Merge pull request #2217 from github/dependabot/npm_and_yarn/npm-eb3e2c410b

Bump the npm group with 2 updates

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node16
+  using: node20
   main: index.js

.github/actions/release-branches/release-branches.py

@@ -1,12 +1,19 @@
 import argparse
 import json
 import os
-import subprocess
+import configparser
 
 # Name of the remote
 ORIGIN = 'origin'
 
-OLDEST_SUPPORTED_MAJOR_VERSION = 2
+script_dir = os.path.dirname(os.path.realpath(__file__))
+grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
+
+config = configparser.ConfigParser()
+with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
+    config.read_string('[default]\n' + stream.read())
+
+OLDEST_SUPPORTED_MAJOR_VERSION = int(config['default']['OLDEST_SUPPORTED_MAJOR_VERSION'])
 
 def main():
 

.github/actions/release-initialise/action.yml

@@ -16,7 +16,7 @@ runs:
       shell: bash
 
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.8
 

.github/actions/setup-swift/action.yml

@@ -33,7 +33,7 @@ runs:
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
 
-    - uses: swift-actions/setup-swift@f51889efb55dccf13be0ee727e3d6c89a096fb4c # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+    - uses: swift-actions/setup-swift@e1dca7c4a36344146bbc2803f0d538462477bb37 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
       if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
       with:
         swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/dependabot.yml

@@ -2,6 +2,8 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: "/"
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     labels:
@@ -20,6 +22,8 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/"
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:
@@ -28,6 +32,8 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:

.github/releases.ini

@@ -0,0 +1 @@
+OLDEST_SUPPORTED_MAJOR_VERSION=2

.github/update-release-branch.py

@@ -1,5 +1,6 @@
 import argparse
 import datetime
+import re
 from github import Github
 import json
 import os
@@ -59,7 +60,7 @@ def open_pr(
 
   # Start constructing the body text
   body = []
-  body.append(f'Merging {source_branch_short_sha} into {target_branch}.')
+  body.append(f'Merging {source_branch_short_sha} into `{target_branch}`.')
 
   body.append('')
   body.append(f'Conductor for this PR is @{conductor}.')
@@ -91,7 +92,7 @@ def open_pr(
       'branch to resolve the merge conflicts.')
   body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.')
   body.append(' - [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.')
-  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {target_branch} branch.')
+  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the `{target_branch}` branch.')
   body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.')
 
   if not is_primary_release:
@@ -174,6 +175,60 @@ def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
 
+def process_changelog_for_backports(source_branch_major_version, target_branch_major_version):
+
+  # changelog entries can use the following format to indicate
+  # that they only apply to newer versions
+  some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]')
+
+  output = ''
+
+  with open('CHANGELOG.md', 'r') as f:
+
+    # until we find the first section, just duplicate all lines
+    while True:
+      line = f.readline()
+      if not line:
+        raise Exception('Could not find any change sections in CHANGELOG.md') # EOF
+
+      output += line
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        # we have found the first section, so now handle things differently
+        break
+
+    # found_content tracks whether we hit two headings in a row
+    found_content = False
+    output += '\n'
+    while True:
+      line = f.readline()
+      if not line:
+        break # EOF
+      line = line.rstrip('\n')
+
+      # filter out changenote entries that apply only to newer versions
+      match = some_versions_only_regex.search(line)
+      if match:
+        if int(target_branch_major_version) < int(match.group(1)):
+          continue
+
+      if line.startswith('## '):
+        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
+        if found_content == False:
+          # we have found two headings in a row, so we need to add the placeholder message.
+          output += 'No user facing changes.\n'
+        found_content = False
+        output += f'\n{line}\n\n'
+      else:
+        if line.strip() != '':
+          found_content = True
+          # we use the original line here, rather than the stripped version
+          # so that we preserve indentation
+          output += line + '\n'
+
+    with open('CHANGELOG.md', 'w') as f:
+      f.write(output)
+
 def update_changelog(version):
   if (os.path.exists('CHANGELOG.md')):
     content = ''
@@ -255,10 +310,13 @@ def main():
     print(f'No commits to merge from {source_branch} to {target_branch}.')
     return
 
+  # define distinct prefix in order to support specific pr checks on backports
+  branch_prefix = 'update' if is_primary_release else 'backport'
+
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = f'update-v{version}-{source_branch_short_sha}'
+  new_branch_name = f'{branch_prefix}-v{version}-{source_branch_short_sha}'
   print(f'Branch name is {new_branch_name}.')
 
   # Check if the branch already exists. If so we can abort as this script
@@ -321,13 +379,7 @@ def main():
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
     print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')
-    subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md'])
-
-    # Remove changelog notes from all versions that do not apply to the vOlder branch
-    print(f'Removing changelog notes that do not apply to v{target_branch_major_version}')
-    for v in range(int(source_branch_major_version), int(target_branch_major_version), -1):
-      print(f'Removing changelog notes that are tagged [v{v}+ only\]')
-      subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md'])
+    process_changelog_for_backports(source_branch_major_version, target_branch_major_version)
 
     # Amend the commit generated by `npm version` to update the CHANGELOG
     run_git('add', 'CHANGELOG.md')

.github/workflows/__all-platform-bundle.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'true'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - id: init

.github/workflows/__analyze-ref-input.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__autobuild-action.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__build-mode-autobuild.yml

@@ -0,0 +1,88 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Build mode autobuild
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  build-mode-autobuild:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Build mode autobuild
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: runner.os != 'Windows' && matrix.version == '20221211'
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Set up Java test repo configuration
+      run: |
+        mv * .github ../action/tests/multi-language-repo/
+        mv ../action/tests/multi-language-repo/.github/workflows .github
+        mv ../action/tests/java-repo/* .
+
+    - uses: ./../action/init
+      id: init
+      with:
+        build-mode: autobuild
+        db-location: ${{ runner.temp }}/customDbLocation
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Validate database build mode
+      run: |
+        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+        build_mode=$(yq eval '.buildMode' "$metadata_path")
+        if [[ "$build_mode" != "autobuild" ]]; then
+          echo "Expected build mode to be 'autobuild' but was $build_mode"
+          exit 1
+        fi
+
+    - uses: ./../action/analyze
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-manual.yml

@@ -0,0 +1,90 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Build mode manual
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  build-mode-manual:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Build mode manual
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: runner.os != 'Windows' && matrix.version == '20221211'
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - uses: ./../action/init
+      id: init
+      with:
+        build-mode: manual
+        db-location: ${{ runner.temp }}/customDbLocation
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Validate database build mode
+      run: |
+        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+        build_mode=$(yq eval '.buildMode' "$metadata_path")
+        if [[ "$build_mode" != "manual" ]]; then
+          echo "Expected build mode to be 'manual' but was $build_mode"
+          exit 1
+        fi
+
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
+
+    - name: Build code
+      shell: bash
+      run: ./build.sh
+
+    - uses: ./../action/analyze
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-none.yml

@@ -0,0 +1,88 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Build mode none
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  build-mode-none:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Build mode none
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: runner.os != 'Windows' && matrix.version == '20221211'
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - uses: ./../action/init
+      id: init
+      with:
+        build-mode: none
+        db-location: ${{ runner.temp }}/customDbLocation
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Validate database build mode
+      run: |
+        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+        build_mode=$(yq eval '.buildMode' "$metadata_path")
+        if [[ "$build_mode" != "none" ]]; then
+          echo "Expected build mode to be 'none' but was $build_mode"
+          exit 1
+        fi
+
+  # The latest nightly supports omitting the autobuild Action when the build mode is specified.
+    - uses: ./../action/autobuild
+      if: matrix.version != 'nightly-latest'
+
+    - uses: ./../action/analyze
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-rollback.yml

@@ -0,0 +1,89 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Build mode rollback
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  build-mode-rollback:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Build mode rollback
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: runner.os != 'Windows' && matrix.version == '20221211'
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Set up Java test repo configuration
+      run: |
+        mv * .github ../action/tests/multi-language-repo/
+        mv ../action/tests/multi-language-repo/.github/workflows .github
+        mv ../action/tests/java-repo/* .
+
+    - uses: ./../action/init
+      id: init
+      with:
+        build-mode: none
+        db-location: ${{ runner.temp }}/customDbLocation
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Validate database build mode
+      run: |
+        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+        build_mode=$(yq eval '.buildMode' "$metadata_path")
+        if [[ "$build_mode" != "autobuild" ]]; then
+          echo "Expected build mode to be 'autobuild' but was $build_mode"
+          exit 1
+        fi
+
+    - uses: ./../action/analyze
+    env:
+      CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-export.yml

@@ -45,12 +45,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -69,11 +67,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -107,16 +101,15 @@ jobs:
             core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
           }
           if (configSummary.disableDefaultQueries !== false) {
-            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + 
+            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
               `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
           }
           const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
           // Use JSON.stringify to deep-equal the arrays.
           if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
-            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + 
+            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
               `${JSON.stringify(configSummary.queries)}.`);
           }
           core.info('Finished config export tests.');
     env:
-      CODEQL_PASS_CONFIG_TO_CLI: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-input.yml

@@ -0,0 +1,92 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Config input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v*
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  config-input:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+    name: Config input
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v5
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: runner.os != 'Windows' && matrix.version == '20221211'
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Copy queries into workspace
+      run: |
+        cp -a ../action/queries .
+
+    - uses: ./../action/init
+      with:
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+        languages: javascript
+        build-mode: none
+        config: |
+          disable-default-queries: true
+          queries:
+            - name: Run custom query
+              uses: ./queries/default-setup-environment-variables.ql
+          paths-ignore:
+            - tests
+            - lib
+
+    - uses: ./../action/analyze
+      with:
+        output: ${{ runner.temp }}/results
+
+    - name: Check SARIF
+      uses: ./../action/.github/actions/check-sarif
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: javascript/codeql-action/default-setup-env-vars
+        queries-not-run: javascript/codeql-action/default-setup-context-properties
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-disabled.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__cpp-deptrace-enabled.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__diagnostics-export.yml

@@ -51,12 +51,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -75,11 +73,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -142,7 +136,7 @@ jobs:
             core.setFailed(
               'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
                 `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                `${statusPageNotifications.length}. All notification reporting descriptors: ` + 
+                `${statusPageNotifications.length}. All notification reporting descriptors: ` +
                 `${JSON.stringify(toolExecutionNotifications)}.`
             );
           }

.github/workflows/__export-file-baseline-information.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__extractor-ram-threads.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__go-custom-queries.yml

@@ -25,12 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
-        - os: windows-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -81,12 +75,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -105,11 +97,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,14 +57,10 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
       # We need a Go version that ships with statically linked binaries on Linux
         go-version: '>=1.21.0'
@@ -75,7 +69,7 @@ jobs:
         languages: go
         tools: ${{ steps.prepare-test.outputs.tools-url }}
   # Deliberately change Go after the `init` step
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
         go-version: '1.20'
     - name: Build code

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,14 +57,10 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
       # We need a Go version that ships with statically linked binaries on Linux
         go-version: '>=1.21.0'

.github/workflows/__go-tracing-autobuilder.yml

@@ -25,10 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -65,12 +61,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -89,16 +83,15 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
-        go-version: ~1.21.1
+        go-version: ~1.22.0
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+        cache: false
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -25,10 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -65,12 +61,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -89,16 +83,15 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
-        go-version: ~1.21.1
+        go-version: ~1.22.0
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+        cache: false
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -25,10 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -65,12 +61,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -89,16 +83,15 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v4
+    - uses: actions/setup-go@v5
       with:
-        go-version: ~1.21.1
+        go-version: ~1.22.0
+      # to avoid potentially misleading autobuilder results where we expect it to download
+      # dependencies successfully, but they actually come from a warm cache
+        cache: false
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__init-with-registries.yml

@@ -52,12 +52,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -76,11 +74,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Init with registries

.github/workflows/__javascript-source-root.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Move codeql-action

.github/workflows/__language-aliases.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__multi-language-autodetect.yml

@@ -25,10 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -65,12 +61,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -89,11 +83,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -156,7 +146,7 @@ jobs:
 
     - name: Check language autodetect for Swift
       if: >-
-        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || 
+        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
             (runner.os != 'Windows' && matrix.version == 'nightly-latest')
       shell: bash
       run: |

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -51,12 +51,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -75,11 +73,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -119,6 +113,4 @@ jobs:
           exit 1
         fi
     env:
-      CODEQL_PASS_CONFIG_TO_CLI: true
-
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-config-inputs-js.yml

@@ -51,12 +51,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -75,11 +73,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__packaging-config-js.yml

@@ -51,12 +51,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -75,11 +73,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__packaging-inputs-js.yml

@@ -51,12 +51,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -75,11 +73,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__remote-config.yml

@@ -25,12 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
-        - os: windows-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -81,12 +75,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -105,11 +97,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__resolve-environment-action.yml

@@ -57,12 +57,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -81,11 +79,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__rubocop-multi-language.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Set up Ruby

.github/workflows/__ruby.yml

@@ -45,12 +45,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -69,11 +67,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__scaling-reserved-ram.yml

@@ -25,10 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -65,12 +61,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -89,11 +83,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__split-workflow.yml

@@ -45,12 +45,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -69,11 +67,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__submit-sarif-failure.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: actions/checkout@v4

.github/workflows/__swift-custom-build.yml

@@ -45,12 +45,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -69,11 +67,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__test-autobuild-working-dir.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__test-local-codeql.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Fetch a CodeQL bundle

.github/workflows/__test-proxy.yml

@@ -35,12 +35,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -59,11 +57,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__unset-environment.yml

@@ -25,8 +25,6 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: ubuntu-latest
@@ -49,12 +47,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,11 +69,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__upload-ref-sha-input.yml

@@ -39,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -63,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__with-checkout-path.yml

@@ -25,54 +25,12 @@ jobs:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20220908
-        - os: macos-latest
-          version: stable-20220908
-        - os: windows-latest
-          version: stable-20220908
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: windows-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: windows-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: windows-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: windows-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
         - os: ubuntu-latest
           version: latest
         - os: macos-latest
           version: latest
         - os: windows-latest
           version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
     name: Use a custom `checkout_path`
     permissions:
       contents: read
@@ -81,12 +39,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: >-
         matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20220908' ||
-
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -105,11 +61,7 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: >-
-        runner.os != 'Windows' && (
-            matrix.version == '20220908' ||
-            matrix.version == '20221211'
-        )
+      if: runner.os != 'Windows' && matrix.version == '20221211'
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Delete original checkout
@@ -132,7 +84,6 @@ jobs:
       # it's enough to test one compiled language and one interpreted language
         languages: csharp,javascript
         source-root: x/y/z/some-path/tests/multi-language-repo
-        debug: true
 
     - name: Build code
       shell: bash

.github/workflows/codescanning-config-cli.yml

@@ -3,7 +3,6 @@
 name: Code-Scanning config CLI tests
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  CODEQL_PASS_CONFIG_TO_CLI: true
 
 on:
   push:
@@ -204,15 +203,3 @@ jobs:
         packs: + codeql/javascript-queries
         config-file-test: .github/codeql/other-config-properties.yml
         tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Config not generated when env var is not set
-      if: success() || failure()
-      env:
-        CODEQL_PASS_CONFIG_TO_CLI: false
-      uses: ./../action/.github/actions/check-codescanning-config
-      with:
-        expected-config-file-contents: ""
-        languages: javascript
-        packs: + codeql/javascript-queries
-        config-file-test: .github/codeql/other-config-properties.yml
-        tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/debug-artifacts-failure.yml

@@ -20,15 +20,12 @@ on:
   workflow_dispatch: {}
 jobs:
   upload-artifacts:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
     name: Upload debug artifacts after failure in analyze
     continue-on-error: true
     env:
       CODEQL_ACTION_TEST_MODE: true
     timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
     steps:
       - name: Dump GitHub event
         run: cat "${GITHUB_EVENT_PATH}"
@@ -39,20 +36,9 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: latest
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
-        if: |
-          matrix.os == 'macos-latest' && (
-          matrix.version == 'stable-20220908' ||
-          matrix.version == 'stable-20221211' ||
-          matrix.version == 'stable-20230418' ||
-          matrix.version == 'stable-v2.13.5' ||
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -64,9 +50,11 @@ jobs:
         run: ./build.sh
       - uses: ./../action/analyze
         id: analysis
+        env: 
+          # Forces a failure in this step.
+          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
         with:
           expect-error: true
-          ram: 1
   download-and-check-artifacts:
     name: Download and check debug artifacts after failure in analyze
     needs: upload-artifacts
@@ -78,27 +66,23 @@ jobs:
       - name: Check expected artifacts exist
         shell: bash
         run: |
-          OPERATING_SYSTEMS="ubuntu-latest macos-latest"
           LANGUAGES="cpp csharp go java javascript python"
-          for os in $OPERATING_SYSTEMS; do
-            pushd "./my-debug-artifacts-$os"
-            echo "Artifacts from run on $os:"
-            for language in $LANGUAGES; do
-              echo "- Checking $language"
-              if [[ ! -f "my-db-$language-partial.zip" ]] ; then
-                echo "Missing a partial database bundle for $language"
-                exit 1
-              fi
-              if [[ ! -d "log" ]] ; then
-                echo "Missing database initialization logs"
-                exit 1
-              fi
-              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
-                echo "Missing logs for $language"
-                exit 1
-              fi
-            done
-            popd
+          cd "./my-debug-artifacts"
+          echo "Artifacts from run:"
+          for language in $LANGUAGES; do
+            echo "- Checking $language"
+            if [[ ! -f "my-db-$language-partial.zip" ]] ; then
+              echo "Missing a partial database bundle for $language"
+              exit 1
+            fi
+            if [[ ! -d "log" ]] ; then
+              echo "Missing database initialization logs"
+              exit 1
+            fi
+            if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
+              echo "Missing logs for $language"
+              exit 1
+            fi
           done
         env:
           GO111MODULE: auto

.github/workflows/debug-artifacts.yml

@@ -21,11 +21,7 @@ jobs:
   upload-artifacts:
     strategy:
       matrix:
-        os:
-        - ubuntu-latest
-        - macos-latest
         version:
-        - stable-20220908
         - stable-20221211
         - stable-20230418
         - stable-v2.13.5
@@ -37,7 +33,7 @@ jobs:
     env:
       CODEQL_ACTION_TEST_MODE: true
     timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
@@ -46,20 +42,9 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: ${{ matrix.version }}
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
-        if: |
-          matrix.os == 'macos-latest' && (
-          matrix.version == 'stable-20220908' ||
-          matrix.version == 'stable-20221211' ||
-          matrix.version == 'stable-20230418' ||
-          matrix.version == 'stable-v2.13.5' ||
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
       - uses: ./../action/init
         id: init
         with:
@@ -86,29 +71,27 @@ jobs:
       - name: Check expected artifacts exist
         shell: bash
         run: |
-          VERSIONS="stable-20220908 stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
+          VERSIONS="stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
           LANGUAGES="cpp csharp go java javascript python"
           for version in $VERSIONS; do
-            for os in ubuntu-latest macos-latest; do
-              pushd "./my-debug-artifacts-$os-${version//./}"
-              echo "Artifacts from version $version on $os:"
-              for language in $LANGUAGES; do
-                echo "- Checking $language"
-                if [[ ! -f "$language.sarif" ]] ; then
-                  echo "Missing a SARIF file for $language"
-                  exit 1
-                fi
-                if [[ ! -f "my-db-$language.zip" ]] ; then
-                  echo "Missing a database bundle for $language"
-                  exit 1
-                fi
-                if [[ ! -d "$language/log" ]] ; then
-                  echo "Missing logs for $language"
-                  exit 1
-                fi
-              done
-              popd
+            pushd "./my-debug-artifacts-${version//./}"
+            echo "Artifacts from version $version:"
+            for language in $LANGUAGES; do
+              echo "- Checking $language"
+              if [[ ! -f "$language.sarif" ]] ; then
+                echo "Missing a SARIF file for $language"
+                exit 1
+              fi
+              if [[ ! -f "my-db-$language.zip" ]] ; then
+                echo "Missing a database bundle for $language"
+                exit 1
+              fi
+              if [[ ! -d "$language/log" ]] ; then
+                echo "Missing logs for $language"
+                exit 1
+              fi
             done
+            popd
           done
         env:
           GO111MODULE: auto

.github/workflows/post-release-mergeback.yml

@@ -133,8 +133,8 @@ jobs:
           # Update the version number ready for the next release
           npm version patch --no-git-tag-version
 
-          # Update the changelog
-          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md
+          # Update the changelog, adding a new version heading directly above the most recent existing one
+          awk '!f && /##/{print "'"## [UNRELEASED]\n\nNo user facing changes.\n"'"; f=1}1' CHANGELOG.md > temp && mv temp CHANGELOG.md
           git add .
           git commit -m "Update changelog and version after ${VERSION}"
 

.github/workflows/pr-checks.yml

@@ -15,6 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 45
 
+    strategy:
+      matrix:
+        node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -22,6 +26,28 @@ jobs:
       - name: Lint
         run: npm run-script lint
 
+      - name: Update version of @types/node
+        if: matrix.node-types-version != 'current'
+        env:
+          NODE_TYPES_VERSION: ${{ matrix.node-types-version }}
+        run: |
+          # Export `NODE_TYPES_VERSION` so it's available to jq
+          export NODE_TYPES_VERSION="${NODE_TYPES_VERSION}"
+          contents=$(jq '.devDependencies."@types/node" = env.NODE_TYPES_VERSION' package.json)
+          echo "${contents}" > package.json
+          # Usually we run `npm install` on macOS to ensure that we pick up macOS-only dependencies.
+          # However we're not checking in the updated lockfile here, so it's fine to run
+          # `npm install` on Linux.
+          npm install
+
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git config --global user.email "github-actions@github.com"
+            git config --global user.name "github-actions[bot]"
+            # The period in `git add --all .` ensures that we stage deleted files too.
+            git add --all .
+            git commit -m "Use @types/node=${NODE_TYPES_VERSION}"
+          fi
+
       - name: Check generated JS
         run: .github/workflows/script/check-js.sh
 
@@ -45,7 +71,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 
@@ -69,18 +95,6 @@ jobs:
     timeout-minutes: 45
 
     steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
-        if: |
-          matrix.os == 'macos-latest' && (
-          matrix.version == 'stable-20220908' ||
-          matrix.version == 'stable-20221211' ||
-          matrix.version == 'stable-20230418' ||
-          matrix.version == 'stable-v2.13.5' ||
-          matrix.version == 'stable-v2.14.6')
-        with:
-          python-version: '3.11'
-
       - uses: actions/checkout@v4
       - name: npm test
         run: |
@@ -88,3 +102,44 @@ jobs:
           # we won't be able to find them on Windows.
           npm config set script-shell bash
           npm test
+
+  check-node-version:
+    if: ${{ github.event.pull_request }}
+    name: Check Action Node versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    env:
+      BASE_REF: ${{ github.base_ref }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - id: head-version
+        name: Verify all Actions use the same Node version
+        run: |
+          NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "NODE_VERSION: ${NODE_VERSION}"
+          if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then
+            echo "::error::More than one node version used in 'action.yml' files."
+            exit 1
+          fi
+          echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
+
+      - id: checkout-base
+        name: 'Backport: Check out base ref'
+        if: ${{ startsWith(github.head_ref, 'backport-') }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BASE_REF }}
+
+      - name: 'Backport: Verify Node versions unchanged'
+        if: steps.checkout-base.outcome == 'success'
+        env:
+          HEAD_VERSION: ${{ steps.head-version.outputs.node_version }}
+        run: |
+          BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "HEAD_VERSION: ${HEAD_VERSION}"
+          echo "BASE_VERSION: ${BASE_VERSION}"
+          if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then
+            echo "::error::Cannot change the Node version of an Action in a backport PR."
+            exit 1
+          fi

.github/workflows/python-deps.yml

@@ -36,18 +36,6 @@ jobs:
       PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
-      if: |
-        matrix.os == 'macos-latest' && (
-        matrix.version == 'stable-20220908' ||
-        matrix.version == 'stable-20221211' ||
-        matrix.version == 'stable-20230418' ||
-        matrix.version == 'stable-v2.13.5' ||
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
@@ -151,7 +139,7 @@ jobs:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/python312-windows.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: 3.12
 

.github/workflows/rebuild.yml

@@ -3,6 +3,7 @@ name: Rebuild Action
 on:
   pull_request:
     types: [labeled]
+  workflow_dispatch:
 
 jobs:
   rebuild:
@@ -24,6 +25,23 @@ jobs:
           gh pr edit --repo github/codeql-action "$PR_NUMBER" \
             --remove-label "Rebuild"
 
+      - name: Merge in changes from base branch
+        env:
+          BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
+        run: |
+          git fetch origin "$BASE_BRANCH"
+
+          # Allow merge conflicts in `lib`, since rebuilding should resolve them.
+          git merge "origin/$BASE_BRANCH" || echo "Merge conflicts detected"
+
+          # Check for merge conflicts outside of `lib`. Disable git diff's trailing whitespace check
+          # since `node_modules/@types/semver/README.md` fails it.
+          if git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/'; then
+            echo "Merge conflicts detected outside of lib/ directory. Please resolve them manually."
+            git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/' || true
+            exit 1
+          fi
+
       - name: Compile TypeScript
         run: |
           npm install
@@ -31,7 +49,7 @@ jobs:
           npm run build
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 

.github/workflows/script/update-required-checks.sh

@@ -2,6 +2,11 @@
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+REPO_DIR="$(dirname "$SCRIPT_DIR")"
+GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
+source "$GRANDPARENT_DIR/releases.ini"
+
 if ! gh auth status 2>/dev/null; then
   gh auth status
   echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
@@ -29,7 +34,22 @@ echo "$CHECKS" | jq
 
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 
-for BRANCH in main releases/v2; do
+echo "Updating main"
+gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
+
+# list all branchs on origin remote matching releases/v*
+BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
+
+for BRANCH in $BRANCHES; do
+
+  # strip exact 'releases/v' prefix from $BRANCH using count of characters
+  VERSION="${BRANCH:10}"
+
+  if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
+    echo "Skipping $BRANCH"
+    continue
+  fi
+
   echo "Updating $BRANCH"
   gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action

.gitignore

@@ -1,2 +1,7 @@
 # Ignore for example failing-tests.json from AVA
-node_modules/.cache
+node_modules/.cache/
+# Java build files
+.gradle/
+*.class
+# macOS
+.DS_Store

CHANGELOG.md

@@ -2,10 +2,80 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
+
 ## [UNRELEASED]
 
 No user facing changes.
 
+## 3.24.9 - 22 Mar 2024
+
+- Update default CodeQL bundle version to 2.16.5. [#2203](https://github.com/github/codeql-action/pull/2203)
+
+## 3.24.8 - 18 Mar 2024
+
+- Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. [#2195](https://github.com/github/codeql-action/pull/2195)
+
+## 3.24.7 - 12 Mar 2024
+
+- Update default CodeQL bundle version to 2.16.4. [#2185](https://github.com/github/codeql-action/pull/2185)
+
+## 3.24.6 - 29 Feb 2024
+
+No user facing changes.
+
+## 3.24.5 - 23 Feb 2024
+
+- Update default CodeQL bundle version to 2.16.3. [#2156](https://github.com/github/codeql-action/pull/2156)
+
+## 3.24.4 - 21 Feb 2024
+
+- Fix an issue where an existing, but empty, `/sys/fs/cgroup/cpuset.cpus` file always resulted in a single-threaded run. [#2151](https://github.com/github/codeql-action/pull/2151)
+
+## 3.24.3 - 15 Feb 2024
+
+- Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)
+
+## 3.24.2 - 15 Feb 2024
+
+- Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)
+
+## 3.24.1 - 13 Feb 2024
+
+- Update default CodeQL bundle version to 2.16.2. [#2124](https://github.com/github/codeql-action/pull/2124)
+- The CodeQL action no longer fails if it can't write to the telemetry api endpoint. [#2121](https://github.com/github/codeql-action/pull/2121)
+
+## 3.24.0 - 02 Feb 2024
+
+- CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See [release notes for 3.23.0](#3230---08-jan-2024) for more details. [#2106](https://github.com/github/codeql-action/pull/2106)
+
+## 3.23.2 - 26 Jan 2024
+
+- On Linux, the maximum possible value for the `--threads` option now respects the CPU count as specified in `cgroup` files to more accurately reflect the number of available cores when running in containers. [#2083](https://github.com/github/codeql-action/pull/2083)
+- Update default CodeQL bundle version to 2.16.1. [#2096](https://github.com/github/codeql-action/pull/2096)
+
+## 3.23.1 - 17 Jan 2024
+
+- Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)
+- Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. [#2079](https://github.com/github/codeql-action/pull/2079)
+
+## 3.23.0 - 08 Jan 2024
+
+- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
+- The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
+
+## 3.22.12 - 22 Dec 2023
+
+- Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047)
+
+## 3.22.11 - 13 Dec 2023
+
+- [v3+ only] The CodeQL Action now runs on Node.js v20. [#2006](https://github.com/github/codeql-action/pull/2006)
+
+## 2.22.10 - 12 Dec 2023
+
+- Update default CodeQL bundle version to 2.15.4. [#2016](https://github.com/github/codeql-action/pull/2016)
+
 ## 2.22.9 - 07 Dec 2023
 
 No user facing changes.

CONTRIBUTING.md

@@ -57,18 +57,14 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v3` release branch.
 
     You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
-1. Review the checklist items in the pull request description.
-    Once you've checked off all but the last two of these, approve the PR and automerge it.
-1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
-    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
+1. The workflow run will open a pull request titled "Merge main into releases/v3". Follow the steps on the checklist in the pull request. Once you've checked off all but the last two of these, approve the PR and automerge it.
+1. When the "Merge main into releases/v3" pull request is merged into the `releases/v3` branch, a mergeback pull request to `main` and a backport pull request to `releases/v2` will both be automatically created. This mergeback pull request incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v3" pull request, and bumps the patch version of the CodeQL Action. The backport pull request will incorporate the updates into `releases/v2`.
+1. Approve the mergeback and backport pull requests and automerge them.
 
-    Approve the mergeback PR and automerge it.
-
-Once the mergeback has been merged to `main`, the release is complete.
+Once the mergeback and backport pull request have been merged, the release is complete.
 
 ## Keeping the PR checks up to date (admin access required)
 
@@ -76,7 +72,9 @@ Since the `codeql-action` runs most of its testing through individual Actions wo
 
 1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
 2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
-3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
+3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v2`, and `v3` have been updated.
+
+Note that any updates to checks need to be backported to the `releases/v2` branch, in order to maintain the same set of names for required checks.
 
 ## Deprecating a CodeQL version (write access required)
 
@@ -111,8 +109,8 @@ To deprecate an older version of the Action:
    - Add a changelog note announcing the deprecation.
    - Implement an Actions warning for customers using the deprecated version.
 1. Wait for the deprecation period to pass.
-1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. 
-1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
+1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
+1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
 
 ## Resources
 

README.md

@@ -4,20 +4,11 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ
 
 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).
 
-## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
-Announcement for users of this Action and code scanning workflows on GitHub.com:
-
-- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
-- All code scanning workflows should continue to succeed regardless of the warning.
-- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
-
-For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
-
 ## License
 
 This project is released under the [MIT License](LICENSE).
 
-The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on  private repositories that are owned by an organisation with GitHub Advanced Security enabled.
+The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.
 
 ## Usage
 
@@ -25,6 +16,23 @@ We recommend using default setup to configure CodeQL analysis for your repositor
 
 You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
 
+### Permissions
+
+All advanced setup code scanning workflows must have the `security-events: write` permission. Workflows in private repositories must additionally have the `contents: read` permission. For more information, see "[Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)."
+
+## Supported versions of the CodeQL Action
+
+The following versions of the CodeQL Action are currently supported:
+
+- v3 (latest)
+- v2 (deprecated, support will end on December 5th, 2024)
+
+The only difference between CodeQL Action v2 and v3 is the version of Node.js on which they run. CodeQL Action v3 runs on Node 20, while CodeQL Action v2 runs on Node 16.
+
+To provide the best experience to customers using older versions of GitHub Enterprise Server, we will continue to release CodeQL Action v2 so that these customers can continue to run the latest version of CodeQL as long as their version of GitHub Enterprise Server is supported. For example CodeQL Action v3.22.11 was the first release of CodeQL Action v3 and is functionally identical to v2.22.11. This approach provides an easy way to track exactly which features are included in different versions by looking at the minor and patch version numbers.
+
+For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
+
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).

analyze/action.yml

@@ -52,10 +52,10 @@ inputs:
     # If changing this, make sure to update workflow.ts accordingly.
     default: ${{ github.workspace }}
   ref:
-    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks."
+    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
     required: false
   sha:
-    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is not available in pull requests from forks."
+    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
     required: false
   category:
     description: String used by Code Scanning for matching the analyses
@@ -69,6 +69,8 @@ inputs:
     required: true
     default: "true"
   token:
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    required: false
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
@@ -84,6 +86,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: "node16"
+  using: node20
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -3,6 +3,8 @@ description: 'Attempt to automatically build code'
 author: 'GitHub'
 inputs:
   token:
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    required: false
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
@@ -13,5 +15,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: 'node16'
+  using: node20
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -7,8 +7,33 @@ inputs:
     required: false
     # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
-    description: |
-      A comma-separated value of the languages to be analysed e.g. python,javascript
+    description: >-
+      A comma-separated list of CodeQL languages to analyze.
+
+      Due to the performance benefit of parallelizing builds, we recommend specifying languages to
+      analyze using a matrix and providing `\$\{{ matrix.language }}` as this input.
+
+      For more information, see
+      https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#changing-the-languages-that-are-analyzed.
+    required: false
+  build-mode:
+    description: >-
+      The build mode that will be used to analyze the language. This input is only available when
+      analyzing a single CodeQL language per job, for example using a matrix.
+
+      Available build modes will differ based on the language being analyzed. One of: 
+
+      - `none`:      The database will be created without building the source code.
+                     Available for all interpreted languages and some compiled languages.
+      - `autobuild`: The database will be created by attempting to automatically build the source
+                     code.
+                     To use this build mode, ensure that your workflow calls the `autobuild` action
+                     between the `init` and `analyze` steps.
+                     Available for all compiled languages.
+      - `manual`:   The database will be created by building the source code using a manually
+                     specified build command. To use this build mode, specify manual build steps in
+                     your workflow between the `init` and `analyze` steps. Available for all
+                     compiled languages.
     required: false
   token:
     description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
@@ -53,7 +78,7 @@ inputs:
     required: false
   packs:
     description: >-
-      [Experimental] Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
+      Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
       specified, then the latest version of the pack is used. By default, this overrides the same setting in a
       configuration file; prefix with "+" to use both sets of packs.
 
@@ -109,6 +134,6 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: 'node16'
+  using: node20
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/actions-util.js

@@ -41,7 +41,7 @@ const pkg = require("../package.json");
 const getRequiredInput = function (name) {
     const value = core.getInput(name);
     if (!value) {
-        throw new util_1.UserError(`Input required and not supplied: ${name}`);
+        throw new util_1.ConfigurationError(`Input required and not supplied: ${name}`);
     }
     return value;
 };
@@ -177,7 +177,7 @@ async function getRef() {
     const hasShaInput = !!shaInput;
     // If one of 'ref' or 'sha' are provided, both are required
     if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
-        throw new util_1.UserError("Both 'ref' and 'sha' are required if one of them is provided.");
+        throw new util_1.ConfigurationError("Both 'ref' and 'sha' are required if one of them is provided.");
     }
     const ref = refInput || getRefFromEnv();
     const sha = shaInput || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");

lib/analysis-paths.js

@@ -1,84 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.includeAndExcludeAnalysisPaths = exports.printPathFiltersWarning = exports.legalWindowsPathCharactersRegex = void 0;
-const path = __importStar(require("path"));
-function isInterpretedLanguage(language) {
-    return (language === "javascript" || language === "python" || language === "ruby");
-}
-// Matches a string containing only characters that are legal to include in paths on windows.
-exports.legalWindowsPathCharactersRegex = /^[^<>:"|?]*$/;
-// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
-function buildIncludeExcludeEnvVar(paths) {
-    // Ignore anything containing a *
-    paths = paths.filter((p) => p.indexOf("*") === -1);
-    // Some characters are illegal in path names in windows
-    if (process.platform === "win32") {
-        paths = paths.filter((p) => p.match(exports.legalWindowsPathCharactersRegex));
-    }
-    return paths.join("\n");
-}
-function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript/python/ruby.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) &&
-        !config.languages.every(isInterpretedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
-    }
-}
-exports.printPathFiltersWarning = printPathFiltersWarning;
-function includeAndExcludeAnalysisPaths(config) {
-    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
-    // control which files/directories are traversed when scanning.
-    // This allows including files that otherwise would not be scanned, or
-    // excluding and not traversing entire file subtrees.
-    // It does not understand globs or double-globs because that would require it to
-    // traverse the entire file tree to determine which files are matched.
-    // Any paths containing "*" are not included in these.
-    if (config.paths.length !== 0) {
-        process.env["LGTM_INDEX_INCLUDE"] = buildIncludeExcludeEnvVar(config.paths);
-    }
-    // If the temporary or tools directory is in the working directory ignore that too.
-    const tempRelativeToWorking = path.relative(process.cwd(), config.tempDir);
-    let pathsIgnore = config.pathsIgnore;
-    if (!tempRelativeToWorking.startsWith("..") &&
-        !path.isAbsolute(tempRelativeToWorking)) {
-        pathsIgnore = pathsIgnore.concat(tempRelativeToWorking);
-    }
-    if (pathsIgnore.length !== 0) {
-        process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(pathsIgnore);
-    }
-    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
-    // extracted or ignored. It does not control which directories are traversed.
-    // This does understand the glob and double-glob syntax.
-    const filters = [];
-    filters.push(...config.paths.map((p) => `include:${p}`));
-    filters.push(...config.pathsIgnore.map((p) => `exclude:${p}`));
-    if (filters.length !== 0) {
-        process.env["LGTM_INDEX_FILTERS"] = filters.join("\n");
-    }
-}
-exports.includeAndExcludeAnalysisPaths = includeAndExcludeAnalysisPaths;
-//# sourceMappingURL=analysis-paths.js.map

lib/analysis-paths.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IACE,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC;QACvC,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACvC,CAAC;QACD,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAC7E,CAAC;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAjCD,wEAiCC"}

lib/analysis-paths.test.js

@@ -1,124 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const path = __importStar(require("path"));
-const ava_1 = __importDefault(require("ava"));
-const analysisPaths = __importStar(require("./analysis-paths"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-(0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("emptyPaths", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const config = {
-            languages: [],
-            queries: {},
-            pathsIgnore: [],
-            paths: [],
-            originalUserInput: {},
-            tempDir: tmpDir,
-            codeQLCmd: "",
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
-            dbLocation: path.resolve(tmpDir, "codeql_databases"),
-            packs: {},
-            debugMode: false,
-            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            augmentationProperties: {
-                injectedMlQueries: false,
-                packsInputCombines: false,
-                queriesInputCombines: false,
-            },
-            trapCaches: {},
-            trapCacheDownloadTime: 0,
-        };
-        analysisPaths.includeAndExcludeAnalysisPaths(config);
-        t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
-        t.is(process.env["LGTM_INDEX_EXCLUDE"], undefined);
-        t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
-    });
-});
-(0, ava_1.default)("nonEmptyPaths", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const config = {
-            languages: [],
-            queries: {},
-            paths: ["path1", "path2", "**/path3"],
-            pathsIgnore: ["path4", "path5", "path6/**"],
-            originalUserInput: {},
-            tempDir: tmpDir,
-            codeQLCmd: "",
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
-            dbLocation: path.resolve(tmpDir, "codeql_databases"),
-            packs: {},
-            debugMode: false,
-            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            augmentationProperties: {
-                injectedMlQueries: false,
-                packsInputCombines: false,
-                queriesInputCombines: false,
-            },
-            trapCaches: {},
-            trapCacheDownloadTime: 0,
-        };
-        analysisPaths.includeAndExcludeAnalysisPaths(config);
-        t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
-        t.is(process.env["LGTM_INDEX_EXCLUDE"], "path4\npath5");
-        t.is(process.env["LGTM_INDEX_FILTERS"], "include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**");
-    });
-});
-(0, ava_1.default)("exclude temp dir", async (t) => {
-    const tempDir = path.join(process.cwd(), "codeql-runner-temp");
-    const config = {
-        languages: [],
-        queries: {},
-        pathsIgnore: [],
-        paths: [],
-        originalUserInput: {},
-        tempDir,
-        codeQLCmd: "",
-        gitHubVersion: { type: util.GitHubVariant.DOTCOM },
-        dbLocation: path.resolve(tempDir, "codeql_databases"),
-        packs: {},
-        debugMode: false,
-        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            injectedMlQueries: false,
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
-        trapCaches: {},
-        trapCacheDownloadTime: 0,
-    };
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
-    t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
-    t.is(process.env["LGTM_INDEX_EXCLUDE"], "codeql-runner-temp");
-    t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
-});
-//# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,OAAO;QACP,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;QACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;QACrD,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,KAAK;QAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,sBAAsB,EAAE;YACtB,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,KAAK;YACzB,oBAAoB,EAAE,KAAK;SAC5B;QACD,UAAU,EAAE,EAAE;QACd,qBAAqB,EAAE,CAAC;KACzB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -50,7 +50,7 @@ const util = __importStar(require("./util"));
         sinon
             .stub(statusReport, "createStatusReportBase")
             .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves(true);
+        sinon.stub(statusReport, "sendStatusReport").resolves();
         sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
         const gitHubVersion = {
             type: util.GitHubVariant.DOTCOM,

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -50,7 +50,7 @@ const util = __importStar(require("./util"));
         sinon
             .stub(statusReport, "createStatusReportBase")
             .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves(true);
+        sinon.stub(statusReport, "sendStatusReport").resolves();
         const gitHubVersion = {
             type: util.GitHubVariant.DOTCOM,
         };

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-post.js

@@ -31,10 +31,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
 const util_1 = require("./util");
 async function runWrapper() {
     try {
         await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
+        // Also run the upload-sarif post action since we're potentially running
+        // the same steps in the analyze action.
+        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
     }
     catch (error) {
         core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAC7E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -31,7 +31,6 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
-const safe_which_1 = require("@chrisgavin/safe-which");
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze_1 = require("./analyze");
 const api_client_1 = require("./api-client");
@@ -39,7 +38,6 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
-const diagnostics_1 = require("./diagnostics");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -50,10 +48,9 @@ const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
     const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)("finish", status, startedAt, await util.checkDiskUsage(), error?.message, error?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
     const report = {
         ...statusReportBase,
         ...(stats || {}),
@@ -112,6 +109,10 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
     if (!config.languages.includes(languages_1.Language.go)) {
         return;
     }
+    if (config.buildMode) {
+        logger.debug("Skipping legacy Go autobuild since a build mode has been specified.");
+        return;
+    }
     if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] === "true") {
         logger.debug("Won't run Go autobuild since it has already been run.");
         return;
@@ -144,46 +145,23 @@ async function run() {
     util.initializeEnvironment(actionsUtil.getActionVersion());
     const logger = (0, logging_1.getActionsLogger)();
     try {
-        if (!(await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)("finish", "starting", startedAt, await util.checkDiskUsage(logger))))) {
-            return;
-        }
+        await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger));
         config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
         if (hasBadExpectErrorInput()) {
-            throw new util.UserError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
+            throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
-        // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
-        // the setup tasks do not interfere with our analysis.
-        // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
-        // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
-        // thus potentially circumventing our workaround that allows tracing to work.
-        const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
-        if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
-            goInitPath !== undefined) {
-            const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
-            if (goInitPath !== goBinaryPath) {
-                core.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
-                (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
-                    markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
-                    visibility: {
-                        statusPage: true,
-                        telemetry: true,
-                        cliSummaryTable: true,
-                    },
-                    severity: "warning",
-                }));
-            }
-        }
+        await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, features);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
@@ -200,7 +178,7 @@ async function run() {
         core.setOutput("sarif-output", path_1.default.resolve(outputDir));
         const uploadInput = actionsUtil.getOptionalInput("upload");
         if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger, { considerInvalidRequestUserError: false });
+            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
             core.setOutput("sarif-id", uploadResult.sarifID);
         }
         else {
@@ -215,7 +193,7 @@ async function run() {
         trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
         // We don't upload results in test mode, so don't wait for processing
         if (util.isInTestMode()) {
-            core.debug("In test mode. Waiting for processing is disabled.");
+            logger.debug("In test mode. Waiting for processing is disabled.");
         }
         else if (uploadResult !== undefined &&
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
@@ -228,7 +206,7 @@ async function run() {
         core.exportVariable(environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
     }
     catch (unwrappedError) {
-        const error = (0, util_1.wrapError)(unwrappedError);
+        const error = util.wrapError(unwrappedError);
         if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
             hasBadExpectErrorInput()) {
             core.setFailed(error.message);
@@ -261,9 +239,9 @@ async function runWrapper() {
         await exports.runPromise;
     }
     catch (error) {
-        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`analyze action failed: ${util.wrapError(error).message}`);
     }
-    await (0, util_1.checkForTimeout)();
+    await util.checkForTimeout();
 }
 void runWrapper();
 //# sourceMappingURL=analyze-action.js.map

lib/analyze.js

@@ -26,22 +26,25 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateQueryFilters = exports.runCleanup = exports.runFinalize = exports.createQuerySuiteContents = exports.convertPackToQuerySuiteEntry = exports.runQueries = exports.dbIsFinalized = exports.createdDBForScannedLanguages = exports.CodeQLAnalysisError = void 0;
+exports.runCleanup = exports.warnIfGoInstalledAfterInit = exports.runFinalize = exports.runQueries = exports.dbIsFinalized = exports.runExtraction = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
+const safe_which_1 = require("@chrisgavin/safe-which");
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
-const analysisPaths = __importStar(require("./analysis-paths"));
+const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
-const configUtils = __importStar(require("./config-utils"));
+const config_utils_1 = require("./config-utils");
+const diagnostics_1 = require("./diagnostics");
+const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
+const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
     constructor(queriesStatusReport, message) {
         super(message);
@@ -56,7 +59,7 @@ async function setupPythonExtractor(logger, features, codeql) {
         // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
         return;
     }
-    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
+    if (await (0, feature_flags_1.isPythonDependencyInstallationDisabled)(codeql, features)) {
         logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
             "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
         return;
@@ -78,23 +81,56 @@ async function setupPythonExtractor(logger, features, codeql) {
     logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
     process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
 }
-async function createdDBForScannedLanguages(codeql, config, logger, features) {
-    // Insert the LGTM_INDEX_X env vars at this point so they are set when
-    // we extract any scanned languages.
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
+async function runExtraction(codeql, config, logger, features) {
     for (const language of config.languages) {
-        if ((0, languages_1.isScannedLanguage)(language) &&
-            !dbIsFinalized(config, language, logger)) {
+        if (dbIsFinalized(config, language, logger)) {
+            logger.debug(`Database for ${language} has already been finalized, skipping extraction.`);
+            continue;
+        }
+        if (shouldExtractLanguage(config, language)) {
             logger.startGroup(`Extracting ${language}`);
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger, features, codeql);
             }
-            await codeql.extractScannedLanguage(config, language);
+            if (config.buildMode &&
+                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+                if (language === languages_1.Language.cpp &&
+                    config.buildMode === config_utils_1.BuildMode.Autobuild) {
+                    await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
+                }
+                try {
+                    await codeql.extractUsingBuildMode(config, language);
+                }
+                catch (e) {
+                    if (config.buildMode === config_utils_1.BuildMode.Autobuild) {
+                        const prefix = "We were unable to automatically build your code. " +
+                            "Please change the build mode for this language to manual and specify build steps " +
+                            "for your project. For more information, see " +
+                            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
+                        const ErrorConstructor = e instanceof util.ConfigurationError
+                            ? util.ConfigurationError
+                            : Error;
+                        throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
+                    }
+                    else {
+                        throw e;
+                    }
+                }
+            }
+            else {
+                await codeql.extractScannedLanguage(config, language);
+            }
             logger.endGroup();
         }
     }
 }
-exports.createdDBForScannedLanguages = createdDBForScannedLanguages;
+exports.runExtraction = runExtraction;
+function shouldExtractLanguage(config, language) {
+    return (config.buildMode === config_utils_1.BuildMode.None ||
+        (config.buildMode === config_utils_1.BuildMode.Autobuild &&
+            process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") ||
+        (!config.buildMode && (0, languages_1.isScannedLanguage)(language)));
+}
 function dbIsFinalized(config, language, logger) {
     const dbPath = util.getCodeQLDatabasePath(config, language);
     try {
@@ -110,7 +146,7 @@ exports.dbIsFinalized = dbIsFinalized;
 async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     const extractionStart = perf_hooks_1.performance.now();
-    await createdDBForScannedLanguages(codeql, config, logger, features);
+    await runExtraction(codeql, config, logger, features);
     const extractionTime = perf_hooks_1.performance.now() - extractionStart;
     const trapImportStart = perf_hooks_1.performance.now();
     for (const language of config.languages) {
@@ -119,7 +155,7 @@ async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger,
         }
         else {
             logger.startGroup(`Finalizing ${language}`);
-            await codeql.finalizeDatabase(util.getCodeQLDatabasePath(config, language), threadsFlag, memoryFlag);
+            await codeql.finalizeDatabase(util.getCodeQLDatabasePath(config, language), threadsFlag, memoryFlag, config.debugMode);
             logger.endGroup();
         }
     }
@@ -134,88 +170,30 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     const statusReport = {};
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     const queryFlags = [memoryFlag, threadsFlag];
-    await (0, feature_flags_1.logCodeScanningConfigInCli)(codeql, features, logger);
     for (const language of config.languages) {
-        const queries = config.queries[language];
-        const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
-        const packsWithVersion = config.packs[language] || [];
         try {
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
-            let startTimeInterpretResults;
-            let endTimeInterpretResults;
-            if (await (0, feature_flags_1.useCodeScanningConfigInCli)(codeql, features)) {
-                // If we are using the code scanning config in the CLI,
-                // much of the work needed to generate the query suites
-                // is done in the CLI. We just need to make a single
-                // call to run all the queries for each language and
-                // another to interpret the results.
-                logger.startGroup(`Running queries for ${language}`);
-                const startTimeBuiltIn = new Date().getTime();
-                await runQueryGroup(language, "all", undefined, undefined, true);
-                // TODO should not be using `builtin` here. We should be using `all` instead.
-                // The status report does not support `all` yet.
-                statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
-                    new Date().getTime() - startTimeBuiltIn;
-                logger.startGroup(`Interpreting results for ${language}`);
-                startTimeInterpretResults = new Date();
-                const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
-                endTimeInterpretResults = new Date();
-                statusReport[`interpret_results_${language}_duration_ms`] =
-                    endTimeInterpretResults.getTime() -
-                        startTimeInterpretResults.getTime();
-                logger.endGroup();
-                logger.info(analysisSummary);
-            }
-            else {
-                // config was generated by the action, so must be interpreted by the action.
-                const hasBuiltinQueries = queries?.builtin.length > 0;
-                const hasCustomQueries = queries?.custom.length > 0;
-                const hasPackWithCustomQueries = packsWithVersion.length > 0;
-                if (!hasBuiltinQueries &&
-                    !hasCustomQueries &&
-                    !hasPackWithCustomQueries) {
-                    throw new util_1.UserError(`Unable to analyze ${language} as no queries were selected for this language`);
-                }
-                const customQueryIndices = [];
-                for (let i = 0; i < queries.custom.length; ++i) {
-                    if (queries.custom[i].queries.length > 0) {
-                        customQueryIndices.push(i);
-                    }
-                }
-                logger.startGroup(`Running queries for ${language}`);
-                const querySuitePaths = [];
-                if (queries.builtin.length > 0) {
-                    const startTimeBuiltIn = new Date().getTime();
-                    querySuitePaths.push((await runQueryGroup(language, "builtin", createQuerySuiteContents(queries.builtin, queryFilters), undefined, customQueryIndices.length === 0 && packsWithVersion.length === 0)));
-                    statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
-                        new Date().getTime() - startTimeBuiltIn;
-                }
-                const startTimeCustom = new Date().getTime();
-                let ranCustom = false;
-                for (const i of customQueryIndices) {
-                    querySuitePaths.push((await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries.custom[i].queries, queryFilters), queries.custom[i].searchPath, i === customQueryIndices[customQueryIndices.length - 1] &&
-                        packsWithVersion.length === 0)));
-                    ranCustom = true;
-                }
-                if (packsWithVersion.length > 0) {
-                    querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters, true));
-                    ranCustom = true;
-                }
-                if (ranCustom) {
-                    statusReport[`analyze_custom_queries_${language}_duration_ms`] =
-                        new Date().getTime() - startTimeCustom;
-                }
-                logger.endGroup();
-                logger.startGroup(`Interpreting results for ${language}`);
-                startTimeInterpretResults = new Date();
-                const analysisSummary = await runInterpretResults(language, querySuitePaths, sarifFile, config.debugMode);
-                endTimeInterpretResults = new Date();
-                statusReport[`interpret_results_${language}_duration_ms`] =
-                    endTimeInterpretResults.getTime() -
-                        startTimeInterpretResults.getTime();
-                logger.endGroup();
-                logger.info(analysisSummary);
-            }
+            // The work needed to generate the query suites
+            // is done in the CLI. We just need to make a single
+            // call to run all the queries for each language and
+            // another to interpret the results.
+            logger.startGroup(`Running queries for ${language}`);
+            const startTimeRunQueries = new Date().getTime();
+            const databasePath = util.getCodeQLDatabasePath(config, language);
+            await codeql.databaseRunQueries(databasePath, queryFlags);
+            logger.debug(`Finished running queries for ${language}.`);
+            // TODO should not be using `builtin` here. We should be using `all` instead.
+            // The status report does not support `all` yet.
+            statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
+                new Date().getTime() - startTimeRunQueries;
+            logger.startGroup(`Interpreting results for ${language}`);
+            const startTimeInterpretResults = new Date();
+            const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+            const endTimeInterpretResults = new Date();
+            statusReport[`interpret_results_${language}_duration_ms`] =
+                endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();
+            logger.endGroup();
+            logger.info(analysisSummary);
             if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
                 const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
                 const perQueryAlertCountEventReport = {
@@ -271,54 +249,8 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         const databasePath = util.getCodeQLDatabasePath(config, language);
         return await codeql.databasePrintBaseline(databasePath);
     }
-    async function runQueryGroup(language, type, querySuiteContents, searchPath, optimizeForLastQueryRun) {
-        const databasePath = util.getCodeQLDatabasePath(config, language);
-        // Pass the queries to codeql using a file instead of using the command
-        // line to avoid command line length restrictions, particularly on windows.
-        const querySuitePath = querySuiteContents
-            ? `${databasePath}-queries-${type}.qls`
-            : undefined;
-        if (querySuiteContents && querySuitePath) {
-            fs.writeFileSync(querySuitePath, querySuiteContents);
-            logger.debug(`Query suite file for ${language}-${type}...\n${querySuiteContents}`);
-        }
-        await codeql.databaseRunQueries(databasePath, searchPath, querySuitePath, queryFlags, optimizeForLastQueryRun, features);
-        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
-        return querySuitePath;
-    }
-    async function runQueryPacks(language, type, packs, queryFilters, optimizeForLastQueryRun) {
-        const databasePath = util.getCodeQLDatabasePath(config, language);
-        for (const pack of packs) {
-            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
-        }
-        // combine the list of packs into a query suite in order to run them all simultaneously.
-        const querySuite = packs.map(convertPackToQuerySuiteEntry).concat(queryFilters);
-        const querySuitePath = `${databasePath}-queries-${type}.qls`;
-        fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
-        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
-        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, queryFlags, optimizeForLastQueryRun, features);
-        return querySuitePath;
-    }
 }
 exports.runQueries = runQueries;
-function convertPackToQuerySuiteEntry(packStr) {
-    const pack = configUtils.parsePacksSpecification(packStr);
-    return {
-        qlpack: !pack.path ? pack.name : undefined,
-        from: pack.path ? pack.name : undefined,
-        version: pack.version,
-        query: pack.path?.endsWith(".ql") ? pack.path : undefined,
-        queries: !pack.path?.endsWith(".ql") && !pack.path?.endsWith(".qls")
-            ? pack.path
-            : undefined,
-        apply: pack.path?.endsWith(".qls") ? pack.path : undefined,
-    };
-}
-exports.convertPackToQuerySuiteEntry = convertPackToQuerySuiteEntry;
-function createQuerySuiteContents(queries, queryFilters) {
-    return yaml.dump(queries.map((q) => ({ query: q })).concat(queryFilters));
-}
-exports.createQuerySuiteContents = createQuerySuiteContents;
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, features) {
     try {
         await (0, del_1.default)(outputDir, { force: true });
@@ -340,6 +272,32 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, f
     return timings;
 }
 exports.runFinalize = runFinalize;
+async function warnIfGoInstalledAfterInit(config, logger) {
+    // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
+    // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
+    // the setup tasks do not interfere with our analysis.
+    // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
+    // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
+    // thus potentially circumventing our workaround that allows tracing to work.
+    const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
+    if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
+        goInitPath !== undefined) {
+        const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
+        if (goInitPath !== goBinaryPath) {
+            logger.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
+            (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
+                markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
+                visibility: {
+                    statusPage: true,
+                    telemetry: true,
+                    cliSummaryTable: true,
+                },
+                severity: "warning",
+            }));
+        }
+    }
+}
+exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
 async function runCleanup(config, cleanupLevel, logger) {
     logger.startGroup("Cleaning up databases");
     for (const language of config.languages) {
@@ -350,28 +308,4 @@ async function runCleanup(config, cleanupLevel, logger) {
     logger.endGroup();
 }
 exports.runCleanup = runCleanup;
-// exported for testing
-function validateQueryFilters(queryFilters) {
-    if (!queryFilters) {
-        return [];
-    }
-    if (!Array.isArray(queryFilters)) {
-        throw new util_1.UserError(`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`);
-    }
-    const errors = [];
-    for (const qf of queryFilters) {
-        const keys = Object.keys(qf);
-        if (keys.length !== 1) {
-            errors.push(`Query filter must have exactly one key: ${JSON.stringify(qf)}`);
-        }
-        if (!["exclude", "include"].includes(keys[0])) {
-            errors.push(`Only "include" or "exclude" filters are allowed:\n${JSON.stringify(qf)}`);
-        }
-    }
-    if (errors.length) {
-        throw new util_1.UserError(`Invalid query filter.\n${errors.join("\n")}`);
-    }
-    return queryFilters;
-}
-exports.validateQueryFilters = validateQueryFilters;
 //# sourceMappingURL=analyze.js.map

lib/analyze.test.js

@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
-const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
@@ -40,31 +39,23 @@ const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
-/** Checks that the duration fields are populated for the correct language
- * and correct case of builtin or custom. Also checks the correct search
- * paths are set in the database analyze invocation.
+/**
+ * Checks the status report produced by the analyze Action.
  *
- * Mocks the QA telemetry feature flag and checks the appropriate status report
- * fields.
+ * - Checks that the duration fields are populated for the correct language.
+ * - Checks that the QA telemetry status report fields are populated when the QA feature flag is enabled.
  */
-(0, ava_1.default)("status report fields and search path setting", async (t) => {
-    let searchPathsUsed = [];
+(0, ava_1.default)("status report fields", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const memoryFlag = "";
         const addSnippetsFlag = "";
         const threadsFlag = "";
-        const packs = {
-            [languages_1.Language.cpp]: ["a/b@1.0.0"],
-            [languages_1.Language.java]: ["c/d@2.0.0"],
-        };
         sinon.stub(uploadLib, "validateSarifFileSchema");
         for (const language of Object.values(languages_1.Language)) {
             (0, codeql_1.setCodeQL)({
+                databaseRunQueries: async () => { },
                 packDownload: async () => ({ packs: [] }),
-                databaseRunQueries: async (_db, searchPath) => {
-                    searchPathsUsed.push(searchPath);
-                },
                 databaseInterpretResults: async (_db, _queriesRun, sarifFile) => {
                     fs.writeFileSync(sarifFile, JSON.stringify({
                         runs: [
@@ -104,369 +95,26 @@ const util = __importStar(require("./util"));
                 },
                 databasePrintBaseline: async () => "",
             });
-            searchPathsUsed = [];
-            const config = {
+            const config = (0, testing_utils_1.createTestConfig)({
                 languages: [language],
-                queries: {},
-                pathsIgnore: [],
-                paths: [],
-                originalUserInput: {},
                 tempDir: tmpDir,
-                codeQLCmd: "",
-                gitHubVersion: {
-                    type: util.GitHubVariant.DOTCOM,
-                },
                 dbLocation: path.resolve(tmpDir, "codeql_databases"),
-                packs,
-                debugMode: false,
-                debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-                debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-                augmentationProperties: {
-                    packsInputCombines: false,
-                    queriesInputCombines: false,
-                },
-                trapCaches: {},
-                trapCacheDownloadTime: 0,
-            };
+            });
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
             });
-            config.queries[language] = {
-                builtin: ["foo.ql"],
-                custom: [],
-            };
-            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
-            const hasPacks = language in packs;
-            const statusReportKeys = Object.keys(builtinStatusReport).sort();
-            if (hasPacks) {
-                t.deepEqual(statusReportKeys.length, 4, statusReportKeys.toString());
-                t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
-                t.deepEqual(statusReportKeys[1], `analyze_custom_queries_${language}_duration_ms`);
-                t.deepEqual(statusReportKeys[2], "event_reports");
-                t.deepEqual(statusReportKeys[3], `interpret_results_${language}_duration_ms`);
-            }
-            else {
-                t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
-                t.deepEqual(statusReportKeys[1], "event_reports");
-                t.deepEqual(statusReportKeys[2], `interpret_results_${language}_duration_ms`);
-            }
-            if (builtinStatusReport.event_reports) {
-                for (const eventReport of builtinStatusReport.event_reports) {
-                    t.deepEqual(eventReport.event, "codeql database interpret-results");
-                    t.true("properties" in eventReport);
-                    t.true("alertCounts" in eventReport.properties);
-                }
-            }
-            config.queries[language] = {
-                builtin: [],
-                custom: [
-                    {
-                        queries: ["foo.ql"],
-                        searchPath: "/1",
-                    },
-                    {
-                        queries: ["bar.ql"],
-                        searchPath: "/2",
-                    },
-                ],
-            };
-            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
-            t.deepEqual(Object.keys(customStatusReport).length, 3);
-            t.true(`analyze_custom_queries_${language}_duration_ms` in customStatusReport);
-            const expectedSearchPathsUsed = hasPacks
-                ? [undefined, undefined, "/1", "/2", undefined]
-                : [undefined, "/1", "/2"];
-            t.deepEqual(searchPathsUsed, expectedSearchPathsUsed);
-            t.true(`interpret_results_${language}_duration_ms` in customStatusReport);
-            t.true("event_reports" in customStatusReport);
-            if (customStatusReport.event_reports) {
-                for (const eventReport of customStatusReport.event_reports) {
-                    t.deepEqual(eventReport.event, "codeql database interpret-results");
-                    t.true("properties" in eventReport);
-                    t.true("alertCounts" in eventReport.properties);
-                }
+            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            t.deepEqual(Object.keys(statusReport).sort(), [
+                `analyze_builtin_queries_${language}_duration_ms`,
+                "event_reports",
+                `interpret_results_${language}_duration_ms`,
+            ]);
+            for (const eventReport of statusReport.event_reports) {
+                t.deepEqual(eventReport.event, "codeql database interpret-results");
+                t.true("properties" in eventReport);
+                t.true("alertCounts" in eventReport.properties);
             }
         }
-        verifyQuerySuites(tmpDir);
     });
-    function verifyQuerySuites(tmpDir) {
-        const qlsContent = [
-            {
-                query: "foo.ql",
-            },
-        ];
-        const qlsContent2 = [
-            {
-                query: "bar.ql",
-            },
-        ];
-        for (const lang of Object.values(languages_1.Language)) {
-            t.deepEqual(readContents(`${lang}-queries-builtin.qls`), qlsContent);
-            t.deepEqual(readContents(`${lang}-queries-custom-0.qls`), qlsContent);
-            t.deepEqual(readContents(`${lang}-queries-custom-1.qls`), qlsContent2);
-        }
-        function readContents(name) {
-            const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");
-            console.log(x);
-            return yaml.load(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
-        }
-    }
-});
-function mockCodeQL() {
-    return {
-        getVersion: async () => (0, testing_utils_1.makeVersionInfo)("1.0.0"),
-        databaseRunQueries: sinon.spy(),
-        databaseInterpretResults: async () => "",
-        databasePrintBaseline: async () => "",
-    };
-}
-function createBaseConfig(tmpDir) {
-    return {
-        languages: [],
-        queries: {},
-        pathsIgnore: [],
-        paths: [],
-        originalUserInput: {},
-        tempDir: "tempDir",
-        codeQLCmd: "",
-        gitHubVersion: {
-            type: util.GitHubVariant.DOTCOM,
-        },
-        dbLocation: path.resolve(tmpDir, "codeql_databases"),
-        packs: {},
-        debugMode: false,
-        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
-        trapCaches: {},
-        trapCacheDownloadTime: 0,
-    };
-}
-function createQueryConfig(builtin, custom) {
-    return {
-        builtin,
-        custom: custom.map((c) => ({ searchPath: "/search", queries: [c] })),
-    };
-}
-async function runQueriesWithConfig(config, features) {
-    for (const language of config.languages) {
-        fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
-            recursive: true,
-        });
-    }
-    return (0, analyze_1.runQueries)("sarif-folder", "--memFlag", "--addSnippetsFlag", "--threadsFlag", undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)(features));
-}
-function getDatabaseRunQueriesCalls(mock) {
-    return mock.databaseRunQueries.getCalls();
-}
-(0, ava_1.default)("optimizeForLastQueryRun for one language", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp];
-        config.queries.cpp = createQueryConfig(["foo.ql"], []);
-        await runQueriesWithConfig(config, []);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
-    });
-});
-(0, ava_1.default)("optimizeForLastQueryRun for two languages", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
-        config.queries.cpp = createQueryConfig(["foo.ql"], []);
-        config.queries.java = createQueryConfig(["bar.ql"], []);
-        await runQueriesWithConfig(config, []);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
-    });
-});
-(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
-        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
-        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
-        await runQueriesWithConfig(config, []);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, true, false, true]);
-    });
-});
-(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries and packs", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
-        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
-        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
-        config.packs.cpp = ["a/cpp-pack1@0.1.0"];
-        config.packs.java = ["b/java-pack1@0.2.0", "b/java-pack2@0.3.3"];
-        await runQueriesWithConfig(config, []);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, false, true, false, false, true]);
-    });
-});
-(0, ava_1.default)("optimizeForLastQueryRun for one language, CliConfigFileEnabled", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp];
-        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
-    });
-});
-(0, ava_1.default)("optimizeForLastQueryRun for two languages, CliConfigFileEnabled", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        const codeql = mockCodeQL();
-        (0, codeql_1.setCodeQL)(codeql);
-        const config = createBaseConfig(tmpDir);
-        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
-        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
-        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
-    });
-});
-(0, ava_1.default)("validateQueryFilters", (t) => {
-    t.notThrows(() => (0, analyze_1.validateQueryFilters)([]));
-    t.notThrows(() => (0, analyze_1.validateQueryFilters)(undefined));
-    t.notThrows(() => {
-        return (0, analyze_1.validateQueryFilters)([
-            {
-                exclude: {
-                    "problem.severity": "recommendation",
-                },
-            },
-            {
-                exclude: {
-                    "tags contain": ["foo", "bar"],
-                },
-            },
-            {
-                include: {
-                    "problem.severity": "something-to-think-about",
-                },
-            },
-            {
-                include: {
-                    "tags contain": ["baz", "bop"],
-                },
-            },
-        ]);
-    });
-    t.throws(() => {
-        return (0, analyze_1.validateQueryFilters)([
-            {
-                exclude: {
-                    "tags contain": ["foo", "bar"],
-                },
-                include: {
-                    "tags contain": ["baz", "bop"],
-                },
-            },
-        ]);
-    }, { message: /Query filter must have exactly one key/ });
-    t.throws(() => {
-        return (0, analyze_1.validateQueryFilters)([{ xxx: "foo" }]);
-    }, { message: /Only "include" or "exclude" filters are allowed/ });
-    t.throws(() => {
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
-        return (0, analyze_1.validateQueryFilters)({ exclude: "foo" });
-    }, {
-        message: /Query filters must be an array of "include" or "exclude" entries/,
-    });
-});
-const convertPackToQuerySuiteEntryMacro = ava_1.default.macro({
-    exec: (t, packSpec, suiteEntry) => t.deepEqual((0, analyze_1.convertPackToQuerySuiteEntry)(packSpec), suiteEntry),
-    title: (_providedTitle, packSpec) => `Query Suite Entry: ${packSpec}`,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b", {
-    qlpack: "a/b",
-    from: undefined,
-    version: undefined,
-    query: undefined,
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3", {
-    qlpack: "a/b",
-    from: undefined,
-    version: "~1.2.3",
-    query: undefined,
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: undefined,
-    queries: "my/path",
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: undefined,
-    queries: "my/path",
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/query.ql", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: "my/path/query.ql",
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/query.ql", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: "my/path/query.ql",
-    queries: undefined,
-    apply: undefined,
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/suite.qls", {
-    qlpack: undefined,
-    from: "a/b",
-    version: undefined,
-    query: undefined,
-    queries: undefined,
-    apply: "my/path/suite.qls",
-});
-(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/suite.qls", {
-    qlpack: undefined,
-    from: "a/b",
-    version: "~1.2.3",
-    query: undefined,
-    queries: undefined,
-    apply: "my/path/suite.qls",
-});
-(0, ava_1.default)("convertPackToQuerySuiteEntry Failure", (t) => {
-    t.throws(() => (0, analyze_1.convertPackToQuerySuiteEntry)("this-is-not-a-pack"));
-});
-(0, ava_1.default)("createQuerySuiteContents", (t) => {
-    const yamlResult = (0, analyze_1.createQuerySuiteContents)(["query1.ql", "query2.ql"], [
-        {
-            exclude: { "problem.severity": "recommendation" },
-        },
-        {
-            include: { "problem.severity": "recommendation" },
-        },
-    ]);
-    const expected = `- query: query1.ql
-- query: query2.ql
-- exclude:
-    problem.severity: recommendation
-- include:
-    problem.severity: recommendation
-`;
-    t.deepEqual(yamlResult, expected);
 });
 //# sourceMappingURL=analyze.test.js.map

lib/api-client.js

@@ -78,9 +78,6 @@ async function getGitHubVersionFromApi(apiClient, apiDetails) {
     if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === undefined) {
         return { type: util_1.GitHubVariant.DOTCOM };
     }
-    if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "GitHub AE") {
-        return { type: util_1.GitHubVariant.GHAE };
-    }
     if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "ghe.com") {
         return { type: util_1.GitHubVariant.GHE_DOTCOM };
     }

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,WAAW,EAAE,CAAC;QACvE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AA7BD,0DA6BC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AAzBD,0DAyBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}

lib/api-client.test.js

@@ -92,15 +92,6 @@ function mockGetMetaVersionHeader(versionHeader) {
     });
     t.deepEqual({ type: util.GitHubVariant.GHES, version: "2.0" }, v2);
 });
-(0, ava_1.default)("getGitHubVersion for GHAE", async (t) => {
-    mockGetMetaVersionHeader("GitHub AE");
-    const ghae = await api.getGitHubVersionFromApi(api.getApiClient(), {
-        auth: "",
-        url: "https://example.githubenterprise.com",
-        apiURL: undefined,
-    });
-    t.deepEqual({ type: util.GitHubVariant.GHAE }, ghae);
-});
 (0, ava_1.default)("getGitHubVersion for different domain", async (t) => {
     mockGetMetaVersionHeader(undefined);
     const v3 = await api.getGitHubVersionFromApi(api.getApiClient(), {

lib/api-client.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,uEAAyD;AACzD,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7E,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,EAAE,CAAC;IACjD,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACrE,oBAAoB;SACjB,QAAQ,CAAC,mBAAmB,CAAC;SAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACtC,oBAAoB;SACjB,QAAQ,CAAC,gBAAgB,CAAC;SAC1B,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAE1C,GAAG,CAAC,YAAY,EAAE,CAAC;IAEnB,CAAC,CAAC,MAAM,CACN,UAAU,CAAC,qBAAqB,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG;QACpB,SAAS,EAAE,iBAAiB,WAAW,CAAC,gBAAgB,EAAE,EAAE;KAC7D,CAAC,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,wBAAwB,CAC/B,aAAiC;IAEjC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE;YACP,6BAA6B,EAAE,aAAa;SAC7C;KACF,CAAC;IACF,MAAM,cAAc,GAAG,KAAK;SACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;QAC9B,iEAAiE;SAChE,QAAQ,CAAC,QAAe,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,oBAAoB;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,uBAAuB,CACzC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EACxB,UAAU,CACX,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CACT,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAwB,EACvE,EAAE,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACjE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,sCAAsC;QAC3C,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACtE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,SAAS,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,uEAAyD;AACzD,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7E,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,EAAE,CAAC;IACjD,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACrE,oBAAoB;SACjB,QAAQ,CAAC,mBAAmB,CAAC;SAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACtC,oBAAoB;SACjB,QAAQ,CAAC,gBAAgB,CAAC;SAC1B,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAE1C,GAAG,CAAC,YAAY,EAAE,CAAC;IAEnB,CAAC,CAAC,MAAM,CACN,UAAU,CAAC,qBAAqB,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG;QACpB,SAAS,EAAE,iBAAiB,WAAW,CAAC,gBAAgB,EAAE,EAAE;KAC7D,CAAC,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,wBAAwB,CAC/B,aAAiC;IAEjC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE;YACP,6BAA6B,EAAE,aAAa;SAC7C;KACF,CAAC;IACF,MAAM,cAAc,GAAG,KAAK;SACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;QAC9B,iEAAiE;SAChE,QAAQ,CAAC,QAAe,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,oBAAoB;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,uBAAuB,CACzC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EACxB,UAAU,CACX,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CACT,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAwB,EACvE,EAAE,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACtE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,SAAS,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.12", "minimumVersion": "3.7" }
+{ "maximumVersion": "3.13", "minimumVersion": "3.8" }

lib/autobuild-action.js

@@ -27,14 +27,16 @@ const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
-const configUtils = __importStar(require("./config-utils"));
+const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
+const environment_1 = require("./environment");
 const logging_1 = require("./logging");
 const status_report_1 = require("./status-report");
 const util_1 = require("./util");
-async function sendCompletedStatusReport(logger, startedAt, allLanguages, failingLanguage, cause) {
+async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
     const status = (0, status_report_1.getActionsStatus)(cause, failingLanguage);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)("autobuild", status, startedAt, await (0, util_1.checkDiskUsage)(logger), cause?.message, cause?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, status, startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, cause?.message, cause?.stack);
     const statusReport = {
         ...statusReportBase,
         autobuild_languages: allLanguages.join(","),
@@ -45,19 +47,20 @@ async function sendCompletedStatusReport(logger, startedAt, allLanguages, failin
 async function run() {
     const startedAt = new Date();
     const logger = (0, logging_1.getActionsLogger)();
-    let currentLanguage = undefined;
-    let languages = undefined;
+    let config;
+    let currentLanguage;
+    let languages;
     try {
-        if (!(await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)("autobuild", "starting", startedAt, await (0, util_1.checkDiskUsage)(logger))))) {
-            return;
-        }
+        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
-        const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
+        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
+        config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
-        languages = await (0, autobuild_1.determineAutobuildLanguages)(config, logger);
+        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        languages = await (0, autobuild_1.determineAutobuildLanguages)(codeql, config, logger);
         if (languages !== undefined) {
             const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
             if (workingDirectory) {
@@ -73,10 +76,11 @@ async function run() {
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);
         core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. ${error.message}`);
-        await sendCompletedStatusReport(logger, startedAt, languages ?? [], currentLanguage, error);
+        await sendCompletedStatusReport(config, logger, startedAt, languages ?? [], currentLanguage, error);
         return;
     }
-    await sendCompletedStatusReport(logger, startedAt, languages ?? []);
+    core.exportVariable(environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY, "true");
+    await sendCompletedStatusReport(config, logger, startedAt, languages ?? []);
 }
 async function runWrapper() {
     try {

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAKgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CACF,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/autobuild.js

@@ -23,17 +23,25 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runAutobuild = exports.determineAutobuildLanguages = void 0;
+exports.runAutobuild = exports.setupCppAutobuild = exports.determineAutobuildLanguages = void 0;
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
+const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(config, logger) {
+async function determineAutobuildLanguages(codeql, config, logger) {
+    if ((config.buildMode === config_utils_1.BuildMode.None &&
+        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
+        config.buildMode === config_utils_1.BuildMode.Manual) {
+        logger.info(`Using ${config.buildMode} build mode, nothing to autobuild.`);
+        return undefined;
+    }
     // Attempt to find a language to autobuild
     // We want pick the dominant language in the repo from the ones we're able to build
     // The languages are sorted in order specified by user or by lines of code if we got
@@ -51,11 +59,11 @@ async function determineAutobuildLanguages(config, logger) {
      * For example, consider a user with the following workflow file:
      *
      * ```yml
-     * - uses: github/codeql-action/init@v2
+     * - uses: github/codeql-action/init@v3
      *   with:
      *     languages: go, java
-     * - uses: github/codeql-action/autobuild@v2
-     * - uses: github/codeql-action/analyze@v2
+     * - uses: github/codeql-action/autobuild@v3
+     * - uses: github/codeql-action/analyze@v3
      * ```
      *
      * - With Go extraction disabled, we will run the Java autobuilder in the
@@ -126,13 +134,14 @@ async function setupCppAutobuild(codeql, logger) {
         core.exportVariable(envVar, "false");
     }
 }
+exports.setupCppAutobuild = setupCppAutobuild;
 async function runAutobuild(language, config, logger) {
     logger.startGroup(`Attempting to automatically build ${language} code`);
     const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     if (language === languages_1.Language.cpp) {
         await setupCppAutobuild(codeQL, logger);
     }
-    await codeQL.runAutobuild(language);
+    await codeQL.runAutobuild(language, config.debugMode);
     if (language === languages_1.Language.go) {
         core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true");
     }

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAA0B,EAC1B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtFD,kEAsFC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IAC7D,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,iDAA2C;AAC3C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}

lib/cli-errors.js

@@ -0,0 +1,266 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
+const util_1 = require("./util");
+const NO_SOURCE_CODE_SEEN_DOCS_LINK = "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build";
+/**
+ * A class of Error that we can classify as an error stemming from a CLI
+ * invocation, with associated exit code, stderr,etc.
+ */
+class CommandInvocationError extends Error {
+    constructor(cmd, args, exitCode, stderr, stdout) {
+        const prettyCommand = [cmd, ...args]
+            .map((x) => (x.includes(" ") ? `'${x}'` : x))
+            .join(" ");
+        const fatalErrors = extractFatalErrors(stderr);
+        const autobuildErrors = extractAutobuildErrors(stderr);
+        let message;
+        if (fatalErrors) {
+            message =
+                `Encountered a fatal error while running "${prettyCommand}". ` +
+                    `Exit code was ${exitCode} and error was: ${fatalErrors.trim()} See the logs for more details.`;
+        }
+        else if (autobuildErrors) {
+            const autobuildHelpLink = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
+            message =
+                "We were unable to automatically build your code. Please provide manual build steps. " +
+                    `For more information, see ${autobuildHelpLink}. ` +
+                    `Encountered the following error: ${autobuildErrors}`;
+        }
+        else {
+            let lastLine = stderr.trim().split("\n").pop()?.trim() || "";
+            if (lastLine[lastLine.length - 1] !== ".") {
+                lastLine += ".";
+            }
+            message =
+                `Encountered a fatal error while running "${prettyCommand}". ` +
+                    `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`;
+        }
+        super(message);
+        this.exitCode = exitCode;
+        this.stderr = stderr;
+        this.stdout = stdout;
+    }
+}
+exports.CommandInvocationError = CommandInvocationError;
+/**
+ * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
+ * error.
+ *
+ * - If the CLI invocation failed with a fatal error, this returns that fatal error, followed by
+ *   any fatal errors that occurred in plumbing commands.
+ * - If the CLI invocation did not fail with a fatal error, this returns `undefined`.
+ *
+ * ### Example
+ *
+ * ```
+ * Running TRAP import for CodeQL database at /home/runner/work/_temp/codeql_databases/javascript...
+ * A fatal error occurred: Evaluator heap must be at least 384.00 MiB
+ * A fatal error occurred: Dataset import for
+ * /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2
+ * ```
+ *
+ * becomes
+ *
+ * ```
+ * Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset
+ * --threads=2 --ram=2048 db". Exit code was 32 and error was: A fatal error occurred: Dataset
+ * import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2.
+ * Context: A fatal error occurred: Evaluator heap must be at least 384.00 MiB.
+ * ```
+ *
+ * Where possible, this tries to summarize the error into a single line, as this displays better in
+ * the Actions UI.
+ */
+function extractFatalErrors(error) {
+    const fatalErrorRegex = /.*fatal error occurred:/gi;
+    let fatalErrors = [];
+    let lastFatalErrorIndex;
+    let match;
+    while ((match = fatalErrorRegex.exec(error)) !== null) {
+        if (lastFatalErrorIndex !== undefined) {
+            fatalErrors.push(error.slice(lastFatalErrorIndex, match.index).trim());
+        }
+        lastFatalErrorIndex = match.index;
+    }
+    if (lastFatalErrorIndex !== undefined) {
+        const lastError = error.slice(lastFatalErrorIndex).trim();
+        if (fatalErrors.length === 0) {
+            // No other errors
+            return lastError;
+        }
+        const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
+        if (isOneLiner) {
+            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
+        }
+        return [
+            ensureEndsInPeriod(lastError),
+            "Context:",
+            ...fatalErrors.reverse(),
+        ].join(isOneLiner ? " " : "\n");
+    }
+    return undefined;
+}
+function extractAutobuildErrors(error) {
+    const pattern = /.*\[autobuild\] \[ERROR\] (.*)/gi;
+    let errorLines = [...error.matchAll(pattern)].map((match) => match[1]);
+    // Truncate if there are more than 10 matching lines.
+    if (errorLines.length > 10) {
+        errorLines = errorLines.slice(0, 10);
+        errorLines.push("(truncated)");
+    }
+    return errorLines.join("\n") || undefined;
+}
+function ensureEndsInPeriod(text) {
+    return text[text.length - 1] === "." ? text : `${text}.`;
+}
+/** Error messages from the CLI that we consider configuration errors and handle specially. */
+var CliConfigErrorCategory;
+(function (CliConfigErrorCategory) {
+    CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
+    CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
+    CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice";
+    CliConfigErrorCategory["InvalidSourceRoot"] = "InvalidSourceRoot";
+    CliConfigErrorCategory["MavenBuildFailed"] = "MavenBuildFailed";
+    CliConfigErrorCategory["NoBuildCommandAutodetected"] = "NoBuildCommandAutodetected";
+    CliConfigErrorCategory["NoBuildMethodAutodetected"] = "NoBuildMethodAutodetected";
+    CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen";
+    CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded";
+    CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
+    CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
+})(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
+/**
+ * All of our caught CLI error messages that we handle specially: ie. if we
+ * would like to categorize an error as a configuration error or not.
+ */
+exports.cliErrorsConfig = {
+    [CliConfigErrorCategory.GradleBuildFailed]: {
+        cliErrorMessageCandidates: [
+            new RegExp("[autobuild] FAILURE: Build failed with an exception."),
+        ],
+    },
+    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
+    [CliConfigErrorCategory.IncompatibleWithActionVersion]: {
+        cliErrorMessageCandidates: [
+            new RegExp("is not compatible with this CodeQL CLI"),
+        ],
+    },
+    [CliConfigErrorCategory.InitCalledTwice]: {
+        cliErrorMessageCandidates: [
+            new RegExp("Refusing to create databases .* but could not process any of it"),
+        ],
+        additionalErrorMessageToAppend: `Is the "init" action called twice in the same job?`,
+    },
+    // Expected source location for database creation does not exist
+    [CliConfigErrorCategory.InvalidSourceRoot]: {
+        cliErrorMessageCandidates: [new RegExp("Invalid source root")],
+    },
+    [CliConfigErrorCategory.MavenBuildFailed]: {
+        cliErrorMessageCandidates: [
+            new RegExp("\\[autobuild\\] \\[ERROR\\] Failed to execute goal"),
+        ],
+    },
+    [CliConfigErrorCategory.NoBuildCommandAutodetected]: {
+        cliErrorMessageCandidates: [
+            new RegExp("Could not auto-detect a suitable build method"),
+        ],
+    },
+    [CliConfigErrorCategory.NoBuildMethodAutodetected]: {
+        cliErrorMessageCandidates: [
+            new RegExp("Could not detect a suitable build command for the source checkout"),
+        ],
+    },
+    // Usually when a manual build script has failed, or if an autodetected language
+    // was unintended to have CodeQL analysis run on it.
+    [CliConfigErrorCategory.NoSourceCodeSeen]: {
+        exitCode: 32,
+        cliErrorMessageCandidates: [
+            new RegExp("CodeQL detected code written in .* but could not process any of it"),
+            new RegExp("CodeQL did not detect any code written in languages supported by CodeQL"),
+            /**
+             * Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
+             * source code was found. This means that we don't get the no code found error from
+             * `codeql database finalize`. To ensure users get a good error message, we detect this manually
+             * here, and upon detection override the error message.
+             *
+             * This can be removed once support for CodeQL 2.11.6 is removed.
+             */
+            new RegExp("No JavaScript or TypeScript code found"),
+        ],
+    },
+    [CliConfigErrorCategory.NoSupportedBuildCommandSucceeded]: {
+        cliErrorMessageCandidates: [
+            new RegExp("No supported build command succeeded"),
+        ],
+    },
+    [CliConfigErrorCategory.NoSupportedBuildSystemDetected]: {
+        cliErrorMessageCandidates: [
+            new RegExp("No supported build system detected"),
+        ],
+    },
+    [CliConfigErrorCategory.SwiftBuildFailed]: {
+        cliErrorMessageCandidates: [
+            new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),
+        ],
+    },
+};
+/**
+ * Check if the given CLI error or exit code, if applicable, apply to any known
+ * CLI errors in the configuration record. If either the CLI error message matches one of
+ * the error messages in the config record, or the exit codes match, return the error category;
+ * if not, return undefined.
+ */
+function getCliConfigCategoryIfExists(cliError) {
+    for (const [category, configuration] of Object.entries(exports.cliErrorsConfig)) {
+        if (cliError.exitCode !== undefined &&
+            configuration.exitCode !== undefined &&
+            cliError.exitCode === configuration.exitCode) {
+            return category;
+        }
+        for (const e of configuration.cliErrorMessageCandidates) {
+            if (cliError.message.match(e) || cliError.stderr.match(e)) {
+                return category;
+            }
+        }
+    }
+    return undefined;
+}
+exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
+/**
+ * Prepend a clearer error message with the docs link if the error message does not already
+ * include it. Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs
+ * should already include the doc link.
+ */
+function prependDocsLinkIfApplicable(cliErrorMessage) {
+    if (!cliErrorMessage.includes(NO_SOURCE_CODE_SEEN_DOCS_LINK)) {
+        return `No code found during the build. Please see: ${NO_SOURCE_CODE_SEEN_DOCS_LINK}. Detailed error: ${cliErrorMessage}`;
+    }
+    return cliErrorMessage;
+}
+/**
+ * Changes an error received from the CLI to a ConfigurationError with optionally an extra
+ * error message appended, if it exists in a known set of configuration errors. Otherwise,
+ * simply returns the original error.
+ */
+function wrapCliConfigurationError(cliError) {
+    if (!(cliError instanceof CommandInvocationError)) {
+        return cliError;
+    }
+    const cliConfigErrorCategory = getCliConfigCategoryIfExists(cliError);
+    if (cliConfigErrorCategory === undefined) {
+        return cliError;
+    }
+    let errorMessageBuilder = cliError.message;
+    // Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs should
+    // already include the doc link.
+    if (cliConfigErrorCategory === CliConfigErrorCategory.NoSourceCodeSeen) {
+        errorMessageBuilder = prependDocsLinkIfApplicable(errorMessageBuilder);
+    }
+    const additionalErrorMessageToAppend = exports.cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend;
+    if (additionalErrorMessageToAppend !== undefined) {
+        errorMessageBuilder = `${errorMessageBuilder} ${additionalErrorMessageToAppend}`;
+    }
+    return new util_1.ConfigurationError(errorMessageBuilder);
+}
+exports.wrapCliConfigurationError = wrapCliConfigurationError;
+//# sourceMappingURL=cli-errors.js.map

lib/codeql.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = exports.CommandInvocationError = void 0;
+exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -31,35 +31,14 @@ const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
+const cli_errors_1 = require("./cli-errors");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
+const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
-class CommandInvocationError extends Error {
-    constructor(cmd, args, exitCode, stderr, stdout) {
-        const prettyCommand = [cmd, ...args]
-            .map((x) => (x.includes(" ") ? `'${x}'` : x))
-            .join(" ");
-        const fatalErrors = extractFatalErrors(stderr);
-        const lastLine = stderr.trim().split("\n").pop()?.trim();
-        let error = fatalErrors
-            ? ` and error was: ${fatalErrors.trim()}`
-            : lastLine
-                ? ` and last log line was: ${lastLine}`
-                : "";
-        if (error[error.length - 1] !== ".") {
-            error += ".";
-        }
-        super(`Encountered a fatal error while running "${prettyCommand}". ` +
-            `Exit code was ${exitCode}${error} See the logs for more details.`);
-        this.exitCode = exitCode;
-        this.stderr = stderr;
-        this.stdout = stdout;
-    }
-}
-exports.CommandInvocationError = CommandInvocationError;
 /**
  * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
  * Can be overridden in tests using `setCodeQL`.
@@ -73,7 +52,7 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.10.5";
+const CODEQL_MINIMUM_VERSION = "2.11.6";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
@@ -86,19 +65,17 @@ const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7";
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
 const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
+/** The CLI verbosity level to use for extraction in debug mode. */
+const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
+ * Deprecated in favor of ToolsFeature.
+ *
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
  * flag is older than the oldest supported version above, it may be removed.
  */
 /**
- * Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via
- * `codeql database export-diagnostics` or `codeql diagnostics export`.
- */
-exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
-const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
-/**
- * Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
+ * Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
  * each language.
  */
 exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@@ -111,11 +88,6 @@ exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
  * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
  */
 exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
-/**
- * Versions 2.12.4+ of the CodeQL CLI provide a better error message when `database finalize`
- * determines that no code has been found.
- */
-exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = "2.12.4";
 /**
  * Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
  */
@@ -140,6 +112,10 @@ exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = "2.15.0";
  * Versions 2.15.0+ of the CodeQL CLI support sub-language file coverage information.
  */
 exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
+/**
+ * Versions 2.15.2+ of the CodeQL CLI support the `--sarif-include-query-help` option.
+ */
+const CODEQL_VERSION_INCLUDE_QUERY_HELP = "2.15.2";
 /**
  * Set up CodeQL CLI access.
  *
@@ -161,7 +137,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
             codeqlCmd += ".exe";
         }
         else if (process.platform !== "linux" && process.platform !== "darwin") {
-            throw new util.UserError(`Unsupported platform: ${process.platform}`);
+            throw new util.ConfigurationError(`Unsupported platform: ${process.platform}`);
         }
         cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
         return {
@@ -207,13 +183,16 @@ function resolveFunction(partialCodeql, methodName, defaultImplementation) {
 function setCodeQL(partialCodeql) {
     cachedCodeQL = {
         getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
-        getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve({
+        getVersion: resolveFunction(partialCodeql, "getVersion", async () => ({
             version: "1.0.0",
-        }))),
+        })),
         printVersion: resolveFunction(partialCodeql, "printVersion"),
+        supportsFeature: resolveFunction(partialCodeql, "supportsFeature", async (feature) => !!partialCodeql.getVersion &&
+            (0, tools_features_1.isSupportedToolsFeature)(await partialCodeql.getVersion(), feature)),
         databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
         runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
         extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
+        extractUsingBuildMode: resolveFunction(partialCodeql, "extractUsingBuildMode"),
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
         betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
@@ -228,6 +207,7 @@ function setCodeQL(partialCodeql) {
         databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
         resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
+        mergeResults: resolveFunction(partialCodeql, "mergeResults"),
     };
     return cachedCodeQL;
 }
@@ -285,23 +265,25 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async printVersion() {
             await runTool(cmd, ["version", "--format=json"]);
         },
-        async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
+        async supportsFeature(feature) {
+            return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
+        },
+        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
             const extraArgs = config.languages.map((language) => `--language=${language}`);
             if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
                 extraArgs.push("--begin-tracing");
                 extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                 extraArgs.push(`--trace-process-name=${processName}`);
             }
-            // A code scanning config file is only generated if the CliConfigFileEnabled feature flag is enabled.
-            const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, features, logger);
-            // Only pass external repository token if a config file is going to be parsed by the CLI.
-            let externalRepositoryToken;
-            if (codeScanningConfigFile) {
-                externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
-                extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
-                if (externalRepositoryToken) {
-                    extraArgs.push("--external-repository-token-stdin");
-                }
+            const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
+            const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
+            extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
+            if (externalRepositoryToken) {
+                extraArgs.push("--external-repository-token-stdin");
+            }
+            if (config.buildMode !== undefined &&
+                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
+                extraArgs.push(`--build-mode=${config.buildMode}`);
             }
             if (qlconfigFile !== undefined &&
                 (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
@@ -327,7 +309,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["database", "init"]),
             ], { stdin: externalRepositoryToken });
         },
-        async runAutobuild(language) {
+        async runAutobuild(language, enableDebugLogging) {
             const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
             // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
             // This is because of an issue with Azure pipelines timing out connections after 4 minutes
@@ -340,6 +322,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "-Dhttp.keepAlive=false",
                 "-Dmaven.wagon.http.pool=false",
             ].join(" ");
+            // Bump the verbosity of the autobuild command if we're in debug mode
+            if (enableDebugLogging) {
+                process.env[environment_1.EnvVar.CLI_VERBOSITY] =
+                    process.env[environment_1.EnvVar.CLI_VERBOSITY] || EXTRACTION_DEBUG_MODE_VERBOSITY;
+            }
             // On macOS, System Integrity Protection (SIP) typically interferes with
             // CodeQL build tracing of protected binaries.
             // The usual workaround is to prefix `$CODEQL_RUNNER` to build commands:
@@ -361,32 +348,34 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "trace-command",
                 "--index-traceless-dbs",
                 ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
+                ...getExtractionVerbosityArguments(config.debugMode),
                 ...getExtraOptionsFromEnv(["database", "trace-command"]),
                 util.getCodeQLDatabasePath(config, language),
             ]);
         },
-        async finalizeDatabase(databasePath, threadsFlag, memoryFlag) {
+        async extractUsingBuildMode(config, language) {
+            await runTool(cmd, [
+                "database",
+                "trace-command",
+                "--use-build-mode",
+                ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
+                ...getExtractionVerbosityArguments(config.debugMode),
+                ...getExtraOptionsFromEnv(["database", "trace-command"]),
+                util.getCodeQLDatabasePath(config, language),
+            ]);
+        },
+        async finalizeDatabase(databasePath, threadsFlag, memoryFlag, enableDebugLogging) {
             const args = [
                 "database",
                 "finalize",
                 "--finalize-dataset",
                 threadsFlag,
                 memoryFlag,
+                ...getExtractionVerbosityArguments(enableDebugLogging),
                 ...getExtraOptionsFromEnv(["database", "finalize"]),
                 databasePath,
             ];
-            try {
-                await runTool(cmd, args);
-            }
-            catch (e) {
-                if (e instanceof CommandInvocationError &&
-                    !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE)) &&
-                    isNoCodeFoundError(e)) {
-                    throw new util.UserError("No code found during the build. Please see: " +
-                        "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build");
-                }
-                throw e;
-            }
+            await runTool(cmd, args);
         },
         async resolveLanguages() {
             const codeqlArgs = [
@@ -458,7 +447,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
             }
         },
-        async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun, features) {
+        async databaseRunQueries(databasePath, flags) {
             const codeqlArgs = [
                 "database",
                 "run-queries",
@@ -468,22 +457,12 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "-v",
                 ...getExtraOptionsFromEnv(["database", "run-queries"]),
             ];
-            if (optimizeForLastQueryRun &&
-                (await util.supportExpectDiscardedCache(this))) {
+            if (await util.supportExpectDiscardedCache(this)) {
                 codeqlArgs.push("--expect-discarded-cache");
             }
-            if (extraSearchPath !== undefined) {
-                codeqlArgs.push("--additional-packs", extraSearchPath);
-            }
-            if (querySuitePath) {
-                codeqlArgs.push(querySuitePath);
-            }
-            if (await features.getValue(feature_flags_1.Feature.EvaluatorFineGrainedParallelismEnabled, this)) {
+            if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
                 codeqlArgs.push("--intra-layer-parallelism");
             }
-            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
-                codeqlArgs.push("--no-intra-layer-parallelism");
-            }
             await runTool(cmd, codeqlArgs);
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
@@ -503,17 +482,15 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 addSnippetsFlag,
                 "--print-diagnostics-summary",
                 "--print-metrics-summary",
-                "--sarif-add-query-help",
-                "--sarif-group-rules-by-pack",
+                "--sarif-add-baseline-file-info",
                 ...(await getCodeScanningConfigExportArguments(config, this)),
+                "--sarif-group-rules-by-pack",
+                ...(await getCodeScanningQueryHelpArguments(this)),
                 ...getExtraOptionsFromEnv(["database", "interpret-results"]),
             ];
             if (automationDetailsId !== undefined) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
-            if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
-                codeqlArgs.push("--sarif-add-baseline-file-info");
-            }
             if (await isSublanguageFileCoverageEnabled(config, this)) {
                 codeqlArgs.push("--sublanguage-file-coverage");
             }
@@ -688,6 +665,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }).exec();
             return JSON.parse(extractorPath);
         },
+        async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false, }) {
+            const args = [
+                "github",
+                "merge-results",
+                "--output",
+                outputFile,
+                ...getExtraOptionsFromEnv(["github", "merge-results"]),
+            ];
+            for (const sarifFile of sarifFiles) {
+                args.push("--sarif", sarifFile);
+            }
+            if (mergeRunsFromEqualCategory) {
+                args.push("--sarif-merge-runs-from-equal-category");
+            }
+            await runTool(cmd, args);
+        },
     };
     // To ensure that status reports include the CodeQL CLI version wherever
     // possible, we want to call getVersion(), which populates the version value
@@ -699,7 +692,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
     // CodeQL object is created.
     if (checkVersion &&
         !(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
-        throw new util.UserError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
+        throw new util.ConfigurationError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
     }
     else if (checkVersion &&
         process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
@@ -713,7 +706,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             "version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
             "input to use the default version.\n\n" +
             "Alternatively, if you want to continue using CodeQL CLI version " +
-            `${result.version}, you can replace 'github/codeql-action/*@v2' by ` +
+            `${result.version}, you can replace 'github/codeql-action/*@v3' by ` +
             `'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
             "continue using this version of the CodeQL Action.");
         core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
@@ -774,16 +767,16 @@ exports.getExtraOptions = getExtraOptions;
  * (2) It avoids us hitting the limit of how much data we can send in our
  *     status reports on GitHub.com.
  */
-const maxErrorSize = 20000;
+const maxErrorSize = 20_000;
 async function runTool(cmd, args = [], opts = {}) {
-    let output = "";
-    let error = "";
+    let stdout = "";
+    let stderr = "";
     process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
     const exitCode = await new toolrunner.ToolRunner(cmd, args, {
         ignoreReturnCode: true,
         listeners: {
             stdout: (data) => {
-                output += data.toString("utf8");
+                stdout += data.toString("utf8");
                 if (!opts.noStreamStdout) {
                     process.stdout.write(data);
                 }
@@ -795,7 +788,7 @@ async function runTool(cmd, args = [], opts = {}) {
                     // Eg: if we have 20,000 the start index should be 2.
                     readStartIndex = data.length - maxErrorSize + 1;
                 }
-                error += data.toString("utf8", readStartIndex);
+                stderr += data.toString("utf8", readStartIndex);
                 // Mimic the standard behavior of the toolrunner by writing stderr to stdout
                 process.stdout.write(data);
             },
@@ -804,83 +797,19 @@ async function runTool(cmd, args = [], opts = {}) {
         ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
     }).exec();
     if (exitCode !== 0) {
-        throw new CommandInvocationError(cmd, args, exitCode, error, output);
+        const e = new cli_errors_1.CommandInvocationError(cmd, args, exitCode, stderr, stdout);
+        throw (0, cli_errors_1.wrapCliConfigurationError)(e);
     }
-    return output;
+    return stdout;
 }
 /**
- * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
- * error.
- *
- * - If the CLI invocation failed with a fatal error, this returns that fatal error, followed by
- *   any fatal errors that occurred in plumbing commands.
- * - If the CLI invocation did not fail with a fatal error, this returns `undefined`.
- *
- * ### Example
- *
- * ```
- * Running TRAP import for CodeQL database at /home/runner/work/_temp/codeql_databases/javascript...
- * A fatal error occurred: Evaluator heap must be at least 384.00 MiB
- * A fatal error occurred: Dataset import for
- * /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2
- * ```
- *
- * becomes
- *
- * ```
- * Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset
- * --threads=2 --ram=2048 db". Exit code was 32 and error was: A fatal error occurred: Dataset
- * import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2.
- * Context: A fatal error occurred: Evaluator heap must be at least 384.00 MiB.
- * ```
- *
- * Where possible, this tries to summarize the error into a single line, as this displays better in
- * the Actions UI.
- */
-function extractFatalErrors(error) {
-    const fatalErrorRegex = /.*fatal error occurred:/gi;
-    let fatalErrors = [];
-    let lastFatalErrorIndex;
-    let match;
-    while ((match = fatalErrorRegex.exec(error)) !== null) {
-        if (lastFatalErrorIndex !== undefined) {
-            fatalErrors.push(error.slice(lastFatalErrorIndex, match.index).trim());
-        }
-        lastFatalErrorIndex = match.index;
-    }
-    if (lastFatalErrorIndex !== undefined) {
-        const lastError = error.slice(lastFatalErrorIndex).trim();
-        if (fatalErrors.length === 0) {
-            // No other errors
-            return lastError;
-        }
-        const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
-        if (isOneLiner) {
-            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
-        }
-        return [
-            ensureEndsInPeriod(lastError),
-            "Context:",
-            ...fatalErrors.reverse(),
-        ].join(isOneLiner ? " " : "\n");
-    }
-    return undefined;
-}
-function ensureEndsInPeriod(text) {
-    return text[text.length - 1] === "." ? text : `${text}.`;
-}
-/**
- * If appropriate, generates a code scanning configuration that is to be used for a scan.
- * If the configuration is not to be generated, returns undefined.
+ * Generates a code scanning configuration that is to be used for a scan.
  *
  * @param codeql The CodeQL object to use.
  * @param config The configuration to use.
  * @returns the path to the generated user configuration file.
  */
-async function generateCodeScanningConfig(codeql, config, features, logger) {
-    if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeql, features))) {
-        return;
-    }
+async function generateCodeScanningConfig(config, logger) {
     const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
     // make a copy so we can modify it
     const augmentedConfig = cloneObject(config.originalUserInput);
@@ -974,18 +903,6 @@ function getGeneratedCodeScanningConfigPath(config) {
     return path.resolve(config.tempDir, "user-config.yaml");
 }
 exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
-function isNoCodeFoundError(e) {
-    /**
-     * Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
-     * source code was found. This means that we don't get the no code found error from
-     * `codeql database finalize`. To ensure users get a good error message, we detect this manually
-     * here, and upon detection override the error message.
-     *
-     * This can be removed once support for CodeQL 2.11.6 is removed.
-     */
-    const javascriptNoCodeFoundWarning = "No JavaScript or TypeScript code found.";
-    return e.exitCode === 32 || e.stderr.includes(javascriptNoCodeFoundWarning);
-}
 async function isDiagnosticsExportInvalidSarifFixed(codeql) {
     return await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
 }
@@ -1002,4 +919,15 @@ async function isSublanguageFileCoverageEnabled(config, codeql) {
         semver.gte(config.gitHubVersion.version, "3.12.0")) &&
         (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)));
 }
+async function getCodeScanningQueryHelpArguments(codeql) {
+    if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_INCLUDE_QUERY_HELP)) {
+        return ["--sarif-include-query-help=always"];
+    }
+    return ["--sarif-add-query-help"];
+}
+function getExtractionVerbosityArguments(enableDebugLogging) {
+    return enableDebugLogging
+        ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`]
+        : [];
+}
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -28,7 +28,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.stubToolRunnerConstructor = void 0;
 const fs = __importStar(require("fs"));
-const path_1 = __importDefault(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
@@ -38,9 +37,9 @@ const yaml = __importStar(require("js-yaml"));
 const nock_1 = __importDefault(require("nock"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
+const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
 const defaults = __importStar(require("./defaults.json"));
-const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const setup_codeql_1 = require("./setup-codeql");
@@ -48,37 +47,12 @@ const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-const sampleGHAEApiDetails = {
-    auth: "token",
-    url: "https://example.githubenterprise.com",
-    apiURL: "https://example.githubenterprise.com/api/v3",
-};
 let stubConfig;
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)("1.2.3");
-    stubConfig = {
+    stubConfig = (0, testing_utils_1.createTestConfig)({
         languages: [languages_1.Language.cpp],
-        queries: {},
-        pathsIgnore: [],
-        paths: [],
-        originalUserInput: {},
-        tempDir: "",
-        codeQLCmd: "",
-        gitHubVersion: {
-            type: util.GitHubVariant.DOTCOM,
-        },
-        dbLocation: "",
-        packs: {},
-        debugMode: false,
-        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
-        trapCaches: {},
-        trapCacheDownloadTime: 0,
-    };
+    });
 });
 async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, cliVersion, isPinned, tagName, tmpDir, }) {
     const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
@@ -221,49 +195,47 @@ for (const toolcacheVersion of [
         });
     });
 }
-for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
-    (0, ava_1.default)(`uses a cached bundle when no tools input is given on ${util.GitHubVariant[variant]}`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            await installIntoToolcache({
-                tagName: "codeql-bundle-20200601",
-                isPinned: true,
-                tmpDir,
-            });
-            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-            }, (0, logging_1.getRunnerLogger)(true), false);
-            t.deepEqual(result.toolsVersion, "0.0.0-20200601");
-            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-            t.is(result.toolsDownloadDurationMs, undefined);
-            const cachedVersions = toolcache.findAllVersions("CodeQL");
-            t.is(cachedVersions.length, 1);
+(0, ava_1.default)(`uses a cached bundle when no tools input is given on GHES`, async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        await installIntoToolcache({
+            tagName: "codeql-bundle-20200601",
+            isPinned: true,
+            tmpDir,
         });
+        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
+            cliVersion: defaults.cliVersion,
+            tagName: defaults.bundleVersion,
+        }, (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(result.toolsVersion, "0.0.0-20200601");
+        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
+        t.is(result.toolsDownloadDurationMs, undefined);
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 1);
     });
-    (0, ava_1.default)(`downloads bundle if only an unpinned version is cached on ${util.GitHubVariant[variant]}`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            await installIntoToolcache({
-                tagName: "codeql-bundle-20200601",
-                isPinned: false,
-                tmpDir,
-            });
-            (0, testing_utils_1.mockBundleDownloadApi)({
-                tagName: defaults.bundleVersion,
-            });
-            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-            }, (0, logging_1.getRunnerLogger)(true), false);
-            t.deepEqual(result.toolsVersion, defaults.cliVersion);
-            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
-            const cachedVersions = toolcache.findAllVersions("CodeQL");
-            t.is(cachedVersions.length, 2);
+});
+(0, ava_1.default)(`downloads bundle if only an unpinned version is cached on GHES`, async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        await installIntoToolcache({
+            tagName: "codeql-bundle-20200601",
+            isPinned: false,
+            tmpDir,
         });
+        (0, testing_utils_1.mockBundleDownloadApi)({
+            tagName: defaults.bundleVersion,
+        });
+        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
+            cliVersion: defaults.cliVersion,
+            tagName: defaults.bundleVersion,
+        }, (0, logging_1.getRunnerLogger)(true), false);
+        t.deepEqual(result.toolsVersion, defaults.cliVersion);
+        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
+        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 2);
     });
-}
+});
 (0, ava_1.default)('downloads bundle if "latest" tools specified but not cached', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -283,50 +255,6 @@ for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
         t.is(cachedVersions.length, 2);
     });
 });
-for (const isBundleVersionInUrl of [true, false]) {
-    const inclusionString = isBundleVersionInUrl
-        ? "includes"
-        : "does not include";
-    (0, ava_1.default)(`download codeql bundle from github ae endpoint (URL ${inclusionString} bundle version)`, async (t) => {
-        await util.withTmpDir(async (tmpDir) => {
-            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-            const bundleAssetID = 10;
-            const platform = process.platform === "win32"
-                ? "win64"
-                : process.platform === "linux"
-                    ? "linux64"
-                    : "osx64";
-            const codeQLBundleName = `codeql-bundle-${platform}.tar.gz`;
-            const eventualDownloadUrl = isBundleVersionInUrl
-                ? `https://example.githubenterprise.com/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`
-                : `https://example.githubenterprise.com/api/v3/repos/github/codeql-action/releases/assets/${bundleAssetID}`;
-            (0, nock_1.default)("https://example.githubenterprise.com")
-                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/find/${defaults.bundleVersion}`)
-                .reply(200, {
-                assets: { [codeQLBundleName]: bundleAssetID },
-            });
-            (0, nock_1.default)("https://example.githubenterprise.com")
-                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/download/${bundleAssetID}`)
-                .reply(200, {
-                url: eventualDownloadUrl,
-            });
-            (0, nock_1.default)("https://example.githubenterprise.com")
-                .get(eventualDownloadUrl.replace("https://example.githubenterprise.com", ""))
-                .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-            mockApiDetails(sampleGHAEApiDetails);
-            sinon.stub(actionsUtil, "isRunningLocalAction").returns(false);
-            process.env["GITHUB_ACTION_REPOSITORY"] = "github/codeql-action";
-            const result = await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, {
-                cliVersion: defaults.cliVersion,
-                tagName: defaults.bundleVersion,
-            }, (0, logging_1.getRunnerLogger)(true), false);
-            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
-            const cachedVersions = toolcache.findAllVersions("CodeQL");
-            t.is(cachedVersions.length, 1);
-        });
-    });
-}
 (0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -373,45 +301,20 @@ for (const isBundleVersionInUrl of [true, false]) {
     t.throws(() => codeql.getExtraOptions({ foo: 87 }, ["foo"], []));
     t.throws(() => codeql.getExtraOptions({ "*": [42], foo: { "*": 87, bar: [99] } }, ["foo", "bar"], []));
 });
-(0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
-    await util.withTmpDir(async (tempDir) => {
-        const runnerConstructorStub = stubToolRunnerConstructor();
-        const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.10.5"));
-        // safeWhich throws because of the test CodeQL object.
-        sinon.stub(safeWhich, "safeWhich").resolves("");
-        const thisStubConfig = {
-            ...stubConfig,
-            tempDir,
-            augmentationProperties: {
-                queriesInputCombines: false,
-                packsInputCombines: false,
-            },
-        };
-        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
-        const args = runnerConstructorStub.firstCall.args[1];
-        // should NOT have used an config file
-        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
-        t.falsy(configArg, "Should NOT have injected a codescanning config");
-    });
-});
 // Test macro for ensuring different variants of injected augmented configurations
 const injectedConfigMacro = ava_1.default.macro({
     exec: async (t, augmentationProperties, configOverride, expectedConfig) => {
         await util.withTmpDir(async (tempDir) => {
             const runnerConstructorStub = stubToolRunnerConstructor();
             const codeqlObject = await codeql.getCodeQLForTesting();
-            sinon
-                .stub(codeqlObject, "getVersion")
-                .resolves((0, testing_utils_1.makeVersionInfo)(feature_flags_1.featureConfig[feature_flags_1.Feature.CliConfigFileEnabled].minimumVersion ||
-                "1.0.0"));
+            sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("1.0.0"));
             const thisStubConfig = {
                 ...stubConfig,
                 ...configOverride,
                 tempDir,
                 augmentationProperties,
             };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
             const args = runnerConstructorStub.firstCall.args[1];
             // should have used an config file
             const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -542,30 +445,14 @@ const injectedConfigMacro = ava_1.default.macro({
         queries: [],
     },
 }, {});
-(0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
-    await util.withTmpDir(async (tempDir) => {
-        const runnerConstructorStub = stubToolRunnerConstructor();
-        const codeqlObject = await codeql.getCodeQLForTesting();
-        // stubbed version doesn't matter. It just needs to be valid semver.
-        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("0.0.0"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
-        const args = runnerConstructorStub.firstCall.args[1];
-        // should not have used a config file
-        const hasConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
-        t.false(hasConfigArg, "Should NOT have injected a codescanning config");
-        // should not have passed a qlconfig file
-        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
-        t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
-    });
-});
-(0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI when CLI config passing is enabled", async (t) => {
+(0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI", async (t) => {
     await util.withTmpDir(async (tempDir) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon
             .stub(codeqlObject, "getVersion")
             .resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         // should have used a config file
         const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -575,12 +462,12 @@ const injectedConfigMacro = ava_1.default.macro({
         t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
     });
 });
-(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI when CLI config passing is enabled", async (t) => {
+(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI for CodeQL v2.12.2", async (t) => {
     await util.withTmpDir(async (tempDir) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.2"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         // should have used a config file
         const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -597,31 +484,13 @@ const injectedConfigMacro = ava_1.default.macro({
         sinon
             .stub(codeqlObject, "getVersion")
             .resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, // undefined qlconfigFile
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
         (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
         t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
     });
 });
-(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.3"));
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-    t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
-});
-(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
-    const runnerConstructorStub = stubToolRunnerConstructor();
-    const codeqlObject = await codeql.getCodeQLForTesting();
-    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.2"));
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-    t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
-});
 const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
     {
         codeqlVersion: "2.15.0",
@@ -685,9 +554,10 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", ""), {
-        message: "No code found during the build. Please see: " +
-            "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build",
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
+        instanceOf: util.ConfigurationError,
+        message: new RegExp("No code found during the build\\. Please see: " +
+            "https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
     });
 });
 (0, ava_1.default)("database finalize overrides no code found error on CodeQL 2.11.6", async (t) => {
@@ -696,9 +566,10 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", ""), {
-        message: "No code found during the build. Please see: " +
-            "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build",
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
+        instanceOf: util.ConfigurationError,
+        message: new RegExp("No code found during the build\\. Please see: " +
+            "https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
     });
 });
 (0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.4", async (t) => {
@@ -709,7 +580,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048"), {
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
         message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
             `Exit code was 32 and last log line was: ${cliMessage} See the logs for more details.`,
     });
@@ -724,9 +595,55 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048"), {
-        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
-            `Exit code was 32 and error was: ${datasetImportError}. Context: ${heapError}. See the logs for more details.`,
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
+        instanceOf: util.ConfigurationError,
+        message: new RegExp('Encountered a fatal error while running \\"codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db\\"\\. ' +
+            `Exit code was 32 and error was: ${datasetImportError.replaceAll(".", "\\.")}\\. Context: ${heapError.replaceAll(".", "\\.")}\\. See the logs for more details\\.`),
+    });
+});
+(0, ava_1.default)("runTool summarizes autobuilder errors", async (t) => {
+    const stderr = `
+    [2019-09-18 12:00:00] [autobuild] A non-error message
+    [2019-09-18 12:00:00] Untagged message
+    [2019-09-18 12:00:00] [autobuild] [ERROR] Start of the error message
+    [2019-09-18 12:00:00] [autobuild] An interspersed non-error message
+    [2019-09-18 12:00:01] [autobuild] [ERROR]   Some more context about the error message
+    [2019-09-18 12:00:01] [autobuild] [ERROR]   continued
+    [2019-09-18 12:00:01] [autobuild] [ERROR]   and finished here.
+    [2019-09-18 12:00:01] [autobuild] A non-error message
+  `;
+    stubToolRunnerConstructor(1, stderr);
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
+    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(languages_1.Language.java, false), {
+        instanceOf: cli_errors_1.CommandInvocationError,
+        message: "We were unable to automatically build your code. Please provide manual build steps. " +
+            "For more information, see " +
+            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
+            "Encountered the following error: Start of the error message\n" +
+            "  Some more context about the error message\n" +
+            "  continued\n" +
+            "  and finished here.",
+    });
+});
+(0, ava_1.default)("runTool truncates long autobuilder errors", async (t) => {
+    const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
+    stubToolRunnerConstructor(1, stderr);
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
+    sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(languages_1.Language.java, false), {
+        instanceOf: cli_errors_1.CommandInvocationError,
+        message: "We were unable to automatically build your code. Please provide manual build steps. " +
+            "For more information, see " +
+            "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed. " +
+            "Encountered the following error: " +
+            `${Array.from({ length: 10 }, (_, i) => `line${i + 1}`).join("\n")}\n(truncated)`,
     });
 });
 (0, ava_1.default)("runTool outputs last line of stderr if fatal error could not be found", async (t) => {
@@ -736,9 +653,10 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4"));
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048"), {
-        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
-            "Exit code was 32 and last log line was: line5. See the logs for more details.",
+    await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
+        instanceOf: util.ConfigurationError,
+        message: new RegExp('Encountered a fatal error while running \\"codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db\\"\\. ' +
+            "Exit code was 32 and last log line was: line5\\. See the logs for more details\\."),
     });
 });
 function stubToolRunnerConstructor(exitCode = 0, stderr) {