Merge pull request #2286 from github/koesie10/ghec-dr-db-upload

Enable database uploads for GHEC-DR

.github/actions/check-codescanning-config/action.yml

@@ -29,7 +29,16 @@ inputs:
   tools:
     required: true
     description: |
-      The url of codeql to use.
+      The version of CodeQL passed to the `tools` input of the init action.
+      This can be any of the following:
+
+      - A local path to a tarball containing the CodeQL tools, or
+      - A URL to a GitHub release assets containing the CodeQL tools, or
+      - A special value `linked` which is forcing the use of the CodeQL tools
+        that the action has been bundled with.
+
+      If not specified, the Action will check in several places until it finds
+      the CodeQL tools.
 
 runs:
   using: composite

.github/actions/query-filter-test/action.yml

@@ -23,7 +23,16 @@ inputs:
   tools:
     required: true
     description: |
-      The url of codeql to use.
+      The version of CodeQL passed to the `tools` input of the init action.
+      This can be any of the following:
+
+      - A local path to a tarball containing the CodeQL tools, or
+      - A URL to a GitHub release assets containing the CodeQL tools, or
+      - A special value `linked` which is forcing the use of the CodeQL tools
+        that the action has been bundled with.
+
+      If not specified, the Action will check in several places until it finds
+      the CodeQL tools.
 
 runs:
   using: composite

.github/actions/release-initialise/action.yml

@@ -18,12 +18,12 @@ runs:
     - name: Set up Python
       uses: actions/setup-python@v5
       with:
-        python-version: 3.8
+        python-version: 3.12
 
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install PyGithub==1.55 requests
+        pip install PyGithub==2.3.0 requests
       shell: bash
 
     - name: Update git config

.github/update-release-branch.py

@@ -1,5 +1,6 @@
 import argparse
 import datetime
+import fileinput
 import re
 from github import Github
 import json
@@ -171,6 +172,19 @@ def get_current_version():
   with open('package.json', 'r') as f:
     return json.load(f)['version']
 
+# `npm version` doesn't always work because of merge conflicts, so we
+# replace the version in package.json textually.
+def replace_version_package_json(prev_version, new_version):
+  prev_line_is_codeql = False
+  for line in fileinput.input('package.json', inplace = True, encoding='utf-8'):
+    if prev_line_is_codeql and f'\"version\": \"{prev_version}\"' in line:
+      print(line.replace(prev_version, new_version), end='')
+    else:
+      prev_line_is_codeql = False
+      print(line, end='') 
+    if '\"name\": \"codeql\",' in line:
+        prev_line_is_codeql = True 
+
 def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
@@ -374,9 +388,9 @@ def main():
       run_git('commit', '--no-edit')
 
     # Migrate the package version number from a vLatest version number to a vOlder version number
-    print(f'Setting version number to {version}')
-    subprocess.check_output(['npm', 'version', version, '--no-git-tag-version'])
-    run_git('add', 'package.json', 'package-lock.json')
+    print(f'Setting version number to {version} in package.json')
+    replace_version_package_json(get_current_version(), version) # We rely on the `Update dependencies` workflow to update package-lock.json
+    run_git('add', 'package.json')
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
     print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')

.github/workflows/__all-platform-bundle.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   all-platform-bundle:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__analyze-ref-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   analyze-ref-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__autobuild-action.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   autobuild-action:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__autobuild-direct-tracing.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   autobuild-direct-tracing:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-autobuild.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-autobuild:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-manual.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-manual:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-none.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-none:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__build-mode-rollback.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   build-mode-rollback:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__config-export.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   config-export:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__config-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   config-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__cpp-deptrace-disabled.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-disabled:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-enabled-on-macos:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: macos-latest

.github/workflows/__cpp-deptrace-enabled.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   cpp-deptrace-enabled:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__diagnostics-export.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   diagnostics-export:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__export-file-baseline-information.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   export-file-baseline-information:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__extractor-ram-threads.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   extractor-ram-threads:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-custom-queries.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-custom-queries:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround-diagnostic:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround-no-file-program:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-indirect-tracing-workaround:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-autobuilder.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-autobuilder:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-custom-build-steps:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   go-tracing-legacy-workflow:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__init-with-registries.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   init-with-registries:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__javascript-source-root.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   javascript-source-root:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__language-aliases.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   language-aliases:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__multi-language-autodetect.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   multi-language-autodetect:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-codescanning-config-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-config-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-config-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-config-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-config-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__packaging-inputs-js.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   packaging-inputs-js:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__remote-config.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   remote-config:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__resolve-environment-action.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   resolve-environment-action:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__rubocop-multi-language.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   rubocop-multi-language:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__ruby.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   ruby:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__scaling-reserved-ram.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   scaling-reserved-ram:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__split-workflow.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   split-workflow:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__submit-sarif-failure.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   submit-sarif-failure:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__swift-custom-build.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   swift-custom-build:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-autobuild-working-dir.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-autobuild-working-dir:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-local-codeql.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-local-codeql:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__test-proxy.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   test-proxy:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__unset-environment.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   unset-environment:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__upload-ref-sha-input.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   upload-ref-sha-input:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/__with-checkout-path.yml

@@ -25,6 +25,7 @@ on:
 jobs:
   with-checkout-path:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest

.github/workflows/codeql.yml

@@ -73,6 +73,7 @@ jobs:
   build:
     needs: [check-codeql-versions]
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}

.github/workflows/codescanning-config-cli.yml

@@ -24,6 +24,7 @@ jobs:
     continue-on-error: true
 
     strategy:
+      fail-fast: false
       matrix:
         include:
         - os: ubuntu-latest

.github/workflows/debug-artifacts.yml

@@ -22,6 +22,7 @@ on:
 jobs:
   upload-artifacts:
     strategy:
+      fail-fast: false
       matrix:
         version:
         - stable-20230403

.github/workflows/pr-checks.yml

@@ -16,6 +16,7 @@ jobs:
     timeout-minutes: 45
 
     strategy:
+      fail-fast: false
       matrix:
         node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
 
@@ -89,6 +90,7 @@ jobs:
     name: Unit Test
     needs: [check-js, check-node-modules]
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}

.github/workflows/test-codeql-bundle-all.yml

@@ -22,6 +22,7 @@ on:
 jobs:
   test-codeql-bundle-all:
     strategy:
+      fail-fast: false
       matrix:
         include:
         - os: ubuntu-latest

CHANGELOG.md

@@ -8,6 +8,16 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
 
 No user facing changes.
 
+## 3.25.5 - 13 May 2024
+
+- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the [README.md](README.md). [#2273](https://github.com/github/codeql-action/pull/2273)
+- Avoid printing out a warning for a missing `on.push` trigger when the CodeQL Action is triggered via a `workflow_call` event. [#2274](https://github.com/github/codeql-action/pull/2274)
+- The `tools: latest` input to the `init` Action has been renamed to `tools: linked`. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. [#2281](https://github.com/github/codeql-action/pull/2281)
+
+## 3.25.4 - 08 May 2024
+
+- Update default CodeQL bundle version to 2.17.2. [#2270](https://github.com/github/codeql-action/pull/2270)
+
 ## 3.25.3 - 25 Apr 2024
 
 - Update default CodeQL bundle version to 2.17.1. [#2247](https://github.com/github/codeql-action/pull/2247)
@@ -30,7 +40,7 @@ No user facing changes.
 
   - The `setup-python-dependencies` input to the `init` Action
   - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
-  
+
   We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
 - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
 - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)

CONTRIBUTING.md

@@ -3,6 +3,7 @@
 [fork]: https://github.com/github/codeql-action/fork
 [pr]: https://github.com/github/codeql-action/compare
 [code-of-conduct]: CODE_OF_CONDUCT.md
+[readme]: README.md#supported-versions-of-the-codeql-cli-and-github-enterprise-server
 
 Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
 
@@ -84,6 +85,7 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH
 1. Notify users using the old version of CodeQL about the deprecation.
     - Update `CODEQL_NEXT_MINIMUM_VERSION`, `GHES_VERSION_MOST_RECENTLY_DEPRECATED`, and `GHES_MOST_RECENT_DEPRECATION_DATE` in `src/codeql.ts` to reflect the new minimum version of CodeQL and the GHES version that has just been deprecated.
     - Add a changelog note announcing the deprecation.
+    - Update the CLI version referenced in the [readme] by adding a new row to the compatibility table.
     - Example PR: https://github.com/github/codeql-action/pull/1884
 1. Release the Action, or wait for the next scheduled release of the Action, then wait at least a week so users have time to see and act on the deprecation warning.
 1. Remove support for the old version of CodeQL.

README.md

@@ -33,6 +33,22 @@ To provide the best experience to customers using older versions of GitHub Enter
 
 For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
 
+## Supported versions of the CodeQL CLI and GitHub Enterprise Server
+
+We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.
+
+| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
+|---------|----------|--------------|
+| `v3` | default (do not pass a `tools` input) | GitHub.com |
+| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
+| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
+| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
+| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |
+
+CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.
+
+See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
+
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).

init/action.yml

@@ -3,9 +3,19 @@ description: 'Set up CodeQL'
 author: 'GitHub'
 inputs:
   tools:
-    description: URL of CodeQL tools
+    description: >-
+      By default, the Action will use the recommended version of the CodeQL
+      Bundle to analyze your project. You can override this choice using this
+      input. One of:
+
+      - A local path to a CodeQL Bundle tarball, or
+      - The URL of a CodeQL Bundle tarball GitHub release asset, or
+      - A special value `linked` which uses the version of the CodeQL tools
+        that the Action has been bundled with.
+
+      If not specified, the Action will check in several places until it finds
+      the CodeQL tools.
     required: false
-    # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
     description: >-
       A comma-separated list of CodeQL languages to analyze.

lib/analyze.js

@@ -225,13 +225,10 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, f
     }
     await fs.promises.mkdir(outputDir, { recursive: true });
     const timings = await finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger);
-    // WARNING: This does not _really_ end tracing, as the tracer will restore its
-    // critical environment variables and it'll still be active for all processes
-    // launched from this build step.
-    // However, it will stop tracing for all steps past the codeql-action/analyze
-    // step.
-    // Delete variables as specified by the end-tracing script
-    await (0, tracer_config_1.endTracingForCluster)(codeql, config, features);
+    // If we didn't already end tracing in the autobuild Action, end it now.
+    if (process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
+    }
     return timings;
 }
 exports.runFinalize = runFinalize;

lib/autobuild-action.js

@@ -34,6 +34,7 @@ const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const status_report_1 = require("./status-report");
+const tracer_config_1 = require("./tracer-config");
 const util_1 = require("./util");
 async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
@@ -81,6 +82,9 @@ async function run() {
                 await (0, autobuild_1.runAutobuild)(config, language, features, logger);
             }
         }
+        // End tracing early to avoid tracing analyze. This improves the performance and reliability of
+        // the analyze step.
+        await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
     }
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/autobuild.js

@@ -141,11 +141,11 @@ async function runAutobuild(config, language, features, logger) {
         await setupCppAutobuild(codeQL, logger);
     }
     if (config.buildMode &&
-        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, codeQL))) {
+        (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeQL))) {
         await codeQL.extractUsingBuildMode(config, language);
     }
     else {
-        await codeQL.runAutobuild(config, language, features);
+        await codeQL.runAutobuild(config, language);
     }
     if (language === languages_1.Language.go) {
         core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true");

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC,EACxE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,EACjE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}

lib/cli-errors.js

@@ -117,6 +117,7 @@ function ensureEndsInPeriod(text) {
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
     CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
+    CliConfigErrorCategory["GracefulOutOfMemory"] = "GracefulOutOfMemory";
     CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
     CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
     CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice";
@@ -127,6 +128,7 @@ var CliConfigErrorCategory;
     CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen";
     CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded";
     CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
+    CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
     CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
     CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
 })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
@@ -140,6 +142,9 @@ exports.cliErrorsConfig = {
             new RegExp("Failed to clone external Git repository"),
         ],
     },
+    [CliConfigErrorCategory.GracefulOutOfMemory]: {
+        cliErrorMessageCandidates: [new RegExp("CodeQL is out of memory.")],
+    },
     [CliConfigErrorCategory.GradleBuildFailed]: {
         cliErrorMessageCandidates: [
             new RegExp("[autobuild] FAILURE: Build failed with an exception."),
@@ -195,6 +200,11 @@ exports.cliErrorsConfig = {
             new RegExp("No supported build system detected"),
         ],
     },
+    [CliConfigErrorCategory.PackCannotBeFound]: {
+        cliErrorMessageCandidates: [
+            new RegExp("Query pack .* cannot be found\\. Check the spelling of the pack\\."),
+        ],
+    },
     [CliConfigErrorCategory.SwiftBuildFailed]: {
         cliErrorMessageCandidates: [
             new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),

lib/codeql.js

@@ -297,19 +297,8 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 }),
             ], { stdin: externalRepositoryToken });
         },
-        async runAutobuild(config, language, features) {
+        async runAutobuild(config, language) {
             applyAutobuildAzurePipelinesTimeoutFix();
-            if (await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, this)) {
-                await runTool(cmd, [
-                    "database",
-                    "trace-command",
-                    ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
-                    ...getExtractionVerbosityArguments(config.debugMode),
-                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                    util.getCodeQLDatabasePath(config, language),
-                ]);
-                return;
-            }
             const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
             // Bump the verbosity of the autobuild command if we're in debug mode
             if (config.debugMode) {

lib/codeql.test.js

@@ -572,7 +572,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java, (0, testing_utils_1.createFeatures)([])), {
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
         instanceOf: cli_errors_1.CommandInvocationError,
         message: "We were unable to automatically build your code. Please provide manual build steps. " +
             "For more information, see " +
@@ -591,7 +591,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java, (0, testing_utils_1.createFeatures)([])), {
+    await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
         instanceOf: cli_errors_1.CommandInvocationError,
         message: "We were unable to automatically build your code. Please provide manual build steps. " +
             "For more information, see " +

lib/database-upload.js

@@ -36,8 +36,9 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
         return;
     }
     // Do nothing when not running against github.com
-    if (config.gitHubVersion.type !== util.GitHubVariant.DOTCOM) {
-        logger.debug("Not running against github.com. Skipping upload.");
+    if (config.gitHubVersion.type !== util.GitHubVariant.DOTCOM &&
+        config.gitHubVersion.type !== util.GitHubVariant.GHE_DOTCOM) {
+        logger.debug("Not running against github.com or GHEC-DR. Skipping upload.");
         return;
     }
     if (!(await actionsUtil.isAnalyzingDefaultBranch())) {
@@ -47,6 +48,14 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
     }
     const client = (0, api_client_1.getApiClient)();
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    const uploadsUrl = new URL((0, util_1.parseGitHubUrl)(apiDetails.url));
+    uploadsUrl.hostname = `uploads.${uploadsUrl.hostname}`;
+    // Octokit expects the baseUrl to not have a trailing slash,
+    // but it is included by default in a URL.
+    let uploadsBaseUrl = uploadsUrl.toString();
+    if (uploadsBaseUrl.endsWith("/")) {
+        uploadsBaseUrl = uploadsBaseUrl.slice(0, -1);
+    }
     for (const language of config.languages) {
         try {
             // Upload the database bundle.
@@ -58,7 +67,8 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
             const bundledDbReadStream = fs.createReadStream(bundledDb);
             const commitOid = await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path"));
             try {
-                await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`, {
+                await client.request(`POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`, {
+                    baseUrl: uploadsBaseUrl,
                     owner: repositoryNwo.owner,
                     repo: repositoryNwo.repo,
                     language,

lib/database-upload.js.map

@@ -1 +1 @@
-{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE,CAAC;QACpD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,+HAA+H,EAC/H;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC;AAjED,0CAiEC"}
+{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkD;AAE3C,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,iDAAiD;IACjD,IACE,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM;QACvD,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAC3D,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE,CAAC;QACpD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,UAAU,CAAC,QAAQ,GAAG,WAAW,UAAU,CAAC,QAAQ,EAAE,CAAC;IAEvD,4DAA4D;IAC5D,0CAA0C;IAC1C,IAAI,cAAc,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IAC3C,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,qGAAqG,EACrG;oBACE,OAAO,EAAE,cAAc;oBACvB,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC;AA/ED,0CA+EC"}

lib/database-upload.test.js

@@ -57,7 +57,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
     // Passing an auth token is required, so we just use a dummy value
     const client = github.getOctokit("123");
     const requestSpy = sinon.stub(client, "request");
-    const url = "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid";
+    const url = "POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid";
     const databaseUploadSpy = requestSpy.withArgs(url);
     if (databaseUploadStatusCode < 300) {
         databaseUploadSpy.resolves(undefined);
@@ -66,6 +66,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
         databaseUploadSpy.throws(new util_1.HTTPError("some error message", databaseUploadStatusCode));
     }
     sinon.stub(apiClient, "getApiClient").value(() => client);
+    return databaseUploadSpy;
 }
 (0, ava_1.default)("Abort database upload if 'upload-database' input set to false", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
@@ -95,7 +96,8 @@ async function mockHttpRequests(databaseUploadStatusCode) {
         const loggedMessages = [];
         await (0, database_upload_1.uploadDatabases)(testRepoName, config, testApiDetails, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
         t.assert(loggedMessages.find((v) => v.type === "debug" &&
-            v.message === "Not running against github.com. Skipping upload.") !== undefined);
+            v.message ===
+                "Not running against github.com or GHEC-DR. Skipping upload.") !== undefined);
     });
 });
 (0, ava_1.default)("Abort database upload if not analyzing default branch", async (t) => {
@@ -133,7 +135,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
                 "Failed to upload database for javascript: Error: some error message") !== undefined);
     });
 });
-(0, ava_1.default)("Successfully uploading a database to api.github.com", async (t) => {
+(0, ava_1.default)("Successfully uploading a database to github.com", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         sinon
@@ -153,7 +155,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
             v.message === "Successfully uploaded database for javascript") !== undefined);
     });
 });
-(0, ava_1.default)("Successfully uploading a database to uploads.github.com", async (t) => {
+(0, ava_1.default)("Successfully uploading a database to GHEC-DR", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         sinon
@@ -161,16 +163,21 @@ async function mockHttpRequests(databaseUploadStatusCode) {
             .withArgs("upload-database")
             .returns("true");
         sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
-        await mockHttpRequests(201);
+        const databaseUploadSpy = await mockHttpRequests(201);
         (0, codeql_1.setCodeQL)({
             async databaseBundle(_, outputFilePath) {
                 fs.writeFileSync(outputFilePath, "");
             },
         });
         const loggedMessages = [];
-        await (0, database_upload_1.uploadDatabases)(testRepoName, getTestConfig(tmpDir), testApiDetails, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
+        await (0, database_upload_1.uploadDatabases)(testRepoName, getTestConfig(tmpDir), {
+            auth: "1234",
+            url: "https://tenant.ghe.com",
+            apiURL: undefined,
+        }, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
         t.assert(loggedMessages.find((v) => v.type === "debug" &&
             v.message === "Successfully uploaded database for javascript") !== undefined);
+        t.assert(databaseUploadSpy.calledOnceWith(sinon.match.string, sinon.match.has("baseUrl", "https://uploads.tenant.ghe.com")));
     });
 });
 //# sourceMappingURL=database-upload.test.js.map

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.17.1",
-    "cliVersion": "2.17.1",
-    "priorBundleVersion": "codeql-bundle-v2.17.0",
-    "priorCliVersion": "2.17.0"
+    "bundleVersion": "codeql-bundle-v2.17.2",
+    "cliVersion": "2.17.2",
+    "priorBundleVersion": "codeql-bundle-v2.17.1",
+    "priorCliVersion": "2.17.1"
 }

lib/feature-flags.js

@@ -45,12 +45,11 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
 /**
  * Feature enablement as returned by the GitHub API endpoint.
  *
- * Each value of this enum should end with `_enabled`.
+ * Legacy features should end with `_enabled`.
  */
 var Feature;
 (function (Feature) {
-    Feature["AutobuildDirectTracingEnabled"] = "autobuild_direct_tracing_enabled";
-    Feature["CliSarifMerge"] = "cli_sarif_merge_enabled";
+    Feature["AutobuildDirectTracing"] = "autobuild_direct_tracing";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["CppTrapCachingEnabled"] = "cpp_trap_caching_enabled";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
@@ -59,47 +58,47 @@ var Feature;
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
-    [Feature.AutobuildDirectTracingEnabled]: {
+    [Feature.AutobuildDirectTracing]: {
+        defaultValue: false,
         envVar: "CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING",
         minimumVersion: undefined,
         toolsFeature: tools_features_1.ToolsFeature.TraceCommandUseBuildMode,
-        defaultValue: false,
-    },
-    [Feature.CliSarifMerge]: {
-        envVar: "CODEQL_ACTION_CLI_SARIF_MERGE",
-        // This is guarded by a `supportsFeature` check rather than by a version check.
-        minimumVersion: undefined,
-        defaultValue: false,
     },
     [Feature.CppDependencyInstallation]: {
-        envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
-        minimumVersion: "2.15.0",
         defaultValue: false,
+        envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
+        legacyApi: true,
+        minimumVersion: "2.15.0",
     },
     [Feature.CppTrapCachingEnabled]: {
-        envVar: "CODEQL_CPP_TRAP_CACHING",
-        minimumVersion: "2.16.1",
         defaultValue: false,
+        envVar: "CODEQL_CPP_TRAP_CACHING",
+        legacyApi: true,
+        minimumVersion: "2.16.1",
     },
     [Feature.DisableJavaBuildlessEnabled]: {
-        envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.DisableKotlinAnalysisEnabled]: {
-        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.ExportDiagnosticsEnabled]: {
-        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
-        minimumVersion: undefined,
         defaultValue: true,
+        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
     [Feature.QaTelemetryEnabled]: {
-        envVar: "CODEQL_ACTION_QA_TELEMETRY",
-        minimumVersion: undefined,
         defaultValue: false,
+        envVar: "CODEQL_ACTION_QA_TELEMETRY",
+        legacyApi: true,
+        minimumVersion: undefined,
     },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
@@ -315,13 +314,20 @@ class GitHubFeatureFlags {
             return {};
         }
         try {
+            const featuresToRequest = Object.entries(exports.featureConfig)
+                .filter(([, config]) => !config.legacyApi)
+                .map(([f]) => f)
+                .join(",");
             const response = await (0, api_client_1.getApiClient)().request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
                 owner: this.repositoryNwo.owner,
                 repo: this.repositoryNwo.repo,
+                features: featuresToRequest,
             });
             const remoteFlags = response.data;
-            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API: " +
-                `${JSON.stringify(remoteFlags)}`);
+            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API:");
+            for (const [feature, value] of Object.entries(remoteFlags).sort(([nameA], [nameB]) => nameA.localeCompare(nameB))) {
+                this.logger.debug(`  ${feature}: ${value}`);
+            }
             this.hasAccessedRemoteFeatureFlags = true;
             return remoteFlags;
         }

lib/feature-flags.test.js

@@ -331,9 +331,18 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
                 "Ignoring feature flag default_codeql_version_2_20_invalid_enabled as it does not specify a valid CodeQL version.") !== undefined);
     });
 });
-(0, ava_1.default)("feature flags should end with _enabled", async (t) => {
-    for (const feature of Object.values(feature_flags_1.Feature)) {
-        t.assert(feature.endsWith("_enabled"), `${feature} should end with '_enabled'`);
+(0, ava_1.default)("legacy feature flags should end with _enabled", async (t) => {
+    for (const [feature, config] of Object.entries(feature_flags_1.featureConfig)) {
+        if (config.legacyApi) {
+            t.assert(feature.endsWith("_enabled"), `legacy feature ${feature} should end with '_enabled'`);
+        }
+    }
+});
+(0, ava_1.default)("non-legacy feature flags should not end with _enabled", async (t) => {
+    for (const [feature, config] of Object.entries(feature_flags_1.featureConfig)) {
+        if (!config.legacyApi) {
+            t.false(feature.endsWith("_enabled"), `non-legacy feature ${feature} should not end with '_enabled'`);
+        }
     }
 });
 function assertAllFeaturesUndefinedInApi(t, loggedMessages) {

lib/setup-codeql.js

@@ -52,6 +52,7 @@ var ToolsSource;
     ToolsSource["Download"] = "DOWNLOAD";
 })(ToolsSource || (exports.ToolsSource = ToolsSource = {}));
 exports.CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
+const CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"];
 function getCodeQLBundleName() {
     let platform;
     if (process.platform === "win32") {
@@ -222,7 +223,10 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
     return undefined;
 }
 async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, logger) {
-    if (toolsInput && toolsInput !== "latest" && !toolsInput.startsWith("http")) {
+    if (toolsInput &&
+        !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) &&
+        !toolsInput.startsWith("http")) {
+        logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
         return {
             codeqlTarPath: toolsInput,
             sourceType: "local",
@@ -232,14 +236,21 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
     /**
      * Whether the tools shipped with the Action, i.e. those in `defaults.json`, have been forced.
      *
-     * We use the special value of 'latest' to prioritize the version in `defaults.json` over the
+     * We use the special value of 'linked' to prioritize the version in `defaults.json` over the
      * version specified by the feature flags on Dotcom and over any pinned cached version on
      * Enterprise Server.
+     *
+     * Previously we have been using 'latest' to force the shipped tools, but this was not clear
+     * enough for the users, so it has been changed to `linked`. We're keeping around `latest` for
+     * backwards compatibility.
      */
-    const forceShippedTools = toolsInput === "latest";
+    const forceShippedTools = toolsInput && CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput);
     if (forceShippedTools) {
-        logger.info("Overriding the version of the CodeQL tools by the version shipped with the Action since " +
-            `"tools: latest" was requested.`);
+        logger.info(`Overriding the version of the CodeQL tools by ${defaultCliVersion.cliVersion}, the version shipped with the Action since ` +
+            `tools: ${toolsInput} was requested.`);
+        if (toolsInput === "latest") {
+            logger.warning("`tools: latest` has been renamed to `tools: linked`, but the old name is still supported for now. No action is required.");
+        }
     }
     /** CLI version number, for example 2.12.6. */
     let cliVersion;
@@ -329,6 +340,12 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
         logger.info(`Did not find CodeQL tools version ${humanReadableVersion} in the toolcache.`);
     }
     if (codeqlFolder) {
+        if (cliVersion) {
+            logger.info(`Using CodeQL CLI version ${cliVersion} from toolcache at ${codeqlFolder}`);
+        }
+        else {
+            logger.info(`Using CodeQL CLI from toolcache at ${codeqlFolder}`);
+        }
         return {
             codeqlFolder,
             sourceType: "toolcache",
@@ -349,6 +366,12 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
     if (!url) {
         url = await getCodeQLBundleDownloadURL(tagName, apiDetails, logger);
     }
+    if (cliVersion) {
+        logger.info(`Using CodeQL CLI version ${cliVersion} sourced from ${url}.`);
+    }
+    else {
+        logger.info(`Using CodeQL CLI sourced from ${url}.`);
+    }
     return {
         bundleVersion: tagName && tryGetBundleVersionFromTagName(tagName, logger),
         cliVersion,
@@ -373,7 +396,9 @@ async function tryGetFallbackToolcacheVersion(cliVersion, tagName, logger) {
     return fallbackVersion;
 }
 exports.tryGetFallbackToolcacheVersion = tryGetFallbackToolcacheVersion;
-async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, variant, tempDir, logger) {
+// Exported using `export const` for testing purposes. Specifically, we want to
+// be able to stub this function and have other functions in this file use that stub.
+const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, variant, tempDir, logger) {
     const parsedCodeQLURL = new URL(codeqlURL);
     const searchParams = new URLSearchParams(parsedCodeQLURL.search);
     const headers = {
@@ -436,7 +461,7 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
         codeqlFolder: toolcachedBundlePath,
         toolsDownloadDurationMs,
     };
-}
+};
 exports.downloadCodeQL = downloadCodeQL;
 function getCodeQLURLVersion(url) {
     const match = url.match(/\/codeql-bundle-(.*)\//);
@@ -503,7 +528,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
             toolsSource = ToolsSource.Toolcache;
             break;
         case "download": {
-            const result = await downloadCodeQL(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, variant, tempDir, logger);
+            const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, variant, tempDir, logger);
             toolsVersion = result.toolsVersion;
             codeqlFolder = result.codeqlFolder;
             toolsDownloadDurationMs = result.toolsDownloadDurationMs;

lib/setup-codeql.test.js

@@ -84,4 +84,74 @@ ava_1.default.beforeEach(() => {
         t.is(source["cliVersion"], "1.2.3");
     });
 });
+(0, ava_1.default)("getCodeQLSource correctly returns bundled CLI version when tools == linked", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const source = await setupCodeql.getCodeQLSource("linked", testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, util_1.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true));
+        t.is(source.toolsVersion, testing_utils_1.LINKED_CLI_VERSION.cliVersion);
+        t.is(source.sourceType, "download");
+    });
+});
+(0, ava_1.default)("getCodeQLSource correctly returns bundled CLI version when tools == latest", async (t) => {
+    const loggedMessages = [];
+    const logger = (0, testing_utils_1.getRecordingLogger)(loggedMessages);
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const source = await setupCodeql.getCodeQLSource("latest", testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, util_1.GitHubVariant.DOTCOM, logger);
+        // First, ensure that the CLI version is the linked version, so that backwards
+        // compatibility is maintained.
+        t.is(source.toolsVersion, testing_utils_1.LINKED_CLI_VERSION.cliVersion);
+        t.is(source.sourceType, "download");
+        // Afterwards, ensure that we see the deprecation message in the log.
+        const expected_message = "`tools: latest` has been renamed to `tools: linked`, but the old name is still supported for now. No action is required.";
+        t.assert(loggedMessages.some((msg) => typeof msg.message === "string" &&
+            msg.message.includes(expected_message)));
+    });
+});
+(0, ava_1.default)("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use linked tools", async (t) => {
+    const loggedMessages = [];
+    const logger = (0, testing_utils_1.getRecordingLogger)(loggedMessages);
+    // Stub the downloadCodeQL function to prevent downloading artefacts
+    // during testing from being called.
+    sinon.stub(setupCodeql, "downloadCodeQL").resolves({
+        toolsVersion: testing_utils_1.LINKED_CLI_VERSION.cliVersion,
+        codeqlFolder: "codeql",
+        toolsDownloadDurationMs: 200,
+    });
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const result = await setupCodeql.setupCodeQLBundle("linked", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
+        // Basic sanity check that the version we got back is indeed
+        // the linked (default) CLI version.
+        t.is(result.toolsVersion, testing_utils_1.LINKED_CLI_VERSION.cliVersion);
+        // Ensure message logging CodeQL CLI version was present in user logs.
+        const expected_message = `Using CodeQL CLI version ${testing_utils_1.LINKED_CLI_VERSION.cliVersion}`;
+        t.assert(loggedMessages.some((msg) => typeof msg.message === "string" &&
+            msg.message.includes(expected_message)));
+    });
+});
+(0, ava_1.default)("setupCodeQLBundle logs the CodeQL CLI version being used when asked to download a non-default bundle", async (t) => {
+    const loggedMessages = [];
+    const logger = (0, testing_utils_1.getRecordingLogger)(loggedMessages);
+    const bundleUrl = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.16.0/codeql-bundle-linux64.tar.gz";
+    const expectedVersion = "2.16.0";
+    // Stub the downloadCodeQL function to prevent downloading artefacts
+    // during testing from being called.
+    sinon.stub(setupCodeql, "downloadCodeQL").resolves({
+        toolsVersion: expectedVersion,
+        codeqlFolder: "codeql",
+        toolsDownloadDurationMs: 200,
+    });
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const result = await setupCodeql.setupCodeQLBundle(bundleUrl, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
+        // Basic sanity check that the version we got back is indeed the version that the
+        // bundle contains..
+        t.is(result.toolsVersion, expectedVersion);
+        // Ensure message logging CodeQL CLI version was present in user logs.
+        const expected_message = `Using CodeQL CLI version 2.16.0 sourced from ${bundleUrl}.`;
+        t.assert(loggedMessages.some((msg) => typeof msg.message === "string" &&
+            msg.message.includes(expected_message)));
+    });
+});
 //# sourceMappingURL=setup-codeql.test.js.map

lib/testing-utils.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createTestConfig = exports.mockBundleDownloadApi = exports.createFeatures = exports.mockCodeQLVersion = exports.makeVersionInfo = exports.mockLanguagesInRepo = exports.mockFeatureFlagApiEndpoint = exports.getRecordingLogger = exports.setupActionsVars = exports.setupTests = exports.SAMPLE_DEFAULT_CLI_VERSION = exports.SAMPLE_DOTCOM_API_DETAILS = void 0;
+exports.createTestConfig = exports.mockBundleDownloadApi = exports.createFeatures = exports.mockCodeQLVersion = exports.makeVersionInfo = exports.mockLanguagesInRepo = exports.mockFeatureFlagApiEndpoint = exports.getRecordingLogger = exports.setupActionsVars = exports.setupTests = exports.LINKED_CLI_VERSION = exports.SAMPLE_DEFAULT_CLI_VERSION = exports.SAMPLE_DOTCOM_API_DETAILS = void 0;
 const node_util_1 = require("node:util");
 const path_1 = __importDefault(require("path"));
 const github = __importStar(require("@actions/github"));
@@ -34,6 +34,7 @@ const nock_1 = __importDefault(require("nock"));
 const sinon = __importStar(require("sinon"));
 const apiClient = __importStar(require("./api-client"));
 const codeql = __importStar(require("./codeql"));
+const defaults = __importStar(require("./defaults.json"));
 const util_1 = require("./util");
 exports.SAMPLE_DOTCOM_API_DETAILS = {
     auth: "token",
@@ -44,6 +45,10 @@ exports.SAMPLE_DEFAULT_CLI_VERSION = {
     cliVersion: "2.20.0",
     tagName: "codeql-bundle-v2.20.0",
 };
+exports.LINKED_CLI_VERSION = {
+    cliVersion: defaults.cliVersion,
+    tagName: defaults.bundleVersion,
+};
 function wrapOutput(context) {
     // Function signature taken from Socket.write.
     // Note there are two overloads:

lib/tracer-config.js

@@ -33,13 +33,23 @@ const util_1 = require("./util");
 async function shouldEnableIndirectTracing(codeql, config, features) {
     return ((!config.buildMode ||
         config.buildMode === util_1.BuildMode.Manual ||
-        !(await features.getValue(feature_flags_1.Feature.AutobuildDirectTracingEnabled, codeql))) &&
+        !(await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeql))) &&
         config.languages.some((l) => (0, languages_1.isTracedLanguage)(l)));
 }
 exports.shouldEnableIndirectTracing = shouldEnableIndirectTracing;
-async function endTracingForCluster(codeql, config, features) {
+/**
+ * Delete variables as specified by the end-tracing script
+ *
+ * WARNING: This does not _really_ end tracing, as the tracer will restore its
+ * critical environment variables and it'll still be active for all processes
+ * launched from this build step.
+ *
+ * However, it will stop tracing for all steps past the current build step.
+ */
+async function endTracingForCluster(codeql, config, logger, features) {
     if (!(await shouldEnableIndirectTracing(codeql, config, features)))
         return;
+    logger.info("Unsetting build tracing environment variables. Subsequent steps of this job will not be traced.");
     const envVariablesFile = path.resolve(config.dbLocation, "temp/tracingEnvironment/end-tracing.json");
     if (!fs.existsSync(envVariablesFile)) {
         throw new Error(`Environment file for ending tracing not found: ${envVariablesFile}`);

lib/tracer-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,mDAA6D;AAC7D,2CAA+C;AAC/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM;QACrC,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CACvB,uBAAO,CAAC,6BAA6B,EACrC,MAAM,CACP,CAAC,CAAC;QACL,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAClD,CAAC;AACJ,CAAC;AAdD,kEAcC;AAEM,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO;IAE3E,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAhCD,oDAgCC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAfD,8DAeC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IAEnB,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA7BD,0DA6BC"}
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,mDAA6D;AAC7D,2CAA+C;AAE/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,OAAO,CACL,CAAC,CAAC,MAAM,CAAC,SAAS;QAChB,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM;QACrC,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,CAAC;QACrE,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAClD,CAAC;AACJ,CAAC;AAXD,kEAWC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO;IAE3E,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AArCD,oDAqCC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAfD,8DAeC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc,EACd,QAA2B;IAE3B,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IAEnB,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA7BD,0DA6BC"}

lib/upload-lib.js

@@ -26,13 +26,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidSarifUploadError = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = void 0;
+exports.InvalidSarifUploadError = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = exports.shouldShowCombineSarifFilesDeprecationWarning = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const file_url_1 = __importDefault(require("file-url"));
 const jsonschema = __importStar(require("jsonschema"));
+const semver = __importStar(require("semver"));
 const actionsUtil = __importStar(require("./actions-util"));
 const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
@@ -73,14 +74,55 @@ function combineSarifFiles(sarifFiles, logger) {
 }
 /**
  * Checks whether all the runs in the given SARIF files were produced by CodeQL.
- * @param sarifFiles The list of SARIF files to check.
+ * @param sarifObjects The list of SARIF objects to check.
  */
-function areAllRunsProducedByCodeQL(sarifFiles) {
-    return sarifFiles.every((sarifFile) => {
-        const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
+function areAllRunsProducedByCodeQL(sarifObjects) {
+    return sarifObjects.every((sarifObject) => {
         return sarifObject.runs?.every((run) => run.tool?.driver?.name === "CodeQL");
     });
 }
+function createRunKey(run) {
+    return {
+        name: run.tool?.driver?.name,
+        fullName: run.tool?.driver?.fullName,
+        version: run.tool?.driver?.version,
+        semanticVersion: run.tool?.driver?.semanticVersion,
+        guid: run.tool?.driver?.guid,
+        automationId: run.automationDetails?.id,
+    };
+}
+/**
+ * Checks whether all runs in the given SARIF files are unique (based on the
+ * criteria used by Code Scanning to determine analysis categories).
+ * @param sarifObjects The list of SARIF objects to check.
+ */
+function areAllRunsUnique(sarifObjects) {
+    const keys = new Set();
+    for (const sarifObject of sarifObjects) {
+        for (const run of sarifObject.runs) {
+            const key = JSON.stringify(createRunKey(run));
+            // If the key already exists, the runs are not unique.
+            if (keys.has(key)) {
+                return false;
+            }
+            keys.add(key);
+        }
+    }
+    return true;
+}
+// Checks whether the deprecation warning for combining SARIF files should be shown.
+async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) {
+    // Do not show this warning on GHES versions before 3.14.0
+    if (githubVersion.type === util_1.GitHubVariant.GHES &&
+        semver.lt(githubVersion.version, "3.14.0")) {
+        return false;
+    }
+    // Only give a deprecation warning when not all runs are unique and
+    // we haven't already shown the warning.
+    return (!areAllRunsUnique(sarifObjects) &&
+        !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING);
+}
+exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
 // Takes a list of paths to sarif files and combines them together using the
 // CLI `github merge-results` command when all SARIF files are produced by
 // CodeQL. Otherwise, it will fall back to combining the files in the action.
@@ -90,8 +132,19 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     if (sarifFiles.length === 1) {
         return JSON.parse(fs.readFileSync(sarifFiles[0], "utf8"));
     }
-    if (!areAllRunsProducedByCodeQL(sarifFiles)) {
+    const sarifObjects = sarifFiles.map((sarifFile) => {
+        return JSON.parse(fs.readFileSync(sarifFile, "utf8"));
+    });
+    const deprecationWarningMessage = gitHubVersion.type === util_1.GitHubVariant.GHES
+        ? "and will be removed in GitHub Enterprise Server 3.18"
+        : "and will be removed on June 4, 2025";
+    const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
+    if (!areAllRunsProducedByCodeQL(sarifObjects)) {
         logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
+        if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
+            logger.warning(`Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
+            core.exportVariable("CODEQL_MERGE_SARIF_DEPRECATION_WARNING", "true");
+        }
         // If not, use the naive method of combining the files.
         return combineSarifFiles(sarifFiles, logger);
     }
@@ -119,6 +172,10 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     }
     if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
         logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
+        if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
+            logger.warning(`Uploading multiple CodeQL runs with the same category is deprecated ${deprecationWarningMessage} for CodeQL CLI 2.16.6 and earlier. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. ${deprecationMoreInformationMessage}`);
+            core.exportVariable("CODEQL_MERGE_SARIF_DEPRECATION_WARNING", "true");
+        }
         return combineSarifFiles(sarifFiles, logger);
     }
     const baseTempDir = path.resolve(tempDir, "combined-sarif");
@@ -341,9 +398,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
     for (const file of sarifFiles) {
         validateSarifFileSchema(file, logger);
     }
-    let sarif = (await features.getValue(feature_flags_1.Feature.CliSarifMerge))
-        ? await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger)
-        : combineSarifFiles(sarifFiles, logger);
+    let sarif = await combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger);
     sarif = await fingerprints.addFingerprints(sarif, sourceRoot, logger);
     sarif = populateRunAutomationDetails(sarif, category, analysisKey, environment);
     const toolNames = util.getToolNames(sarif);
@@ -462,6 +517,8 @@ function shouldConsiderConfigurationError(processingErrors) {
  */
 function shouldConsiderInvalidRequest(processingErrors) {
     return processingErrors.every((error) => error.startsWith("rejecting SARIF") ||
+        error.startsWith("an invalid URI was provided as a SARIF location") ||
+        error.startsWith("locationFromSarifResult: expected artifact location") ||
         error.startsWith("could not convert rules: invalid security severity value, is not a number") ||
         /^SARIF URI scheme [^\s]* did not match the checkout URI scheme [^\s]*/.test(error));
 }

lib/upload-lib.test.js

@@ -195,6 +195,44 @@ ava_1.default.beforeEach(() => {
     t.deepEqual(loggedMessages.length, 2);
     t.deepEqual(loggedMessages[1], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
 });
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when on dotcom", async (t) => {
+    t.true(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.13", async (t) => {
+    t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.13.2",
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.14", async (t) => {
+    t.true(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.14.0",
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning with only 1 run", async (t) => {
+    t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning with distinct categories", async (t) => {
+    t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("def", "def")], {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning with distinct tools", async (t) => {
+    t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "abc"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when environment variable is already set", async (t) => {
+    process.env["CODEQL_MERGE_SARIF_DEPRECATION_WARNING"] = "true";
+    t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
 function createMockSarif(id, tool) {
     return {
         runs: [

lib/workflow.js

@@ -35,9 +35,6 @@ const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
 const environment_1 = require("./environment");
 const util_1 = require("./util");
-function isObject(o) {
-    return o !== null && typeof o === "object";
-}
 const GLOB_PATTERN = new RegExp("(\\*\\*?)");
 function escapeRegExp(string) {
     return string.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"); // $& means the whole matched string
@@ -144,35 +141,31 @@ async function getWorkflowErrors(doc, codeql) {
             }
         }
     }
-    let missingPush = false;
-    if (doc.on === undefined) {
-        // this is not a valid config
-    }
-    else if (typeof doc.on === "string") {
-        if (doc.on === "pull_request") {
-            missingPush = true;
-        }
-    }
-    else if (Array.isArray(doc.on)) {
-        const hasPush = doc.on.includes("push");
-        const hasPullRequest = doc.on.includes("pull_request");
-        if (hasPullRequest && !hasPush) {
-            missingPush = true;
-        }
-    }
-    else if (isObject(doc.on)) {
-        const hasPush = Object.prototype.hasOwnProperty.call(doc.on, "push");
-        const hasPullRequest = Object.prototype.hasOwnProperty.call(doc.on, "pull_request");
-        if (!hasPush && hasPullRequest) {
-            missingPush = true;
-        }
-    }
-    if (missingPush) {
+    // If there is no push trigger, we will not be able to analyze the default branch.
+    // So add a warning to the user to add a push trigger.
+    // If there is a workflow_call trigger, we don't need a push trigger since we assume
+    // that the workflow_call trigger is called from a workflow that has a push trigger.
+    const hasPushTrigger = hasWorkflowTrigger("push", doc);
+    const hasPullRequestTrigger = hasWorkflowTrigger("pull_request", doc);
+    const hasWorkflowCallTrigger = hasWorkflowTrigger("workflow_call", doc);
+    if (hasPullRequestTrigger && !hasPushTrigger && !hasWorkflowCallTrigger) {
         errors.push(exports.WorkflowErrors.MissingPushHook);
     }
     return errors;
 }
 exports.getWorkflowErrors = getWorkflowErrors;
+function hasWorkflowTrigger(triggerName, doc) {
+    if (!doc.on) {
+        return false;
+    }
+    if (typeof doc.on === "string") {
+        return doc.on === triggerName;
+    }
+    if (Array.isArray(doc.on)) {
+        return doc.on.includes(triggerName);
+    }
+    return Object.prototype.hasOwnProperty.call(doc.on, triggerName);
+}
 async function validateWorkflow(codeql, logger) {
     let workflow;
     try {

lib/workflow.test.js

@@ -373,6 +373,29 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
   on: ["push"]
   `), await (0, codeql_1.getCodeQLForTesting)()), []));
 });
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on:
+      workflow_call:
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as a string", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on: workflow_call
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
+(0, ava_1.default)("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as an array", async (t) => {
+    const errors = await (0, workflow_1.getWorkflowErrors)(yaml.load(`
+    name: "CodeQL"
+    on:
+      - workflow_call
+    `), await (0, codeql_1.getCodeQLForTesting)());
+    t.deepEqual(...errorCodes(errors, []));
+});
 (0, ava_1.default)("getCategoryInputOrThrow returns category for simple workflow with category", (t) => {
     process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
     t.is((0, workflow_1.getCategoryInputOrThrow)(yaml.load(`

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.25.4",
+  "version": "3.25.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -762,17 +762,17 @@
       }
     },
     "node_modules/@octokit/types": {
-      "version": "13.4.1",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.4.1.tgz",
-      "integrity": "sha512-Y73oOAzRBAUzR/iRAbGULzpNkX8vaxKCqEtg6K74Ff3w9f5apFnWtE/2nade7dMWWW3bS5Kkd6DJS4HF04xreg==",
+      "version": "13.5.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz",
+      "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==",
       "dependencies": {
-        "@octokit/openapi-types": "^22.1.0"
+        "@octokit/openapi-types": "^22.2.0"
       }
     },
     "node_modules/@octokit/types/node_modules/@octokit/openapi-types": {
-      "version": "22.1.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.1.0.tgz",
-      "integrity": "sha512-pGUdSP+eEPfZiQHNkZI0U01HLipxncisdJQB4G//OAmfeO8sqTQ9KRa0KF03TUPCziNsoXUrTg4B2Q1EX++T0Q=="
+      "version": "22.2.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz",
+      "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg=="
     },
     "node_modules/@opentelemetry/api": {
       "version": "1.4.1",
@@ -883,12 +883,6 @@
       "integrity": "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==",
       "dev": true
     },
-    "node_modules/@types/json-schema": {
-      "version": "7.0.15",
-      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz",
-      "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==",
-      "dev": true
-    },
     "node_modules/@types/json5": {
       "version": "0.0.29",
       "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz",
@@ -960,21 +954,19 @@
       "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.8.0.tgz",
-      "integrity": "sha512-gFTT+ezJmkwutUPmB0skOj3GZJtlEGnlssems4AjkVweUPGj7jRwwqg0Hhg7++kPGJqKtTYx+R05Ftww372aIg==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-7.9.0.tgz",
+      "integrity": "sha512-6e+X0X3sFe/G/54aC3jt0txuMTURqLyekmEHViqyA2VnxhLMpvA6nqmcjIy+Cr9tLDHPssA74BP5Mx9HQIxBEA==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "7.8.0",
-        "@typescript-eslint/type-utils": "7.8.0",
-        "@typescript-eslint/utils": "7.8.0",
-        "@typescript-eslint/visitor-keys": "7.8.0",
-        "debug": "^4.3.4",
+        "@typescript-eslint/scope-manager": "7.9.0",
+        "@typescript-eslint/type-utils": "7.9.0",
+        "@typescript-eslint/utils": "7.9.0",
+        "@typescript-eslint/visitor-keys": "7.9.0",
         "graphemer": "^1.4.0",
         "ignore": "^5.3.1",
         "natural-compare": "^1.4.0",
-        "semver": "^7.6.0",
         "ts-api-utils": "^1.3.0"
       },
       "engines": {
@@ -995,15 +987,15 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.8.0.tgz",
-      "integrity": "sha512-KgKQly1pv0l4ltcftP59uQZCi4HUYswCLbTqVZEJu7uLX8CTLyswqMLqLN+2QFz4jCptqWVV4SB7vdxcH2+0kQ==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-7.9.0.tgz",
+      "integrity": "sha512-qHMJfkL5qvgQB2aLvhUSXxbK7OLnDkwPzFalg458pxQgfxKDfT1ZDbHQM/I6mDIf/svlMkj21kzKuQ2ixJlatQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "7.8.0",
-        "@typescript-eslint/types": "7.8.0",
-        "@typescript-eslint/typescript-estree": "7.8.0",
-        "@typescript-eslint/visitor-keys": "7.8.0",
+        "@typescript-eslint/scope-manager": "7.9.0",
+        "@typescript-eslint/types": "7.9.0",
+        "@typescript-eslint/typescript-estree": "7.9.0",
+        "@typescript-eslint/visitor-keys": "7.9.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1023,13 +1015,13 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.8.0.tgz",
-      "integrity": "sha512-viEmZ1LmwsGcnr85gIq+FCYI7nO90DVbE37/ll51hjv9aG+YZMb4WDE2fyWpUR4O/UrhGRpYXK/XajcGTk2B8g==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-7.9.0.tgz",
+      "integrity": "sha512-ZwPK4DeCDxr3GJltRz5iZejPFAAr4Wk3+2WIBaj1L5PYK5RgxExu/Y68FFVclN0y6GGwH8q+KgKRCvaTmFBbgQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.8.0",
-        "@typescript-eslint/visitor-keys": "7.8.0"
+        "@typescript-eslint/types": "7.9.0",
+        "@typescript-eslint/visitor-keys": "7.9.0"
       },
       "engines": {
         "node": "^18.18.0 || >=20.0.0"
@@ -1040,13 +1032,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.8.0.tgz",
-      "integrity": "sha512-H70R3AefQDQpz9mGv13Uhi121FNMh+WEaRqcXTX09YEDky21km4dV1ZXJIp8QjXc4ZaVkXVdohvWDzbnbHDS+A==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-7.9.0.tgz",
+      "integrity": "sha512-6Qy8dfut0PFrFRAZsGzuLoM4hre4gjzWJB6sUvdunCYZsYemTkzZNwF1rnGea326PHPT3zn5Lmg32M/xfJfByA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "7.8.0",
-        "@typescript-eslint/utils": "7.8.0",
+        "@typescript-eslint/typescript-estree": "7.9.0",
+        "@typescript-eslint/utils": "7.9.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.3.0"
       },
@@ -1067,9 +1059,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.8.0.tgz",
-      "integrity": "sha512-wf0peJ+ZGlcH+2ZS23aJbOv+ztjeeP8uQ9GgwMJGVLx/Nj9CJt17GWgWWoSmoRVKAX2X+7fzEnAjxdvK2gqCLw==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-7.9.0.tgz",
+      "integrity": "sha512-oZQD9HEWQanl9UfsbGVcZ2cGaR0YT5476xfWE0oE5kQa2sNK2frxOlkeacLOTh9po4AlUT5rtkGyYM5kew0z5w==",
       "dev": true,
       "engines": {
         "node": "^18.18.0 || >=20.0.0"
@@ -1080,13 +1072,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.8.0.tgz",
-      "integrity": "sha512-5pfUCOwK5yjPaJQNy44prjCwtr981dO8Qo9J9PwYXZ0MosgAbfEMB008dJ5sNo3+/BN6ytBPuSvXUg9SAqB0dg==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-7.9.0.tgz",
+      "integrity": "sha512-zBCMCkrb2YjpKV3LA0ZJubtKCDxLttxfdGmwZvTqqWevUPN0FZvSI26FalGFFUZU/9YQK/A4xcQF9o/VVaCKAg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.8.0",
-        "@typescript-eslint/visitor-keys": "7.8.0",
+        "@typescript-eslint/types": "7.9.0",
+        "@typescript-eslint/visitor-keys": "7.9.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -1132,18 +1124,15 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.8.0.tgz",
-      "integrity": "sha512-L0yFqOCflVqXxiZyXrDr80lnahQfSOfc9ELAAZ75sqicqp2i36kEZZGuUymHNFoYOqxRT05up760b4iGsl02nQ==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-7.9.0.tgz",
+      "integrity": "sha512-5KVRQCzZajmT4Ep+NEgjXCvjuypVvYHUW7RHlXzNPuak2oWpVoD1jf5xCP0dPAuNIchjC7uQyvbdaSTFaLqSdA==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
-        "@types/json-schema": "^7.0.15",
-        "@types/semver": "^7.5.8",
-        "@typescript-eslint/scope-manager": "7.8.0",
-        "@typescript-eslint/types": "7.8.0",
-        "@typescript-eslint/typescript-estree": "7.8.0",
-        "semver": "^7.6.0"
+        "@typescript-eslint/scope-manager": "7.9.0",
+        "@typescript-eslint/types": "7.9.0",
+        "@typescript-eslint/typescript-estree": "7.9.0"
       },
       "engines": {
         "node": "^18.18.0 || >=20.0.0"
@@ -1157,12 +1146,12 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.8.0.tgz",
-      "integrity": "sha512-q4/gibTNBQNA0lGyYQCmWRS5D15n8rXh4QjK3KV+MBPlTYHpfBUT3D3PaPR/HeNiI9W6R7FvlkcGhNyAoP+caA==",
+      "version": "7.9.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-7.9.0.tgz",
+      "integrity": "sha512-iESPx2TNLDNGQLyjKhUvIKprlP49XNEK+MvIf9nIO7ZZaZdbnfWKHnXAgufpxqfA0YryH8XToi4+CjBgVnFTSQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "7.8.0",
+        "@typescript-eslint/types": "7.9.0",
         "eslint-visitor-keys": "^3.4.3"
       },
       "engines": {
@@ -4359,17 +4348,6 @@
       "resolved": "https://registry.npmjs.org/long/-/long-5.2.3.tgz",
       "integrity": "sha512-lcHwpNoggQTObv5apGNCTdJrO69eHOZMi4BNC+rTLER8iHAqGrUVeLh/irVIM7zTw2bOXA8T6uNPeujwOLg/2Q=="
     },
-    "node_modules/lru-cache": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-      "dependencies": {
-        "yallist": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/map-age-cleaner": {
       "version": "0.1.3",
       "resolved": "https://registry.npmjs.org/map-age-cleaner/-/map-age-cleaner-0.1.3.tgz",
@@ -5439,12 +5417,9 @@
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
     },
     "node_modules/semver": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz",
-      "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==",
-      "dependencies": {
-        "lru-cache": "^6.0.0"
-      },
+      "version": "7.6.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz",
+      "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==",
       "bin": {
         "semver": "bin/semver.js"
       },
@@ -6340,11 +6315,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/yallist": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
-    },
     "node_modules/yargs": {
       "version": "17.7.2",
       "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",

node_modules/@octokit/types/dist-types/VERSION.d.ts

@@ -1 +1 @@
-export declare const VERSION = "13.4.1";
+export declare const VERSION = "13.5.0";

node_modules/@octokit/types/dist-types/generated/Endpoints.d.ts

@@ -739,6 +739,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/emojis/emojis#get-emojis
      */
     "GET /emojis": Operation<"/emojis", "get">;
+    /**
+     * @see https://docs.github.com/rest/copilot/copilot-usage#get-a-summary-of-copilot-usage-for-enterprise-members
+     */
+    "GET /enterprises/{enterprise}/copilot/usage": Operation<"/enterprises/{enterprise}/copilot/usage", "get">;
     /**
      * @see https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-enterprise
      */
@@ -992,6 +996,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/copilot/copilot-user-management#list-all-copilot-seat-assignments-for-an-organization
      */
     "GET /orgs/{org}/copilot/billing/seats": Operation<"/orgs/{org}/copilot/billing/seats", "get">;
+    /**
+     * @see https://docs.github.com/rest/copilot/copilot-usage#get-a-summary-of-copilot-usage-for-organization-members
+     */
+    "GET /orgs/{org}/copilot/usage": Operation<"/orgs/{org}/copilot/usage", "get">;
     /**
      * @see https://docs.github.com/rest/dependabot/alerts#list-dependabot-alerts-for-an-organization
      */
@@ -1228,6 +1236,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/billing/billing#get-shared-storage-billing-for-an-organization
      */
     "GET /orgs/{org}/settings/billing/shared-storage": Operation<"/orgs/{org}/settings/billing/shared-storage", "get">;
+    /**
+     * @see https://docs.github.com/rest/copilot/copilot-usage#get-a-summary-of-copilot-usage-for-a-team
+     */
+    "GET /orgs/{org}/team/{team_slug}/copilot/usage": Operation<"/orgs/{org}/team/{team_slug}/copilot/usage", "get">;
     /**
      * @see https://docs.github.com/rest/teams/teams#list-teams
      */

node_modules/@octokit/types/node_modules/@octokit/openapi-types/package.json

@@ -10,12 +10,12 @@
     "access": "public",
     "provenance": true
   },
-  "version": "22.1.0",
+  "version": "22.2.0",
   "main": "",
   "types": "types.d.ts",
   "author": "Gregor Martynus (https://twitter.com/gr2m)",
   "license": "MIT",
   "octokit": {
-    "openapi-version": "16.2.0"
+    "openapi-version": "16.5.0"
   }
 }