {
        core.info(`Could not determine type of ${filePath} from ${stdout}. ${stderr}`);
        throw e;
    }
 };
 exports.getFileType = getFileType;
 //# sourceMappingURL=actions-util.js.map
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/actions-util.test.js
+++ b/lib/actions-util.test.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
@@ -28,18 +24,15 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
+const actionsutil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
 const environment_1 = require("./environment");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 (0, ava_1.default)("getRef() throws on the empty string", async (t) => {
    process.env["GITHUB_REF"] = "";
-    await t.throwsAsync(actionsUtil.getRef);
+    await t.throwsAsync(actionsutil.getRef);
 });
 (0, ava_1.default)("getRef() returns merge PR ref if GITHUB_SHA still checked out", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
@@ -48,9 +41,9 @@ const util_1 = require("./util");
        const currentSha = "a".repeat(40);
        process.env["GITHUB_REF"] = expectedRef;
        process.env["GITHUB_SHA"] = currentSha;
-        const callback = sinon.stub(actionsUtil, "getCommitOid");
+        const callback = sinon.stub(actionsutil, "getCommitOid");
        callback.withArgs("HEAD").resolves(currentSha);
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, expectedRef);
        callback.restore();
    });
@@ -62,10 +55,10 @@ const util_1 = require("./util");
        process.env["GITHUB_REF"] = expectedRef;
        process.env["GITHUB_SHA"] = "b".repeat(40);
        const sha = "a".repeat(40);
-        const callback = sinon.stub(actionsUtil, "getCommitOid");
+        const callback = sinon.stub(actionsutil, "getCommitOid");
        callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
        callback.withArgs("HEAD").resolves(sha);
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, expectedRef);
        callback.restore();
    });
@@ -75,10 +68,10 @@ const util_1 = require("./util");
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        process.env["GITHUB_REF"] = "refs/pull/1/merge";
        process.env["GITHUB_SHA"] = "a".repeat(40);
-        const callback = sinon.stub(actionsUtil, "getCommitOid");
+        const callback = sinon.stub(actionsutil, "getCommitOid");
        callback.withArgs(tmpDir, "refs/pull/1/merge").resolves("a".repeat(40));
        callback.withArgs(tmpDir, "HEAD").resolves("b".repeat(40));
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, "refs/pull/1/head");
        callback.restore();
    });
@@ -86,16 +79,16 @@ const util_1 = require("./util");
 (0, ava_1.default)("getRef() returns ref provided as an input and ignores current HEAD", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const getAdditionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
        getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
        // These values are be ignored
        process.env["GITHUB_REF"] = "refs/pull/1/merge";
        process.env["GITHUB_SHA"] = "a".repeat(40);
-        const callback = sinon.stub(actionsUtil, "getCommitOid");
+        const callback = sinon.stub(actionsutil, "getCommitOid");
        callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
        callback.withArgs("HEAD").resolves("b".repeat(40));
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, "refs/pull/2/merge");
        callback.restore();
        getAdditionalInputStub.restore();
@@ -109,7 +102,7 @@ const util_1 = require("./util");
        process.env["CODE_SCANNING_REF"] = expectedRef;
        process.env["GITHUB_REF"] = "";
        process.env["GITHUB_SHA"] = currentSha;
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, expectedRef);
    });
 });
@@ -121,17 +114,17 @@ const util_1 = require("./util");
        process.env["CODE_SCANNING_REF"] = "refs/pull/1/HEAD";
        process.env["GITHUB_REF"] = expectedRef;
        process.env["GITHUB_SHA"] = currentSha;
-        const actualRef = await actionsUtil.getRef();
+        const actualRef = await actionsutil.getRef();
        t.deepEqual(actualRef, expectedRef);
    });
 });
 (0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const getAdditionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
        await t.throwsAsync(async () => {
-            await actionsUtil.getRef();
+            await actionsutil.getRef();
        }, {
            instanceOf: Error,
            message: "Both 'ref' and 'sha' are required if one of them is provided.",
@@ -143,10 +136,10 @@ const util_1 = require("./util");
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        process.env["GITHUB_WORKSPACE"] = "/tmp";
-        const getAdditionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
        getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
        await t.throwsAsync(async () => {
-            await actionsUtil.getRef();
+            await actionsutil.getRef();
        }, {
            instanceOf: Error,
            message: "Both 'ref' and 'sha' are required if one of them is provided.",
@@ -155,30 +148,26 @@ const util_1 = require("./util");
    });
 });
 (0, ava_1.default)("computeAutomationID()", async (t) => {
-    let actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
+    let actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/");
    // check the environment sorting
-    actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", '{"os": "linux", "language": "javascript"}');
+    actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"os": "linux", "language": "javascript"}');
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/");
    // check that an empty environment produces the right results
-    actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", "{}");
+    actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", "{}");
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/");
    // check non string environment values
-    actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", '{"number": 1, "object": {"language": "javascript"}}');
+    actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"number": 1, "object": {"language": "javascript"}}');
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/number:/object:/");
    // check undefined environment
-    actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", undefined);
+    actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", undefined);
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/");
 });
 (0, ava_1.default)("initializeEnvironment", (t) => {
    (0, util_1.initializeEnvironment)("1.2.3");
-    t.deepEqual(process.env[environment_1.EnvVar.VERSION], "1.2.3");
+    t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
    process.env["GITHUB_EVENT_NAME"] = "push";
    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
    t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), true);
    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "false";
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        const envFile = path.join(tmpDir, "event.json");
@@ -190,18 +179,18 @@ const util_1 = require("./util");
        process.env["GITHUB_EVENT_PATH"] = envFile;
        process.env["GITHUB_REF"] = "main";
        process.env["GITHUB_SHA"] = "1234";
-        t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), true);
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
        process.env["GITHUB_REF"] = "refs/heads/main";
-        t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), true);
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
        process.env["GITHUB_REF"] = "feature";
-        t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), false);
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), false);
        fs.writeFileSync(envFile, JSON.stringify({
            schedule: "0 0 * * *",
        }));
        process.env["GITHUB_EVENT_NAME"] = "schedule";
        process.env["GITHUB_REF"] = "refs/heads/main";
-        t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), true);
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
-        const getAdditionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
        getAdditionalInputStub
            .withArgs("ref")
            .resolves("refs/heads/something-else");
@@ -210,36 +199,16 @@ const util_1 = require("./util");
            .resolves("0000000000000000000000000000000000000000");
        process.env["GITHUB_EVENT_NAME"] = "schedule";
        process.env["GITHUB_REF"] = "refs/heads/main";
-        t.deepEqual(await actionsUtil.isAnalyzingDefaultBranch(), false);
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), false);
        getAdditionalInputStub.restore();
    });
 });
-(0, ava_1.default)("determineMergeBaseCommitOid non-pullrequest", async (t) => {
+(0, ava_1.default)("workflowEventName()", async (t) => {
-    const infoStub = sinon.stub(core, "info");
+    process.env["GITHUB_EVENT_NAME"] = "push";
-    process.env["GITHUB_EVENT_NAME"] = "hucairz";
+    t.deepEqual(actionsutil.workflowEventName(), "push");
-    process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
+    process.env["GITHUB_EVENT_NAME"] = "dynamic";
-    const result = await actionsUtil.determineMergeBaseCommitOid(__dirname);
+    t.deepEqual(actionsutil.workflowEventName(), "dynamic");
-    t.deepEqual(result, undefined);
+    process.env["CODESCANNING_EVENT_NAME"] = "push";
-    t.deepEqual(0, infoStub.callCount);
+    t.deepEqual(actionsutil.workflowEventName(), "push");
    infoStub.restore();
 });
 (0, ava_1.default)("determineMergeBaseCommitOid no error", async (t) => {
    const infoStub = sinon.stub(core, "info");
    process.env["GITHUB_EVENT_NAME"] = "pull_request";
    process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
    await actionsUtil.determineMergeBaseCommitOid(path.join(__dirname, "../.."));
    t.deepEqual(1, infoStub.callCount);
    t.assert(infoStub.firstCall.args[0].startsWith("The checkout path provided to the action does not appear to be a git repository."));
    infoStub.restore();
 });
 (0, ava_1.default)("determineMergeBaseCommitOid other error", async (t) => {
    const infoStub = sinon.stub(core, "info");
    process.env["GITHUB_EVENT_NAME"] = "pull_request";
    process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
    const result = await actionsUtil.determineMergeBaseCommitOid(path.join(__dirname, "../../i-dont-exist"));
    t.deepEqual(result, undefined);
    t.deepEqual(1, infoStub.callCount);
    t.assert(infoStub.firstCall.args[0].startsWith("Failed to call git to determine merge base."));
    infoStub.restore();
 });
 //# sourceMappingURL=actions-util.test.js.map
--- a/lib/actions-util.test.js.map
+++ b/lib/actions-util.test.js.map
--- a/lib/analyze-action-env.test.js
+++ b/lib/analyze-action-env.test.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
@@ -30,9 +26,7 @@ const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze = __importStar(require("./analyze"));
 const api = __importStar(require("./api-client"));
 const configUtils = __importStar(require("./config-utils"));
 const statusReport = __importStar(require("./status-report"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -48,9 +42,9 @@ const util = __importStar(require("./util"));
        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        process.env["GITHUB_API_URL"] = "https://api.github.com";
        sinon
-            .stub(statusReport, "createStatusReportBase")
+            .stub(actionsUtil, "createStatusReportBase")
            .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves(true);
+        sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
@@ -67,7 +61,7 @@ const util = __importStar(require("./util"));
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        optionalInputStub.withArgs("expect-error").returns("false");
-        sinon.stub(api, "getGitHubVersion").resolves(gitHubVersion);
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
        // When there are no action inputs for RAM and threads, the action uses
--- a/lib/analyze-action-env.test.js.map
+++ b/lib/analyze-action-env.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-input.test.js
+++ b/lib/analyze-action-input.test.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
@@ -30,9 +26,7 @@ const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze = __importStar(require("./analyze"));
 const api = __importStar(require("./api-client"));
 const configUtils = __importStar(require("./config-utils"));
 const statusReport = __importStar(require("./status-report"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -48,9 +42,9 @@ const util = __importStar(require("./util"));
        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        process.env["GITHUB_API_URL"] = "https://api.github.com";
        sinon
-            .stub(statusReport, "createStatusReportBase")
+            .stub(actionsUtil, "createStatusReportBase")
            .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves(true);
+        sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
        };
@@ -66,7 +60,7 @@ const util = __importStar(require("./util"));
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        optionalInputStub.withArgs("expect-error").returns("false");
-        sinon.stub(api, "getGitHubVersion").resolves(gitHubVersion);
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
--- a/lib/analyze-action-input.test.js.map
+++ b/lib/analyze-action-input.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-post-helper.js
+++ b/lib/analyze-action-post-helper.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
--- a/lib/analyze-action-post-helper.js.map
+++ b/lib/analyze-action-post-helper.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}
+{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}
--- a/lib/analyze-action-post-helper.test.js
+++ b/lib/analyze-action-post-helper.test.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
--- a/lib/analyze-action-post-helper.test.js.map
+++ b/lib/analyze-action-post-helper.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -31,13 +31,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const util_1 = require("./util");
 async function runWrapper() {
    try {
        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
    }
    catch (error) {
-        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`analyze post-action step failed: ${error}`);
        console.log(error);
    }
 }
 void runWrapper();
--- a/lib/analyze-action-post.js.map
+++ b/lib/analyze-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AAEpD,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -1,11 +1,7 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
@@ -26,12 +22,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runPromise = void 0;
+exports.runPromise = exports.sendStatusReport = void 0;
 const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
 const safe_which_1 = require("@chrisgavin/safe-which");
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze_1 = require("./analyze");
 const api_client_1 = require("./api-client");
@@ -39,38 +34,41 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
 const diagnostics_1 = require("./diagnostics");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const statusReport = __importStar(require("./status-report"));
+const shared_environment_1 = require("./shared-environment");
 const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
-const uploadLib = __importStar(require("./upload-lib"));
+const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
-    const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
+    const status = actionsUtil.getActionsStatus(error, stats?.analyze_failure_language);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)("finish", status, startedAt, await util.checkDiskUsage(), error?.message, error?.stack);
+    const statusReportBase = await actionsUtil.createStatusReportBase("finish", status, startedAt, error?.message, error?.stack);
-    const report = {
+    const statusReport = {
        ...statusReportBase,
        ...(config
            ? {
                ml_powered_javascript_queries: util.getMlPoweredJsQueriesStatus(config),
            }
            : {}),
        ...(stats || {}),
        ...(dbCreationTimings || {}),
    };
    if (config && didUploadTrapCaches) {
        const trapCacheUploadStatusReport = {
-            ...report,
+            ...statusReport,
            trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
            trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
        };
-        await statusReport.sendStatusReport(trapCacheUploadStatusReport);
+        await actionsUtil.sendStatusReport(trapCacheUploadStatusReport);
    }
    else {
-        await statusReport.sendStatusReport(report);
+        await actionsUtil.sendStatusReport(statusReport);
    }
 }
 exports.sendStatusReport = sendStatusReport;
 // `expect-error` should only be set to a non-false value by the CodeQL Action PR checks.
 function hasBadExpectErrorInput() {
    return (actionsUtil.getOptionalInput("expect-error") !== "false" &&
@@ -101,7 +99,7 @@ function doesGoExtractionOutputExist(config) {
 * an autobuild step or manual build steps.
 *
 * - We detect whether an autobuild step is present by checking the
- * `CODEQL_ACTION_DID_AUTOBUILD_GOLANG` environment variable, which is set
+ * `util.DID_AUTOBUILD_GO_ENV_VAR_NAME` environment variable, which is set
 * when the autobuilder is invoked.
 * - We detect whether the Go database has already been finalized in case it
 * has been manually set in a prior Action step.
@@ -112,7 +110,7 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
    if (!config.languages.includes(languages_1.Language.go)) {
        return;
    }
-    if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] === "true") {
+    if (process.env[util.DID_AUTOBUILD_GO_ENV_VAR_NAME] === "true") {
        logger.debug("Won't run Go autobuild since it has already been run.");
        return;
    }
@@ -130,7 +128,6 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
        }
        return;
    }
    logger.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found.");
    await (0, autobuild_1.runAutobuild)(languages_1.Language.go, config, logger);
 }
 async function run() {
@@ -144,7 +141,7 @@ async function run() {
    util.initializeEnvironment(actionsUtil.getActionVersion());
    const logger = (0, logging_1.getActionsLogger)();
    try {
-        if (!(await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)("finish", "starting", startedAt, await util.checkDiskUsage(logger))))) {
+        if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("finish", "starting", startedAt)))) {
            return;
        }
        config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
@@ -152,40 +149,18 @@ async function run() {
            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
        }
        if (hasBadExpectErrorInput()) {
-            throw new util.UserError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
+            throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
        }
        await util.enrichEnvironment(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"]);
        const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
        // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
        // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
        // the setup tasks do not interfere with our analysis.
        // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
        // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
        // thus potentially circumventing our workaround that allows tracing to work.
        const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
        if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
            goInitPath !== undefined) {
            const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
            if (goInitPath !== goBinaryPath) {
                core.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
                (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
                    markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
                    visibility: {
                        statusPage: true,
                        telemetry: true,
                        cliSummaryTable: true,
                    },
                    severity: "warning",
                }));
            }
        }
        await runAutobuildIfLegacyGoWorkflow(config, logger);
-        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, features);
+        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger);
        if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
        }
@@ -197,10 +172,8 @@ async function run() {
            dbLocations[language] = util.getCodeQLDatabasePath(config, language);
        }
        core.setOutput("db-locations", dbLocations);
-        core.setOutput("sarif-output", path_1.default.resolve(outputDir));
+        if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
-        const uploadInput = actionsUtil.getOptionalInput("upload");
+            uploadResult = await upload_lib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
        if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger, { considerInvalidRequestUserError: false });
            core.setOutput("sarif-id", uploadResult.sarifID);
        }
        else {
@@ -219,16 +192,16 @@ async function run() {
        }
        else if (uploadResult !== undefined &&
            actionsUtil.getRequiredInput("wait-for-processing") === "true") {
-            await uploadLib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, (0, logging_1.getActionsLogger)());
+            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, (0, logging_1.getActionsLogger)());
        }
        // If we did not throw an error yet here, but we expect one, throw it.
        if (actionsUtil.getOptionalInput("expect-error") === "true") {
            core.setFailed(`expect-error input was set to true but no error was thrown.`);
        }
-        core.exportVariable(environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
+        core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
    }
-    catch (unwrappedError) {
+    catch (origError) {
-        const error = (0, util_1.wrapError)(unwrappedError);
+        const error = origError instanceof Error ? origError : new Error(String(origError));
        if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
@@ -261,7 +234,7 @@ async function runWrapper() {
        await exports.runPromise;
    }
    catch (error) {
-        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`analyze action failed: ${error}`);
    }
    await (0, util_1.checkForTimeout)();
 }
--- a/Show More
+++ b/Show More
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}				{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}				{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}				{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}
		`@@ -1 +1 @@`
			`{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}`				`{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AAEpD,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}`