Bump version to 2.24.11

Merge releases/v3 into releases/v2

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node20
+  using: node16
   main: index.js

.github/workflows/__all-platform-bundle.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   all-platform-bundle:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: All-platform bundle
     permissions:
       contents: read
@@ -34,44 +36,44 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'true'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - id: init
-      uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'true'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - id: init
+        uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__analyze-ref-input.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   analyze-ref-input:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
     name: "Analyze: 'ref' and 'sha' from inputs"
     permissions:
       contents: read
@@ -38,45 +40,45 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        languages: cpp,csharp,java,javascript,python
-        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
-          github.sha }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-        ref: refs/heads/main
-        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__autobuild-action.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   autobuild-action:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
     name: autobuild-action
     permissions:
       contents: read
@@ -38,55 +40,55 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: csharp
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-      env:
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: csharp
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+        env:
       # Explicitly disable the CLR tracer.
-        COR_ENABLE_PROFILING: ''
-        COR_PROFILER: ''
-        COR_PROFILER_PATH_64: ''
-        CORECLR_ENABLE_PROFILING: ''
-        CORECLR_PROFILER: ''
-        CORECLR_PROFILER_PATH_64: ''
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d csharp ]]; then
-          echo "Did not find a C# database"
-          exit 1
-        fi
+          COR_ENABLE_PROFILING: ''
+          COR_PROFILER: ''
+          COR_PROFILER_PATH_64: ''
+          CORECLR_ENABLE_PROFILING: ''
+          CORECLR_PROFILER: ''
+          CORECLR_PROFILER_PATH_64: ''
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d csharp ]]; then
+            echo "Did not find a C# database"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-autobuild.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   build-mode-autobuild:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Build mode autobuild
     permissions:
       contents: read
@@ -34,55 +36,55 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Set up Java test repo configuration
-      run: |
-        mv * .github ../action/tests/multi-language-repo/
-        mv ../action/tests/multi-language-repo/.github/workflows .github
-        mv ../action/tests/java-repo/* .
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Set up Java test repo configuration
+        run: |
+          mv * .github ../action/tests/multi-language-repo/
+          mv ../action/tests/multi-language-repo/.github/workflows .github
+          mv ../action/tests/java-repo/* .
 
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: autobuild
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/init
+        id: init
+        with:
+          build-mode: autobuild
+          db-location: ${{ runner.temp }}/customDbLocation
+          languages: java
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "autobuild" ]]; then
-          echo "Expected build mode to be 'autobuild' but was $build_mode"
-          exit 1
-        fi
+      - name: Validate database build mode
+        run: |
+          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+          build_mode=$(yq eval '.buildMode' "$metadata_path")
+          if [[ "$build_mode" != "autobuild" ]]; then
+            echo "Expected build mode to be 'autobuild' but was $build_mode"
+            exit 1
+          fi
 
-    - uses: ./../action/analyze
+      - uses: ./../action/analyze
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-manual.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   build-mode-manual:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Build mode manual
     permissions:
       contents: read
@@ -34,57 +36,57 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: manual
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          build-mode: manual
+          db-location: ${{ runner.temp }}/customDbLocation
+          languages: java
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "manual" ]]; then
-          echo "Expected build mode to be 'manual' but was $build_mode"
-          exit 1
-        fi
+      - name: Validate database build mode
+        run: |
+          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+          build_mode=$(yq eval '.buildMode' "$metadata_path")
+          if [[ "$build_mode" != "manual" ]]; then
+            echo "Expected build mode to be 'manual' but was $build_mode"
+            exit 1
+          fi
 
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
 
-    - name: Build code
-      shell: bash
-      run: ./build.sh
+      - name: Build code
+        shell: bash
+        run: ./build.sh
 
-    - uses: ./../action/analyze
+      - uses: ./../action/analyze
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-none.yml

@@ -11,24 +11,26 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   build-mode-none:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Build mode none
     permissions:
       contents: read
@@ -36,53 +38,53 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: none
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          build-mode: none
+          db-location: ${{ runner.temp }}/customDbLocation
+          languages: java
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "none" ]]; then
-          echo "Expected build mode to be 'none' but was $build_mode"
-          exit 1
-        fi
+      - name: Validate database build mode
+        run: |
+          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+          build_mode=$(yq eval '.buildMode' "$metadata_path")
+          if [[ "$build_mode" != "none" ]]; then
+            echo "Expected build mode to be 'none' but was $build_mode"
+            exit 1
+          fi
 
   # The latest nightly supports omitting the autobuild Action when the build mode is specified.
-    - uses: ./../action/autobuild
-      if: matrix.version != 'nightly-latest'
+      - uses: ./../action/autobuild
+        if: matrix.version != 'nightly-latest'
 
-    - uses: ./../action/analyze
+      - uses: ./../action/analyze
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-rollback.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   build-mode-rollback:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Build mode rollback
     permissions:
       contents: read
@@ -34,56 +36,56 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Set up Java test repo configuration
-      run: |
-        mv * .github ../action/tests/multi-language-repo/
-        mv ../action/tests/multi-language-repo/.github/workflows .github
-        mv ../action/tests/java-repo/* .
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Set up Java test repo configuration
+        run: |
+          mv * .github ../action/tests/multi-language-repo/
+          mv ../action/tests/multi-language-repo/.github/workflows .github
+          mv ../action/tests/java-repo/* .
 
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: none
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/init
+        id: init
+        with:
+          build-mode: none
+          db-location: ${{ runner.temp }}/customDbLocation
+          languages: java
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "autobuild" ]]; then
-          echo "Expected build mode to be 'autobuild' but was $build_mode"
-          exit 1
-        fi
+      - name: Validate database build mode
+        run: |
+          metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
+          build_mode=$(yq eval '.buildMode' "$metadata_path")
+          if [[ "$build_mode" != "autobuild" ]]; then
+            echo "Expected build mode to be 'autobuild' but was $build_mode"
+            exit 1
+          fi
 
-    - uses: ./../action/analyze
+      - uses: ./../action/analyze
     env:
       CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-export.yml

@@ -11,32 +11,34 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   config-export:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Config export
     permissions:
       contents: read
@@ -44,72 +46,72 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: javascript
-        queries: security-extended
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-    - name: Upload SARIF
-      uses: actions/upload-artifact@v3
-      with:
-        name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
-        path: ${{ runner.temp }}/results/javascript.sarif
-        retention-days: 7
-    - name: Check config properties appear in SARIF
-      uses: actions/github-script@v7
-      env:
-        SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-      with:
-        script: |
-          const fs = require('fs');
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          queries: security-extended
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check config properties appear in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
 
-          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-          const run = sarif.runs[0];
-          const configSummary = run.properties.codeqlConfigSummary;
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+            const configSummary = run.properties.codeqlConfigSummary;
 
-          if (configSummary === undefined) {
-            core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
-          }
-          if (configSummary.disableDefaultQueries !== false) {
-            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
-              `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
-          }
-          const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
-          // Use JSON.stringify to deep-equal the arrays.
-          if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
-            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
-              `${JSON.stringify(configSummary.queries)}.`);
-          }
-          core.info('Finished config export tests.');
+            if (configSummary === undefined) {
+              core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+            }
+            if (configSummary.disableDefaultQueries !== false) {
+              core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+                `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+            }
+            const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
+            // Use JSON.stringify to deep-equal the arrays.
+            if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+              core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+                `${JSON.stringify(configSummary.queries)}.`);
+            }
+            core.info('Finished config export tests.');
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-input.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   config-input:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
     name: Config input
     permissions:
       contents: read
@@ -34,59 +36,59 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Copy queries into workspace
-      run: |
-        cp -a ../action/queries .
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Copy queries into workspace
+        run: |
+          cp -a ../action/queries .
 
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        languages: javascript
-        build-mode: none
-        config: |
-          disable-default-queries: true
-          queries:
-            - name: Run custom query
-              uses: ./queries/default-setup-environment-variables.ql
-          paths-ignore:
-            - tests
-            - lib
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: javascript
+          build-mode: none
+          config: |
+            disable-default-queries: true
+            queries:
+              - name: Run custom query
+                uses: ./queries/default-setup-environment-variables.ql
+            paths-ignore:
+              - tests
+              - lib
 
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
 
-    - name: Check SARIF
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/codeql-action/default-setup-env-vars
-        queries-not-run: javascript/codeql-action/default-setup-context-properties
+      - name: Check SARIF
+        uses: ./../action/.github/actions/check-sarif
+        with:
+          sarif-file: ${{ runner.temp }}/results/javascript.sarif
+          queries-run: javascript/codeql-action/default-setup-env-vars
+          queries-not-run: javascript/codeql-action/default-setup-context-properties
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-disabled.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   cpp-deptrace-disabled:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
     name: 'C/C++: disabling autoinstalling dependencies (Linux)'
     permissions:
       contents: read
@@ -38,51 +40,51 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Test setup
-      shell: bash
-      run: |
-        cp -a ../action/tests/cpp-autobuild autobuild-dir
-    - uses: ./../action/init
-      with:
-        languages: cpp
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-      with:
-        working-directory: autobuild-dir
-      env:
-        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
-    - shell: bash
-      run: |
-        if ls /usr/bin/errno; then
-          echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Test setup
+        shell: bash
+        run: |
+          cp -a ../action/tests/cpp-autobuild autobuild-dir
+      - uses: ./../action/init
+        with:
+          languages: cpp
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+        with:
+          working-directory: autobuild-dir
+        env:
+          CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
+      - shell: bash
+        run: |
+          if ls /usr/bin/errno; then
+            echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   cpp-deptrace-enabled-on-macos:
     strategy:
       matrix:
         include:
-        - os: macos-latest
-          version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
     permissions:
       contents: read
@@ -34,53 +36,53 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Test setup
-      shell: bash
-      run: |
-        cp -a ../action/tests/cpp-autobuild autobuild-dir
-    - uses: ./../action/init
-      with:
-        languages: cpp
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-      with:
-        working-directory: autobuild-dir
-      env:
-        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
-    - shell: bash
-      run: |
-        if ! ls /usr/bin/errno; then
-          echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
-        else
-          echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Test setup
+        shell: bash
+        run: |
+          cp -a ../action/tests/cpp-autobuild autobuild-dir
+      - uses: ./../action/init
+        with:
+          languages: cpp
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+        with:
+          working-directory: autobuild-dir
+        env:
+          CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
+      - shell: bash
+        run: |
+          if ! ls /usr/bin/errno; then
+            echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
+          else
+            echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-enabled.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   cpp-deptrace-enabled:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
     name: 'C/C++: autoinstalling dependencies (Linux)'
     permissions:
       contents: read
@@ -38,51 +40,51 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Test setup
-      shell: bash
-      run: |
-        cp -a ../action/tests/cpp-autobuild autobuild-dir
-    - uses: ./../action/init
-      with:
-        languages: cpp
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-      with:
-        working-directory: autobuild-dir
-      env:
-        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
-    - shell: bash
-      run: |
-        if ! ls /usr/bin/errno; then
-          echo "Did not autoinstall errno"
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Test setup
+        shell: bash
+        run: |
+          cp -a ../action/tests/cpp-autobuild autobuild-dir
+      - uses: ./../action/init
+        with:
+          languages: cpp
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+        with:
+          working-directory: autobuild-dir
+        env:
+          CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
+      - shell: bash
+        run: |
+          if ! ls /usr/bin/errno; then
+            echo "Did not autoinstall errno"
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__diagnostics-export.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   diagnostics-export:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20230317
-        - os: macos-latest
-          version: stable-20230317
-        - os: windows-latest
-          version: stable-20230317
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20230317
+          - os: macos-latest
+            version: stable-20230317
+          - os: windows-latest
+            version: stable-20230317
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Diagnostic export
     permissions:
       contents: read
@@ -50,113 +52,113 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Add test diagnostics
-      shell: bash
-      env:
-        CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
-      run: |
-        for i in {1..2}; do
-          # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
-          # produces an invalid diagnostic with multiple identical location objects.
-          "$CODEQL_PATH" database add-diagnostic \
-            "$RUNNER_TEMP/codeql_databases/javascript" \
-            --file-path /path/to/file \
-            --plaintext-message "Plaintext message $i" \
-            --source-id "lang/diagnostics/example" \
-            --source-name "Diagnostic name" \
-            --ready-for-status-page
-        done
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-    - name: Upload SARIF
-      uses: actions/upload-artifact@v3
-      with:
-        name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
-        path: ${{ runner.temp }}/results/javascript.sarif
-        retention-days: 7
-    - name: Check diagnostics appear in SARIF
-      uses: actions/github-script@v7
-      env:
-        SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-      with:
-        script: |
-          const fs = require('fs');
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Add test diagnostics
+        shell: bash
+        env:
+          CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
+        run: |
+          for i in {1..2}; do
+            # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
+            # produces an invalid diagnostic with multiple identical location objects.
+            "$CODEQL_PATH" database add-diagnostic \
+              "$RUNNER_TEMP/codeql_databases/javascript" \
+              --file-path /path/to/file \
+              --plaintext-message "Plaintext message $i" \
+              --source-id "lang/diagnostics/example" \
+              --source-name "Diagnostic name" \
+              --ready-for-status-page
+          done
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check diagnostics appear in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
 
-          function checkStatusPageNotification(n) {
-            const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
-            if (n.message.text !== expectedMessage) {
-              core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
+            function checkStatusPageNotification(n) {
+              const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
+              if (n.message.text !== expectedMessage) {
+                core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
+              }
+              if (n.locations.length !== 1) {
+                core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
+              }
             }
-            if (n.locations.length !== 1) {
-              core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+
+            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
+            const statusPageNotifications = toolExecutionNotifications.filter(n =>
+              n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
+            );
+            if (statusPageNotifications.length !== 1) {
+              core.setFailed(
+                'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
+                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
+                  `${statusPageNotifications.length}. All notification reporting descriptors: ` +
+                  `${JSON.stringify(toolExecutionNotifications)}.`
+              );
             }
-          }
+            checkStatusPageNotification(statusPageNotifications[0]);
 
-          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-          const run = sarif.runs[0];
-
-          const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-          const statusPageNotifications = toolExecutionNotifications.filter(n =>
-            n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
-          );
-          if (statusPageNotifications.length !== 1) {
-            core.setFailed(
-              'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
-                `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                `${statusPageNotifications.length}. All notification reporting descriptors: ` +
-                `${JSON.stringify(toolExecutionNotifications)}.`
+            const notifications = run.tool.driver.notifications;
+            const diagnosticNotification = notifications.filter(n =>
+              n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
+                n.fullDescription.text === 'Diagnostic name'
             );
-          }
-          checkStatusPageNotification(statusPageNotifications[0]);
+            if (diagnosticNotification.length !== 1) {
+              core.setFailed(
+                'Expected exactly one notification for this diagnostic in the ' +
+                  `'runs[].tool.driver.notifications[]' SARIF property, but found ` +
+                  `${diagnosticNotification.length}. All notifications: ` +
+                  `${JSON.stringify(notifications)}.`
+              );
+            }
 
-          const notifications = run.tool.driver.notifications;
-          const diagnosticNotification = notifications.filter(n =>
-            n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
-              n.fullDescription.text === 'Diagnostic name'
-          );
-          if (diagnosticNotification.length !== 1) {
-            core.setFailed(
-              'Expected exactly one notification for this diagnostic in the ' +
-                `'runs[].tool.driver.notifications[]' SARIF property, but found ` +
-                `${diagnosticNotification.length}. All notifications: ` +
-                `${JSON.stringify(notifications)}.`
-            );
-          }
-
-          core.info('Finished diagnostic export test');
+            core.info('Finished diagnostic export test');
     env:
       CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__export-file-baseline-information.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   export-file-baseline-information:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Export file baseline information
     permissions:
       contents: read
@@ -38,72 +40,72 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-    - name: Upload SARIF
-      uses: actions/upload-artifact@v3
-      with:
-        name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
-        path: ${{ runner.temp }}/results/javascript.sarif
-        retention-days: 7
-    - name: Check results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="c csharp go java kotlin javascript python ruby"
-        if [[ $RUNNER_OS != "Windows" ]]; then
-          expected_baseline_languages+=" swift"
-        fi
-
-        for lang in ${expected_baseline_languages}; do
-          rule_name="cli/expected-extracted-files/${lang}"
-          found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
-            select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
-          if [[ "${found_notification}" != "true" ]]; then
-            echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
-            exit 1
-          else
-            echo "Found notification '${rule_name}'."
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v3
+        with:
+          name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          expected_baseline_languages="c csharp go java kotlin javascript python ruby"
+          if [[ $RUNNER_OS != "Windows" ]]; then
+            expected_baseline_languages+=" swift"
           fi
-        done
+
+          for lang in ${expected_baseline_languages}; do
+            rule_name="cli/expected-extracted-files/${lang}"
+            found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
+              select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
+            if [[ "${found_notification}" != "true" ]]; then
+              echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
+              exit 1
+            else
+              echo "Found notification '${rule_name}'."
+            fi
+          done
     env:
       CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__extractor-ram-threads.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   extractor-ram-threads:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
     name: Extractor ram and threads options test
     permissions:
       contents: read
@@ -34,55 +36,55 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: java
-        ram: 230
-        threads: 1
-    - name: Assert Results
-      shell: bash
-      run: |
-        if [ "${CODEQL_RAM}" != "230" ]; then
-          echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
-          exit 1
-        fi
-        if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
-          echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
-          exit 1
-        fi
-        if [ "${CODEQL_THREADS}" != "1" ]; then
-          echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
-          exit 1
-        fi
-        if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
-          echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: java
+          ram: 230
+          threads: 1
+      - name: Assert Results
+        shell: bash
+        run: |
+          if [ "${CODEQL_RAM}" != "230" ]; then
+            echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_THREADS}" != "1" ]; then
+            echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-custom-queries.yml

@@ -11,62 +11,64 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-custom-queries:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: windows-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: windows-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: windows-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: windows-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: windows-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: windows-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: windows-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: windows-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Go: Custom queries'
     permissions:
       contents: read
@@ -74,43 +76,43 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: go
-        config-file: ./.github/codeql/custom-queries.yml
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: go
+          config-file: ./.github/codeql/custom-queries.yml
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-indirect-tracing-workaround-diagnostic:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.14.6
     name: 'Go: diagnostic when Go is changed after init step'
     permissions:
       contents: read
@@ -34,73 +36,73 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
-      with:
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/setup-go@v5
+        with:
       # We need a Go version that ships with statically linked binaries on Linux
-        go-version: '>=1.21.0'
-    - uses: ./../action/init
-      with:
-        languages: go
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          go-version: '>=1.21.0'
+      - uses: ./../action/init
+        with:
+          languages: go
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
   # Deliberately change Go after the `init` step
-    - uses: actions/setup-go@v5
-      with:
-        go-version: '1.20'
-    - name: Build code
-      shell: bash
-      run: go build main.go
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-    - name: Check diagnostic appears in SARIF
-      uses: actions/github-script@v7
-      env:
-        SARIF_PATH: ${{ runner.temp }}/results/go.sarif
-      with:
-        script: |
-          const fs = require('fs');
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.20'
+      - name: Build code
+        shell: bash
+        run: go build main.go
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Check diagnostic appears in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/go.sarif
+        with:
+          script: |
+            const fs = require('fs');
 
-          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-          const run = sarif.runs[0];
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
 
-          const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-          const statusPageNotifications = toolExecutionNotifications.filter(n =>
-            n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage
-          );
-          if (statusPageNotifications.length !== 1) {
-            core.setFailed(
-              'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
-                `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                `${statusPageNotifications.length}. All notification reporting descriptors: ` +
-                `${JSON.stringify(toolExecutionNotifications)}.`
+            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
+            const statusPageNotifications = toolExecutionNotifications.filter(n =>
+              n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage
             );
-          }
+            if (statusPageNotifications.length !== 1) {
+              core.setFailed(
+                'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
+                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
+                  `${statusPageNotifications.length}. All notification reporting descriptors: ` +
+                  `${JSON.stringify(toolExecutionNotifications)}.`
+              );
+            }
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-indirect-tracing-workaround:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.14.6
     name: 'Go: workaround for indirect tracing'
     permissions:
       contents: read
@@ -34,71 +36,71 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
-      with:
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/setup-go@v5
+        with:
       # We need a Go version that ships with statically linked binaries on Linux
-        go-version: '>=1.21.0'
-    - uses: ./../action/init
-      with:
-        languages: go
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: go build main.go
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - shell: bash
-      run: |
-        if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
-          echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \
-            "CODEQL_ACTION_GO_BINARY environment variable is not set."
-          exit 1
-        fi
-        if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then
-          echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist."
-          exit 1
-        fi
+          go-version: '>=1.21.0'
+      - uses: ./../action/init
+        with:
+          languages: go
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: go build main.go
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - shell: bash
+        run: |
+          if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
+            echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \
+              "CODEQL_ACTION_GO_BINARY environment variable is not set."
+            exit 1
+          fi
+          if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then
+            echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist."
+            exit 1
+          fi
 
 
-        # Once we start running Bash 4.2 in all environments, we can replace the
-        # `! -z` flag with the more elegant `-v` which confirms that the variable
-        # is actually unset and not potentially set to a blank value.
-        if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
-          echo "Expected the Go autobuilder not to be run, but the" \
-            "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
-          exit 1
-        fi
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d go ]]; then
-          echo "Did not find a Go database"
-          exit 1
-        fi
+          # Once we start running Bash 4.2 in all environments, we can replace the
+          # `! -z` flag with the more elegant `-v` which confirms that the variable
+          # is actually unset and not potentially set to a blank value.
+          if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
+            echo "Expected the Go autobuilder not to be run, but the" \
+              "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
+            exit 1
+          fi
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d go ]]; then
+            echo "Did not find a Go database"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-tracing-autobuilder.yml

@@ -11,48 +11,50 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-tracing-autobuilder:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: 'Go: tracing with autobuilder step'
     permissions:
       contents: read
@@ -60,58 +62,58 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
-      with:
-        go-version: ~1.22.0
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ~1.22.0
       # to avoid potentially misleading autobuilder results where we expect it to download
       # dependencies successfully, but they actually come from a warm cache
-        cache: false
-    - uses: ./../action/init
-      with:
-        languages: go
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - shell: bash
-      run: |
-        if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
-          echo "Expected the Go autobuilder to be run, but the" \
-            "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true."
-          exit 1
-        fi
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d go ]]; then
-          echo "Did not find a Go database"
-          exit 1
-        fi
+          cache: false
+      - uses: ./../action/init
+        with:
+          languages: go
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - shell: bash
+        run: |
+          if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
+            echo "Expected the Go autobuilder to be run, but the" \
+              "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true."
+            exit 1
+          fi
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d go ]]; then
+            echo "Did not find a Go database"
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -11,48 +11,50 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-tracing-custom-build-steps:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: 'Go: tracing with custom build steps'
     permissions:
       contents: read
@@ -60,62 +62,62 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
-      with:
-        go-version: ~1.22.0
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ~1.22.0
       # to avoid potentially misleading autobuilder results where we expect it to download
       # dependencies successfully, but they actually come from a warm cache
-        cache: false
-    - uses: ./../action/init
-      with:
-        languages: go
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: go build main.go
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - shell: bash
-      run: |
-        # Once we start running Bash 4.2 in all environments, we can replace the
-        # `! -z` flag with the more elegant `-v` which confirms that the variable
-        # is actually unset and not potentially set to a blank value.
-        if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
-          echo "Expected the Go autobuilder not to be run, but the" \
-            "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
-          exit 1
-        fi
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d go ]]; then
-          echo "Did not find a Go database"
-          exit 1
-        fi
+          cache: false
+      - uses: ./../action/init
+        with:
+          languages: go
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: go build main.go
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - shell: bash
+        run: |
+          # Once we start running Bash 4.2 in all environments, we can replace the
+          # `! -z` flag with the more elegant `-v` which confirms that the variable
+          # is actually unset and not potentially set to a blank value.
+          if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
+            echo "Expected the Go autobuilder not to be run, but the" \
+              "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
+            exit 1
+          fi
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d go ]]; then
+            echo "Did not find a Go database"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -11,48 +11,50 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   go-tracing-legacy-workflow:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: 'Go: tracing with legacy workflow'
     permissions:
       contents: read
@@ -60,52 +62,52 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
-      with:
-        go-version: ~1.22.0
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ~1.22.0
       # to avoid potentially misleading autobuilder results where we expect it to download
       # dependencies successfully, but they actually come from a warm cache
-        cache: false
-    - uses: ./../action/init
-      with:
-        languages: go
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - shell: bash
-      run: |
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d go ]]; then
-          echo "Did not find a Go database"
-          exit 1
-        fi
+          cache: false
+      - uses: ./../action/init
+        with:
+          languages: go
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d go ]]; then
+            echo "Did not find a Go database"
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__init-with-registries.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   init-with-registries:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Packaging: Download using registries'
     permissions:
       contents: read
@@ -51,94 +53,94 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Init with registries
-      uses: ./../action/init
-      with:
-        db-location: ${{ runner.temp }}/customDbLocation
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        config-file: ./.github/codeql/codeql-config-registries.yml
-        languages: javascript
-        registries: |
-          - url: "https://ghcr.io/v2/"
-            packages: "*/*"
-            token: "${{ secrets.GITHUB_TOKEN }}"
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Init with registries
+        uses: ./../action/init
+        with:
+          db-location: ${{ runner.temp }}/customDbLocation
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          config-file: ./.github/codeql/codeql-config-registries.yml
+          languages: javascript
+          registries: |
+            - url: "https://ghcr.io/v2/"
+              packages: "*/*"
+              token: "${{ secrets.GITHUB_TOKEN }}"
 
-    - name: Verify packages installed
-      shell: bash
-      run: |
-        PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
-        CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
+      - name: Verify packages installed
+        shell: bash
+        run: |
+          PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
+          CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
 
-        if [[ -d $PRIVATE_PACK ]]
-        then
-            echo "$PRIVATE_PACK was installed."
-        else
-            echo "::error $PRIVATE_PACK pack was not installed."
-            exit 1
-        fi
+          if [[ -d $PRIVATE_PACK ]]
+          then
+              echo "$PRIVATE_PACK was installed."
+          else
+              echo "::error $PRIVATE_PACK pack was not installed."
+              exit 1
+          fi
 
-        if [[ -d $CODEQL_PACK1 ]]
-        then
-            echo "$CODEQL_PACK1 was installed."
-        else
-            echo "::error $CODEQL_PACK1 pack was not installed."
-            exit 1
-        fi
+          if [[ -d $CODEQL_PACK1 ]]
+          then
+              echo "$CODEQL_PACK1 was installed."
+          else
+              echo "::error $CODEQL_PACK1 pack was not installed."
+              exit 1
+          fi
 
-    - name: Verify qlconfig.yml file was created
-      shell: bash
-      run: |
-        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
-        echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
-        if [[ -f $QLCONFIG_PATH ]]
-        then
-            echo "qlconfig.yml file was created."
-        else
-            echo "::error qlconfig.yml file was not created."
-            exit 1
-        fi
+      - name: Verify qlconfig.yml file was created
+        shell: bash
+        run: |
+          QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
+          echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
+          if [[ -f $QLCONFIG_PATH ]]
+          then
+              echo "qlconfig.yml file was created."
+          else
+              echo "::error qlconfig.yml file was not created."
+              exit 1
+          fi
 
-    - name: Verify contents of qlconfig.yml
+      - name: Verify contents of qlconfig.yml
     # yq is not available on windows
-      if: runner.os != 'Windows'
-      shell: bash
-      run: |
-        QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
-        cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
-        if [[ $? -eq 0 ]]
-        then
-            echo "Registry was added to qlconfig.yml file."
-        else
-            echo "::error Registry was not added to qlconfig.yml file."
-            echo "Contents of qlconfig.yml file:"
-            cat $QLCONFIG_PATH
-            exit 1
-        fi
+        if: runner.os != 'Windows'
+        shell: bash
+        run: |
+          QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
+          cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
+          if [[ $? -eq 0 ]]
+          then
+              echo "Registry was added to qlconfig.yml file."
+          else
+              echo "::error Registry was not added to qlconfig.yml file."
+              echo "Contents of qlconfig.yml file:"
+              cat $QLCONFIG_PATH
+              exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__javascript-source-root.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   javascript-source-root:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Custom source root
     permissions:
       contents: read
@@ -38,54 +40,54 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Move codeql-action
-      shell: bash
-      run: |
-        mkdir ../new-source-root
-        mv * ../new-source-root
-    - uses: ./../action/init
-      with:
-        languages: javascript
-        source-root: ../new-source-root
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-        skip-queries: true
-        upload: never
-    - name: Assert database exists
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d javascript ]]; then
-          echo "Did not find a JavaScript database"
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../new-source-root
+          mv * ../new-source-root
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          source-root: ../new-source-root
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+          skip-queries: true
+          upload: never
+      - name: Assert database exists
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d javascript ]]; then
+            echo "Did not find a JavaScript database"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__language-aliases.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   language-aliases:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
     name: Language aliases
     permissions:
       contents: read
@@ -34,46 +36,46 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: C#,java-kotlin,swift,typescript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: C#,java-kotlin,swift,typescript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Check languages
-      run: |
-        expected_languages="csharp,java,swift,javascript"
-        actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)
+      - name: Check languages
+        run: |
+          expected_languages="csharp,java,swift,javascript"
+          actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)
 
-        if [ "$expected_languages" != "$actual_languages" ]; then
-          echo "Resolved languages did not match expected list. " \
-            "Expected languages: $expected_languages. Actual languages: $actual_languages."
-          exit 1
-        fi
+          if [ "$expected_languages" != "$actual_languages" ]; then
+            echo "Resolved languages did not match expected list. " \
+              "Expected languages: $expected_languages. Actual languages: $actual_languages."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__multi-language-autodetect.yml

@@ -11,48 +11,50 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   multi-language-autodetect:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: Multi-language repository
     permissions:
       contents: read
@@ -60,100 +62,100 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        db-location: ${{ runner.temp }}/customDbLocation
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          db-location: ${{ runner.temp }}/customDbLocation
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
 
-    - name: Build code
-      shell: bash
-      run: ./build.sh
+      - name: Build code
+        shell: bash
+        run: ./build.sh
 
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
 
-    - name: Check language autodetect for all languages excluding Swift
-      shell: bash
-      run: |
-        CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
-        if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for CPP, or created it in the wrong location."
-          exit 1
-        fi
-        CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
-        if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for C Sharp, or created it in the wrong location."
-          exit 1
-        fi
-        GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
-        if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Go, or created it in the wrong location."
-          exit 1
-        fi
-        JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
-        if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Java, or created it in the wrong location."
-          exit 1
-        fi
-        JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
-        if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Javascript, or created it in the wrong location."
-          exit 1
-        fi
-        PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
-        if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Python, or created it in the wrong location."
-          exit 1
-        fi
-        RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
-        if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Ruby, or created it in the wrong location."
-          exit 1
-        fi
+      - name: Check language autodetect for all languages excluding Swift
+        shell: bash
+        run: |
+          CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
+          if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for CPP, or created it in the wrong location."
+            exit 1
+          fi
+          CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
+          if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for C Sharp, or created it in the wrong location."
+            exit 1
+          fi
+          GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
+          if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Go, or created it in the wrong location."
+            exit 1
+          fi
+          JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
+          if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Java, or created it in the wrong location."
+            exit 1
+          fi
+          JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
+          if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Javascript, or created it in the wrong location."
+            exit 1
+          fi
+          PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
+          if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Python, or created it in the wrong location."
+            exit 1
+          fi
+          RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
+          if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Ruby, or created it in the wrong location."
+            exit 1
+          fi
 
-    - name: Check language autodetect for Swift
-      if: >-
-        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
-            (runner.os != 'Windows' && matrix.version == 'nightly-latest')
-      shell: bash
-      run: |
-        SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
-        if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
-          echo "Did not create a database for Swift, or created it in the wrong location."
-          exit 1
-        fi
+      - name: Check language autodetect for Swift
+        if: >-
+          env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
+              (runner.os != 'Windows' && matrix.version == 'nightly-latest')
+        shell: bash
+        run: |
+          SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
+          if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
+            echo "Did not create a database for Swift, or created it in the wrong location."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   packaging-codescanning-config-inputs-js:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Packaging: Config and input passed to the CLI'
     permissions:
       contents: read
@@ -50,67 +52,67 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          config-file: .github/codeql/codeql-config-packaging3.yml
+          packs: +codeql-testing/codeql-pack1@1.0.0
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
 
-    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
-          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
-        queries-not-run: foo,bar
+      - name: Check results
+        uses: ./../action/.github/actions/check-sarif
+        with:
+          sarif-file: ${{ runner.temp }}/results/javascript.sarif
+          queries-run: 
+            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-not-run: foo,bar
 
-    - name: Assert Results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+      - name: Assert Results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          # We should have 4 hits from these rules
+          EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
-        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
-        echo "Found matching rules '$RULES'"
-        if [ "$RULES" != "$EXPECTED_RULES" ]; then
-          echo "Did not match expected rules '$EXPECTED_RULES'."
-          exit 1
-        fi
+          # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+          RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+          echo "Found matching rules '$RULES'"
+          if [ "$RULES" != "$EXPECTED_RULES" ]; then
+            echo "Did not match expected rules '$EXPECTED_RULES'."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-config-inputs-js.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   packaging-config-inputs-js:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Packaging: Config and input'
     permissions:
       contents: read
@@ -50,67 +52,67 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          config-file: .github/codeql/codeql-config-packaging3.yml
+          packs: +codeql-testing/codeql-pack1@1.0.0
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
 
-    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
-          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
-        queries-not-run: foo,bar
+      - name: Check results
+        uses: ./../action/.github/actions/check-sarif
+        with:
+          sarif-file: ${{ runner.temp }}/results/javascript.sarif
+          queries-run: 
+            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-not-run: foo,bar
 
-    - name: Assert Results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+      - name: Assert Results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          # We should have 4 hits from these rules
+          EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
-        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
-        echo "Found matching rules '$RULES'"
-        if [ "$RULES" != "$EXPECTED_RULES" ]; then
-          echo "Did not match expected rules '$EXPECTED_RULES'."
-          exit 1
-        fi
+          # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+          RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+          echo "Found matching rules '$RULES'"
+          if [ "$RULES" != "$EXPECTED_RULES" ]; then
+            echo "Did not match expected rules '$EXPECTED_RULES'."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-config-js.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   packaging-config-js:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Packaging: Config file'
     permissions:
       contents: read
@@ -50,66 +52,66 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        config-file: .github/codeql/codeql-config-packaging.yml
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          config-file: .github/codeql/codeql-config-packaging.yml
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
 
-    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
-          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
-        queries-not-run: foo,bar
+      - name: Check results
+        uses: ./../action/.github/actions/check-sarif
+        with:
+          sarif-file: ${{ runner.temp }}/results/javascript.sarif
+          queries-run: 
+            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-not-run: foo,bar
 
-    - name: Assert Results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+      - name: Assert Results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          # We should have 4 hits from these rules
+          EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
-        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
-        echo "Found matching rules '$RULES'"
-        if [ "$RULES" != "$EXPECTED_RULES" ]; then
-          echo "Did not match expected rules '$EXPECTED_RULES'."
-          exit 1
-        fi
+          # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+          RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+          echo "Found matching rules '$RULES'"
+          if [ "$RULES" != "$EXPECTED_RULES" ]; then
+            echo "Did not match expected rules '$EXPECTED_RULES'."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-inputs-js.yml

@@ -11,38 +11,40 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   packaging-inputs-js:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Packaging: Action input'
     permissions:
       contents: read
@@ -50,66 +52,66 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        config-file: .github/codeql/codeql-config-packaging2.yml
-        languages: javascript
-        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          config-file: .github/codeql/codeql-config-packaging2.yml
+          languages: javascript
+          packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
 
-    - name: Check results
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: 
-          javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
-        queries-not-run: foo,bar
+      - name: Check results
+        uses: ./../action/.github/actions/check-sarif
+        with:
+          sarif-file: ${{ runner.temp }}/results/javascript.sarif
+          queries-run: 
+            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-not-run: foo,bar
 
-    - name: Assert Results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+      - name: Assert Results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          # We should have 4 hits from these rules
+          EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
-        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
-        echo "Found matching rules '$RULES'"
-        if [ "$RULES" != "$EXPECTED_RULES" ]; then
-          echo "Did not match expected rules '$EXPECTED_RULES'."
-          exit 1
-        fi
+          # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+          RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+          echo "Found matching rules '$RULES'"
+          if [ "$RULES" != "$EXPECTED_RULES" ]; then
+            echo "Did not match expected rules '$EXPECTED_RULES'."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__remote-config.yml

@@ -11,62 +11,64 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   remote-config:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: windows-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: windows-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: windows-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: windows-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: windows-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: windows-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: windows-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: windows-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Remote config file
     permissions:
       contents: read
@@ -74,41 +76,41 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        languages: cpp,csharp,java,javascript,python
-        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
-          github.sha }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__resolve-environment-action.yml

@@ -11,44 +11,46 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   resolve-environment-action:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-v2.13.4
-        - os: macos-latest
-          version: stable-v2.13.4
-        - os: windows-latest
-          version: stable-v2.13.4
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-        - os: windows-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-v2.13.4
+          - os: macos-latest
+            version: stable-v2.13.4
+          - os: windows-latest
+            version: stable-v2.13.4
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Resolve environment
     permissions:
       contents: read
@@ -56,58 +58,58 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
-          }}
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
+            }}
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Resolve environment for Go
-      uses: ./../action/resolve-environment
-      id: resolve-environment-go
-      with:
-        language: go
+      - name: Resolve environment for Go
+        uses: ./../action/resolve-environment
+        id: resolve-environment-go
+        with:
+          language: go
 
-    - name: Fail if Go configuration missing
-      if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go)
-      run: exit 1
+      - name: Fail if Go configuration missing
+        if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go)
+        run: exit 1
 
-    - name: Resolve environment for JavaScript/TypeScript
-      if: matrix.version != 'stable-v2.13.4'
-      uses: ./../action/resolve-environment
-      id: resolve-environment-js
-      with:
-        language: javascript-typescript
+      - name: Resolve environment for JavaScript/TypeScript
+        if: matrix.version != 'stable-v2.13.4'
+        uses: ./../action/resolve-environment
+        id: resolve-environment-js
+        with:
+          language: javascript-typescript
 
-    - name: Fail if JavaScript/TypeScript configuration present
-      if: matrix.version != 'stable-v2.13.4' && 
-        fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
-      run: exit 1
+      - name: Fail if JavaScript/TypeScript configuration present
+        if: matrix.version != 'stable-v2.13.4' && 
+          fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
+        run: exit 1
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__rubocop-multi-language.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   rubocop-multi-language:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: default
+          - os: ubuntu-latest
+            version: default
     name: RuboCop multi-language
     permissions:
       contents: read
@@ -34,51 +36,51 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-    - name: Install Code Scanning integration
-      shell: bash
-      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
-    - name: Install dependencies
-      shell: bash
-      run: bundle install
-    - name: RuboCop run
-      shell: bash
-      run: |
-        bash -c "
-          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
-          [[ $? -ne 2 ]]
-        "
-    - uses: ./../action/upload-sarif
-      with:
-        sarif_file: rubocop.sarif
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6
+      - name: Install Code Scanning integration
+        shell: bash
+        run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+      - name: Install dependencies
+        shell: bash
+        run: bundle install
+      - name: RuboCop run
+        shell: bash
+        run: |
+          bash -c "
+            bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+            [[ $? -ne 2 ]]
+          "
+      - uses: ./../action/upload-sarif
+        with:
+          sarif_file: rubocop.sarif
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__ruby.yml

@@ -11,32 +11,34 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   ruby:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: Ruby analysis
     permissions:
       contents: read
@@ -44,47 +46,47 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: ruby
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
-        if [[ ! -d "$RUBY_DB" ]]; then
-          echo "Did not create a database for Ruby."
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: ruby
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
+          if [[ ! -d "$RUBY_DB" ]]; then
+            echo "Did not create a database for Ruby."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__scaling-reserved-ram.yml

@@ -11,48 +11,50 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   scaling-reserved-ram:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: macos-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: macos-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: macos-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: macos-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: macos-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: macos-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: Scaling reserved RAM
     permissions:
       contents: read
@@ -60,50 +62,50 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        db-location: ${{ runner.temp }}/customDbLocation
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          db-location: ${{ runner.temp }}/customDbLocation
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
 
-    - name: Build code
-      shell: bash
-      run: ./build.sh
+      - name: Build code
+        shell: bash
+        run: ./build.sh
 
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
     env:
       CODEQL_ACTION_SCALING_RESERVED_RAM: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__split-workflow.yml

@@ -11,32 +11,34 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   split-workflow:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: Split workflow
     permissions:
       contents: read
@@ -44,71 +46,71 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +codeql-testing/codeql-pack1@1.0.0
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        skip-queries: true
-        output: ${{ runner.temp }}/results
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          config-file: .github/codeql/codeql-config-packaging3.yml
+          packs: +codeql-testing/codeql-pack1@1.0.0
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          skip-queries: true
+          output: ${{ runner.temp }}/results
+          upload-database: false
 
-    - name: Assert No Results
-      shell: bash
-      run: |
-        if [ "$(ls -A $RUNNER_TEMP/results)" ]; then
-          echo "Expected results directory to be empty after skipping query execution!"
-          exit 1
-        fi
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-    - name: Assert Results
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/results"
-        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+      - name: Assert No Results
+        shell: bash
+        run: |
+          if [ "$(ls -A $RUNNER_TEMP/results)" ]; then
+            echo "Expected results directory to be empty after skipping query execution!"
+            exit 1
+          fi
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Assert Results
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/results"
+          # We should have 4 hits from these rules
+          EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
-        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
-        echo "Found matching rules '$RULES'"
-        if [ "$RULES" != "$EXPECTED_RULES" ]; then
-          echo "Did not match expected rules '$EXPECTED_RULES'."
-          exit 1
-        fi
+          # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+          RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+          echo "Found matching rules '$RULES'"
+          if [ "$RULES" != "$EXPECTED_RULES" ]; then
+            echo "Did not match expected rules '$EXPECTED_RULES'."
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__submit-sarif-failure.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   submit-sarif-failure:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Submit SARIF after failure
     permissions:
       contents: read
@@ -38,49 +40,49 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/checkout@v4
-    - uses: ./init
-      with:
-        languages: javascript
-    - name: Fail
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: actions/checkout@v4
+      - uses: ./init
+        with:
+          languages: javascript
+      - name: Fail
     # We want this job to pass if the Action correctly uploads the SARIF file for
     # the failed run.
     # Setting this step to continue on error means that it is marked as completing
     # successfully, so will not fail the job.
-      continue-on-error: true
-      run: exit 1
-    - uses: ./analyze
+        continue-on-error: true
+        run: exit 1
+      - uses: ./analyze
     # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
     # above, we manually disable it with an `if` condition.
-      if: false
-      with:
-        category: /test-codeql-version:${{ matrix.version }}
+        if: false
+        with:
+          category: /test-codeql-version:${{ matrix.version }}
     env:
   # Internal-only environment variable used to indicate that the post-init Action
   # should expect to upload a SARIF file for the failed run.

.github/workflows/__swift-custom-build.yml

@@ -11,32 +11,34 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   swift-custom-build:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
     name: Swift analysis using a custom build command
     permissions:
       contents: read
@@ -44,58 +46,58 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        languages: swift
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-    - name: Check working directory
-      shell: bash
-      run: pwd
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
-        if [[ ! -d "$SWIFT_DB" ]]; then
-          echo "Did not create a database for Swift."
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          languages: swift
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{steps.init.outputs.codeql-path}}
+      - name: Check working directory
+        shell: bash
+        run: pwd
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
+          if [[ ! -d "$SWIFT_DB" ]]; then
+            echo "Did not create a database for Swift."
+            exit 1
+          fi
     env:
       DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__test-autobuild-working-dir.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   test-autobuild-working-dir:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
     name: Autobuild working directory
     permissions:
       contents: read
@@ -34,56 +36,56 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Test setup
-      shell: bash
-      run: |
-        # Make sure that Gradle build succeeds in autobuild-dir ...
-        cp -a ../action/tests/java-repo autobuild-dir
-        # ... and fails if attempted in the current directory
-        echo > build.gradle
-    - uses: ./../action/init
-      with:
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/autobuild
-      with:
-        working-directory: autobuild-dir
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        cd "$RUNNER_TEMP/codeql_databases"
-        if [[ ! -d java ]]; then
-          echo "Did not find a Java database"
-          exit 1
-        fi
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Test setup
+        shell: bash
+        run: |
+          # Make sure that Gradle build succeeds in autobuild-dir ...
+          cp -a ../action/tests/java-repo autobuild-dir
+          # ... and fails if attempted in the current directory
+          echo > build.gradle
+      - uses: ./../action/init
+        with:
+          languages: java
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/autobuild
+        with:
+          working-directory: autobuild-dir
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases"
+          if [[ ! -d java ]]; then
+            echo "Did not find a Java database"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__test-local-codeql.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   test-local-codeql:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Local CodeQL bundle
     permissions:
       contents: read
@@ -34,50 +36,50 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Fetch a CodeQL bundle
-      shell: bash
-      env:
-        CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
-      run: |
-        wget "$CODEQL_URL"
-    - id: init
-      uses: ./../action/init
-      with:
-        tools: ./codeql-bundle-linux64.tar.gz
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Fetch a CodeQL bundle
+        shell: bash
+        env:
+          CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
+        run: |
+          wget "$CODEQL_URL"
+      - id: init
+        uses: ./../action/init
+        with:
+          tools: ./codeql-bundle-linux64.tar.gz
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__test-proxy.yml

@@ -11,22 +11,24 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   test-proxy:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
     name: Proxy test
     permissions:
       contents: read
@@ -34,39 +36,39 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
     env:
       https_proxy: http://squid-proxy:3128
       CODEQL_ACTION_TEST_MODE: true
@@ -77,4 +79,4 @@ jobs:
       squid-proxy:
         image: ubuntu/squid:latest
         ports:
-        - 3128:3128
+          - 3128:3128

.github/workflows/__unset-environment.yml

@@ -11,34 +11,36 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   unset-environment:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: stable-20221211
-        - os: ubuntu-latest
-          version: stable-20230418
-        - os: ubuntu-latest
-          version: stable-v2.13.5
-        - os: ubuntu-latest
-          version: stable-v2.14.6
-        - os: ubuntu-latest
-          version: default
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
+          - os: ubuntu-latest
+            version: stable-20221211
+          - os: ubuntu-latest
+            version: stable-20230418
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: latest
+          - os: ubuntu-latest
+            version: nightly-latest
     name: Test unsetting environment variables
     permissions:
       contents: read
@@ -46,87 +48,87 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        db-location: ${{ runner.temp }}/customDbLocation
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
-    - name: Build code
-      shell: bash
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        id: init
+        with:
+          db-location: ${{ runner.temp }}/customDbLocation
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/.github/actions/setup-swift
+        with:
+          codeql-path: ${{ steps.init.outputs.codeql-path }}
+      - name: Build code
+        shell: bash
     # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
     # workaround for our PR checks.
-      run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME"
-        ./build.sh
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
-    - shell: bash
-      run: |
-        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
-        if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
-          echo "::error::Did not create a database for CPP, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
-          exit 1
-        fi
-        CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
-        if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
-          echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
-          exit 1
-        fi
-        GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
-        if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
-          echo "::error::Did not create a database for Go, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
-          exit 1
-        fi
-        JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}"
-        if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then
-          echo "::error::Did not create a database for Java, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'"
-          exit 1
-        fi
-        JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
-        if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
-          echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
-          exit 1
-        fi
-        PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
-        if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
-          echo "::error::Did not create a database for Python, or created it in the wrong location." \
-            "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
-          exit 1
-        fi
+        run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME"
+          ./build.sh
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - shell: bash
+        run: |
+          CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
+          if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
+            echo "::error::Did not create a database for CPP, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
+            exit 1
+          fi
+          CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
+          if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
+            echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
+            exit 1
+          fi
+          GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
+          if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
+            echo "::error::Did not create a database for Go, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
+            exit 1
+          fi
+          JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}"
+          if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then
+            echo "::error::Did not create a database for Java, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'"
+            exit 1
+          fi
+          JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
+          if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
+            echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
+            exit 1
+          fi
+          PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
+          if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
+            echo "::error::Did not create a database for Python, or created it in the wrong location." \
+              "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__upload-ref-sha-input.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   upload-ref-sha-input:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: default
-        - os: macos-latest
-          version: default
-        - os: windows-latest
-          version: default
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
     name: "Upload-sarif: 'ref' and 'sha' from inputs"
     permissions:
       contents: read
@@ -38,50 +40,50 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        languages: cpp,csharp,java,javascript,python
-        config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
-          github.sha }}
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      with:
-        upload-database: false
-        ref: refs/heads/main
-        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-        upload: never
-    - uses: ./../action/upload-sarif
-      with:
-        ref: refs/heads/main
-        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        with:
+          upload-database: false
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          upload: never
+      - uses: ./../action/upload-sarif
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__with-checkout-path.yml

@@ -11,26 +11,28 @@ env:
 on:
   push:
     branches:
-    - main
-    - releases/v*
+      - main
+      - releases/v*
   pull_request:
     types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   with-checkout-path:
     strategy:
       matrix:
         include:
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: windows-latest
-          version: latest
+          - os: ubuntu-latest
+            version: latest
+          - os: macos-latest
+            version: latest
+          - os: windows-latest
+            version: latest
     name: Use a custom `checkout_path`
     permissions:
       contents: read
@@ -38,100 +40,100 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v5
+        if: >-
+          matrix.os == 'macos-latest' && (
 
-        matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20221211' ||
 
-        matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-20230418' ||
 
-        matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.13.5' ||
 
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Delete original checkout
-      shell: bash
-      run: |
-        # delete the original checkout so we don't accidentally use it.
-        # Actions does not support deleting the current working directory, so we
-        # delete the contents of the directory instead.
-        rm -rf ./* .github .git
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+      - name: Set environment variable for Swift enablement
+        if: runner.os != 'Windows' && matrix.version == '20221211'
+        shell: bash
+        run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+      - name: Delete original checkout
+        shell: bash
+        run: |
+          # delete the original checkout so we don't accidentally use it.
+          # Actions does not support deleting the current working directory, so we
+          # delete the contents of the directory instead.
+          rm -rf ./* .github .git
   # Check out the actions repo again, but at a different location.
   # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-    - uses: actions/checkout@v4
-      with:
-        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
-        path: x/y/z/some-path
+      - uses: actions/checkout@v4
+        with:
+          ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+          path: x/y/z/some-path
 
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
       # it's enough to test one compiled language and one interpreted language
-        languages: csharp,javascript
-        source-root: x/y/z/some-path/tests/multi-language-repo
+          languages: csharp,javascript
+          source-root: x/y/z/some-path/tests/multi-language-repo
 
-    - name: Build code
-      shell: bash
-      working-directory: x/y/z/some-path/tests/multi-language-repo
-      run: |
-        ./build.sh
+      - name: Build code
+        shell: bash
+        working-directory: x/y/z/some-path/tests/multi-language-repo
+        run: |
+          ./build.sh
 
-    - uses: ./../action/analyze
-      with:
-        checkout_path: x/y/z/some-path/tests/multi-language-repo
-        ref: v1.1.0
-        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
-        upload: never
-        upload-database: false
+      - uses: ./../action/analyze
+        with:
+          checkout_path: x/y/z/some-path/tests/multi-language-repo
+          ref: v1.1.0
+          sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+          upload: never
+          upload-database: false
 
-    - uses: ./../action/upload-sarif
-      with:
-        ref: v1.1.0
-        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
-        checkout_path: x/y/z/some-path/tests/multi-language-repo
+      - uses: ./../action/upload-sarif
+        with:
+          ref: v1.1.0
+          sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+          checkout_path: x/y/z/some-path/tests/multi-language-repo
 
-    - name: Verify SARIF after upload
-      shell: bash
-      run: |
-        EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
-        EXPECTED_REF="v1.1.0"
-        EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
+      - name: Verify SARIF after upload
+        shell: bash
+        run: |
+          EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
+          EXPECTED_REF="v1.1.0"
+          EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
 
-        ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
-        ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
-        ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
+          ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
+          ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
+          ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
 
-        if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
-          echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
-          echo "$RUNNER_TEMP/payload.json"
-          exit 1
-        fi
+          if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
+            echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
+            echo "$RUNNER_TEMP/payload.json"
+            exit 1
+          fi
 
-        if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
-          echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
-          echo "$RUNNER_TEMP/payload.json"
-          exit 1
-        fi
+          if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
+            echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
+            echo "$RUNNER_TEMP/payload.json"
+            exit 1
+          fi
 
-        if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
-          echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
-          echo "$RUNNER_TEMP/payload.json"
-          exit 1
-        fi
+          if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
+            echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
+            echo "$RUNNER_TEMP/payload.json"
+            exit 1
+          fi
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/codescanning-config-cli.yml

@@ -15,6 +15,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 
 jobs:

.github/workflows/debug-artifacts-failure.yml

@@ -17,6 +17,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   upload-artifacts:

.github/workflows/debug-artifacts.yml

@@ -16,6 +16,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   upload-artifacts:

.github/workflows/expected-queries-runs.yml

@@ -11,6 +11,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 
 jobs:

.github/workflows/pr-checks.yml

@@ -17,7 +17,7 @@ jobs:
 
     strategy:
       matrix:
-        node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
+        node-types-version: [16.11, current] # we backport this matrix job in order to maintain the same check names
 
     steps:
       - name: Checkout
@@ -49,6 +49,7 @@ jobs:
           fi
 
       - name: Check generated JS
+        if: matrix.node-types-version != 'current' # we do not need to test the newer node on the v2 branch
         run: .github/workflows/script/check-js.sh
 
   check-node-modules:

.github/workflows/query-filters.yml

@@ -11,6 +11,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 
 jobs:

.github/workflows/test-codeql-bundle-all.yml

@@ -16,6 +16,8 @@ on:
     - synchronize
     - reopened
     - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
   test-codeql-bundle-all:

CHANGELOG.md

@@ -4,73 +4,76 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
-## [UNRELEASED]
+## 2.24.10 - 05 Apr 2024
 
-No user facing changes.
+- Update default CodeQL bundle version to 2.17.0. [#2219](https://github.com/github/codeql-action/pull/2219)
+- Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. [#2220](https://github.com/github/codeql-action/pull/2220)
+  - If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
+  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.24.10` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.24.10` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 
-## 3.24.9 - 22 Mar 2024
+## 2.24.9 - 22 Mar 2024
 
 - Update default CodeQL bundle version to 2.16.5. [#2203](https://github.com/github/codeql-action/pull/2203)
 
-## 3.24.8 - 18 Mar 2024
+## 2.24.8 - 18 Mar 2024
 
 - Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. [#2195](https://github.com/github/codeql-action/pull/2195)
 
-## 3.24.7 - 12 Mar 2024
+## 2.24.7 - 12 Mar 2024
 
 - Update default CodeQL bundle version to 2.16.4. [#2185](https://github.com/github/codeql-action/pull/2185)
 
-## 3.24.6 - 29 Feb 2024
+## 2.24.6 - 29 Feb 2024
 
 No user facing changes.
 
-## 3.24.5 - 23 Feb 2024
+## 2.24.5 - 23 Feb 2024
 
 - Update default CodeQL bundle version to 2.16.3. [#2156](https://github.com/github/codeql-action/pull/2156)
 
-## 3.24.4 - 21 Feb 2024
+## 2.24.4 - 21 Feb 2024
 
 - Fix an issue where an existing, but empty, `/sys/fs/cgroup/cpuset.cpus` file always resulted in a single-threaded run. [#2151](https://github.com/github/codeql-action/pull/2151)
 
-## 3.24.3 - 15 Feb 2024
+## 2.24.3 - 15 Feb 2024
 
 - Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)
 
-## 3.24.2 - 15 Feb 2024
+## 2.24.2 - 15 Feb 2024
 
 - Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)
 
-## 3.24.1 - 13 Feb 2024
+## 2.24.1 - 13 Feb 2024
 
 - Update default CodeQL bundle version to 2.16.2. [#2124](https://github.com/github/codeql-action/pull/2124)
 - The CodeQL action no longer fails if it can't write to the telemetry api endpoint. [#2121](https://github.com/github/codeql-action/pull/2121)
 
-## 3.24.0 - 02 Feb 2024
+## 2.24.0 - 02 Feb 2024
 
 - CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See [release notes for 3.23.0](#3230---08-jan-2024) for more details. [#2106](https://github.com/github/codeql-action/pull/2106)
 
-## 3.23.2 - 26 Jan 2024
+## 2.23.2 - 26 Jan 2024
 
 - On Linux, the maximum possible value for the `--threads` option now respects the CPU count as specified in `cgroup` files to more accurately reflect the number of available cores when running in containers. [#2083](https://github.com/github/codeql-action/pull/2083)
 - Update default CodeQL bundle version to 2.16.1. [#2096](https://github.com/github/codeql-action/pull/2096)
 
-## 3.23.1 - 17 Jan 2024
+## 2.23.1 - 17 Jan 2024
 
 - Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)
 - Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. [#2079](https://github.com/github/codeql-action/pull/2079)
 
-## 3.23.0 - 08 Jan 2024
+## 2.23.0 - 08 Jan 2024
 
 - We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
 - The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
 
-## 3.22.12 - 22 Dec 2023
+## 2.22.12 - 22 Dec 2023
 
 - Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047)
 
-## 3.22.11 - 13 Dec 2023
+## 2.22.11 - 13 Dec 2023
 
-- [v3+ only] The CodeQL Action now runs on Node.js v20. [#2006](https://github.com/github/codeql-action/pull/2006)
+No user facing changes.
 
 ## 2.22.10 - 12 Dec 2023
 

analyze/action.yml

@@ -86,6 +86,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: node20
+  using: node16
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -15,5 +15,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: node20
+  using: node16
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -134,6 +134,6 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: node20
+  using: node16
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/actions-util.test.js

@@ -227,7 +227,9 @@ const util_1 = require("./util");
     const infoStub = sinon.stub(core, "info");
     process.env["GITHUB_EVENT_NAME"] = "pull_request";
     process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
-    await actionsUtil.determineMergeBaseCommitOid(path.join(__dirname, "../.."));
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        await actionsUtil.determineMergeBaseCommitOid(tmpDir);
+    });
     t.deepEqual(1, infoStub.callCount);
     t.assert(infoStub.firstCall.args[0].startsWith("The checkout path provided to the action does not appear to be a git repository."));
     infoStub.restore();

lib/analyze-action-post.js

@@ -31,10 +31,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
 const util_1 = require("./util");
 async function runWrapper() {
     try {
         await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
+        // Also run the upload-sarif post action since we're potentially running
+        // the same steps in the analyze action.
+        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
     }
     catch (error) {
         core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;IAC7E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -51,21 +51,23 @@ const util = __importStar(require("./util"));
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
     const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
-    const report = {
-        ...statusReportBase,
-        ...(stats || {}),
-        ...(dbCreationTimings || {}),
-    };
-    if (config && didUploadTrapCaches) {
-        const trapCacheUploadStatusReport = {
-            ...report,
-            trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
-            trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
+    if (statusReportBase !== undefined) {
+        const report = {
+            ...statusReportBase,
+            ...(stats || {}),
+            ...(dbCreationTimings || {}),
         };
-        await statusReport.sendStatusReport(trapCacheUploadStatusReport);
-    }
-    else {
-        await statusReport.sendStatusReport(report);
+        if (config && didUploadTrapCaches) {
+            const trapCacheUploadStatusReport = {
+                ...report,
+                trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
+                trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
+            };
+            await statusReport.sendStatusReport(trapCacheUploadStatusReport);
+        }
+        else {
+            await statusReport.sendStatusReport(report);
+        }
     }
 }
 // `expect-error` should only be set to a non-false value by the CodeQL Action PR checks.
@@ -145,7 +147,10 @@ async function run() {
     util.initializeEnvironment(actionsUtil.getActionVersion());
     const logger = (0, logging_1.getActionsLogger)();
     try {
-        await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger);
+        if (statusReportBase !== undefined) {
+            await statusReport.sendStatusReport(statusReportBase);
+        }
         config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.13", "minimumVersion": "3.8" }
+{ "maximumVersion": "3.13", "minimumVersion": "3.9" }

lib/autobuild-action.js

@@ -37,12 +37,14 @@ async function sendCompletedStatusReport(config, logger, startedAt, allLanguages
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
     const status = (0, status_report_1.getActionsStatus)(cause, failingLanguage);
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, status, startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, cause?.message, cause?.stack);
-    const statusReport = {
-        ...statusReportBase,
-        autobuild_languages: allLanguages.join(","),
-        autobuild_failure: failingLanguage,
-    };
-    await (0, status_report_1.sendStatusReport)(statusReport);
+    if (statusReportBase !== undefined) {
+        const statusReport = {
+            ...statusReportBase,
+            autobuild_languages: allLanguages.join(","),
+            autobuild_failure: failingLanguage,
+        };
+        await (0, status_report_1.sendStatusReport)(statusReport);
+    }
 }
 async function run() {
     const startedAt = new Date();
@@ -51,7 +53,10 @@ async function run() {
     let currentLanguage;
     let languages;
     try {
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
+        if (statusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(statusReportBase);
+        }
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
         (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CACF,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -56,15 +56,15 @@ const CODEQL_MINIMUM_VERSION = "2.11.6";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.11.6";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.12.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.8";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-03-26";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -207,6 +207,7 @@ function setCodeQL(partialCodeql) {
         databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
         resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
+        mergeResults: resolveFunction(partialCodeql, "mergeResults"),
     };
     return cachedCodeQL;
 }
@@ -502,17 +503,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             else if (await util.codeQlVersionAbove(this, "2.12.4")) {
                 codeqlArgs.push("--no-sarif-include-diagnostics");
             }
-            if (
-            // Analysis summary v2 links to the status page, so check the GHES version we're running on
-            // supports the status page.
-            (config.gitHubVersion.type !== util.GitHubVariant.GHES ||
-                semver.gte(config.gitHubVersion.version, "3.9.0")) &&
-                (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) {
+            if ((await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) &&
+                !(0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.AnalysisSummaryV2IsDefault)) {
                 codeqlArgs.push("--new-analysis-summary");
             }
-            else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) {
-                codeqlArgs.push("--no-new-analysis-summary");
-            }
             codeqlArgs.push(databasePath);
             if (querySuitePaths) {
                 codeqlArgs.push(...querySuitePaths);
@@ -664,6 +658,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }).exec();
             return JSON.parse(extractorPath);
         },
+        async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false, }) {
+            const args = [
+                "github",
+                "merge-results",
+                "--output",
+                outputFile,
+                ...getExtraOptionsFromEnv(["github", "merge-results"]),
+            ];
+            for (const sarifFile of sarifFiles) {
+                args.push("--sarif", sarifFile);
+            }
+            if (mergeRunsFromEqualCategory) {
+                args.push("--sarif-merge-runs-from-equal-category");
+            }
+            await runTool(cmd, args);
+        },
     };
     // To ensure that status reports include the CodeQL CLI version wherever
     // possible, we want to call getVersion(), which populates the version value
@@ -689,8 +699,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             "version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
             "input to use the default version.\n\n" +
             "Alternatively, if you want to continue using CodeQL CLI version " +
-            `${result.version}, you can replace 'github/codeql-action/*@v3' by ` +
-            `'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
+            `${result.version}, you can replace 'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)().split(".")[0]}' by 'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
             "continue using this version of the CodeQL Action.");
         core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
     }

lib/codeql.test.js

@@ -44,6 +44,7 @@ const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const setup_codeql_1 = require("./setup-codeql");
 const testing_utils_1 = require("./testing-utils");
+const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -493,7 +494,17 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
     {
-        codeqlVersion: "2.15.0",
+        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0", {
+            [tools_features_1.ToolsFeature.AnalysisSummaryV2IsDefault]: true,
+        }),
+        githubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
+        flagPassed: false,
+        negativeFlagPassed: false,
+    },
+    {
+        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
         githubVersion: {
             type: util.GitHubVariant.DOTCOM,
         },
@@ -501,7 +512,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
         negativeFlagPassed: false,
     },
     {
-        codeqlVersion: "2.15.0",
+        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
         githubVersion: {
             type: util.GitHubVariant.GHES,
             version: "3.9.0",
@@ -510,16 +521,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
         negativeFlagPassed: false,
     },
     {
-        codeqlVersion: "2.15.0",
-        githubVersion: {
-            type: util.GitHubVariant.GHES,
-            version: "3.8.6",
-        },
-        flagPassed: false,
-        negativeFlagPassed: true,
-    },
-    {
-        codeqlVersion: "2.14.6",
+        codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.14.6"),
         githubVersion: {
             type: util.GitHubVariant.DOTCOM,
         },
@@ -532,12 +534,10 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
         ? "--new-analysis-summary"
         : negativeFlagPassed
             ? "--no-new-analysis-summary"
-            : "nothing"} for CodeQL CLI v${codeqlVersion} and ${util.GitHubVariant[githubVersion.type]} ${githubVersion.version ? ` ${githubVersion.version}` : ""}`, async (t) => {
+            : "nothing"} for CodeQL version ${JSON.stringify(codeqlVersion)} and ${util.GitHubVariant[githubVersion.type]} ${githubVersion.version ? ` ${githubVersion.version}` : ""}`, async (t) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
-        sinon
-            .stub(codeqlObject, "getVersion")
-            .resolves((0, testing_utils_1.makeVersionInfo)(codeqlVersion));
+        sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
         // safeWhich throws because of the test CodeQL object.
         sinon.stub(safeWhich, "safeWhich").resolves("");
         await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.5",
-    "cliVersion": "2.16.5",
-    "priorBundleVersion": "codeql-bundle-v2.16.4",
-    "priorCliVersion": "2.16.4"
+    "bundleVersion": "codeql-bundle-v2.16.6",
+    "cliVersion": "2.16.6",
+    "priorBundleVersion": "codeql-bundle-v2.16.5",
+    "priorCliVersion": "2.16.5"
 }

lib/feature-flags.js

@@ -48,6 +48,7 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
  */
 var Feature;
 (function (Feature) {
+    Feature["CliSarifMerge"] = "cli_sarif_merge_enabled";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["CppTrapCachingEnabled"] = "cpp_trap_caching_enabled";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
@@ -58,6 +59,12 @@ var Feature;
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
+    [Feature.CliSarifMerge]: {
+        envVar: "CODEQL_ACTION_CLI_SARIF_MERGE",
+        // This is guarded by a `supportsFeature` check rather than by a version check.
+        minimumVersion: undefined,
+        defaultValue: false,
+    },
     [Feature.CppDependencyInstallation]: {
         envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
         minimumVersion: "2.15.0",

lib/fingerprints.js

@@ -238,6 +238,7 @@ exports.resolveUriToFile = resolveUriToFile;
 // Compute fingerprints for results in the given sarif file
 // and return an updated sarif file contents.
 async function addFingerprints(sarif, sourceRoot, logger) {
+    logger.info("Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs");
     // Gather together results for the same file and construct
     // callbacks to accept hashes for that file and update the location
     const callbacksByFile = {};

lib/init-action-post.js

@@ -59,18 +59,23 @@ async function runWrapper() {
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);
         core.setFailed(error.message);
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.InitPost, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.InitPost, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack);
+        if (statusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(statusReportBase);
+        }
         return;
     }
     const jobStatus = initActionPostHelper.getFinalJobStatus();
     logger.info(`CodeQL job status was ${(0, status_report_1.getJobStatusDisplayName)(jobStatus)}.`);
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.InitPost, "success", startedAt, config, await (0, util_1.checkDiskUsage)(), logger);
-    const statusReport = {
-        ...statusReportBase,
-        ...uploadFailedSarifResult,
-        job_status: initActionPostHelper.getFinalJobStatus(),
-    };
-    await (0, status_report_1.sendStatusReport)(statusReport);
+    if (statusReportBase !== undefined) {
+        const statusReport = {
+            ...statusReportBase,
+            ...uploadFailedSarifResult,
+            job_status: initActionPostHelper.getFinalJobStatus(),
+        };
+        await (0, status_report_1.sendStatusReport)(statusReport);
+    }
 }
 void runWrapper();
 //# sourceMappingURL=init-action-post.js.map

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;QAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;KACrD,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/init-action.js

@@ -44,6 +44,9 @@ const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 async function sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, error?.message, error?.stack);
+    if (statusReportBase === undefined) {
+        return;
+    }
     const workflowLanguages = (0, actions_util_1.getOptionalInput)("languages");
     const initStatusReport = {
         ...statusReportBase,
@@ -122,7 +125,10 @@ async function run() {
     core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, (0, uuid_1.v4)());
     core.exportVariable(environment_1.EnvVar.INIT_ACTION_HAS_RUN, "true");
     try {
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
+        if (statusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(statusReportBase);
+        }
         const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(gitHubVersion.type);
         toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
         const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, codeQLDefaultVersionInfo, logger);
@@ -182,7 +188,10 @@ async function run() {
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);
         core.setFailed(error.message);
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, error instanceof util_1.ConfigurationError ? "user-error" : "aborted", startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, error instanceof util_1.ConfigurationError ? "user-error" : "aborted", startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack);
+        if (statusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(statusReportBase);
+        }
         return;
     }
     try {

lib/resolve-environment-action.js

@@ -38,7 +38,10 @@ async function run() {
     const logger = (0, logging_1.getActionsLogger)();
     let config;
     try {
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(), logger));
+        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(), logger);
+        if (statusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(statusReportBase);
+        }
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
         (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
@@ -61,11 +64,17 @@ async function run() {
         else {
             // For any other error types, something has more seriously gone wrong and we fail.
             core.setFailed(`Failed to resolve a build environment suitable for automatically building your code. ${error.message}`);
-            await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack));
+            const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(), logger, error.message, error.stack);
+            if (statusReportBase !== undefined) {
+                await (0, status_report_1.sendStatusReport)(statusReportBase);
+            }
         }
         return;
     }
-    await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, "success", startedAt, config, await (0, util_1.checkDiskUsage)(), logger));
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.ResolveEnvironment, "success", startedAt, config, await (0, util_1.checkDiskUsage)(), logger);
+    if (statusReportBase !== undefined) {
+        await (0, status_report_1.sendStatusReport)(statusReportBase);
+    }
 }
 async function runWrapper() {
     try {

lib/resolve-environment-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolve-environment-action.js","sourceRoot":"","sources":["../src/resolve-environment-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAKwB;AACxB,6CAAgD;AAChD,6CAAsD;AACtD,iDAAmD;AACnD,uCAA6C;AAC7C,+DAAmE;AACnE,mDAKyB;AACzB,iCAMgB;AAEhB,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,IAAI,MAA0B,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,kBAAkB,EAC7B,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CACF,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,gDAA0B,EAC7C,MAAM,CAAC,SAAS,EAChB,MAAM,EACN,gBAAgB,EAChB,IAAA,+BAAgB,EAAC,UAAU,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAExC,IAAI,KAAK,YAAY,mCAAsB,EAAE,CAAC;YAC5C,6DAA6D;YAC7D,qEAAqE;YACrE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,kFAAkF;YAClF,IAAI,CAAC,SAAS,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;YAEF,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,kBAAkB,EAC7B,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACJ,CAAC;QAED,OAAO;IACT,CAAC;IAED,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,kBAAkB,EAC7B,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,GAAG,0BAAU,CAAC,kBAAkB,mBAC9B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OACnB,EAAE,CACH,CAAC;IACJ,CAAC;IACD,MAAM,IAAA,sBAAe,GAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"resolve-environment-action.js","sourceRoot":"","sources":["../src/resolve-environment-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAKwB;AACxB,6CAAgD;AAChD,6CAAsD;AACtD,iDAAmD;AACnD,uCAA6C;AAC7C,+DAAmE;AACnE,mDAKyB;AACzB,iCAMgB;AAEhB,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,IAAI,MAA0B,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,kBAAkB,EAC7B,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,gDAA0B,EAC7C,MAAM,CAAC,SAAS,EAChB,MAAM,EACN,gBAAgB,EAChB,IAAA,+BAAgB,EAAC,UAAU,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAExC,IAAI,KAAK,YAAY,mCAAsB,EAAE,CAAC;YAC5C,6DAA6D;YAC7D,qEAAqE;YACrE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,kFAAkF;YAClF,IAAI,CAAC,SAAS,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;YAEF,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,kBAAkB,EAC7B,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;YACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QAED,OAAO;IACT,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,kBAAkB,EAC7B,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,GAAG,0BAAU,CAAC,kBAAkB,mBAC9B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OACnB,EAAE,CACH,CAAC;IACJ,CAAC;IACD,MAAM,IAAA,sBAAe,GAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/status-report.js

@@ -107,97 +107,105 @@ function setJobStatusIfUnsuccessful(actionStatus) {
  * @param startedAt The time this action started executing.
  * @param cause  Cause of failure (only supply if status is 'failure')
  * @param exception Exception (only supply if status is 'failure')
+ * @returns undefined if an exception was thrown.
  */
 async function createStatusReportBase(actionName, status, actionStartedAt, config, diskInfo, logger, cause, exception) {
-    const commitOid = (0, actions_util_1.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
-    const ref = await (0, actions_util_1.getRef)();
-    const jobRunUUID = process.env[environment_1.EnvVar.JOB_RUN_UUID] || "";
-    const workflowRunID = (0, actions_util_1.getWorkflowRunID)();
-    const workflowRunAttempt = (0, actions_util_1.getWorkflowRunAttempt)();
-    const workflowName = process.env["GITHUB_WORKFLOW"] || "";
-    const jobName = process.env["GITHUB_JOB"] || "";
-    const analysis_key = await (0, api_client_1.getAnalysisKey)();
-    let workflowStartedAt = process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT];
-    if (workflowStartedAt === undefined) {
-        workflowStartedAt = actionStartedAt.toISOString();
-        core.exportVariable(environment_1.EnvVar.WORKFLOW_STARTED_AT, workflowStartedAt);
-    }
-    const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
-    const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
-    const actionRef = process.env["GITHUB_ACTION_REF"];
-    const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
-    // re-export the testing environment variable so that it is available to subsequent steps,
-    // even if it was only set for this step
-    if (testingEnvironment !== "") {
-        core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
-    }
-    const statusReport = {
-        action_name: actionName,
-        action_oid: "unknown", // TODO decide if it's possible to fill this in
-        action_ref: actionRef,
-        action_started_at: actionStartedAt.toISOString(),
-        action_version: (0, actions_util_1.getActionVersion)(),
-        analysis_key,
-        build_mode: config?.buildMode,
-        commit_oid: commitOid,
-        first_party_analysis: isFirstPartyAnalysis(actionName),
-        job_name: jobName,
-        job_run_uuid: jobRunUUID,
-        ref,
-        runner_os: runnerOs,
-        started_at: workflowStartedAt,
-        status,
-        testing_environment: testingEnvironment,
-        workflow_name: workflowName,
-        workflow_run_attempt: workflowRunAttempt,
-        workflow_run_id: workflowRunID,
-    };
     try {
-        statusReport.actions_event_name = (0, actions_util_1.getWorkflowEventName)();
+        const commitOid = (0, actions_util_1.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
+        const ref = await (0, actions_util_1.getRef)();
+        const jobRunUUID = process.env[environment_1.EnvVar.JOB_RUN_UUID] || "";
+        const workflowRunID = (0, actions_util_1.getWorkflowRunID)();
+        const workflowRunAttempt = (0, actions_util_1.getWorkflowRunAttempt)();
+        const workflowName = process.env["GITHUB_WORKFLOW"] || "";
+        const jobName = process.env["GITHUB_JOB"] || "";
+        const analysis_key = await (0, api_client_1.getAnalysisKey)();
+        let workflowStartedAt = process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT];
+        if (workflowStartedAt === undefined) {
+            workflowStartedAt = actionStartedAt.toISOString();
+            core.exportVariable(environment_1.EnvVar.WORKFLOW_STARTED_AT, workflowStartedAt);
+        }
+        const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
+        const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
+        const actionRef = process.env["GITHUB_ACTION_REF"] || "";
+        const testingEnvironment = process.env[environment_1.EnvVar.TESTING_ENVIRONMENT] || "";
+        // re-export the testing environment variable so that it is available to subsequent steps,
+        // even if it was only set for this step
+        if (testingEnvironment !== "") {
+            core.exportVariable(environment_1.EnvVar.TESTING_ENVIRONMENT, testingEnvironment);
+        }
+        const statusReport = {
+            action_name: actionName,
+            action_oid: "unknown", // TODO decide if it's possible to fill this in
+            action_ref: actionRef,
+            action_started_at: actionStartedAt.toISOString(),
+            action_version: (0, actions_util_1.getActionVersion)(),
+            analysis_key,
+            build_mode: config?.buildMode,
+            commit_oid: commitOid,
+            first_party_analysis: isFirstPartyAnalysis(actionName),
+            job_name: jobName,
+            job_run_uuid: jobRunUUID,
+            ref,
+            runner_os: runnerOs,
+            started_at: workflowStartedAt,
+            status,
+            testing_environment: testingEnvironment,
+            workflow_name: workflowName,
+            workflow_run_attempt: workflowRunAttempt,
+            workflow_run_id: workflowRunID,
+        };
+        try {
+            statusReport.actions_event_name = (0, actions_util_1.getWorkflowEventName)();
+        }
+        catch (e) {
+            logger.warning(`Could not determine the workflow event name: ${e}.`);
+        }
+        if (config) {
+            statusReport.languages = config.languages.join(",");
+        }
+        if (diskInfo) {
+            statusReport.runner_available_disk_space_bytes =
+                diskInfo.numAvailableBytes;
+            statusReport.runner_total_disk_space_bytes = diskInfo.numTotalBytes;
+        }
+        // Add optional parameters
+        if (cause) {
+            statusReport.cause = cause;
+        }
+        if (exception) {
+            statusReport.exception = exception;
+        }
+        if (status === "success" ||
+            status === "failure" ||
+            status === "aborted" ||
+            status === "user-error") {
+            statusReport.completed_at = new Date().toISOString();
+        }
+        const matrix = (0, actions_util_1.getRequiredInput)("matrix");
+        if (matrix) {
+            statusReport.matrix_vars = matrix;
+        }
+        if ("RUNNER_ARCH" in process.env) {
+            // RUNNER_ARCH is available only in GHES 3.4 and later
+            // Values other than X86, X64, ARM, or ARM64 are discarded server side
+            statusReport.runner_arch = process.env["RUNNER_ARCH"];
+        }
+        if (runnerOs === "Windows" || runnerOs === "macOS") {
+            statusReport.runner_os_release = os.release();
+        }
+        if (codeQlCliVersion !== undefined) {
+            statusReport.codeql_version = codeQlCliVersion.version;
+        }
+        const imageVersion = process.env["ImageVersion"];
+        if (imageVersion) {
+            statusReport.runner_image_version = imageVersion;
+        }
+        return statusReport;
     }
     catch (e) {
-        logger.warning(`Could not determine the workflow event name: ${e}.`);
+        logger.warning(`Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.`);
+        return undefined;
     }
-    if (config) {
-        statusReport.languages = config.languages.join(",");
-    }
-    if (diskInfo) {
-        statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes;
-        statusReport.runner_total_disk_space_bytes = diskInfo.numTotalBytes;
-    }
-    // Add optional parameters
-    if (cause) {
-        statusReport.cause = cause;
-    }
-    if (exception) {
-        statusReport.exception = exception;
-    }
-    if (status === "success" ||
-        status === "failure" ||
-        status === "aborted" ||
-        status === "user-error") {
-        statusReport.completed_at = new Date().toISOString();
-    }
-    const matrix = (0, actions_util_1.getRequiredInput)("matrix");
-    if (matrix) {
-        statusReport.matrix_vars = matrix;
-    }
-    if ("RUNNER_ARCH" in process.env) {
-        // RUNNER_ARCH is available only in GHES 3.4 and later
-        // Values other than X86, X64, ARM, or ARM64 are discarded server side
-        statusReport.runner_arch = process.env["RUNNER_ARCH"];
-    }
-    if (runnerOs === "Windows" || runnerOs === "macOS") {
-        statusReport.runner_os_release = os.release();
-    }
-    if (codeQlCliVersion !== undefined) {
-        statusReport.codeql_version = codeQlCliVersion.version;
-    }
-    const imageVersion = process.env["ImageVersion"];
-    if (imageVersion) {
-        statusReport.runner_image_version = imageVersion;
-    }
-    return statusReport;
 }
 exports.createStatusReportBase = createStatusReportBase;
 const OUT_OF_DATE_MSG = "CodeQL Action is out-of-date. Please upgrade to the latest version of codeql-action.";

lib/status-report.test.js

@@ -59,41 +59,44 @@ function setupEnvironmentAndStub(tmpDir) {
             buildMode: config_utils_1.BuildMode.None,
             languages: [languages_1.Language.java, languages_1.Language.swift],
         }), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace");
-        t.is(statusReport.action_name, status_report_1.ActionName.Init);
-        t.is(statusReport.action_oid, "unknown");
-        t.is(typeof statusReport.action_version, "string");
-        t.is(statusReport.action_started_at, new Date("May 19, 2023 05:19:00").toISOString());
-        t.is(statusReport.actions_event_name, "dynamic");
-        t.is(statusReport.analysis_key, "analysis-key");
-        t.is(statusReport.build_mode, config_utils_1.BuildMode.None);
-        t.is(statusReport.cause, "failure cause");
-        t.is(statusReport.commit_oid, process.env["GITHUB_SHA"]);
-        t.is(statusReport.exception, "exception stack trace");
-        t.is(statusReport.job_name, process.env["GITHUB_JOB"] || "");
-        t.is(typeof statusReport.job_run_uuid, "string");
-        t.is(statusReport.languages, "java,swift");
-        t.is(statusReport.ref, process.env["GITHUB_REF"]);
-        t.is(statusReport.runner_available_disk_space_bytes, 100);
-        t.is(statusReport.runner_image_version, process.env["ImageVersion"]);
-        t.is(statusReport.runner_os, process.env["RUNNER_OS"]);
-        t.is(statusReport.started_at, process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT]);
-        t.is(statusReport.status, "failure");
-        t.is(statusReport.workflow_name, process.env["GITHUB_WORKFLOW"] || "");
-        t.is(statusReport.workflow_run_attempt, 2);
-        t.is(statusReport.workflow_run_id, 100);
+        t.truthy(statusReport);
+        if (statusReport !== undefined) {
+            t.is(statusReport.action_name, status_report_1.ActionName.Init);
+            t.is(statusReport.action_oid, "unknown");
+            t.is(typeof statusReport.action_version, "string");
+            t.is(statusReport.action_started_at, new Date("May 19, 2023 05:19:00").toISOString());
+            t.is(statusReport.actions_event_name, "dynamic");
+            t.is(statusReport.analysis_key, "analysis-key");
+            t.is(statusReport.build_mode, config_utils_1.BuildMode.None);
+            t.is(statusReport.cause, "failure cause");
+            t.is(statusReport.commit_oid, process.env["GITHUB_SHA"]);
+            t.is(statusReport.exception, "exception stack trace");
+            t.is(statusReport.job_name, process.env["GITHUB_JOB"] || "");
+            t.is(typeof statusReport.job_run_uuid, "string");
+            t.is(statusReport.languages, "java,swift");
+            t.is(statusReport.ref, process.env["GITHUB_REF"]);
+            t.is(statusReport.runner_available_disk_space_bytes, 100);
+            t.is(statusReport.runner_image_version, process.env["ImageVersion"]);
+            t.is(statusReport.runner_os, process.env["RUNNER_OS"]);
+            t.is(statusReport.started_at, process.env[environment_1.EnvVar.WORKFLOW_STARTED_AT]);
+            t.is(statusReport.status, "failure");
+            t.is(statusReport.workflow_name, process.env["GITHUB_WORKFLOW"] || "");
+            t.is(statusReport.workflow_run_attempt, 2);
+            t.is(statusReport.workflow_run_id, 100);
+        }
     });
 });
 (0, ava_1.default)("createStatusReportBase_firstParty", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         setupEnvironmentAndStub(tmpDir);
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, false);
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, true);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, false);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, true);
         process.env["CODEQL_ACTION_INIT_HAS_RUN"] = "foobar";
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, false);
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, true);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, false);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, true);
         process.env["CODEQL_ACTION_INIT_HAS_RUN"] = "true";
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, true);
-        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace")).first_party_analysis, true);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, true);
+        t.is((await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "failure", new Date("May 19, 2023 05:19:00"), (0, testing_utils_1.createTestConfig)({}), { numAvailableBytes: 100, numTotalBytes: 500 }, (0, logging_1.getRunnerLogger)(false), "failure cause", "exception stack trace"))?.first_party_analysis, true);
     });
 });
 //# sourceMappingURL=status-report.test.js.map

lib/tools-features.js

@@ -3,11 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.isSupportedToolsFeature = exports.ToolsFeature = void 0;
 var ToolsFeature;
 (function (ToolsFeature) {
+    ToolsFeature["AnalysisSummaryV2IsDefault"] = "analysisSummaryV2Default";
     ToolsFeature["BuildModeOption"] = "buildModeOption";
     ToolsFeature["IndirectTracingSupportsStaticBinaries"] = "indirectTracingSupportsStaticBinaries";
     ToolsFeature["InformsAboutUnsupportedPathFilters"] = "informsAboutUnsupportedPathFilters";
     ToolsFeature["SetsCodeqlRunnerEnvVar"] = "setsCodeqlRunnerEnvVar";
     ToolsFeature["TraceCommandUseBuildMode"] = "traceCommandUseBuildMode";
+    ToolsFeature["SarifMergeRunsFromEqualCategory"] = "sarifMergeRunsFromEqualCategory";
 })(ToolsFeature || (exports.ToolsFeature = ToolsFeature = {}));
 /**
  * Determines if the given feature is supported by the CLI.

lib/tools-features.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;AAEA,IAAY,YAMX;AAND,WAAY,YAAY;IACtB,mDAAmC,CAAA;IACnC,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;AACvD,CAAC,EANW,YAAY,4BAAZ,YAAY,QAMvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AALD,0DAKC"}
+{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;AAEA,IAAY,YAQX;AARD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;AACrE,CAAC,EARW,YAAY,4BAAZ,YAAY,QAQvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AALD,0DAKC"}

lib/upload-lib.js

@@ -34,22 +34,31 @@ const core = __importStar(require("@actions/core"));
 const file_url_1 = __importDefault(require("file-url"));
 const jsonschema = __importStar(require("jsonschema"));
 const actionsUtil = __importStar(require("./actions-util"));
+const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
+const api_client_1 = require("./api-client");
+const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const fingerprints = __importStar(require("./fingerprints"));
+const init_1 = require("./init");
 const repository_1 = require("./repository");
+const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 const GENERIC_403_MSG = "The repo on which this action is running has not opted-in to CodeQL code scanning.";
 const GENERIC_404_MSG = "The CodeQL code scanning feature is forbidden on this repository.";
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
-function combineSarifFiles(sarifFiles) {
+function combineSarifFiles(sarifFiles, logger) {
+    logger.info(`Loading SARIF file(s)`);
     const combinedSarif = {
         version: null,
         runs: [],
     };
     for (const sarifFile of sarifFiles) {
+        logger.debug(`Loading SARIF file: ${sarifFile}`);
         const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
         // Check SARIF version
         if (combinedSarif.version === null) {
@@ -62,6 +71,65 @@ function combineSarifFiles(sarifFiles) {
     }
     return combinedSarif;
 }
+/**
+ * Checks whether all the runs in the given SARIF files were produced by CodeQL.
+ * @param sarifFiles The list of SARIF files to check.
+ */
+function areAllRunsProducedByCodeQL(sarifFiles) {
+    return sarifFiles.every((sarifFile) => {
+        const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
+        return sarifObject.runs?.every((run) => run.tool?.driver?.name === "CodeQL");
+    });
+}
+// Takes a list of paths to sarif files and combines them together using the
+// CLI `github merge-results` command when all SARIF files are produced by
+// CodeQL. Otherwise, it will fall back to combining the files in the action.
+// Returns the contents of the combined sarif file.
+async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger) {
+    logger.info("Combining SARIF files using the CodeQL CLI");
+    if (sarifFiles.length === 1) {
+        return JSON.parse(fs.readFileSync(sarifFiles[0], "utf8"));
+    }
+    if (!areAllRunsProducedByCodeQL(sarifFiles)) {
+        logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
+        // If not, use the naive method of combining the files.
+        return combineSarifFiles(sarifFiles, logger);
+    }
+    // Initialize CodeQL, either by using the config file from the 'init' step,
+    // or by initializing it here.
+    let codeQL;
+    let tempDir = actionsUtil.getTemporaryDirectory();
+    const config = await (0, config_utils_1.getConfig)(tempDir, logger);
+    if (config !== undefined) {
+        codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        tempDir = config.tempDir;
+    }
+    else {
+        logger.info("Initializing CodeQL since the 'init' Action was not called before this step.");
+        const apiDetails = {
+            auth: (0, actions_util_1.getRequiredInput)("token"),
+            externalRepoAuth: (0, actions_util_1.getOptionalInput)("external-repository-token"),
+            url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
+            apiURL: (0, util_1.getRequiredEnvParam)("GITHUB_API_URL"),
+        };
+        const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(gitHubVersion.type);
+        const initCodeQLResult = await (0, init_1.initCodeQL)(undefined, // There is no tools input on the upload action
+        apiDetails, tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, logger);
+        codeQL = initCodeQLResult.codeql;
+    }
+    if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
+        logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
+        return combineSarifFiles(sarifFiles, logger);
+    }
+    const baseTempDir = path.resolve(tempDir, "combined-sarif");
+    fs.mkdirSync(baseTempDir, { recursive: true });
+    const outputDirectory = fs.mkdtempSync(path.resolve(baseTempDir, "output-"));
+    const outputFile = path.resolve(outputDirectory, "combined-sarif.sarif");
+    await codeQL.mergeResults(sarifFiles, outputFile, {
+        mergeRunsFromEqualCategory: true,
+    });
+    return JSON.parse(fs.readFileSync(outputFile, "utf8"));
+}
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
 function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
@@ -190,6 +258,7 @@ function countResultsInSarif(sarif) {
 // Validates that the given file path refers to a valid SARIF file.
 // Throws an error if the file is invalid.
 function validateSarifFileSchema(sarifFilePath, logger) {
+    logger.info(`Validating ${sarifFilePath}`);
     let sarif;
     try {
         sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
@@ -222,7 +291,8 @@ function validateSarifFileSchema(sarifFilePath, logger) {
 exports.validateSarifFileSchema = validateSarifFileSchema;
 // buildPayload constructs a map ready to be uploaded to the API from the given
 // parameters, respecting the current mode and target GitHub instance version.
-function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) {
+function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid, logger) {
+    logger.info(`Combining SARIF files using CLI`);
     const payloadObj = {
         commit_oid: commitOid,
         ref,
@@ -264,19 +334,26 @@ exports.buildPayload = buildPayload;
 async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, category, analysisName, workflowRunID, workflowRunAttempt, sourceRoot, environment, logger) {
     logger.startGroup("Uploading results");
     logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
+    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
     // Validate that the files we were asked to upload are all valid SARIF files
     for (const file of sarifFiles) {
         validateSarifFileSchema(file, logger);
     }
-    let sarif = combineSarifFiles(sarifFiles);
+    let sarif = (await features.getValue(feature_flags_1.Feature.CliSarifMerge))
+        ? await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger)
+        : combineSarifFiles(sarifFiles, logger);
     sarif = await fingerprints.addFingerprints(sarif, sourceRoot, logger);
     sarif = populateRunAutomationDetails(sarif, category, analysisKey, environment);
     const toolNames = util.getToolNames(sarif);
+    logger.debug(`Validating that each SARIF run has a unique category`);
     validateUniqueCategory(sarif);
+    logger.debug(`Serializing SARIF for upload`);
     const sarifPayload = JSON.stringify(sarif);
+    logger.debug(`Compressing serialized SARIF`);
     const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
     const checkoutURI = (0, file_url_1.default)(sourceRoot);
-    const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, await actionsUtil.determineMergeBaseCommitOid());
+    const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, await actionsUtil.determineMergeBaseCommitOid(), logger);
     // Log some useful debug info about the info
     const rawUploadSizeBytes = sarifPayload.length;
     logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`);

lib/upload-lib.test.js

@@ -47,7 +47,7 @@ ava_1.default.beforeEach(() => {
 });
 (0, ava_1.default)("validate correct payload used for push, PR merge commit, and PR head", async (t) => {
     process.env["GITHUB_EVENT_NAME"] = "push";
-    const pushPayload = uploadLib.buildPayload("commit", "refs/heads/master", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const pushPayload = uploadLib.buildPayload("commit", "refs/heads/master", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit", (0, logging_1.getRunnerLogger)(true));
     // Not triggered by a pull request
     t.falsy(pushPayload.base_ref);
     t.falsy(pushPayload.base_sha);
@@ -55,11 +55,11 @@ ava_1.default.beforeEach(() => {
     process.env["GITHUB_SHA"] = "commit";
     process.env["GITHUB_BASE_REF"] = "master";
     process.env["GITHUB_EVENT_PATH"] = `${__dirname}/../src/testdata/pull_request.json`;
-    const prMergePayload = uploadLib.buildPayload("commit", "refs/pull/123/merge", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const prMergePayload = uploadLib.buildPayload("commit", "refs/pull/123/merge", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit", (0, logging_1.getRunnerLogger)(true));
     // Uploads for a merge commit use the merge base
     t.deepEqual(prMergePayload.base_ref, "refs/heads/master");
     t.deepEqual(prMergePayload.base_sha, "mergeBaseCommit");
-    const prHeadPayload = uploadLib.buildPayload("headCommit", "refs/pull/123/head", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const prHeadPayload = uploadLib.buildPayload("headCommit", "refs/pull/123/head", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit", (0, logging_1.getRunnerLogger)(true));
     // Uploads for the head use the PR base
     t.deepEqual(prHeadPayload.base_ref, "refs/heads/master");
     t.deepEqual(prHeadPayload.base_sha, "f95f852bd8fca8fcc58a9a2d6c842781e32a215e");
@@ -192,8 +192,8 @@ ava_1.default.beforeEach(() => {
     };
     const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
     uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
-    t.deepEqual(loggedMessages.length, 1);
-    t.deepEqual(loggedMessages[0], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
+    t.deepEqual(loggedMessages.length, 2);
+    t.deepEqual(loggedMessages[1], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
 });
 function createMockSarif(id, tool) {
     return {

lib/upload-sarif-action-post-helper.js

@@ -0,0 +1,55 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.uploadArtifacts = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const core = __importStar(require("@actions/core"));
+const actionsUtil = __importStar(require("./actions-util"));
+async function uploadArtifacts(uploadDebugArtifacts) {
+    const tempDir = actionsUtil.getTemporaryDirectory();
+    // Upload Actions SARIF artifacts for debugging when environment variable is set
+    if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
+        core.info("Uploading available combined SARIF files as Actions debugging artifact...");
+        const baseTempDir = path.resolve(tempDir, "combined-sarif");
+        const toUpload = [];
+        if (fs.existsSync(baseTempDir)) {
+            const outputDirs = fs.readdirSync(baseTempDir);
+            for (const outputDir of outputDirs) {
+                const sarifFiles = fs
+                    .readdirSync(path.resolve(baseTempDir, outputDir))
+                    .filter((f) => f.endsWith(".sarif"));
+                for (const sarifFile of sarifFiles) {
+                    toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));
+                }
+            }
+        }
+        if (toUpload.length > 0) {
+            await uploadDebugArtifacts(toUpload, baseTempDir, "upload-debug-artifacts");
+        }
+    }
+}
+exports.uploadArtifacts = uploadArtifacts;
+//# sourceMappingURL=upload-sarif-action-post-helper.js.map

lib/upload-sarif-action-post-helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-sarif-action-post-helper.js","sourceRoot":"","sources":["../src/upload-sarif-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,oDAAsC;AAEtC,4DAA8C;AAEvC,KAAK,UAAU,eAAe,CACnC,oBAIkB;IAElB,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAEpD,gFAAgF;IAChF,IAAI,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,KAAK,MAAM,EAAE,CAAC;QACjE,IAAI,CAAC,IAAI,CACP,2EAA2E,CAC5E,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAE/C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,EAAE;qBAClB,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;qBACjD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAEvC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,oBAAoB,CACxB,QAAQ,EACR,WAAW,EACX,wBAAwB,CACzB,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAzCD,0CAyCC"}

lib/upload-sarif-action-post.js

@@ -0,0 +1,44 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * This file is the entry point for the `post:` hook of `upload-sarif-action.yml`.
+ * It will run after the all steps in this job, in reverse order in relation to
+ * other `post:` hooks.
+ */
+const core = __importStar(require("@actions/core"));
+const debugArtifacts = __importStar(require("./debug-artifacts"));
+const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
+const util_1 = require("./util");
+async function runWrapper() {
+    try {
+        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
+    }
+    catch (error) {
+        core.setFailed(`upload-sarif post-action step failed: ${(0, util_1.wrapError)(error).message}`);
+    }
+}
+void runWrapper();
+//# sourceMappingURL=upload-sarif-action-post.js.map

lib/upload-sarif-action-post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/upload-sarif-action.js

@@ -34,11 +34,13 @@ const upload_lib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 async function sendSuccessStatusReport(startedAt, uploadStats, logger) {
     const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "success", startedAt, undefined, await (0, util_1.checkDiskUsage)(), logger);
-    const statusReport = {
-        ...statusReportBase,
-        ...uploadStats,
-    };
-    await (0, status_report_1.sendStatusReport)(statusReport);
+    if (statusReportBase !== undefined) {
+        const statusReport = {
+            ...statusReportBase,
+            ...uploadStats,
+        };
+        await (0, status_report_1.sendStatusReport)(statusReport);
+    }
 }
 async function run() {
     const startedAt = new Date();
@@ -46,7 +48,10 @@ async function run() {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
     (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
-    await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "starting", startedAt, undefined, await (0, util_1.checkDiskUsage)(), logger));
+    const startingStatusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, "starting", startedAt, undefined, await (0, util_1.checkDiskUsage)(), logger);
+    if (startingStatusReportBase !== undefined) {
+        await (0, status_report_1.sendStatusReport)(startingStatusReportBase);
+    }
     try {
         const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
         core.setOutput("sarif-id", uploadResult.sarifID);
@@ -67,7 +72,10 @@ async function run() {
         const message = error.message;
         core.setFailed(message);
         console.log(error);
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, (0, status_report_1.getActionsStatus)(error), startedAt, undefined, await (0, util_1.checkDiskUsage)(), logger, message, error.stack));
+        const errorStatusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.UploadSarif, (0, status_report_1.getActionsStatus)(error), startedAt, undefined, await (0, util_1.checkDiskUsage)(), logger, message, error.stack);
+        if (errorStatusReportBase !== undefined) {
+            await (0, status_report_1.sendStatusReport)(errorStatusReportBase);
+        }
         return;
     }
 }

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,6CAAgD;AAChD,uCAAqD;AACrD,6CAAkD;AAClD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CACF,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,MAAM,CACP,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,CAAC,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC7C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,6CAAgD;AAChD,uCAAqD;AACrD,6CAAkD;AAClD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA4B;YAC5C,GAAG,gBAAgB;YACnB,GAAG,WAAW;SACf,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,MAAM,wBAAwB,GAAG,MAAM,IAAA,sCAAsB,EAC3D,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,CACP,CAAC;IACF,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAA,gCAAgB,EAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,MAAM,CACP,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,CAAC,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC7C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEnB,MAAM,qBAAqB,GAAG,MAAM,IAAA,sCAAsB,EACxD,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAA,gCAAgB,EAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.24.10",
+  "version": "2.24.11",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -896,12 +896,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "20.9.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz",
-      "integrity": "sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw==",
-      "dependencies": {
-        "undici-types": "~5.26.4"
-      }
+      "version": "16.11.22",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.22.tgz",
+      "integrity": "sha512-DYNtJWauMQ9RNpesl4aVothr97/tIJM8HbyOXJ0AYT1Z2bEjLHyfjOBPAQQVMLf8h3kSShYfNk8Wnto8B2zHUA=="
     },
     "node_modules/@types/node-fetch": {
       "version": "2.6.4",
@@ -960,16 +957,16 @@
       "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.3.1.tgz",
-      "integrity": "sha512-STEDMVQGww5lhCuNXVSQfbfuNII5E08QWkvAw5Qwf+bj2WT+JkG1uc+5/vXA3AOYMDHVOSpL+9rcbEUiHIm2dw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.4.0.tgz",
+      "integrity": "sha512-yHMQ/oFaM7HZdVrVm/M2WHaNPgyuJH4WelkSVEWSSsir34kxW2kDJCxlXRhhGWEsMN0WAW/vLpKfKVcm8k+MPw==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.5.1",
-        "@typescript-eslint/scope-manager": "7.3.1",
-        "@typescript-eslint/type-utils": "7.3.1",
-        "@typescript-eslint/utils": "7.3.1",
-        "@typescript-eslint/visitor-keys": "7.3.1",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/type-utils": "7.4.0",
+        "@typescript-eslint/utils": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.4",
@@ -995,15 +992,15 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.3.1.tgz",
-      "integrity": "sha512-Rq49+pq7viTRCH48XAbTA+wdLRrB/3sRq4Lpk0oGDm0VmnjBrAOVXH/Laalmwsv2VpekiEfVFwJYVk6/e8uvQw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.4.0.tgz",
+      "integrity": "sha512-ZvKHxHLusweEUVwrGRXXUVzFgnWhigo4JurEj0dGF1tbcGh6buL+ejDdjxOQxv6ytcY1uhun1p2sm8iWStlgLQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "7.3.1",
-        "@typescript-eslint/types": "7.3.1",
-        "@typescript-eslint/typescript-estree": "7.3.1",
-        "@typescript-eslint/visitor-keys": "7.3.1",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/typescript-estree": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1023,13 +1020,13 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.3.1.tgz",
-      "integrity": "sha512-fVS6fPxldsKY2nFvyT7IP78UO1/I2huG+AYu5AMjCT9wtl6JFiDnsv4uad4jQ0GTFzcUV5HShVeN96/17bTBag==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.4.0.tgz",
+      "integrity": "sha512-68VqENG5HK27ypafqLVs8qO+RkNc7TezCduYrx8YJpXq2QGZ30vmNZGJJJC48+MVn4G2dCV8m5ZTVnzRexTVtw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.3.1",
-        "@typescript-eslint/visitor-keys": "7.3.1"
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0"
       },
       "engines": {
         "node": "^18.18.0 || >=20.0.0"
@@ -1040,13 +1037,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.3.1.tgz",
-      "integrity": "sha512-iFhaysxFsMDQlzJn+vr3OrxN8NmdQkHks4WaqD4QBnt5hsq234wcYdyQ9uquzJJIDAj5W4wQne3yEsYA6OmXGw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.4.0.tgz",
+      "integrity": "sha512-247ETeHgr9WTRMqHbbQdzwzhuyaJ8dPTuyuUEMANqzMRB1rj/9qFIuIXK7l0FX9i9FXbHeBQl/4uz6mYuCE7Aw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "7.3.1",
-        "@typescript-eslint/utils": "7.3.1",
+        "@typescript-eslint/typescript-estree": "7.4.0",
+        "@typescript-eslint/utils": "7.4.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.0.1"
       },
@@ -1067,9 +1064,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.3.1.tgz",
-      "integrity": "sha512-2tUf3uWggBDl4S4183nivWQ2HqceOZh1U4hhu4p1tPiIJoRRXrab7Y+Y0p+dozYwZVvLPRI6r5wKe9kToF9FIw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.4.0.tgz",
+      "integrity": "sha512-mjQopsbffzJskos5B4HmbsadSJQWaRK0UxqQ7GuNA9Ga4bEKeiO6b2DnB6cM6bpc8lemaPseh0H9B/wyg+J7rw==",
       "dev": true,
       "engines": {
         "node": "^18.18.0 || >=20.0.0"
@@ -1080,13 +1077,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.3.1.tgz",
-      "integrity": "sha512-tLpuqM46LVkduWP7JO7yVoWshpJuJzxDOPYIVWUUZbW+4dBpgGeUdl/fQkhuV0A8eGnphYw3pp8d2EnvPOfxmQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.4.0.tgz",
+      "integrity": "sha512-A99j5AYoME/UBQ1ucEbbMEmGkN7SE0BvZFreSnTd1luq7yulcHdyGamZKizU7canpGDWGJ+Q6ZA9SyQobipePg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.3.1",
-        "@typescript-eslint/visitor-keys": "7.3.1",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/visitor-keys": "7.4.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -1132,17 +1129,17 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.3.1.tgz",
-      "integrity": "sha512-jIERm/6bYQ9HkynYlNZvXpzmXWZGhMbrOvq3jJzOSOlKXsVjrrolzWBjDW6/TvT5Q3WqaN4EkmcfdQwi9tDjBQ==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.4.0.tgz",
+      "integrity": "sha512-NQt9QLM4Tt8qrlBVY9lkMYzfYtNz8/6qwZg8pI3cMGlPnj6mOpRxxAm7BMJN9K0AiY+1BwJ5lVC650YJqYOuNg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
         "@types/json-schema": "^7.0.12",
         "@types/semver": "^7.5.0",
-        "@typescript-eslint/scope-manager": "7.3.1",
-        "@typescript-eslint/types": "7.3.1",
-        "@typescript-eslint/typescript-estree": "7.3.1",
+        "@typescript-eslint/scope-manager": "7.4.0",
+        "@typescript-eslint/types": "7.4.0",
+        "@typescript-eslint/typescript-estree": "7.4.0",
         "semver": "^7.5.4"
       },
       "engines": {
@@ -1157,12 +1154,12 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.3.1.tgz",
-      "integrity": "sha512-9RMXwQF8knsZvfv9tdi+4D/j7dMG28X/wMJ8Jj6eOHyHWwDW4ngQJcqEczSsqIKKjFiLFr40Mnr7a5ulDD3vmw==",
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.4.0.tgz",
+      "integrity": "sha512-0zkC7YM0iX5Y41homUUeW1CHtZR01K3ybjM1l6QczoMuay0XKtrb93kv95AxUGwdjGr64nNqnOCwmEl616N8CA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.3.1",
+        "@typescript-eslint/types": "7.4.0",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {
@@ -6089,11 +6086,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/undici-types": {
-      "version": "5.26.5",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz",
-      "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA=="
-    },
     "node_modules/universal-user-agent": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.0.tgz",

node_modules/@types/node/README.md

@@ -2,14 +2,15 @@
 > `npm install --save @types/node`
 
 # Summary
-This package contains type definitions for node (https://nodejs.org/).
+This package contains type definitions for Node.js (https://nodejs.org/).
 
 # Details
-Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node.
+Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node/v16.
 
 ### Additional Details
- * Last updated: Tue, 07 Nov 2023 20:08:00 GMT
- * Dependencies: [undici-types](https://npmjs.com/package/undici-types)
+ * Last updated: Tue, 01 Feb 2022 08:31:30 GMT
+ * Dependencies: none
+ * Global values: `AbortController`, `AbortSignal`, `__dirname`, `__filename`, `console`, `exports`, `gc`, `global`, `module`, `process`, `require`
 
 # Credits
-These definitions were written by [Microsoft TypeScript](https://github.com/Microsoft), [Alberto Schiabel](https://github.com/jkomyno), [Alvis HT Tang](https://github.com/alvis), [Andrew Makarov](https://github.com/r3nya), [Benjamin Toueg](https://github.com/btoueg), [Chigozirim C.](https://github.com/smac89), [David Junger](https://github.com/touffy), [Deividas Bakanas](https://github.com/DeividasBakanas), [Eugene Y. Q. Shen](https://github.com/eyqs), [Hannes Magnusson](https://github.com/Hannes-Magnusson-CK), [Huw](https://github.com/hoo29), [Kelvin Jin](https://github.com/kjin), [Klaus Meinhardt](https://github.com/ajafff), [Lishude](https://github.com/islishude), [Mariusz Wiktorczyk](https://github.com/mwiktorczyk), [Mohsen Azimi](https://github.com/mohsen1), [Nicolas Even](https://github.com/n-e), [Nikita Galkin](https://github.com/galkin), [Parambir Singh](https://github.com/parambirs), [Sebastian Silbermann](https://github.com/eps1lon), [Thomas den Hollander](https://github.com/ThomasdenH), [Wilco Bakker](https://github.com/WilcoBakker), [wwwy3y3](https://github.com/wwwy3y3), [Samuel Ainsworth](https://github.com/samuela), [Kyle Uehlein](https://github.com/kuehlein), [Thanik Bhongbhibhat](https://github.com/bhongy), [Marcin Kopacz](https://github.com/chyzwar), [Trivikram Kamat](https://github.com/trivikr), [Junxiao Shi](https://github.com/yoursunny), [Ilia Baryshnikov](https://github.com/qwelias), [ExE Boss](https://github.com/ExE-Boss), [Piotr Błażejewicz](https://github.com/peterblazejewicz), [Anna Henningsen](https://github.com/addaleax), [Victor Perin](https://github.com/victorperin), [Yongsheng Zhang](https://github.com/ZYSzys), [NodeJS Contributors](https://github.com/NodeJS), [Linus Unnebäck](https://github.com/LinusU), [wafuwafu13](https://github.com/wafuwafu13), [Matteo Collina](https://github.com/mcollina), and [Dmitry Semigradsky](https://github.com/Semigradsky).
+These definitions were written by [Microsoft TypeScript](https://github.com/Microsoft), [DefinitelyTyped](https://github.com/DefinitelyTyped), [Alberto Schiabel](https://github.com/jkomyno), [Alvis HT Tang](https://github.com/alvis), [Andrew Makarov](https://github.com/r3nya), [Benjamin Toueg](https://github.com/btoueg), [Chigozirim C.](https://github.com/smac89), [David Junger](https://github.com/touffy), [Deividas Bakanas](https://github.com/DeividasBakanas), [Eugene Y. Q. Shen](https://github.com/eyqs), [Hannes Magnusson](https://github.com/Hannes-Magnusson-CK), [Huw](https://github.com/hoo29), [Kelvin Jin](https://github.com/kjin), [Klaus Meinhardt](https://github.com/ajafff), [Lishude](https://github.com/islishude), [Mariusz Wiktorczyk](https://github.com/mwiktorczyk), [Mohsen Azimi](https://github.com/mohsen1), [Nicolas Even](https://github.com/n-e), [Nikita Galkin](https://github.com/galkin), [Parambir Singh](https://github.com/parambirs), [Sebastian Silbermann](https://github.com/eps1lon), [Seth Westphal](https://github.com/westy92), [Simon Schick](https://github.com/SimonSchick), [Thomas den Hollander](https://github.com/ThomasdenH), [Wilco Bakker](https://github.com/WilcoBakker), [wwwy3y3](https://github.com/wwwy3y3), [Samuel Ainsworth](https://github.com/samuela), [Kyle Uehlein](https://github.com/kuehlein), [Thanik Bhongbhibhat](https://github.com/bhongy), [Marcin Kopacz](https://github.com/chyzwar), [Trivikram Kamat](https://github.com/trivikr), [Junxiao Shi](https://github.com/yoursunny), [Ilia Baryshnikov](https://github.com/qwelias), [ExE Boss](https://github.com/ExE-Boss), [Piotr Błażejewicz](https://github.com/peterblazejewicz), [Anna Henningsen](https://github.com/addaleax), [Victor Perin](https://github.com/victorperin), [Yongsheng Zhang](https://github.com/ZYSzys), [NodeJS Contributors](https://github.com/NodeJS), [Linus Unnebäck](https://github.com/LinusU), and [wafuwafu13](https://github.com/wafuwafu13).

node_modules/@types/node/assert.d.ts

@@ -1,9 +1,9 @@
 /**
- * The `node:assert` module provides a set of assertion functions for verifying
+ * The `assert` module provides a set of assertion functions for verifying
  * invariants.
- * @see [source](https://github.com/nodejs/node/blob/v20.2.0/lib/assert.js)
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/assert.js)
  */
-declare module "assert" {
+declare module 'assert' {
     /**
      * An alias of {@link ok}.
      * @since v0.5.9
@@ -12,29 +12,15 @@ declare module "assert" {
     function assert(value: unknown, message?: string | Error): asserts value;
     namespace assert {
         /**
-         * Indicates the failure of an assertion. All errors thrown by the `node:assert`module will be instances of the `AssertionError` class.
+         * Indicates the failure of an assertion. All errors thrown by the `assert` module
+         * will be instances of the `AssertionError` class.
          */
         class AssertionError extends Error {
-            /**
-             * Set to the `actual` argument for methods such as {@link assert.strictEqual()}.
-             */
             actual: unknown;
-            /**
-             * Set to the `expected` argument for methods such as {@link assert.strictEqual()}.
-             */
             expected: unknown;
-            /**
-             * Set to the passed in operator value.
-             */
             operator: string;
-            /**
-             * Indicates if the message was auto-generated (`true`) or not.
-             */
             generatedMessage: boolean;
-            /**
-             * Value is always `ERR_ASSERTION` to show that the error is an assertion error.
-             */
-            code: "ERR_ASSERTION";
+            code: 'ERR_ASSERTION';
             constructor(options?: {
                 /** If provided, the error message is set to this value. */
                 message?: string | undefined;
@@ -50,10 +36,9 @@ declare module "assert" {
             });
         }
         /**
-         * This feature is deprecated and will be removed in a future version.
-         * Please consider using alternatives such as the `mock` helper function.
+         * This feature is currently experimental and behavior might still change.
          * @since v14.2.0, v12.19.0
-         * @deprecated Deprecated
+         * @experimental
          */
         class CallTracker {
             /**
@@ -62,7 +47,7 @@ declare module "assert" {
              * error.
              *
              * ```js
-             * import assert from 'node:assert';
+             * import assert from 'assert';
              *
              * // Creates call tracker.
              * const tracker = new assert.CallTracker();
@@ -80,44 +65,26 @@ declare module "assert" {
              */
             calls(exact?: number): () => void;
             calls<Func extends (...args: any[]) => any>(fn?: Func, exact?: number): Func;
-            /**
-             * Example:
-             *
-             * ```js
-             * import assert from 'node:assert';
-             *
-             * const tracker = new assert.CallTracker();
-             *
-             * function func() {}
-             * const callsfunc = tracker.calls(func);
-             * callsfunc(1, 2, 3);
-             *
-             * assert.deepStrictEqual(tracker.getCalls(callsfunc),
-             *                        [{ thisArg: undefined, arguments: [1, 2, 3] }]);
-             * ```
-             * @since v18.8.0, v16.18.0
-             * @param fn
-             * @return An Array with all the calls to a tracked function.
-             */
-            getCalls(fn: Function): CallTrackerCall[];
             /**
              * The arrays contains information about the expected and actual number of calls of
              * the functions that have not been called the expected number of times.
              *
              * ```js
-             * import assert from 'node:assert';
+             * import assert from 'assert';
              *
              * // Creates call tracker.
              * const tracker = new assert.CallTracker();
              *
              * function func() {}
              *
+             * function foo() {}
+             *
              * // Returns a function that wraps func() that must be called exact times
              * // before tracker.verify().
              * const callsfunc = tracker.calls(func, 2);
              *
              * // Returns an array containing information on callsfunc()
-             * console.log(tracker.report());
+             * tracker.report();
              * // [
              * //  {
              * //    message: 'Expected the func function to be executed 2 time(s) but was
@@ -130,39 +97,15 @@ declare module "assert" {
              * // ]
              * ```
              * @since v14.2.0, v12.19.0
-             * @return An Array of objects containing information about the wrapper functions returned by `calls`.
+             * @return of objects containing information about the wrapper functions returned by `calls`.
              */
             report(): CallTrackerReportInformation[];
-            /**
-             * Reset calls of the call tracker.
-             * If a tracked function is passed as an argument, the calls will be reset for it.
-             * If no arguments are passed, all tracked functions will be reset.
-             *
-             * ```js
-             * import assert from 'node:assert';
-             *
-             * const tracker = new assert.CallTracker();
-             *
-             * function func() {}
-             * const callsfunc = tracker.calls(func);
-             *
-             * callsfunc();
-             * // Tracker was called once
-             * assert.strictEqual(tracker.getCalls(callsfunc).length, 1);
-             *
-             * tracker.reset(callsfunc);
-             * assert.strictEqual(tracker.getCalls(callsfunc).length, 0);
-             * ```
-             * @since v18.8.0, v16.18.0
-             * @param fn a tracked function to reset.
-             */
-            reset(fn?: Function): void;
             /**
              * Iterates through the list of functions passed to `tracker.calls()` and will throw an error for functions that
              * have not been called the expected number of times.
              *
              * ```js
-             * import assert from 'node:assert';
+             * import assert from 'assert';
              *
              * // Creates call tracker.
              * const tracker = new assert.CallTracker();
@@ -182,10 +125,6 @@ declare module "assert" {
              */
             verify(): void;
         }
-        interface CallTrackerCall {
-            thisArg: object;
-            arguments: unknown[];
-        }
         interface CallTrackerReportInformation {
             message: string;
             /** The actual number of times the function was called. */
@@ -197,14 +136,14 @@ declare module "assert" {
             /** A stack trace of the function. */
             stack: object;
         }
-        type AssertPredicate = RegExp | (new() => object) | ((thrown: unknown) => boolean) | object | Error;
+        type AssertPredicate = RegExp | (new () => object) | ((thrown: unknown) => boolean) | object | Error;
         /**
          * Throws an `AssertionError` with the provided error message or a default
          * error message. If the `message` parameter is an instance of an `Error` then
          * it will be thrown instead of the `AssertionError`.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.fail();
          * // AssertionError [ERR_ASSERTION]: Failed
@@ -229,7 +168,7 @@ declare module "assert" {
             message?: string | Error,
             operator?: string,
             // tslint:disable-next-line:ban-types
-            stackStartFn?: Function,
+            stackStartFn?: Function
         ): never;
         /**
          * Tests if `value` is truthy. It is equivalent to`assert.equal(!!value, true, message)`.
@@ -242,7 +181,7 @@ declare module "assert" {
          * thrown in a file! See below for further details.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.ok(true);
          * // OK
@@ -277,7 +216,7 @@ declare module "assert" {
          * ```
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * // Using `assert()` works the same:
          * assert(0);
@@ -298,11 +237,11 @@ declare module "assert" {
          * > Stability: 3 - Legacy: Use {@link strictEqual} instead.
          *
          * Tests shallow, coercive equality between the `actual` and `expected` parameters
-         * using the [`==` operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Equality). `NaN` is specially handled
-         * and treated as being identical if both sides are `NaN`.
+         * using the [Abstract Equality Comparison](https://tc39.github.io/ecma262/#sec-abstract-equality-comparison) ( `==` ). `NaN` is special handled
+         * and treated as being identical in case both sides are `NaN`.
          *
          * ```js
-         * import assert from 'node:assert';
+         * import assert from 'assert';
          *
          * assert.equal(1, 1);
          * // OK, 1 == 1
@@ -331,11 +270,12 @@ declare module "assert" {
          *
          * > Stability: 3 - Legacy: Use {@link notStrictEqual} instead.
          *
-         * Tests shallow, coercive inequality with the [`!=` operator](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Inequality). `NaN` is
-         * specially handled and treated as being identical if both sides are `NaN`.
+         * Tests shallow, coercive inequality with the [Abstract Equality Comparison](https://tc39.github.io/ecma262/#sec-abstract-equality-comparison)(`!=` ). `NaN` is special handled and treated as
+         * being identical in case both
+         * sides are `NaN`.
          *
          * ```js
-         * import assert from 'node:assert';
+         * import assert from 'assert';
          *
          * assert.notEqual(1, 2);
          * // OK
@@ -382,24 +322,24 @@ declare module "assert" {
          * Tests for any deep inequality. Opposite of {@link deepEqual}.
          *
          * ```js
-         * import assert from 'node:assert';
+         * import assert from 'assert';
          *
          * const obj1 = {
          *   a: {
-         *     b: 1,
-         *   },
+         *     b: 1
+         *   }
          * };
          * const obj2 = {
          *   a: {
-         *     b: 2,
-         *   },
+         *     b: 2
+         *   }
          * };
          * const obj3 = {
          *   a: {
-         *     b: 1,
-         *   },
+         *     b: 1
+         *   }
          * };
-         * const obj4 = { __proto__: obj1 };
+         * const obj4 = Object.create(obj1);
          *
          * assert.notDeepEqual(obj1, obj1);
          * // AssertionError: { a: { b: 1 } } notDeepEqual { a: { b: 1 } }
@@ -422,10 +362,10 @@ declare module "assert" {
         function notDeepEqual(actual: unknown, expected: unknown, message?: string | Error): void;
         /**
          * Tests strict equality between the `actual` and `expected` parameters as
-         * determined by [`Object.is()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is).
+         * determined by the [SameValue Comparison](https://tc39.github.io/ecma262/#sec-samevalue).
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.strictEqual(1, 2);
          * // AssertionError [ERR_ASSERTION]: Expected inputs to be strictly equal:
@@ -460,10 +400,10 @@ declare module "assert" {
         function strictEqual<T>(actual: unknown, expected: T, message?: string | Error): asserts actual is T;
         /**
          * Tests strict inequality between the `actual` and `expected` parameters as
-         * determined by [`Object.is()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is).
+         * determined by the [SameValue Comparison](https://tc39.github.io/ecma262/#sec-samevalue).
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.notStrictEqual(1, 2);
          * // OK
@@ -494,7 +434,7 @@ declare module "assert" {
          * Tests for deep strict inequality. Opposite of {@link deepStrictEqual}.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.notDeepStrictEqual({ a: 1 }, { a: '1' });
          * // OK
@@ -525,14 +465,14 @@ declare module "assert" {
          * Custom validation object/error instance:
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * const err = new TypeError('Wrong value');
          * err.code = 404;
          * err.foo = 'bar';
          * err.info = {
          *   nested: true,
-         *   baz: 'text',
+         *   baz: 'text'
          * };
          * err.reg = /abc/i;
          *
@@ -545,16 +485,16 @@ declare module "assert" {
          *     message: 'Wrong value',
          *     info: {
          *       nested: true,
-         *       baz: 'text',
-         *     },
+         *       baz: 'text'
+         *     }
          *     // Only properties on the validation object will be tested for.
          *     // Using nested objects requires all properties to be present. Otherwise
          *     // the validation is going to fail.
-         *   },
+         *   }
          * );
          *
          * // Using regular expressions to validate error properties:
-         * assert.throws(
+         * throws(
          *   () => {
          *     throw err;
          *   },
@@ -568,17 +508,17 @@ declare module "assert" {
          *     info: {
          *       nested: true,
          *       // It is not possible to use regular expressions for nested properties!
-         *       baz: 'text',
+         *       baz: 'text'
          *     },
          *     // The `reg` property contains a regular expression and only if the
          *     // validation object contains an identical regular expression, it is going
          *     // to pass.
-         *     reg: /abc/i,
-         *   },
+         *     reg: /abc/i
+         *   }
          * );
          *
          * // Fails due to the different `message` and `name` properties:
-         * assert.throws(
+         * throws(
          *   () => {
          *     const otherErr = new Error('Not found');
          *     // Copy all enumerable properties from `err` to `otherErr`.
@@ -589,20 +529,20 @@ declare module "assert" {
          *   },
          *   // The error's `message` and `name` properties will also be checked when using
          *   // an error as validation object.
-         *   err,
+         *   err
          * );
          * ```
          *
          * Validate instanceof using constructor:
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.throws(
          *   () => {
          *     throw new Error('Wrong value');
          *   },
-         *   Error,
+         *   Error
          * );
          * ```
          *
@@ -612,13 +552,13 @@ declare module "assert" {
          * therefore also include the error name.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.throws(
          *   () => {
          *     throw new Error('Wrong value');
          *   },
-         *   /^Error: Wrong value$/,
+         *   /^Error: Wrong value$/
          * );
          * ```
          *
@@ -628,7 +568,7 @@ declare module "assert" {
          * It will otherwise fail with an `AssertionError`.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.throws(
          *   () => {
@@ -644,7 +584,7 @@ declare module "assert" {
          *     // possible.
          *     return true;
          *   },
-         *   'unexpected error',
+         *   'unexpected error'
          * );
          * ```
          *
@@ -654,7 +594,7 @@ declare module "assert" {
          * a string as the second argument gets considered:
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * function throwingFirst() {
          *   throw new Error('First');
@@ -710,20 +650,20 @@ declare module "assert" {
          * propagated back to the caller.
          *
          * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
-         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions), or a validation
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) or a validation
          * function. See {@link throws} for more details.
          *
          * The following, for instance, will throw the `TypeError` because there is no
          * matching error type in the assertion:
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.doesNotThrow(
          *   () => {
          *     throw new TypeError('Wrong value');
          *   },
-         *   SyntaxError,
+         *   SyntaxError
          * );
          * ```
          *
@@ -731,27 +671,27 @@ declare module "assert" {
          * 'Got unwanted exception...':
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.doesNotThrow(
          *   () => {
          *     throw new TypeError('Wrong value');
          *   },
-         *   TypeError,
+         *   TypeError
          * );
          * ```
          *
          * If an `AssertionError` is thrown and a value is provided for the `message`parameter, the value of `message` will be appended to the `AssertionError` message:
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.doesNotThrow(
          *   () => {
          *     throw new TypeError('Wrong value');
          *   },
          *   /Wrong value/,
-         *   'Whoops',
+         *   'Whoops'
          * );
          * // Throws: AssertionError: Got unwanted exception: Whoops
          * ```
@@ -765,7 +705,7 @@ declare module "assert" {
          * from the error passed to `ifError()` including the potential new frames for`ifError()` itself.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.ifError(null);
          * // OK
@@ -811,7 +751,7 @@ declare module "assert" {
          * If specified, `message` will be the message provided by the `AssertionError` if the `asyncFn` fails to reject.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * await assert.rejects(
          *   async () => {
@@ -819,13 +759,13 @@ declare module "assert" {
          *   },
          *   {
          *     name: 'TypeError',
-         *     message: 'Wrong value',
-         *   },
+         *     message: 'Wrong value'
+         *   }
          * );
          * ```
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * await assert.rejects(
          *   async () => {
@@ -835,16 +775,16 @@ declare module "assert" {
          *     assert.strictEqual(err.name, 'TypeError');
          *     assert.strictEqual(err.message, 'Wrong value');
          *     return true;
-         *   },
+         *   }
          * );
          * ```
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.rejects(
          *   Promise.reject(new Error('Wrong value')),
-         *   Error,
+         *   Error
          * ).then(() => {
          *   // ...
          * });
@@ -857,11 +797,7 @@ declare module "assert" {
          * @since v10.0.0
          */
         function rejects(block: (() => Promise<unknown>) | Promise<unknown>, message?: string | Error): Promise<void>;
-        function rejects(
-            block: (() => Promise<unknown>) | Promise<unknown>,
-            error: AssertPredicate,
-            message?: string | Error,
-        ): Promise<void>;
+        function rejects(block: (() => Promise<unknown>) | Promise<unknown>, error: AssertPredicate, message?: string | Error): Promise<void>;
         /**
          * Awaits the `asyncFn` promise or, if `asyncFn` is a function, immediately
          * calls the function and awaits the returned promise to complete. It will then
@@ -878,24 +814,24 @@ declare module "assert" {
          * error messages as expressive as possible.
          *
          * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
-         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions), or a validation
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) or a validation
          * function. See {@link throws} for more details.
          *
          * Besides the async nature to await the completion behaves identically to {@link doesNotThrow}.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * await assert.doesNotReject(
          *   async () => {
          *     throw new TypeError('Wrong value');
          *   },
-         *   SyntaxError,
+         *   SyntaxError
          * );
          * ```
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.doesNotReject(Promise.reject(new TypeError('Wrong value')))
          *   .then(() => {
@@ -904,20 +840,13 @@ declare module "assert" {
          * ```
          * @since v10.0.0
          */
-        function doesNotReject(
-            block: (() => Promise<unknown>) | Promise<unknown>,
-            message?: string | Error,
-        ): Promise<void>;
-        function doesNotReject(
-            block: (() => Promise<unknown>) | Promise<unknown>,
-            error: AssertPredicate,
-            message?: string | Error,
-        ): Promise<void>;
+        function doesNotReject(block: (() => Promise<unknown>) | Promise<unknown>, message?: string | Error): Promise<void>;
+        function doesNotReject(block: (() => Promise<unknown>) | Promise<unknown>, error: AssertPredicate, message?: string | Error): Promise<void>;
         /**
          * Expects the `string` input to match the regular expression.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.match('I will fail', /pass/);
          * // AssertionError [ERR_ASSERTION]: The input did not match the regular ...
@@ -940,7 +869,7 @@ declare module "assert" {
          * Expects the `string` input not to match the regular expression.
          *
          * ```js
-         * import assert from 'node:assert/strict';
+         * import assert from 'assert/strict';
          *
          * assert.doesNotMatch('I will fail', /fail/);
          * // AssertionError [ERR_ASSERTION]: The input was expected to not match the ...
@@ -959,38 +888,25 @@ declare module "assert" {
          * @since v13.6.0, v12.16.0
          */
         function doesNotMatch(value: string, regExp: RegExp, message?: string | Error): void;
-        const strict:
-            & Omit<
-                typeof assert,
-                | "equal"
-                | "notEqual"
-                | "deepEqual"
-                | "notDeepEqual"
-                | "ok"
-                | "strictEqual"
-                | "deepStrictEqual"
-                | "ifError"
-                | "strict"
-            >
-            & {
-                (value: unknown, message?: string | Error): asserts value;
-                equal: typeof strictEqual;
-                notEqual: typeof notStrictEqual;
-                deepEqual: typeof deepStrictEqual;
-                notDeepEqual: typeof notDeepStrictEqual;
-                // Mapped types and assertion functions are incompatible?
-                // TS2775: Assertions require every name in the call target
-                // to be declared with an explicit type annotation.
-                ok: typeof ok;
-                strictEqual: typeof strictEqual;
-                deepStrictEqual: typeof deepStrictEqual;
-                ifError: typeof ifError;
-                strict: typeof strict;
-            };
+        const strict: Omit<typeof assert, 'equal' | 'notEqual' | 'deepEqual' | 'notDeepEqual' | 'ok' | 'strictEqual' | 'deepStrictEqual' | 'ifError' | 'strict'> & {
+            (value: unknown, message?: string | Error): asserts value;
+            equal: typeof strictEqual;
+            notEqual: typeof notStrictEqual;
+            deepEqual: typeof deepStrictEqual;
+            notDeepEqual: typeof notDeepStrictEqual;
+            // Mapped types and assertion functions are incompatible?
+            // TS2775: Assertions require every name in the call target
+            // to be declared with an explicit type annotation.
+            ok: typeof ok;
+            strictEqual: typeof strictEqual;
+            deepStrictEqual: typeof deepStrictEqual;
+            ifError: typeof ifError;
+            strict: typeof strict;
+        };
     }
     export = assert;
 }
-declare module "node:assert" {
-    import assert = require("assert");
+declare module 'node:assert' {
+    import assert = require('assert');
     export = assert;
 }

node_modules/@types/node/assert/strict.d.ts

@@ -1,8 +1,8 @@
-declare module "assert/strict" {
-    import { strict } from "node:assert";
+declare module 'assert/strict' {
+    import { strict } from 'node:assert';
     export = strict;
 }
-declare module "node:assert/strict" {
-    import { strict } from "node:assert";
+declare module 'node:assert/strict' {
+    import { strict } from 'node:assert';
     export = strict;
 }