Merge pull request #2480 from github/backport-v2.26.7-8214744c5

Merge releases/v3 into releases/v2

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node20
+  using: node16
   main: index.js

.github/actions/prepare-test/action.yml

@@ -2,7 +2,7 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
   version:
-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
+    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
     required: true
   use-all-platform-bundle:
     description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
@@ -32,14 +32,6 @@ runs:
       run: |
         set -e # Fail this Action if `gh release list` fails.
 
-        if [[ ${{ inputs.version }} == "linked" ]]; then
-          echo "tools-url=linked" >> "$GITHUB_OUTPUT"
-          exit 0
-        elif [[ ${{ inputs.version }} == "default" ]]; then
-          echo "tools-url=" >> "$GITHUB_OUTPUT"
-          exit 0
-        fi
-
         if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
           extension="tar.zst"
         else
@@ -64,10 +56,14 @@ runs:
           echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
           version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
-          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
+          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version-manual/$artifact_name" >> $GITHUB_OUTPUT
         elif [[ ${{ inputs.version }} == *"stable"* ]]; then
           version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
           echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
+        elif [[ ${{ inputs.version }} == "linked" ]]; then
+          echo "tools-url=linked" >> $GITHUB_OUTPUT
+        elif [[ ${{ inputs.version }} == "default" ]]; then
+          echo "tools-url=" >> $GITHUB_OUTPUT
         else
           echo "::error::Unrecognized version specified!"
           exit 1

.github/dependabot.yml

@@ -16,10 +16,6 @@ updates:
       # v7 requires ESM
       - dependency-name: "del"
         versions: ["^7.0.0"]
-      # This is broken due to the way configuration files have changed. 
-      # This might be fixed when we move to eslint v9.
-      - dependency-name: "eslint-plugin-import"
-        versions: [">=2.30.0"]
     groups:
       npm:
         patterns:

.github/workflows/__all-platform-bundle.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__analyze-ref-input.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__autobuild-action.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

@@ -44,7 +44,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__autobuild-direct-tracing.yml

@@ -44,7 +44,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__build-mode-autobuild.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__build-mode-manual.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__build-mode-none.yml

@@ -40,7 +40,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__build-mode-rollback.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__cleanup-db-cluster-dir.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__config-export.yml

@@ -48,7 +48,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__config-input.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__cpp-deptrace-disabled.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__cpp-deptrace-enabled.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__diagnostics-export.yml

@@ -48,7 +48,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__export-file-baseline-information.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__extractor-ram-threads.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-custom-queries.yml

@@ -28,9 +28,53 @@ jobs:
       matrix:
         include:
           - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
+          - os: windows-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-12
+            version: stable-v2.14.6
+          - os: windows-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.15.5
+          - os: macos-latest
+            version: stable-v2.15.5
+          - os: windows-latest
+            version: stable-v2.15.5
+          - os: ubuntu-latest
+            version: stable-v2.16.6
+          - os: macos-latest
+            version: stable-v2.16.6
+          - os: windows-latest
+            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: macos-latest
+            version: stable-v2.17.6
+          - os: windows-latest
+            version: stable-v2.17.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
             version: linked
           - os: ubuntu-latest
             version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: 'Go: Custom queries'
     permissions:
       contents: read
@@ -40,7 +84,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-tracing-autobuilder.yml

@@ -27,6 +27,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
           - os: ubuntu-latest
             version: stable-v2.14.6
           - os: macos-12
@@ -43,10 +47,6 @@ jobs:
             version: stable-v2.17.6
           - os: macos-latest
             version: stable-v2.17.6
-          - os: ubuntu-latest
-            version: stable-v2.18.4
-          - os: macos-latest
-            version: stable-v2.18.4
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -68,7 +68,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -27,6 +27,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
           - os: ubuntu-latest
             version: stable-v2.14.6
           - os: macos-12
@@ -43,10 +47,6 @@ jobs:
             version: stable-v2.17.6
           - os: macos-latest
             version: stable-v2.17.6
-          - os: ubuntu-latest
-            version: stable-v2.18.4
-          - os: macos-latest
-            version: stable-v2.18.4
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -68,7 +68,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -27,6 +27,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
           - os: ubuntu-latest
             version: stable-v2.14.6
           - os: macos-12
@@ -43,10 +47,6 @@ jobs:
             version: stable-v2.17.6
           - os: macos-latest
             version: stable-v2.17.6
-          - os: ubuntu-latest
-            version: stable-v2.18.4
-          - os: macos-latest
-            version: stable-v2.18.4
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -68,7 +68,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__init-with-registries.yml

@@ -55,7 +55,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__javascript-source-root.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__job-run-uuid-sarif.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__language-aliases.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__multi-language-autodetect.yml

@@ -27,6 +27,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: macos-12
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.13.5
           - os: macos-12
             version: stable-v2.14.6
           - os: ubuntu-latest
@@ -43,10 +47,6 @@ jobs:
             version: stable-v2.17.6
           - os: ubuntu-latest
             version: stable-v2.17.6
-          - os: macos-latest
-            version: stable-v2.18.4
-          - os: ubuntu-latest
-            version: stable-v2.18.4
           - os: macos-latest
             version: default
           - os: ubuntu-latest
@@ -68,7 +68,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -54,7 +54,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__packaging-config-inputs-js.yml

@@ -54,7 +54,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__packaging-config-js.yml

@@ -54,7 +54,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__packaging-inputs-js.yml

@@ -54,7 +54,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__remote-config.yml

@@ -28,9 +28,53 @@ jobs:
       matrix:
         include:
           - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
+          - os: windows-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: macos-12
+            version: stable-v2.14.6
+          - os: windows-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.15.5
+          - os: macos-latest
+            version: stable-v2.15.5
+          - os: windows-latest
+            version: stable-v2.15.5
+          - os: ubuntu-latest
+            version: stable-v2.16.6
+          - os: macos-latest
+            version: stable-v2.16.6
+          - os: windows-latest
+            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: macos-latest
+            version: stable-v2.17.6
+          - os: windows-latest
+            version: stable-v2.17.6
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
             version: linked
           - os: ubuntu-latest
             version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
     name: Remote config file
     permissions:
       contents: read
@@ -40,7 +84,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__resolve-environment-action.yml

@@ -27,6 +27,12 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: macos-12
+            version: stable-v2.13.5
+          - os: windows-latest
+            version: stable-v2.13.5
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -54,7 +60,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository
@@ -68,7 +79,8 @@ jobs:
           setup-kotlin: 'true'
       - uses: ./../action/init
         with:
-          languages: go,javascript-typescript
+          languages: ${{ matrix.version == 'stable-v2.13.5' && 'go' || 'go,javascript-typescript'
+            }}
           tools: ${{ steps.prepare-test.outputs.tools-url }}
 
       - name: Resolve environment for Go
@@ -82,13 +94,14 @@ jobs:
         run: exit 1
 
       - name: Resolve environment for JavaScript/TypeScript
+        if: matrix.version != 'stable-v2.13.5'
         uses: ./../action/resolve-environment
         id: resolve-environment-js
         with:
           language: javascript-typescript
 
       - name: Fail if JavaScript/TypeScript configuration present
-        if: 
+        if: matrix.version != 'stable-v2.13.5' && 
           fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
         run: exit 1
     env:

.github/workflows/__rubocop-multi-language.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__ruby.yml

@@ -48,7 +48,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__split-workflow.yml

@@ -48,7 +48,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__submit-sarif-failure.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__swift-autobuild.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__swift-custom-build.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__test-autobuild-working-dir.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__test-local-codeql.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__test-proxy.yml

@@ -38,7 +38,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__unset-environment.yml

@@ -27,6 +27,18 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.13.5
+          - os: ubuntu-latest
+            version: stable-v2.14.6
+          - os: ubuntu-latest
+            version: stable-v2.15.5
+          - os: ubuntu-latest
+            version: stable-v2.16.6
+          - os: ubuntu-latest
+            version: stable-v2.17.6
+          - os: ubuntu-latest
+            version: default
           - os: ubuntu-latest
             version: linked
           - os: ubuntu-latest
@@ -40,7 +52,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__upload-ref-sha-input.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__with-checkout-path.yml

@@ -42,7 +42,12 @@ jobs:
     steps:
       - name: Setup Python on MacOS
         uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
+        if: >-
+          runner.os == 'macOS' && (
+
+          matrix.version == 'stable-v2.13.5' ||
+
+          matrix.version == 'stable-v2.14.6')
         with:
           python-version: '3.11'
       - name: Check out repository

.github/workflows/__zstd-bundle-streaming.yml

@@ -1,113 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Zstandard bundle (streaming)
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  zstd-bundle-streaming:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
-    name: Zstandard bundle (streaming)
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Remove CodeQL from toolcache
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const path = require('path');
-            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
-            fs.rmdirSync(codeqlPath, { recursive: true });
-      - id: init
-        uses: ./../action/init
-        with:
-          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/analyze
-        with:
-          output: ${{ runner.temp }}/results
-          upload-database: false
-      - name: Upload SARIF
-        uses: actions/upload-artifact@v3
-        with:
-          name: zstd-bundle.sarif
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Check diagnostic with expected tools URL appears in SARIF
-        uses: actions/github-script@v7
-        env:
-          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-        with:
-          script: |
-            const fs = require('fs');
-
-            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-            const run = sarif.runs[0];
-
-            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
-              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
-            );
-            if (downloadTelemetryNotifications.length !== 1) {
-              core.setFailed(
-                'Expected exactly one reporting descriptor in the ' +
-                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
-                  `${JSON.stringify(toolExecutionNotifications)}.`
-              );
-            }
-
-            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
-            console.log(`Found tools URL: ${toolsUrl}`);
-
-            if (!toolsUrl.endsWith('.tar.zst')) {
-              core.setFailed(
-                `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.`
-              );
-            }
-    env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
-      CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION: true
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__zstd-bundle.yml

@@ -1,116 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Zstandard bundle
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  zstd-bundle:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
-          - os: windows-latest
-            version: linked
-    name: Zstandard bundle
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Setup Python on MacOS
-        uses: actions/setup-python@v5
-        if: runner.os == 'macOS' && matrix.version == 'stable-v2.14.6'
-        with:
-          python-version: '3.11'
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Remove CodeQL from toolcache
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const path = require('path');
-            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
-            fs.rmdirSync(codeqlPath, { recursive: true });
-      - id: init
-        uses: ./../action/init
-        with:
-          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/analyze
-        with:
-          output: ${{ runner.temp }}/results
-          upload-database: false
-      - name: Upload SARIF
-        uses: actions/upload-artifact@v3
-        with:
-          name: zstd-bundle.sarif
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Check diagnostic with expected tools URL appears in SARIF
-        uses: actions/github-script@v7
-        env:
-          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-        with:
-          script: |
-            const fs = require('fs');
-
-            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-            const run = sarif.runs[0];
-
-            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
-              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
-            );
-            if (downloadTelemetryNotifications.length !== 1) {
-              core.setFailed(
-                'Expected exactly one reporting descriptor in the ' +
-                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
-                  `${JSON.stringify(toolExecutionNotifications)}.`
-              );
-            }
-
-            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
-            console.log(`Found tools URL: ${toolsUrl}`);
-
-            const expectedExtension = process.env['RUNNER_OS'] === 'Windows' ? '.tar.gz' : '.tar.zst';
-
-            if (!toolsUrl.endsWith(expectedExtension)) {
-              core.setFailed(
-                `Expected the tools URL to be a ${expectedExtension} file, but found ${toolsUrl}.`
-              );
-            }
-    env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/debug-artifacts-failure.yml

@@ -3,7 +3,6 @@
 name: PR Check - Debug artifacts after failure
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true
 on:
   push:
     branches:
@@ -62,7 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
       - name: Check expected artifacts exist
         shell: bash
         run: |

.github/workflows/debug-artifacts-legacy.yml

@@ -1,99 +0,0 @@
-# Checks logs, SARIF, and database bundle debug artifacts exist and are accessible
-# with download-artifact@v3 when CODEQL_ACTION_ARTIFACT_V4_UPGRADE is set to false.
-name: PR Check - Debug artifact upload using artifact@v2
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  CODEQL_ACTION_ARTIFACT_V4_UPGRADE: false
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  upload-artifacts:
-    strategy:
-      fail-fast: false
-      matrix:
-        version:
-        - stable-v2.14.6
-        - stable-v2.15.5
-        - stable-v2.16.6
-        - stable-v2.17.6
-        - stable-v2.18.4
-        - default
-        - linked
-        - nightly-latest
-    name: Upload debug artifacts
-    env:
-      CODEQL_ACTION_TEST_MODE: true
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ^1.13.1
-      - uses: ./../action/init
-        id: init
-        with:
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-          debug: true
-          debug-artifact-name: my-debug-artifacts
-          debug-database-name: my-db
-          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
-          languages: cpp,csharp,go,java,javascript,python,ruby 
-      - name: Build code
-        shell: bash
-        run: ./build.sh
-      - uses: ./../action/analyze
-        id: analysis
-  download-and-check-artifacts:
-    name: Download and check debug artifacts
-    needs: upload-artifacts
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-    steps:
-      - name: Download all artifacts
-        uses: actions/download-artifact@v3
-      - name: Check expected artifacts exist
-        shell: bash
-        run: |
-          VERSIONS="stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 default linked nightly-latest"
-          LANGUAGES="cpp csharp go java javascript python"
-          for version in $VERSIONS; do
-            pushd "./my-debug-artifacts-${version//./}"
-            echo "Artifacts from version $version:"
-            for language in $LANGUAGES; do
-              echo "- Checking $language"
-              if [[ ! -f "$language.sarif" ]] ; then
-                echo "Missing a SARIF file for $language"
-                exit 1
-              fi
-              if [[ ! -f "my-db-$language.zip" ]] ; then
-                echo "Missing a database bundle for $language"
-                exit 1
-              fi
-              if [[ ! -d "$language/log" ]] ; then
-                echo "Missing logs for $language"
-                exit 1
-              fi
-            done
-            popd
-          done
-        env:
-          GO111MODULE: auto

.github/workflows/debug-artifacts.yml

@@ -2,7 +2,6 @@
 name: PR Check - Debug artifact upload
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  CODEQL_ACTION_ARTIFACT_V4_UPGRADE: true
 on:
   push:
     branches:
@@ -23,11 +22,11 @@ jobs:
       fail-fast: false
       matrix:
         version:
+        - stable-v2.13.5
         - stable-v2.14.6
         - stable-v2.15.5
         - stable-v2.16.6
         - stable-v2.17.6
-        - stable-v2.18.4
         - default
         - linked
         - nightly-latest
@@ -68,11 +67,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
       - name: Check expected artifacts exist
         shell: bash
         run: |
-          VERSIONS="stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 default linked nightly-latest"
+          VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
           LANGUAGES="cpp csharp go java javascript python"
           for version in $VERSIONS; do
             pushd "./my-debug-artifacts-${version//./}"

.github/workflows/post-release-mergeback.yml

@@ -108,17 +108,6 @@ jobs:
           # - `--force` since we're overwriting the `vN` tag
           git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
 
-      - name: Prepare partial Changelog
-        env:
-          PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
-          VERSION: "${{ steps.getVersion.outputs.version }}"
-        run: |
-          python .github/workflows/script/prepare_changelog.py CHANGELOG.md "$VERSION" > $PARTIAL_CHANGELOG
-
-          echo "::group::Partial CHANGELOG"
-          cat $PARTIAL_CHANGELOG
-          echo "::endgroup::"
-
       - name: Create mergeback branch
         if: ${{ steps.check.outputs.exists != 'true' && endsWith(github.ref_name, steps.getVersion.outputs.latest_release_branch) }}
         env:
@@ -161,16 +150,3 @@ jobs:
             --body "${pr_body}" \
             --assignee "${GITHUB_ACTOR}" \
             --draft
-
-      - name: Create the GitHub release
-        env:
-          PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
-          VERSION: "${{ steps.getVersion.outputs.version }}"
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Do not mark this release as latest. The most recent CLI release must be marked as latest.
-          gh release create \
-            "$VERSION" \
-            --latest=false \
-            --title "$VERSION" \
-            --notes-file "$PARTIAL_CHANGELOG"

.github/workflows/pr-checks.yml

@@ -13,14 +13,11 @@ jobs:
     name: Check JS
     runs-on: ubuntu-latest
     timeout-minutes: 45
-    permissions:
-      contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
+        node-types-version: [16.11, current] # we backport this matrix job in order to maintain the same check names
 
     steps:
       - name: Checkout
@@ -33,7 +30,7 @@ jobs:
       - name: Upload sarif
         uses: github/codeql-action/upload-sarif@v3
         # Only upload SARIF for the latest version of Node.js
-        if: "!cancelled() && matrix.node-types-version == 'current' && !startsWith(github.head_ref, 'dependabot/')"
+        if: "always() && matrix.node-types-version == 'current'"
         with:
           sarif_file: eslint.sarif
           category: eslint
@@ -61,6 +58,7 @@ jobs:
           fi
 
       - name: Check generated JS
+        if: matrix.node-types-version != 'current' # we do not need to test the newer node on the v2 branch
         run: .github/workflows/script/check-js.sh
 
   check-node-modules:

.github/workflows/publish-immutable-action.yml

@@ -1,35 +0,0 @@
-name: 'Publish Immutable Action Version'
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  publish:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-
-    steps:
-      - name: Check release name
-        id: check
-        env:
-          RELEASE_NAME: ${{ github.event.release.name }}
-        run: |
-          echo "Release name: ${{ github.event.release.name }}"
-          if [[ $RELEASE_NAME == v* ]]; then
-            echo "This is a CodeQL Action release. Create an Immutable Action"
-            echo "is-action-release=true" >> $GITHUB_OUTPUT
-          else
-            echo "This is a CodeQL Bundle release. Do not create an Immutable Action"
-            echo "is-action-release=false" >> $GITHUB_OUTPUT
-          fi
-      - name: Checking out
-        if: steps.check.outputs.is-action-release == 'true'
-        uses: actions/checkout@v4
-      - name: Publish
-        if: steps.check.outputs.is-action-release == 'true'
-        id: publish
-        uses: actions/publish-immutable-action@0.0.3

.github/workflows/rebuild.yml

@@ -69,8 +69,7 @@ jobs:
           if [ ! -z "$(git status --porcelain)" ]; then
             git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
             git config --global user.name "github-actions[bot]"
-            git add --all
-            git commit -m "Rebuild"
+            git commit -am "Rebuild"
             git push origin "HEAD:$BRANCH"
             echo "Pushed a commit to rebuild the Action." \
               "Please mark the PR as ready for review to trigger PR checks." |

.github/workflows/script/prepare_changelog.py

@@ -1,37 +0,0 @@
-import os
-import sys
-
-EMPTY_CHANGELOG = 'No changes.\n\n'
-
-# Prepare the changelog for the new release
-# This function will extract the part of the changelog that
-# we want to include in the new release.
-def extract_changelog_snippet(changelog_file, version_tag):
-  output = ''
-  if (not os.path.exists(changelog_file)):
-    output = EMPTY_CHANGELOG
-
-  else:
-    with open('CHANGELOG.md', 'r') as f:
-      lines = f.readlines()
-
-      # Include everything up to, but excluding the second heading
-      found_first_section = False
-      for i, line in enumerate(lines):
-        if line.startswith('## '):
-          if found_first_section:
-            break
-          found_first_section = True
-        output += line
-
-  output += f"See the full [CHANGELOG.md](https://github.com/github/codeql-action/blob/{version_tag}/CHANGELOG.md) for more information."
-
-  return output
-
-
-if len(sys.argv) < 3:
-  raise Exception('Expecting argument: changelog_file version_tag')
-changelog_file = sys.argv[1]
-version_tag = sys.argv[2]
-
-print(extract_changelog_snippet(changelog_file, version_tag))

.github/workflows/script/update-required-checks.sh

@@ -27,8 +27,8 @@ fi
 
 echo "Getting checks for $GITHUB_SHA"
 
-# Ignore any checks with "https://", CodeQL, LGTM, Update, and ESLint checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("ESLint") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
+# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

.github/workflows/update-release-branch.yml

@@ -115,26 +115,24 @@ jobs:
       SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
       TARGET_BRANCH: ${{ matrix.target_branch }}
     steps:
-    - name: Generate token
-      uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69
+    - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}
         private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
-
-    - name: Checkout
-      uses: actions/checkout@v4
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
-        token: ${{ steps.app-token.outputs.token }}
     - uses: ./.github/actions/release-initialise
 
     - name: Update older release branch
+      env:
+        GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
       run: |
         echo SOURCE_BRANCH=${SOURCE_BRANCH}
         echo TARGET_BRANCH=${TARGET_BRANCH}
         python .github/update-release-branch.py \
-          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --github-token ${GITHUB_TOKEN} \
           --repository-nwo ${{ github.repository }} \
           --source-branch ${SOURCE_BRANCH} \
           --target-branch ${TARGET_BRANCH} \

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -54,8 +54,7 @@ jobs:
             git push origin update-supported-enterprise-server-versions
 
             body="This PR updates the list of supported GitHub Enterprise Server versions, either because a new "
-            body+="version is about to be feature frozen, or because an old release has been deprecated."
-            body+=$'\n\n'
+            body+="version is about to be feature frozen, or because an old release has been deprecated.\n\n"
             body+="If an old release has been deprecated, please follow the instructions in CONTRIBUTING.md to "
             body+="deprecate the corresponding version of CodeQL."
 

.gitignore

@@ -7,5 +7,3 @@ node_modules/.cache/
 .DS_Store
 # eslint sarif report
 eslint.sarif
-# for local incremental compilation
-tsconfig.tsbuildinfo

CHANGELOG.md

@@ -4,237 +4,191 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
-## [UNRELEASED]
-
-- The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. [#2573](https://github.com/github/codeql-action/pull/2573)
-
-## 3.27.0 - 22 Oct 2024
-
-- Bump the minimum CodeQL bundle version to 2.14.6. [#2549](https://github.com/github/codeql-action/pull/2549)
-- Fix an issue where the `upload-sarif` Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the `upload-sarif` Action. [#2557](https://github.com/github/codeql-action/pull/2557)
-- Update default CodeQL bundle version to 2.19.2. [#2552](https://github.com/github/codeql-action/pull/2552)
-
-## 3.26.13 - 14 Oct 2024
-
-No user facing changes.
-
-## 3.26.12 - 07 Oct 2024
-
-- _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520)
-
-  - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
-
-  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
-
-## 3.26.11 - 03 Oct 2024
-
-- _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.
-
-  Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped to `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.
-
-  This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
-- Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)
-
-## 3.26.10 - 30 Sep 2024
-
-- We are rolling out a feature in September/October 2024 that sets up CodeQL using a bundle compressed with [Zstandard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting up CodeQL. [#2502](https://github.com/github/codeql-action/pull/2502)
-
-## 3.26.9 - 24 Sep 2024
-
-No user facing changes.
-
-## 3.26.8 - 19 Sep 2024
-
-- Update default CodeQL bundle version to 2.19.0. [#2483](https://github.com/github/codeql-action/pull/2483)
-
-## 3.26.7 - 13 Sep 2024
+## 2.26.7 - 13 Sep 2024
 
 - Update default CodeQL bundle version to 2.18.4. [#2471](https://github.com/github/codeql-action/pull/2471)
 
-## 3.26.6 - 29 Aug 2024
+## 2.26.6 - 29 Aug 2024
 
 - Update default CodeQL bundle version to 2.18.3. [#2449](https://github.com/github/codeql-action/pull/2449)
 
-## 3.26.5 - 23 Aug 2024
+## 2.26.5 - 23 Aug 2024
 
 - Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled. [#2441](https://github.com/github/codeql-action/pull/2441)
 
-## 3.26.4 - 21 Aug 2024
+## 2.26.4 - 21 Aug 2024
 
 - _Deprecation:_ The `add-snippets` input on the `analyze` Action is deprecated and will be removed in the first release in August 2025. [#2436](https://github.com/github/codeql-action/pull/2436)
 - Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines. [#2434](https://github.com/github/codeql-action/pull/2434)
 
-## 3.26.3 - 19 Aug 2024
+## 2.26.3 - 19 Aug 2024
 
 - Fix an issue where the CodeQL Action could not write diagnostic messages on Windows. This issue did not impact analysis quality. [#2430](https://github.com/github/codeql-action/pull/2430)
 
-## 3.26.2 - 14 Aug 2024
+## 2.26.2 - 14 Aug 2024
 
 - Update default CodeQL bundle version to 2.18.2. [#2417](https://github.com/github/codeql-action/pull/2417)
 
-## 3.26.1 - 13 Aug 2024
+## 2.26.1 - 13 Aug 2024
 
 No user facing changes.
 
-## 3.26.0 - 06 Aug 2024
+## 2.26.0 - 06 Aug 2024
 
 - _Deprecation:_ Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. [#2403](https://github.com/github/codeql-action/pull/2403)
 - Bump the minimum CodeQL bundle version to 2.13.5. [#2408](https://github.com/github/codeql-action/pull/2408)
 
-## 3.25.15 - 26 Jul 2024
+## 2.25.15 - 26 Jul 2024
 
 - Update default CodeQL bundle version to 2.18.1. [#2385](https://github.com/github/codeql-action/pull/2385)
 
-## 3.25.14 - 25 Jul 2024
+## 2.25.14 - 25 Jul 2024
 
 - Experimental: add a new `start-proxy` action which starts the same HTTP proxy as used by [`github/dependabot-action`](https://github.com/github/dependabot-action). Do not use this in production as it is part of an internal experiment and subject to change at any time. [#2376](https://github.com/github/codeql-action/pull/2376)
 
-## 3.25.13 - 19 Jul 2024
+## 2.25.13 - 19 Jul 2024
 
 - Add `codeql-version` to outputs. [#2368](https://github.com/github/codeql-action/pull/2368)
 - Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. [#2375](https://github.com/github/codeql-action/pull/2375)
   - If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
   - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.25.13` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.25.13` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 
-## 3.25.12 - 12 Jul 2024
+## 2.25.12 - 12 Jul 2024
 
 - Improve the reliability and performance of analyzing code when analyzing a compiled language with the `autobuild` [build mode](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes) on GitHub Enterprise Server. This feature is already available to GitHub.com users. [#2353](https://github.com/github/codeql-action/pull/2353)
 - Update default CodeQL bundle version to 2.18.0. [#2364](https://github.com/github/codeql-action/pull/2364)
 
-## 3.25.11 - 28 Jun 2024
+## 2.25.11 - 28 Jun 2024
 
 - Avoid failing the workflow run if there is an error while uploading debug artifacts. [#2349](https://github.com/github/codeql-action/pull/2349)
 - Update default CodeQL bundle version to 2.17.6. [#2352](https://github.com/github/codeql-action/pull/2352)
 
-## 3.25.10 - 13 Jun 2024
+## 2.25.10 - 13 Jun 2024
 
 - Update default CodeQL bundle version to 2.17.5. [#2327](https://github.com/github/codeql-action/pull/2327)
 
-## 3.25.9 - 12 Jun 2024
+## 2.25.9 - 12 Jun 2024
 
 - Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. [#2330](https://github.com/github/codeql-action/pull/2330)
 - The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. [#2332](https://github.com/github/codeql-action/pull/2332)
 
-## 3.25.8 - 04 Jun 2024
+## 2.25.8 - 04 Jun 2024
 
 - Update default CodeQL bundle version to 2.17.4. [#2321](https://github.com/github/codeql-action/pull/2321)
 
-## 3.25.7 - 31 May 2024
+## 2.25.7 - 31 May 2024
 
 - We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. [#2306](https://github.com/github/codeql-action/pull/2306)
 
-## 3.25.6 - 20 May 2024
+## 2.25.6 - 20 May 2024
 
 - Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295)
 
-## 3.25.5 - 13 May 2024
+## 2.25.5 - 13 May 2024
 
 - Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the [README.md](README.md). [#2273](https://github.com/github/codeql-action/pull/2273)
 - Avoid printing out a warning for a missing `on.push` trigger when the CodeQL Action is triggered via a `workflow_call` event. [#2274](https://github.com/github/codeql-action/pull/2274)
 - The `tools: latest` input to the `init` Action has been renamed to `tools: linked`. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. [#2281](https://github.com/github/codeql-action/pull/2281)
 
-## 3.25.4 - 08 May 2024
+## 2.25.4 - 08 May 2024
 
 - Update default CodeQL bundle version to 2.17.2. [#2270](https://github.com/github/codeql-action/pull/2270)
 
-## 3.25.3 - 25 Apr 2024
+## 2.25.3 - 25 Apr 2024
 
 - Update default CodeQL bundle version to 2.17.1. [#2247](https://github.com/github/codeql-action/pull/2247)
 - Workflows running on `macos-latest` using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as `macos-12`. ARM machines with SIP disabled, including the newest `macos-latest` image, are unsupported for CLI versions before 2.15.1. [#2261](https://github.com/github/codeql-action/pull/2261)
 
-## 3.25.2 - 22 Apr 2024
+## 2.25.2 - 22 Apr 2024
 
 No user facing changes.
 
-## 3.25.1 - 17 Apr 2024
+## 2.25.1 - 17 Apr 2024
 
 - We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the `autobuild` [build mode](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes). [#2235](https://github.com/github/codeql-action/pull/2235)
 - Fix a bug where the `init` Action would fail if `--overwrite` was specified in `CODEQL_ACTION_EXTRA_OPTIONS`. [#2245](https://github.com/github/codeql-action/pull/2245)
 
-## 3.25.0 - 15 Apr 2024
+## 2.25.0 - 15 Apr 2024
 
 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)
-
   As a result, the following inputs and environment variables are now ignored:
-
   - The `setup-python-dependencies` input to the `init` Action
   - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
-
   We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
 - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
 - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)
 - A more relevant log message and a diagnostic are now emitted when the `file` program is not installed on a Linux runner, but is required for Go tracing to succeed. [#2234](https://github.com/github/codeql-action/pull/2234)
 
-## 3.24.10 - 05 Apr 2024
+## 2.24.10 - 05 Apr 2024
 
 - Update default CodeQL bundle version to 2.17.0. [#2219](https://github.com/github/codeql-action/pull/2219)
 - Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. [#2220](https://github.com/github/codeql-action/pull/2220)
   - If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
   - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.24.10` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.24.10` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 
-## 3.24.9 - 22 Mar 2024
+## 2.24.9 - 22 Mar 2024
 
 - Update default CodeQL bundle version to 2.16.5. [#2203](https://github.com/github/codeql-action/pull/2203)
 
-## 3.24.8 - 18 Mar 2024
+## 2.24.8 - 18 Mar 2024
 
 - Improve the ease of debugging extraction issues by increasing the verbosity of the extractor logs when running in debug mode. [#2195](https://github.com/github/codeql-action/pull/2195)
 
-## 3.24.7 - 12 Mar 2024
+## 2.24.7 - 12 Mar 2024
 
 - Update default CodeQL bundle version to 2.16.4. [#2185](https://github.com/github/codeql-action/pull/2185)
 
-## 3.24.6 - 29 Feb 2024
+## 2.24.6 - 29 Feb 2024
 
 No user facing changes.
 
-## 3.24.5 - 23 Feb 2024
+## 2.24.5 - 23 Feb 2024
 
 - Update default CodeQL bundle version to 2.16.3. [#2156](https://github.com/github/codeql-action/pull/2156)
 
-## 3.24.4 - 21 Feb 2024
+## 2.24.4 - 21 Feb 2024
 
 - Fix an issue where an existing, but empty, `/sys/fs/cgroup/cpuset.cpus` file always resulted in a single-threaded run. [#2151](https://github.com/github/codeql-action/pull/2151)
 
-## 3.24.3 - 15 Feb 2024
+## 2.24.3 - 15 Feb 2024
 
 - Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)
 
-## 3.24.2 - 15 Feb 2024
+## 2.24.2 - 15 Feb 2024
 
 - Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)
 
-## 3.24.1 - 13 Feb 2024
+## 2.24.1 - 13 Feb 2024
 
 - Update default CodeQL bundle version to 2.16.2. [#2124](https://github.com/github/codeql-action/pull/2124)
 - The CodeQL action no longer fails if it can't write to the telemetry api endpoint. [#2121](https://github.com/github/codeql-action/pull/2121)
 
-## 3.24.0 - 02 Feb 2024
+## 2.24.0 - 02 Feb 2024
 
 - CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See [release notes for 3.23.0](#3230---08-jan-2024) for more details. [#2106](https://github.com/github/codeql-action/pull/2106)
 
-## 3.23.2 - 26 Jan 2024
+## 2.23.2 - 26 Jan 2024
 
 - On Linux, the maximum possible value for the `--threads` option now respects the CPU count as specified in `cgroup` files to more accurately reflect the number of available cores when running in containers. [#2083](https://github.com/github/codeql-action/pull/2083)
 - Update default CodeQL bundle version to 2.16.1. [#2096](https://github.com/github/codeql-action/pull/2096)
 
-## 3.23.1 - 17 Jan 2024
+## 2.23.1 - 17 Jan 2024
 
 - Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)
 - Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. [#2079](https://github.com/github/codeql-action/pull/2079)
 
-## 3.23.0 - 08 Jan 2024
+## 2.23.0 - 08 Jan 2024
 
 - We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
 - The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
 
-## 3.22.12 - 22 Dec 2023
+## 2.22.12 - 22 Dec 2023
 
 - Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047)
 
-## 3.22.11 - 13 Dec 2023
+## 2.22.11 - 13 Dec 2023
 
-- [v3+ only] The CodeQL Action now runs on Node.js v20. [#2006](https://github.com/github/codeql-action/pull/2006)
+No user facing changes.
 
 ## 2.22.10 - 12 Dec 2023
 

README.md

@@ -16,48 +16,10 @@ We recommend using default setup to configure CodeQL analysis for your repositor
 
 You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
 
-### Actions
-
-This repository contains several actions that enable you to analyze code in your repository using CodeQL and upload the analysis to GitHub Code Scanning. Actions in this repository also allow you to upload to GitHub analyses generated by any SARIF-producing SAST tool.
-
-Actions for CodeQL analyses:
-
-- `init`: Sets up CodeQL for analysis. For information about input parameters, see the [init action definition](https://github.com/github/codeql-action/blob/main/init/action.yml).
-- `analyze`: Finalizes the CodeQL database, runs the analysis, and uploads the results to Code Scanning. For information about input parameters, see the [analyze action definition](https://github.com/github/codeql-action/blob/main/analyze/action.yml).
-
-Actions for uploading analyses generated by third-party tools:
-
-- `upload-sarif`: Uploads a SARIF file to Code Scanning. If you are using the `analyze` action, there is no reason to use this action as well. For information about input parameters, see the [upload-sarif action definition](https://github.com/github/codeql-action/blob/main/upload-sarif/action.yml).
-
-Actions with special purposes and unlikely to be used directly:
-
-- `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
-- `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
-- `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
-
-### Workflow Permissions
+### Permissions
 
 All advanced setup code scanning workflows must have the `security-events: write` permission. Workflows in private repositories must additionally have the `contents: read` permission. For more information, see "[Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)."
 
-### Build Modes
-
-The CodeQL Action supports different build modes for analyzing the source code. The available build modes are:
-
-- `none`: The database will be created without building the source code. Available for all interpreted languages and some compiled languages.
-- `autobuild`: The database will be created by attempting to automatically build the source code. Available for all compiled languages.
-- `manual`: The database will be created by building the source code using a manually specified build command. To use this build mode, specify manual build steps in your workflow between the `init` and `analyze` steps. Available for all compiled languages.
-
-#### Which build mode should I use?
-
-Interpreted languages must use `none` for the build mode.
-
-For compiled languages:
-
-- `manual` build mode will typically produce the most precise results, but it is more difficult to set up and will cause the analysis to take slightly more time to run.
-- `autobuild` build mode is simpler to set up, but will only work for projects with generic build steps that can be guessed by the heuristics of the autobuild scripts. If `autobuild` fails, then you must switch to `manual` or `none`. If `autobuild` succeeds, then the results and run time will be the same as `manual` mode.
-- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by C/C++, Swift, Go, or Kotlin.
-
-
 ## Supported versions of the CodeQL Action
 
 The following versions of the CodeQL Action are currently supported:
@@ -77,11 +39,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n
 
 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6` | `2.18.4` | Enterprise Server 3.15 | |
 | `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
 | `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
 | `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
 | `v2.22.1` | `2.14.6` | Enterprise Server 3.11 | Supports CodeQL Action v3, but did not ship with CodeQL Action v3. For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/#users-of-github-enterprise-server-311)." |
+| `v2.20.3` | `2.13.5` | Enterprise Server 3.10 | Does not support CodeQL Action v3. |
 
 CodeQL Action v2 will stop receiving updates when GHES 3.11 is deprecated. 
 

action.yml

@@ -1,11 +0,0 @@
-name: 'CodeQL: Stub'
-description: "Stub: Don't use this action directly. Read [the documentation](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) instead."
-author: 'GitHub'
-runs:
-  using: 'composite'
-  steps:
-    - name: 'Stub'
-      run: |
-        echo 'This is a stub. Read [the documentation](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql) instead.'
-        exit 1
-      shell: bash

analyze/action.yml

@@ -74,7 +74,7 @@ inputs:
     required: true
     default: "true"
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
     required: false
     default: ${{ github.token }}
   matrix:
@@ -91,6 +91,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: node20
+  using: node16
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -1,5 +1,5 @@
 name: 'CodeQL: Autobuild'
-description: 'Attempt to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead.'
+description: 'Attempt to automatically build code'
 author: 'GitHub'
 inputs:
   token:
@@ -15,5 +15,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: node20
+  using: node16
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -136,16 +136,12 @@ inputs:
     description: >-
       Explicitly enable or disable TRAP caching rather than respecting the feature flag for it.
     required: false
-  dependency-caching:
-    description: >-
-      Explicitly enable or disable caching of project build dependencies.
-    required: false
 outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
   codeql-version:
     description: The version of the CodeQL binary used for analysis
 runs:
-  using: node20
+  using: node16
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/actions-util.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.restoreInputs = exports.persistInputs = exports.CommandInvocationError = exports.getFileType = exports.FileCmdNotFoundError = exports.decodeGitFilePath = exports.getGitDiffHunkHeaders = exports.getAllGitMergeBases = exports.gitFetch = exports.deepenGitHistory = exports.determineBaseBranchHeadCommitOid = exports.getCommitOid = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.getFileType = exports.FileCmdNotFoundError = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getOptionalInput = exports.getRequiredInput = void 0;
 exports.getTemporaryDirectory = getTemporaryDirectory;
 exports.getRef = getRef;
 exports.getActionVersion = getActionVersion;
@@ -37,10 +37,6 @@ exports.getUploadValue = getUploadValue;
 exports.getWorkflowRunID = getWorkflowRunID;
 exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
 exports.isSelfHostedRunner = isSelfHostedRunner;
-exports.isDefaultSetup = isDefaultSetup;
-exports.prettyPrintInvocation = prettyPrintInvocation;
-exports.ensureEndsInPeriod = ensureEndsInPeriod;
-exports.runTool = runTool;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -80,35 +76,6 @@ function getTemporaryDirectory() {
         ? value
         : (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
 }
-async function runGitCommand(checkoutPath, args, customErrorMessage) {
-    let stdout = "";
-    let stderr = "";
-    core.debug(`Running git command: git ${args.join(" ")}`);
-    try {
-        await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), args, {
-            silent: true,
-            listeners: {
-                stdout: (data) => {
-                    stdout += data.toString();
-                },
-                stderr: (data) => {
-                    stderr += data.toString();
-                },
-            },
-            cwd: checkoutPath,
-        }).exec();
-        return stdout;
-    }
-    catch (error) {
-        let reason = stderr;
-        if (stderr.includes("not a git repository")) {
-            reason =
-                "The checkout path provided to the action does not appear to be a git repository.";
-        }
-        core.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
-        throw error;
-    }
-}
 /**
  * Gets the SHA of the commit that is currently checked out.
  */
@@ -120,33 +87,54 @@ const getCommitOid = async function (checkoutPath, ref = "HEAD") {
     // the merge commit, which must mean that git is available.
     // Even if this does go wrong, it's not a huge problem for the alerts to
     // reported on the merge commit.
+    let stderr = "";
     try {
-        const stdout = await runGitCommand(checkoutPath, ["rev-parse", ref], "Continuing with commit SHA from user input or environment.");
-        return stdout.trim();
+        let commitOid = "";
+        await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), ["rev-parse", ref], {
+            silent: true,
+            listeners: {
+                stdout: (data) => {
+                    commitOid += data.toString();
+                },
+                stderr: (data) => {
+                    stderr += data.toString();
+                },
+            },
+            cwd: checkoutPath,
+        }).exec();
+        return commitOid.trim();
     }
     catch {
+        if (stderr.includes("not a git repository")) {
+            core.info("Could not determine current commit SHA using git. Continuing with data from user input or environment. " +
+                "The checkout path provided to the action does not appear to be a git repository.");
+        }
+        else {
+            core.info(`Could not determine current commit SHA using git. Continuing with data from user input or environment. ${stderr}`);
+        }
         return (0, exports.getOptionalInput)("sha") || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
     }
 };
 exports.getCommitOid = getCommitOid;
 /**
- * If the action was triggered by a pull request, determine the commit sha at
- * the head of the base branch, using the merge commit that this workflow analyzes.
- * Returns undefined if run by other triggers or the base branch commit cannot be
- * determined.
+ * If the action was triggered by a pull request, determine the commit sha of the merge base.
+ * Returns undefined if run by other triggers or the merge base cannot be determined.
  */
-const determineBaseBranchHeadCommitOid = async function (checkoutPathOverride) {
+const determineMergeBaseCommitOid = async function (checkoutPathOverride) {
     if (getWorkflowEventName() !== "pull_request") {
         return undefined;
     }
     const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
     const checkoutPath = checkoutPathOverride ?? (0, exports.getOptionalInput)("checkout_path");
+    let stderr = "";
     try {
         let commitOid = "";
         let baseOid = "";
         let headOid = "";
-        const stdout = await runGitCommand(checkoutPath, ["show", "-s", "--format=raw", mergeSha], "Will calculate the base branch SHA on the server.");
-        for (const data of stdout.split("\n")) {
+        await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), ["show", "-s", "--format=raw", mergeSha], {
+            silent: true,
+            listeners: {
+                stdline: (data) => {
                     if (data.startsWith("commit ") && commitOid === "") {
                         commitOid = data.substring(7);
                     }
@@ -158,7 +146,13 @@ const determineBaseBranchHeadCommitOid = async function (checkoutPathOverride) {
                             headOid = data.substring(7);
                         }
                     }
-        }
+                },
+                stderr: (data) => {
+                    stderr += data.toString();
+                },
+            },
+            cwd: checkoutPath,
+        }).exec();
         // Let's confirm our assumptions: We had a merge commit and the parsed parent data looks correct
         if (commitOid === mergeSha &&
             headOid.length === 40 &&
@@ -168,140 +162,18 @@ const determineBaseBranchHeadCommitOid = async function (checkoutPathOverride) {
         return undefined;
     }
     catch {
+        if (stderr.includes("not a git repository")) {
+            core.info("The checkout path provided to the action does not appear to be a git repository. " +
+                "Will calculate the merge base on the server.");
+        }
+        else {
+            core.info(`Failed to call git to determine merge base. Will calculate the merge base on ` +
+                `the server. Reason: ${stderr}`);
+        }
         return undefined;
     }
 };
-exports.determineBaseBranchHeadCommitOid = determineBaseBranchHeadCommitOid;
-/**
- * Deepen the git history of the given ref by one level. Errors are logged.
- *
- * This function uses the `checkout_path` to determine the repository path and
- * works only when called from `analyze` or `upload-sarif`.
- */
-const deepenGitHistory = async function () {
-    try {
-        await runGitCommand((0, exports.getOptionalInput)("checkout_path"), ["fetch", "--no-tags", "--deepen=1"], "Cannot deepen the shallow repository.");
-    }
-    catch {
-        // Errors are already logged by runGitCommand()
-    }
-};
-exports.deepenGitHistory = deepenGitHistory;
-/**
- * Fetch the given remote branch. Errors are logged.
- *
- * This function uses the `checkout_path` to determine the repository path and
- * works only when called from `analyze` or `upload-sarif`.
- */
-const gitFetch = async function (branch, extraFlags) {
-    try {
-        await runGitCommand((0, exports.getOptionalInput)("checkout_path"), ["fetch", "--no-tags", ...extraFlags, "origin", `${branch}:${branch}`], `Cannot fetch ${branch}.`);
-    }
-    catch {
-        // Errors are already logged by runGitCommand()
-    }
-};
-exports.gitFetch = gitFetch;
-/**
- * Compute the all merge bases between the given refs. Returns an empty array
- * if no merge base is found, or if there is an error.
- *
- * This function uses the `checkout_path` to determine the repository path and
- * works only when called from `analyze` or `upload-sarif`.
- */
-const getAllGitMergeBases = async function (refs) {
-    try {
-        const stdout = await runGitCommand((0, exports.getOptionalInput)("checkout_path"), ["merge-base", "--all", ...refs], `Cannot get merge base of ${refs}.`);
-        return stdout.trim().split("\n");
-    }
-    catch {
-        return [];
-    }
-};
-exports.getAllGitMergeBases = getAllGitMergeBases;
-/**
- * Compute the diff hunk headers between the two given refs.
- *
- * This function uses the `checkout_path` to determine the repository path and
- * works only when called from `analyze` or `upload-sarif`.
- *
- * @returns an array of diff hunk headers (one element per line), or undefined
- * if the action was not triggered by a pull request, or if the diff could not
- * be determined.
- */
-const getGitDiffHunkHeaders = async function (fromRef, toRef) {
-    let stdout = "";
-    try {
-        stdout = await runGitCommand((0, exports.getOptionalInput)("checkout_path"), [
-            "-c",
-            "core.quotePath=false",
-            "diff",
-            "--no-renames",
-            "--irreversible-delete",
-            "-U0",
-            fromRef,
-            toRef,
-        ], `Cannot get diff from ${fromRef} to ${toRef}.`);
-    }
-    catch {
-        return undefined;
-    }
-    const headers = [];
-    for (const line of stdout.split("\n")) {
-        if (line.startsWith("--- ") ||
-            line.startsWith("+++ ") ||
-            line.startsWith("@@ ")) {
-            headers.push(line);
-        }
-    }
-    return headers;
-};
-exports.getGitDiffHunkHeaders = getGitDiffHunkHeaders;
-/**
- * Decode, if necessary, a file path produced by Git. See
- * https://git-scm.com/docs/git-config#Documentation/git-config.txt-corequotePath
- * for details on how Git encodes file paths with special characters.
- *
- * This function works only for Git output with `core.quotePath=false`.
- */
-const decodeGitFilePath = function (filePath) {
-    if (filePath.startsWith('"') && filePath.endsWith('"')) {
-        filePath = filePath.substring(1, filePath.length - 1);
-        return filePath.replace(/\\([abfnrtv\\"]|[0-7]{1,3})/g, (_match, seq) => {
-            switch (seq[0]) {
-                case "a":
-                    return "\x07";
-                case "b":
-                    return "\b";
-                case "f":
-                    return "\f";
-                case "n":
-                    return "\n";
-                case "r":
-                    return "\r";
-                case "t":
-                    return "\t";
-                case "v":
-                    return "\v";
-                case "\\":
-                    return "\\";
-                case '"':
-                    return '"';
-                default:
-                    // Both String.fromCharCode() and String.fromCodePoint() works only
-                    // for constructing an entire character at once. If a Unicode
-                    // character is encoded as a sequence of escaped bytes, calling these
-                    // methods sequentially on the individual byte values would *not*
-                    // produce the original multi-byte Unicode character. As a result,
-                    // this implementation works only with the Git option core.quotePath
-                    // set to false.
-                    return String.fromCharCode(parseInt(seq, 8));
-            }
-        });
-    }
-    return filePath;
-};
-exports.decodeGitFilePath = decodeGitFilePath;
+exports.determineMergeBaseCommitOid = determineMergeBaseCommitOid;
 /**
  * Get the ref currently being analyzed.
  */
@@ -557,106 +429,4 @@ exports.getFileType = getFileType;
 function isSelfHostedRunner() {
     return process.env.RUNNER_ENVIRONMENT === "self-hosted";
 }
-/** Determines whether we are running in default setup. */
-function isDefaultSetup() {
-    return getWorkflowEventName() === "dynamic";
-}
-function prettyPrintInvocation(cmd, args) {
-    return [cmd, ...args].map((x) => (x.includes(" ") ? `'${x}'` : x)).join(" ");
-}
-/**
- * An error from a tool invocation, with associated exit code, stderr, etc.
- */
-class CommandInvocationError extends Error {
-    constructor(cmd, args, exitCode, stderr, stdout) {
-        const prettyCommand = prettyPrintInvocation(cmd, args);
-        const lastLine = ensureEndsInPeriod(stderr.trim().split("\n").pop()?.trim() || "n/a");
-        super(`Failed to run "${prettyCommand}". ` +
-            `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`);
-        this.cmd = cmd;
-        this.args = args;
-        this.exitCode = exitCode;
-        this.stderr = stderr;
-        this.stdout = stdout;
-    }
-}
-exports.CommandInvocationError = CommandInvocationError;
-function ensureEndsInPeriod(text) {
-    return text[text.length - 1] === "." ? text : `${text}.`;
-}
-/**
- * A constant defining the maximum number of characters we will keep from
- * the programs stderr for logging.
- *
- * This serves two purposes:
- * 1. It avoids an OOM if a program fails in a way that results it
- *    printing many log lines.
- * 2. It avoids us hitting the limit of how much data we can send in our
- *    status reports on GitHub.com.
- */
-const MAX_STDERR_BUFFER_SIZE = 20000;
-/**
- * Runs a CLI tool.
- *
- * @returns Standard output produced by the tool.
- * @throws A `CommandInvocationError` if the tool exits with a non-zero status code.
- */
-async function runTool(cmd, args = [], opts = {}) {
-    let stdout = "";
-    let stderr = "";
-    if (!opts.noStreamStdout) {
-        process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
-    }
-    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
-        ignoreReturnCode: true,
-        listeners: {
-            stdout: (data) => {
-                stdout += data.toString("utf8");
-                if (!opts.noStreamStdout) {
-                    process.stdout.write(data);
-                }
-            },
-            stderr: (data) => {
-                let readStartIndex = 0;
-                // If the error is too large, then we only take the last MAX_STDERR_BUFFER_SIZE characters
-                if (data.length - MAX_STDERR_BUFFER_SIZE > 0) {
-                    // Eg: if we have MAX_STDERR_BUFFER_SIZE the start index should be 2.
-                    readStartIndex = data.length - MAX_STDERR_BUFFER_SIZE + 1;
-                }
-                stderr += data.toString("utf8", readStartIndex);
-                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
-                process.stdout.write(data);
-            },
-        },
-        silent: true,
-        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
-    }).exec();
-    if (exitCode !== 0) {
-        throw new CommandInvocationError(cmd, args, exitCode, stderr, stdout);
-    }
-    return stdout;
-}
-const persistedInputsKey = "persisted_inputs";
-/**
- * Persists all inputs to the action as state that can be retrieved later in the post-action.
- * This would be simplified if actions/runner#3514 is addressed.
- * https://github.com/actions/runner/issues/3514
- */
-const persistInputs = function () {
-    const inputEnvironmentVariables = Object.entries(process.env).filter(([name]) => name.startsWith("INPUT_"));
-    core.saveState(persistedInputsKey, JSON.stringify(inputEnvironmentVariables));
-};
-exports.persistInputs = persistInputs;
-/**
- * Restores all inputs to the action from the persisted state.
- */
-const restoreInputs = function () {
-    const persistedInputs = core.getState(persistedInputsKey);
-    if (persistedInputs) {
-        for (const [name, value] of JSON.parse(persistedInputs)) {
-            process.env[name] = value;
-        }
-    }
-};
-exports.restoreInputs = restoreInputs;
 //# sourceMappingURL=actions-util.js.map

lib/actions-util.test.js

@@ -214,66 +214,34 @@ const util_1 = require("./util");
         getAdditionalInputStub.restore();
     });
 });
-(0, ava_1.default)("determineBaseBranchHeadCommitOid non-pullrequest", async (t) => {
+(0, ava_1.default)("determineMergeBaseCommitOid non-pullrequest", async (t) => {
     const infoStub = sinon.stub(core, "info");
     process.env["GITHUB_EVENT_NAME"] = "hucairz";
     process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
-    const result = await actionsUtil.determineBaseBranchHeadCommitOid(__dirname);
+    const result = await actionsUtil.determineMergeBaseCommitOid(__dirname);
     t.deepEqual(result, undefined);
     t.deepEqual(0, infoStub.callCount);
     infoStub.restore();
 });
-(0, ava_1.default)("determineBaseBranchHeadCommitOid not git repository", async (t) => {
+(0, ava_1.default)("determineMergeBaseCommitOid no error", async (t) => {
     const infoStub = sinon.stub(core, "info");
     process.env["GITHUB_EVENT_NAME"] = "pull_request";
     process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
     await (0, util_1.withTmpDir)(async (tmpDir) => {
-        await actionsUtil.determineBaseBranchHeadCommitOid(tmpDir);
+        await actionsUtil.determineMergeBaseCommitOid(tmpDir);
     });
     t.deepEqual(1, infoStub.callCount);
-    t.deepEqual(infoStub.firstCall.args[0], "git call failed. Will calculate the base branch SHA on the server. Error: " +
-        "The checkout path provided to the action does not appear to be a git repository.");
+    t.assert(infoStub.firstCall.args[0].startsWith("The checkout path provided to the action does not appear to be a git repository."));
     infoStub.restore();
 });
-(0, ava_1.default)("determineBaseBranchHeadCommitOid other error", async (t) => {
+(0, ava_1.default)("determineMergeBaseCommitOid other error", async (t) => {
     const infoStub = sinon.stub(core, "info");
     process.env["GITHUB_EVENT_NAME"] = "pull_request";
     process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
-    const result = await actionsUtil.determineBaseBranchHeadCommitOid(path.join(__dirname, "../../i-dont-exist"));
+    const result = await actionsUtil.determineMergeBaseCommitOid(path.join(__dirname, "../../i-dont-exist"));
     t.deepEqual(result, undefined);
     t.deepEqual(1, infoStub.callCount);
-    t.assert(infoStub.firstCall.args[0].startsWith("git call failed. Will calculate the base branch SHA on the server. Error: "));
-    t.assert(!infoStub.firstCall.args[0].endsWith("The checkout path provided to the action does not appear to be a git repository."));
+    t.assert(infoStub.firstCall.args[0].startsWith("Failed to call git to determine merge base."));
     infoStub.restore();
 });
-(0, ava_1.default)("decodeGitFilePath unquoted strings", async (t) => {
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo"), "foo");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo bar"), "foo bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\\\bar"), "foo\\\\bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('foo\\"bar'), 'foo\\"bar');
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\001bar"), "foo\\001bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\abar"), "foo\\abar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\bbar"), "foo\\bbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\fbar"), "foo\\fbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\nbar"), "foo\\nbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\rbar"), "foo\\rbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\tbar"), "foo\\tbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("foo\\vbar"), "foo\\vbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath("\\a\\b\\f\\n\\r\\t\\v"), "\\a\\b\\f\\n\\r\\t\\v");
-});
-(0, ava_1.default)("decodeGitFilePath quoted strings", async (t) => {
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo"'), "foo");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo bar"'), "foo bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\\\bar"'), "foo\\bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\"bar"'), 'foo"bar');
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\001bar"'), "foo\x01bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\abar"'), "foo\x07bar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\bbar"'), "foo\bbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\fbar"'), "foo\fbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\nbar"'), "foo\nbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\rbar"'), "foo\rbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\tbar"'), "foo\tbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"foo\\vbar"'), "foo\vbar");
-    t.deepEqual(actionsUtil.decodeGitFilePath('"\\a\\b\\f\\n\\r\\t\\v"'), "\x07\b\f\n\r\t\v");
-});
 //# sourceMappingURL=actions-util.test.js.map

lib/analyze-action-post-helper.js

@@ -0,0 +1,44 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.run = run;
+const core = __importStar(require("@actions/core"));
+const actionsUtil = __importStar(require("./actions-util"));
+const config_utils_1 = require("./config-utils");
+const logging_1 = require("./logging");
+async function run(uploadSarifDebugArtifact) {
+    const logger = (0, logging_1.getActionsLogger)();
+    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
+    if (config === undefined) {
+        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
+    }
+    // Upload Actions SARIF artifacts for debugging
+    if (config?.debugMode) {
+        core.info("Debug mode is on. Uploading available SARIF files as Actions debugging artifact...");
+        const outputDir = actionsUtil.getRequiredInput("output");
+        await uploadSarifDebugArtifact(config, outputDir);
+    }
+}
+//# sourceMappingURL=analyze-action-post-helper.js.map

lib/analyze-action-post-helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kBAuBC;AA7BD,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAmD;AACnD,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,wBAGkB;IAElB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}

lib/analyze-action-post-helper.test.js

@@ -0,0 +1,73 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
+const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
+const configUtils = __importStar(require("./config-utils"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+(0, testing_utils_1.setupTests)(ava_1.default);
+(0, ava_1.default)("post: analyze action with debug mode off", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: false,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.notCalled);
+    });
+});
+(0, ava_1.default)("post: analyze action with debug mode on", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: true,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
+        requiredInputStub.withArgs("output").returns("fake-output-dir");
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.called);
+    });
+});
+//# sourceMappingURL=analyze-action-post-helper.test.js.map

lib/analyze-action-post-helper.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-post.js

@@ -29,34 +29,19 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * other `post:` hooks.
  */
 const core = __importStar(require("@actions/core"));
-const actionsUtil = __importStar(require("./actions-util"));
-const api_client_1 = require("./api-client");
-const config_utils_1 = require("./config-utils");
+const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const environment_1 = require("./environment");
-const feature_flags_1 = require("./feature-flags");
-const logging_1 = require("./logging");
-const repository_1 = require("./repository");
+const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
 const util_1 = require("./util");
 async function runWrapper() {
     try {
-        actionsUtil.restoreInputs();
-        const logger = (0, logging_1.getActionsLogger)();
-        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
-        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
-        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
-        // Upload SARIF artifacts if we determine that this is a first-party analysis run.
-        // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
-        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
-            const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
-            if (config !== undefined) {
-                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, features));
-            }
-        }
+        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
+        // Also run the upload-sarif post action since we're potentially running
+        // the same steps in the analyze action.
+        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
     }
     catch (error) {
-        core.setFailed(`analyze post-action step failed: ${(0, util_1.getErrorMessage)(error)}`);
+        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
     }
 }
 void runWrapper();

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,mDAA2C;AAC3C,uCAAwD;AACxD,6CAAkD;AAClD,iCAIgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;QAEF,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,QAAQ,CACT,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -31,16 +31,13 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
-const github = __importStar(require("@actions/github"));
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze_1 = require("./analyze");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
-const caching_utils_1 = require("./caching-utils");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
-const dependency_caching_1 = require("./dependency-caching");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -65,7 +62,7 @@ async function sendStatusReport(startedAt, config, stats, error, trapCacheUpload
             const trapCacheUploadStatusReport = {
                 ...report,
                 trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
-                trap_cache_upload_size_bytes: Math.round(await (0, caching_utils_1.getTotalCacheSize)(Object.values(config.trapCaches), logger)),
+                trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
             };
             await statusReport.sendStatusReport(trapCacheUploadStatusReport);
         }
@@ -150,9 +147,6 @@ async function run() {
     let dbCreationTimings = undefined;
     let didUploadTrapCaches = false;
     util.initializeEnvironment(actionsUtil.getActionVersion());
-    // Make inputs accessible in the `post` step, details at
-    // https://github.com/github/codeql-action/issues/2553
-    actionsUtil.persistInputs();
     const logger = (0, logging_1.getActionsLogger)();
     try {
         const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger);
@@ -169,21 +163,17 @@ async function run() {
         }
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
-        core.exportVariable(environment_1.EnvVar.SARIF_RESULTS_OUTPUT_DIR, outputDir);
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        const pull_request = github.context.payload.pull_request;
-        const diffRangePackDir = pull_request &&
-            (await (0, analyze_1.setupDiffInformedQueryRun)(pull_request.base.ref, pull_request.head.ref, codeql, logger, features));
         await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
-            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, diffRangePackDir, actionsUtil.getOptionalInput("category"), config, logger, features);
+            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
         }
         if (actionsUtil.getOptionalInput("cleanup-level") !== "none") {
             await (0, analyze_1.runCleanup)(config, actionsUtil.getOptionalInput("cleanup-level") || "brutal", logger);
@@ -210,10 +200,6 @@ async function run() {
         trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
         // Clean up TRAP caches
         trapCacheCleanupTelemetry = await (0, trap_caching_1.cleanupTrapCaches)(config, features, logger);
-        // Store dependency cache(s) if dependency caching is enabled.
-        if ((0, caching_utils_1.shouldStoreCache)(config.dependencyCachingEnabled)) {
-            await (0, dependency_caching_1.uploadDependencyCaches)(config, logger);
-        }
         // We don't upload results in test mode, so don't wait for processing
         if (util.isInTestMode()) {
             logger.debug("In test mode. Waiting for processing is disabled.");
@@ -258,7 +244,7 @@ async function runWrapper() {
         await exports.runPromise;
     }
     catch (error) {
-        core.setFailed(`analyze action failed: ${util.getErrorMessage(error)}`);
+        core.setFailed(`analyze action failed: ${util.wrapError(error).message}`);
     }
     await util.checkForTimeout();
 }

lib/analyze.js

@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CodeQLAnalysisError = void 0;
 exports.runExtraction = runExtraction;
 exports.dbIsFinalized = dbIsFinalized;
-exports.setupDiffInformedQueryRun = setupDiffInformedQueryRun;
 exports.runQueries = runQueries;
 exports.runFinalize = runFinalize;
 exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
@@ -40,14 +39,12 @@ const perf_hooks_1 = require("perf_hooks");
 const safe_which_1 = require("@chrisgavin/safe-which");
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
-const actionsUtil = __importStar(require("./actions-util"));
 const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const diagnostics_1 = require("./diagnostics");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
-const logging_1 = require("./logging");
 const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const upload_lib_1 = require("./upload-lib");
@@ -137,183 +134,11 @@ async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag,
         trap_import_duration_ms: Math.round(trapImportTime),
     };
 }
-/**
- * Set up the diff-informed analysis feature.
- *
- * @param baseRef The base branch name, used for calculating the diff range.
- * @param headRef The head branch name, used for calculating the diff range.
- * @param codeql
- * @param logger
- * @param features
- * @returns Absolute path to the directory containing the extension pack for
- * the diff range information, or `undefined` if the feature is disabled.
- */
-async function setupDiffInformedQueryRun(baseRef, headRef, codeql, logger, features) {
-    if (!(await features.getValue(feature_flags_1.Feature.DiffInformedQueries, codeql))) {
-        return undefined;
-    }
-    return await (0, logging_1.withGroup)("Generating diff range extension pack", async () => {
-        const diffRanges = await getPullRequestEditedDiffRanges(baseRef, headRef, logger);
-        return writeDiffRangeDataExtensionPack(logger, diffRanges);
-    });
-}
-/**
- * Return the file line ranges that were added or modified in the pull request.
- *
- * @param baseRef The base branch name, used for calculating the diff range.
- * @param headRef The head branch name, used for calculating the diff range.
- * @param logger
- * @returns An array of tuples, where each tuple contains the absolute path of a
- * file, the start line and the end line (both 1-based and inclusive) of an
- * added or modified range in that file. Returns `undefined` if the action was
- * not triggered by a pull request or if there was an error.
- */
-async function getPullRequestEditedDiffRanges(baseRef, headRef, logger) {
-    const checkoutPath = actionsUtil.getOptionalInput("checkout_path");
-    if (checkoutPath === undefined) {
-        return undefined;
-    }
-    // To compute the merge bases between the base branch and the PR topic branch,
-    // we need to fetch the commit graph from the branch heads to those merge
-    // babes. The following 4-step procedure does so while limiting the amount of
-    // history fetched.
-    // Step 1: Deepen from the PR merge commit to the base branch head and the PR
-    // topic branch head, so that the PR merge commit is no longer considered a
-    // grafted commit.
-    await actionsUtil.deepenGitHistory();
-    // Step 2: Fetch the base branch shallow history. This step ensures that the
-    // base branch name is present in the local repository. Normally the base
-    // branch name would be added by Step 4. However, if the base branch head is
-    // an ancestor of the PR topic branch head, Step 4 would fail without doing
-    // anything, so we need to fetch the base branch explicitly.
-    await actionsUtil.gitFetch(baseRef, ["--depth=1"]);
-    // Step 3: Fetch the PR topic branch history, stopping when we reach commits
-    // that are reachable from the base branch head.
-    await actionsUtil.gitFetch(headRef, [`--shallow-exclude=${baseRef}`]);
-    // Step 4: Fetch the base branch history, stopping when we reach commits that
-    // are reachable from the PR topic branch head.
-    await actionsUtil.gitFetch(baseRef, [`--shallow-exclude=${headRef}`]);
-    // Step 5: Deepen the history so that we have the merge bases between the base
-    // branch and the PR topic branch.
-    await actionsUtil.deepenGitHistory();
-    // To compute the exact same diff as GitHub would compute for the PR, we need
-    // to use the same merge base as GitHub. That is easy to do if there is only
-    // one merge base, which is by far the most common case. If there are multiple
-    // merge bases, we stop without producing a diff range.
-    const mergeBases = await actionsUtil.getAllGitMergeBases([baseRef, headRef]);
-    logger.info(`Merge bases: ${mergeBases.join(", ")}`);
-    if (mergeBases.length !== 1) {
-        logger.info("Cannot compute diff range because baseRef and headRef " +
-            `have ${mergeBases.length} merge bases (instead of exactly 1).`);
-        return undefined;
-    }
-    const diffHunkHeaders = await actionsUtil.getGitDiffHunkHeaders(mergeBases[0], headRef);
-    if (diffHunkHeaders === undefined) {
-        return undefined;
-    }
-    const results = new Array();
-    let changedFile = "";
-    for (const line of diffHunkHeaders) {
-        if (line.startsWith("+++ ")) {
-            const filePath = actionsUtil.decodeGitFilePath(line.substring(4));
-            if (filePath.startsWith("b/")) {
-                // The file was edited: track all hunks in the file
-                changedFile = filePath.substring(2);
-            }
-            else if (filePath === "/dev/null") {
-                // The file was deleted: skip all hunks in the file
-                changedFile = "";
-            }
-            else {
-                logger.warning(`Failed to parse diff hunk header line: ${line}`);
-                return undefined;
-            }
-            continue;
-        }
-        if (line.startsWith("@@ ")) {
-            if (changedFile === "")
-                continue;
-            const match = line.match(/^@@ -\d+(?:,\d+)? \+(\d+)(?:,(\d+))? @@/);
-            if (match === null) {
-                logger.warning(`Failed to parse diff hunk header line: ${line}`);
-                return undefined;
-            }
-            const startLine = parseInt(match[1], 10);
-            const numLines = parseInt(match[2], 10);
-            if (numLines === 0) {
-                // The hunk was a deletion: skip it
-                continue;
-            }
-            const endLine = startLine + (numLines || 1) - 1;
-            results.push({
-                path: path.join(checkoutPath, changedFile),
-                startLine,
-                endLine,
-            });
-        }
-    }
-    return results;
-}
-/**
- * Create an extension pack in the temporary directory that contains the file
- * line ranges that were added or modified in the pull request.
- *
- * @param logger
- * @param ranges The file line ranges, as returned by
- * `getPullRequestEditedDiffRanges`.
- * @returns The absolute path of the directory containing the extension pack, or
- * `undefined` if no extension pack was created.
- */
-function writeDiffRangeDataExtensionPack(logger, ranges) {
-    if (ranges === undefined) {
-        return undefined;
-    }
-    const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
-    fs.mkdirSync(diffRangeDir);
-    fs.writeFileSync(path.join(diffRangeDir, "qlpack.yml"), `
-name: codeql-action/pr-diff-range
-version: 0.0.0
-library: true
-extensionTargets:
-  codeql/util: '*'
-dataExtensions:
-  - pr-diff-range.yml
-`);
-    const header = `
-extensions:
-  - addsTo:
-      pack: codeql/util
-      extensible: restrictAlertsTo
-    data:
-`;
-    let data = ranges
-        .map((range) => `      - ["${range[0]}", ${range[1]}, ${range[2]}]\n`)
-        .join("");
-    if (!data) {
-        // Ensure that the data extension is not empty, so that a pull request with
-        // no edited lines would exclude (instead of accepting) all alerts.
-        data = '      - ["", 0, 0]\n';
-    }
-    const extensionContents = header + data;
-    const extensionFilePath = path.join(diffRangeDir, "pr-diff-range.yml");
-    fs.writeFileSync(extensionFilePath, extensionContents);
-    logger.debug(`Wrote pr-diff-range extension pack to ${extensionFilePath}:\n${extensionContents}`);
-    return diffRangeDir;
-}
 // Runs queries and creates sarif files in the given folder
-async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, diffRangePackDir, automationDetailsId, config, logger, features) {
+async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger, features) {
     const statusReport = {};
-    const dataExtensionFlags = diffRangePackDir
-        ? [
-            `--additional-packs=${diffRangePackDir}`,
-            "--extension-packs=codeql-action/pr-diff-range",
-        ]
-        : [];
-    const sarifRunPropertyFlag = diffRangePackDir
-        ? "--sarif-run-property=incrementalMode=diff-informed"
-        : undefined;
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    const queryFlags = [memoryFlag, threadsFlag, ...dataExtensionFlags];
+    const queryFlags = [memoryFlag, threadsFlag];
     for (const language of config.languages) {
         try {
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
@@ -361,13 +186,13 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         }
         catch (e) {
             statusReport.analyze_failure_language = language;
-            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.getErrorMessage(e)}`, util.wrapError(e));
+            throw new CodeQLAnalysisError(statusReport, `Error running analysis for ${language}: ${util.wrapError(e).message}`, util.wrapError(e));
         }
     }
     return statusReport;
     async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", sarifRunPropertyFlag, automationDetailsId, config, features);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
     }
     /** Get an object with all queries and their counts parsed from a SARIF file path. */
     function getPerQueryAlertCounts(sarifPath, log) {

lib/analyze.test.js

@@ -103,7 +103,7 @@ const util = __importStar(require("./util"));
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
             });
-            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
             t.deepEqual(Object.keys(statusReport).sort(), [
                 `analyze_builtin_queries_${language}_duration_ms`,
                 "event_reports",

lib/analyze.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze.test.js","sourceRoot":"","sources":["../src/analyze.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,uCAAuC;AACvC,qCAAqC;AACrC,mDAA0C;AAC1C,2CAAuC;AACvC,uCAA4C;AAC5C,mDAKyB;AACzB,wDAA0C;AAC1C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB;;;;;GAKG;AACH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,UAAU,GAAG,EAAE,CAAC;QACtB,MAAM,eAAe,GAAG,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,oBAAQ,CAAC,EAAE,CAAC;YAC/C,IAAA,kBAAS,EAAC;gBACR,kBAAkB,EAAE,KAAK,IAAI,EAAE,GAAE,CAAC;gBAClC,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;gBACzC,wBAAwB,EAAE,KAAK,EAC7B,GAAW,EACX,WAAqB,EACrB,SAAiB,EACjB,EAAE;oBACF,EAAE,CAAC,aAAa,CACd,SAAS,EACT,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE;4BACJ,+EAA+E;4BAC/E;gCACE,IAAI,EAAE;oCACJ,UAAU,EAAE;wCACV;4CACE,KAAK,EAAE;gDACL;oDACE,UAAU,EAAE;wDACV,IAAI,EAAE,CAAC,eAAe,CAAC;qDACxB;iDACF;6CACF;yCACF;qCACF;iCACF;gCACD,UAAU,EAAE;oCACV,aAAa,EAAE;wCACb;4CACE,IAAI,EAAE;gDACJ,KAAK,EAAE,CAAC;gDACR,aAAa,EAAE;oDACb,KAAK,EAAE,CAAC;iDACT;6CACF;4CACD,KAAK,EAAE,GAAG;yCACX;qCACF;iCACF;6BACF;4BACD,EAAE;yBACH;qBACF,CAAC,CACH,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC;gBACD,qBAAqB,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;aACtC,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC;gBAC9B,SAAS,EAAE,CAAC,QAAQ,CAAC;gBACrB,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;aACrD,CAAC,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;gBACzD,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,IAAA,oBAAU,EACnC,MAAM,EACN,UAAU,EACV,eAAe,EACf,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,IAAA,8BAAc,EAAC,CAAC,uBAAO,CAAC,kBAAkB,CAAC,CAAC,CAC7C,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC5C,2BAA2B,QAAQ,cAAc;gBACjD,eAAe;gBACf,qBAAqB,QAAQ,cAAc;aAC5C,CAAC,CAAC;YACH,KAAK,MAAM,WAAW,IAAI,YAAY,CAAC,aAAc,EAAE,CAAC;gBACtD,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,mCAAmC,CAAC,CAAC;gBACpE,CAAC,CAAC,IAAI,CAAC,YAAY,IAAI,WAAW,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAI,CAAC,aAAa,IAAI,WAAW,CAAC,UAAW,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze.test.js","sourceRoot":"","sources":["../src/analyze.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,uCAAuC;AACvC,qCAAqC;AACrC,mDAA0C;AAC1C,2CAAuC;AACvC,uCAA4C;AAC5C,mDAKyB;AACzB,wDAA0C;AAC1C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB;;;;;GAKG;AACH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,UAAU,GAAG,EAAE,CAAC;QACtB,MAAM,eAAe,GAAG,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,oBAAQ,CAAC,EAAE,CAAC;YAC/C,IAAA,kBAAS,EAAC;gBACR,kBAAkB,EAAE,KAAK,IAAI,EAAE,GAAE,CAAC;gBAClC,YAAY,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;gBACzC,wBAAwB,EAAE,KAAK,EAC7B,GAAW,EACX,WAAqB,EACrB,SAAiB,EACjB,EAAE;oBACF,EAAE,CAAC,aAAa,CACd,SAAS,EACT,IAAI,CAAC,SAAS,CAAC;wBACb,IAAI,EAAE;4BACJ,+EAA+E;4BAC/E;gCACE,IAAI,EAAE;oCACJ,UAAU,EAAE;wCACV;4CACE,KAAK,EAAE;gDACL;oDACE,UAAU,EAAE;wDACV,IAAI,EAAE,CAAC,eAAe,CAAC;qDACxB;iDACF;6CACF;yCACF;qCACF;iCACF;gCACD,UAAU,EAAE;oCACV,aAAa,EAAE;wCACb;4CACE,IAAI,EAAE;gDACJ,KAAK,EAAE,CAAC;gDACR,aAAa,EAAE;oDACb,KAAK,EAAE,CAAC;iDACT;6CACF;4CACD,KAAK,EAAE,GAAG;yCACX;qCACF;iCACF;6BACF;4BACD,EAAE;yBACH;qBACF,CAAC,CACH,CAAC;oBACF,OAAO,EAAE,CAAC;gBACZ,CAAC;gBACD,qBAAqB,EAAE,KAAK,IAAI,EAAE,CAAC,EAAE;aACtC,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC;gBAC9B,SAAS,EAAE,CAAC,QAAQ,CAAC;gBACrB,OAAO,EAAE,MAAM;gBACf,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;aACrD,CAAC,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE;gBACzD,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,YAAY,GAAG,MAAM,IAAA,oBAAU,EACnC,MAAM,EACN,UAAU,EACV,eAAe,EACf,WAAW,EACX,SAAS,EACT,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,IAAA,8BAAc,EAAC,CAAC,uBAAO,CAAC,kBAAkB,CAAC,CAAC,CAC7C,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC5C,2BAA2B,QAAQ,cAAc;gBACjD,eAAe;gBACf,qBAAqB,QAAQ,cAAc;aAC5C,CAAC,CAAC;YACH,KAAK,MAAM,WAAW,IAAI,YAAY,CAAC,aAAc,EAAE,CAAC;gBACtD,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,mCAAmC,CAAC,CAAC;gBACpE,CAAC,CAAC,IAAI,CAAC,YAAY,IAAI,WAAW,CAAC,CAAC;gBACpC,CAAC,CAAC,IAAI,CAAC,aAAa,IAAI,WAAW,CAAC,UAAW,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.15", "minimumVersion": "3.11" }
+{ "maximumVersion": "3.15", "minimumVersion": "3.10" }

lib/autobuild-action.js

@@ -96,7 +96,7 @@ async function runWrapper() {
         await run();
     }
     catch (error) {
-        core.setFailed(`autobuild action failed. ${(0, util_1.getErrorMessage)(error)}`);
+        core.setFailed(`autobuild action failed. ${(0, util_1.wrapError)(error).message}`);
     }
 }
 void runWrapper();

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,mDAAuD;AACvD,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/caching-utils.js

@@ -1,106 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CachingKind = void 0;
-exports.getTotalCacheSize = getTotalCacheSize;
-exports.shouldStoreCache = shouldStoreCache;
-exports.shouldRestoreCache = shouldRestoreCache;
-exports.getCachingKind = getCachingKind;
-exports.getDependencyCachingEnabled = getDependencyCachingEnabled;
-const core = __importStar(require("@actions/core"));
-const actions_util_1 = require("./actions-util");
-const environment_1 = require("./environment");
-const util_1 = require("./util");
-/**
- * Returns the total size of all the specified paths.
- * @param paths The paths for which to calculate the total size.
- * @param logger A logger to record some informational messages to.
- * @returns The total size of all specified paths.
- */
-async function getTotalCacheSize(paths, logger) {
-    const sizes = await Promise.all(paths.map((cacheDir) => (0, util_1.tryGetFolderBytes)(cacheDir, logger)));
-    return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0);
-}
-/* Enumerates caching modes. */
-var CachingKind;
-(function (CachingKind) {
-    /** Do not restore or store any caches. */
-    CachingKind["None"] = "none";
-    /** Store caches, but do not restore any existing ones. */
-    CachingKind["Store"] = "store";
-    /** Restore existing caches, but do not store any new ones. */
-    CachingKind["Restore"] = "restore";
-    /** Restore existing caches, and store new ones. */
-    CachingKind["Full"] = "full";
-})(CachingKind || (exports.CachingKind = CachingKind = {}));
-/** Returns a value indicating whether new caches should be stored, based on `kind`. */
-function shouldStoreCache(kind) {
-    return kind === CachingKind.Full || kind === CachingKind.Store;
-}
-/** Returns a value indicating whether existing caches should be restored, based on `kind`. */
-function shouldRestoreCache(kind) {
-    return kind === CachingKind.Full || kind === CachingKind.Restore;
-}
-/**
- * Parses the `upload` input into an `UploadKind`.
- */
-function getCachingKind(input) {
-    switch (input) {
-        case undefined:
-        case "none":
-        case "off":
-        case "false":
-            return CachingKind.None;
-        case "full":
-        case "on":
-        case "true":
-            return CachingKind.Full;
-        case "store":
-            return CachingKind.Store;
-        case "restore":
-            return CachingKind.Restore;
-        default:
-            core.warning(`Unrecognized 'dependency-caching' input: ${input}. Defaulting to 'none'.`);
-            return CachingKind.None;
-    }
-}
-/** Determines whether dependency caching is enabled. */
-function getDependencyCachingEnabled() {
-    // If the workflow specified something always respect that
-    const dependencyCaching = (0, actions_util_1.getOptionalInput)("dependency-caching") ||
-        process.env[environment_1.EnvVar.DEPENDENCY_CACHING];
-    if (dependencyCaching !== undefined)
-        return getCachingKind(dependencyCaching);
-    // On self-hosted runners which may have dependencies installed centrally, disable caching by default
-    if (!(0, util_1.isHostedRunner)())
-        return CachingKind.None;
-    // Disable in advanced workflows by default.
-    if (!(0, actions_util_1.isDefaultSetup)())
-        return CachingKind.None;
-    // On hosted runners, disable dependency caching by default.
-    // TODO: Review later whether we can enable this by default.
-    return CachingKind.None;
-}
-//# sourceMappingURL=caching-utils.js.map

lib/caching-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"caching-utils.js","sourceRoot":"","sources":["../src/caching-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAaA,8CAQC;AAeD,4CAEC;AAGD,gDAEC;AAKD,wCAqBC;AAGD,kEAgBC;AAxFD,oDAAsC;AAEtC,iDAAkE;AAClE,+CAAuC;AAEvC,iCAA2D;AAE3D;;;;;GAKG;AACI,KAAK,UAAU,iBAAiB,CACrC,KAAe,EACf,MAAc;IAEd,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAC7B,KAAK,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAA,wBAAiB,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAC7D,CAAC;IACF,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,+BAA+B;AAC/B,IAAY,WASX;AATD,WAAY,WAAW;IACrB,0CAA0C;IAC1C,4BAAa,CAAA;IACb,0DAA0D;IAC1D,8BAAe,CAAA;IACf,8DAA8D;IAC9D,kCAAmB,CAAA;IACnB,mDAAmD;IACnD,4BAAa,CAAA;AACf,CAAC,EATW,WAAW,2BAAX,WAAW,QAStB;AAED,uFAAuF;AACvF,SAAgB,gBAAgB,CAAC,IAAiB;IAChD,OAAO,IAAI,KAAK,WAAW,CAAC,IAAI,IAAI,IAAI,KAAK,WAAW,CAAC,KAAK,CAAC;AACjE,CAAC;AAED,8FAA8F;AAC9F,SAAgB,kBAAkB,CAAC,IAAiB;IAClD,OAAO,IAAI,KAAK,WAAW,CAAC,IAAI,IAAI,IAAI,KAAK,WAAW,CAAC,OAAO,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,KAAyB;IACtD,QAAQ,KAAK,EAAE,CAAC;QACd,KAAK,SAAS,CAAC;QACf,KAAK,MAAM,CAAC;QACZ,KAAK,KAAK,CAAC;QACX,KAAK,OAAO;YACV,OAAO,WAAW,CAAC,IAAI,CAAC;QAC1B,KAAK,MAAM,CAAC;QACZ,KAAK,IAAI,CAAC;QACV,KAAK,MAAM;YACT,OAAO,WAAW,CAAC,IAAI,CAAC;QAC1B,KAAK,OAAO;YACV,OAAO,WAAW,CAAC,KAAK,CAAC;QAC3B,KAAK,SAAS;YACZ,OAAO,WAAW,CAAC,OAAO,CAAC;QAC7B;YACE,IAAI,CAAC,OAAO,CACV,4CAA4C,KAAK,yBAAyB,CAC3E,CAAC;YACF,OAAO,WAAW,CAAC,IAAI,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,wDAAwD;AACxD,SAAgB,2BAA2B;IACzC,0DAA0D;IAC1D,MAAM,iBAAiB,GACrB,IAAA,+BAAgB,EAAC,oBAAoB,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,kBAAkB,CAAC,CAAC;IACzC,IAAI,iBAAiB,KAAK,SAAS;QAAE,OAAO,cAAc,CAAC,iBAAiB,CAAC,CAAC;IAE9E,qGAAqG;IACrG,IAAI,CAAC,IAAA,qBAAc,GAAE;QAAE,OAAO,WAAW,CAAC,IAAI,CAAC;IAE/C,4CAA4C;IAC5C,IAAI,CAAC,IAAA,6BAAc,GAAE;QAAE,OAAO,WAAW,CAAC,IAAI,CAAC;IAE/C,4DAA4D;IAC5D,4DAA4D;IAC5D,OAAO,WAAW,CAAC,IAAI,CAAC;AAC1B,CAAC"}

lib/cli-errors.js

@@ -1,24 +1,26 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CliError = void 0;
+exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
 exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
 exports.wrapCliConfigurationError = wrapCliConfigurationError;
-const actions_util_1 = require("./actions-util");
 const doc_url_1 = require("./doc-url");
 const util_1 = require("./util");
 /**
- * An error from a CodeQL CLI invocation, with associated exit code, stderr, etc.
+ * A class of Error that we can classify as an error stemming from a CLI
+ * invocation, with associated exit code, stderr,etc.
  */
-class CliError extends Error {
-    constructor({ cmd, args, exitCode, stderr }) {
-        const prettyCommand = (0, actions_util_1.prettyPrintInvocation)(cmd, args);
+class CommandInvocationError extends Error {
+    constructor(cmd, args, exitCode, stderr, stdout) {
+        const prettyCommand = [cmd, ...args]
+            .map((x) => (x.includes(" ") ? `'${x}'` : x))
+            .join(" ");
         const fatalErrors = extractFatalErrors(stderr);
         const autobuildErrors = extractAutobuildErrors(stderr);
         let message;
         if (fatalErrors) {
             message =
                 `Encountered a fatal error while running "${prettyCommand}". ` +
-                    `Exit code was ${exitCode} and error was: ${(0, actions_util_1.ensureEndsInPeriod)(fatalErrors.trim())} See the logs for more details.`;
+                    `Exit code was ${exitCode} and error was: ${ensureEndsInPeriod(fatalErrors.trim())} See the logs for more details.`;
         }
         else if (autobuildErrors) {
             message =
@@ -27,7 +29,7 @@ class CliError extends Error {
                     `Encountered the following error: ${autobuildErrors}`;
         }
         else {
-            const lastLine = (0, actions_util_1.ensureEndsInPeriod)(stderr.trim().split("\n").pop()?.trim() || "n/a");
+            const lastLine = ensureEndsInPeriod(stderr.trim().split("\n").pop()?.trim() || "n/a");
             message =
                 `Encountered a fatal error while running "${prettyCommand}". ` +
                     `Exit code was ${exitCode} and last log line was: ${lastLine} See the logs for more details.`;
@@ -35,9 +37,10 @@ class CliError extends Error {
         super(message);
         this.exitCode = exitCode;
         this.stderr = stderr;
+        this.stdout = stdout;
     }
 }
-exports.CliError = CliError;
+exports.CommandInvocationError = CommandInvocationError;
 /**
  * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
  * error.
@@ -86,10 +89,10 @@ function extractFatalErrors(error) {
         }
         const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
         if (isOneLiner) {
-            fatalErrors = fatalErrors.map(actions_util_1.ensureEndsInPeriod);
+            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
         }
         return [
-            (0, actions_util_1.ensureEndsInPeriod)(lastError),
+            ensureEndsInPeriod(lastError),
             "Context:",
             ...fatalErrors.reverse(),
         ].join(isOneLiner ? " " : "\n");
@@ -106,6 +109,9 @@ function extractAutobuildErrors(error) {
     }
     return errorLines.join("\n") || undefined;
 }
+function ensureEndsInPeriod(text) {
+    return text[text.length - 1] === "." ? text : `${text}.`;
+}
 /** Error messages from the CLI that we consider configuration errors and handle specially. */
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
@@ -261,6 +267,9 @@ function getCliConfigCategoryIfExists(cliError) {
  * simply returns the original error.
  */
 function wrapCliConfigurationError(cliError) {
+    if (!(cliError instanceof CommandInvocationError)) {
+        return cliError;
+    }
     const cliConfigErrorCategory = getCliConfigCategoryIfExists(cliError);
     if (cliConfigErrorCategory === undefined) {
         return cliError;

lib/codeql.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = void 0;
+exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = void 0;
 exports.setupCodeQL = setupCodeQL;
 exports.getCodeQL = getCodeQL;
 exports.setCodeQL = setCodeQL;
@@ -63,19 +63,19 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.14.6";
+const CODEQL_MINIMUM_VERSION = "2.13.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.13.5";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.9";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-07-09";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -85,6 +85,14 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
  * For convenience, please keep these in descending order. Once a version
  * flag is older than the oldest supported version above, it may be removed.
  */
+/**
+ * Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
+ */
+exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = "2.14.2";
+/**
+ * Versions 2.14.4+ of the CodeQL CLI support language aliasing.
+ */
+exports.CODEQL_VERSION_LANGUAGE_ALIASING = "2.14.4";
 /**
  * Versions 2.15.0+ of the CodeQL CLI support new analysis summaries.
  */
@@ -116,7 +124,7 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
  */
 async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
     try {
-        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
+        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
         logger.debug(`Bundle download status report: ${JSON.stringify(toolsDownloadStatusReport)}`);
         let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
         if (process.platform === "win32") {
@@ -131,11 +139,10 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
             toolsDownloadStatusReport,
             toolsSource,
             toolsVersion,
-            zstdAvailability,
         };
     }
     catch (e) {
-        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.getErrorMessage)(e)}`);
+        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
     }
 }
 /**
@@ -180,7 +187,7 @@ function setCodeQL(partialCodeql) {
         extractUsingBuildMode: resolveFunction(partialCodeql, "extractUsingBuildMode"),
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
-        betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages", async () => ({ aliases: {}, extractors: {} })),
+        betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
         resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
         resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
         packDownload: resolveFunction(partialCodeql, "packDownload"),
@@ -233,9 +240,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async getVersion() {
             let result = util.getCachedCodeQlVersion();
             if (result === undefined) {
-                const output = await runCli(cmd, ["version", "--format=json"], {
-                    noStreamStdout: true,
-                });
+                const output = await runTool(cmd, ["version", "--format=json"]);
                 try {
                     result = JSON.parse(output);
                 }
@@ -247,7 +252,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             return result;
         },
         async printVersion() {
-            await runCli(cmd, ["version", "--format=json"]);
+            await runTool(cmd, ["version", "--format=json"]);
         },
         async supportsFeature(feature) {
             return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
@@ -272,7 +277,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (qlconfigFile !== undefined) {
                 extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
             }
+            if (await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) {
                 extraArgs.push("--calculate-language-specific-baseline");
+            }
             if (await isSublanguageFileCoverageEnabled(config, this)) {
                 extraArgs.push("--sublanguage-file-coverage");
             }
@@ -282,14 +289,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
                 ? "--force-overwrite"
                 : "--overwrite";
-            await runCli(cmd, [
+            await runTool(cmd, [
                 "database",
                 "init",
                 overwriteFlag,
                 "--db-cluster",
                 config.dbLocation,
                 `--source-root=${sourceRoot}`,
-                "--extractor-include-aliases",
+                ...(await getLanguageAliasingArguments(this)),
                 ...extraArgs,
                 ...getExtraOptionsFromEnv(["database", "init"], {
                     ignoringOptions: ["--overwrite"],
@@ -317,10 +324,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
             // the Actions runtime introduces its own workaround for SIP
             // (https://github.com/actions/runner/pull/416).
-            await runCli(autobuildCmd);
+            await runTool(autobuildCmd);
         },
         async extractScannedLanguage(config, language) {
-            await runCli(cmd, [
+            await runTool(cmd, [
                 "database",
                 "trace-command",
                 "--index-traceless-dbs",
@@ -335,7 +342,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 applyAutobuildAzurePipelinesTimeoutFix();
             }
             try {
-                await runCli(cmd, [
+                await runTool(cmd, [
                     "database",
                     "trace-command",
                     "--use-build-mode",
@@ -352,7 +359,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     const prefix = "We were unable to automatically build your code. " +
                         "Please change the build mode for this language to manual and specify build steps " +
                         `for your project. See ${doc_url_1.DocUrl.AUTOMATIC_BUILD_FAILED} for more information.`;
-                    throw new util.ConfigurationError(`${prefix} ${(0, util_1.getErrorMessage)(e)}`);
+                    const ErrorConstructor = e instanceof util.ConfigurationError
+                        ? util.ConfigurationError
+                        : Error;
+                    throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
                 }
                 else {
                     throw e;
@@ -370,7 +380,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["database", "finalize"]),
                 databasePath,
             ];
-            await runCli(cmd, args);
+            await runTool(cmd, args);
         },
         async resolveLanguages() {
             const codeqlArgs = [
@@ -379,7 +389,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "--format=json",
                 ...getExtraOptionsFromEnv(["resolve", "languages"]),
             ];
-            const output = await runCli(cmd, codeqlArgs);
+            const output = await runTool(cmd, codeqlArgs);
             try {
                 return JSON.parse(output);
             }
@@ -393,10 +403,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "languages",
                 "--format=betterjson",
                 "--extractor-options-verbosity=4",
-                "--extractor-include-aliases",
+                ...(await getLanguageAliasingArguments(this)),
                 ...getExtraOptionsFromEnv(["resolve", "languages"]),
             ];
-            const output = await runCli(cmd, codeqlArgs);
+            const output = await runTool(cmd, codeqlArgs);
             try {
                 return JSON.parse(output);
             }
@@ -415,7 +425,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (extraSearchPath !== undefined) {
                 codeqlArgs.push("--additional-packs", extraSearchPath);
             }
-            const output = await runCli(cmd, codeqlArgs);
+            const output = await runTool(cmd, codeqlArgs);
             try {
                 return JSON.parse(output);
             }
@@ -428,13 +438,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "resolve",
                 "build-environment",
                 `--language=${language}`,
-                "--extractor-include-aliases",
+                ...(await getLanguageAliasingArguments(this)),
                 ...getExtraOptionsFromEnv(["resolve", "build-environment"]),
             ];
             if (workingDir !== undefined) {
                 codeqlArgs.push("--working-dir", workingDir);
             }
-            const output = await runCli(cmd, codeqlArgs);
+            const output = await runTool(cmd, codeqlArgs);
             try {
                 return JSON.parse(output);
             }
@@ -458,9 +468,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (await util.codeQlVersionAtLeast(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
                 codeqlArgs.push("--intra-layer-parallelism");
             }
-            await runCli(cmd, codeqlArgs);
+            await runTool(cmd, codeqlArgs);
         },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, sarifRunPropertyFlag, automationDetailsId, config, features) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
             const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
             const codeqlArgs = [
                 "database",
@@ -479,9 +489,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...(await getJobRunUuidSarifOptions(this)),
                 ...getExtraOptionsFromEnv(["database", "interpret-results"]),
             ];
-            if (sarifRunPropertyFlag !== undefined) {
-                codeqlArgs.push(sarifRunPropertyFlag);
-            }
             if (automationDetailsId !== undefined) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
@@ -507,7 +514,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }
             // Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
             // logs to avoid printing it twice.
-            return await runCli(cmd, codeqlArgs, {
+            return await runTool(cmd, codeqlArgs, {
                 noStreamStdout: true,
             });
         },
@@ -518,7 +525,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["database", "print-baseline"]),
                 databasePath,
             ];
-            return await runCli(cmd, codeqlArgs);
+            return await runTool(cmd, codeqlArgs);
         },
         /**
          * Download specified packs into the package cache. If the specified
@@ -546,7 +553,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["pack", "download"]),
                 ...packs,
             ];
-            const output = await runCli(cmd, codeqlArgs);
+            const output = await runTool(cmd, codeqlArgs);
             try {
                 const parsedOutput = JSON.parse(output);
                 if (Array.isArray(parsedOutput.packs) &&
@@ -575,7 +582,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 `${cacheCleanupFlag}=${cleanupLevel}`,
                 ...getExtraOptionsFromEnv(["database", "cleanup"]),
             ];
-            await runCli(cmd, codeqlArgs);
+            await runTool(cmd, codeqlArgs);
         },
         async databaseBundle(databasePath, outputFilePath, databaseName) {
             const args = [
@@ -628,7 +635,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "extractor",
                 "--format=json",
                 `--language=${language}`,
-                "--extractor-include-aliases",
+                ...(await getLanguageAliasingArguments(this)),
                 ...getExtraOptionsFromEnv(["resolve", "extractor"]),
             ], {
                 silent: true,
@@ -657,7 +664,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (mergeRunsFromEqualCategory) {
                 args.push("--sarif-merge-runs-from-equal-category");
             }
-            await runCli(cmd, args);
+            await runTool(cmd, args);
         },
     };
     // To ensure that status reports include the CodeQL CLI version wherever
@@ -737,16 +744,48 @@ function getExtraOptions(options, paths, pathInfo) {
         : getExtraOptions(options?.[paths[0]], paths?.slice(1), pathInfo.concat(paths[0]));
     return all.concat(specific);
 }
-async function runCli(cmd, args = [], opts = {}) {
-    try {
-        return await (0, actions_util_1.runTool)(cmd, args, opts);
+/*
+ * A constant defining the maximum number of characters we will keep from
+ * the programs stderr for logging. This serves two purposes:
+ * (1) It avoids an OOM if a program fails in a way that results it
+ *     printing many log lines.
+ * (2) It avoids us hitting the limit of how much data we can send in our
+ *     status reports on GitHub.com.
+ */
+const maxErrorSize = 20_000;
+async function runTool(cmd, args = [], opts = {}) {
+    let stdout = "";
+    let stderr = "";
+    process.stdout.write(`[command]${cmd} ${args.join(" ")}\n`);
+    const exitCode = await new toolrunner.ToolRunner(cmd, args, {
+        ignoreReturnCode: true,
+        listeners: {
+            stdout: (data) => {
+                stdout += data.toString("utf8");
+                if (!opts.noStreamStdout) {
+                    process.stdout.write(data);
                 }
-    catch (e) {
-        if (e instanceof actions_util_1.CommandInvocationError) {
-            throw (0, cli_errors_1.wrapCliConfigurationError)(new cli_errors_1.CliError(e));
+            },
+            stderr: (data) => {
+                let readStartIndex = 0;
+                // If the error is too large, then we only take the last 20,000 characters
+                if (data.length - maxErrorSize > 0) {
+                    // Eg: if we have 20,000 the start index should be 2.
+                    readStartIndex = data.length - maxErrorSize + 1;
                 }
-        throw e;
+                stderr += data.toString("utf8", readStartIndex);
+                // Mimic the standard behavior of the toolrunner by writing stderr to stdout
+                process.stdout.write(data);
+            },
+        },
+        silent: true,
+        ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
+    }).exec();
+    if (exitCode !== 0) {
+        const e = new cli_errors_1.CommandInvocationError(cmd, args, exitCode, stderr, stdout);
+        throw (0, cli_errors_1.wrapCliConfigurationError)(e);
     }
+    return stdout;
 }
 /**
  * Generates a code scanning configuration that is to be used for a scan.
@@ -829,6 +868,12 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
 function getGeneratedCodeScanningConfigPath(config) {
     return path.resolve(config.tempDir, "user-config.yaml");
 }
+async function getLanguageAliasingArguments(codeql) {
+    if (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
+        return ["--extractor-include-aliases"];
+    }
+    return [];
+}
 async function isSublanguageFileCoverageEnabled(config, codeql) {
     return (
     // Sub-language file coverage is first supported in GHES 3.12.

lib/codeql.test.js

@@ -101,6 +101,7 @@ function mockApiDetails(apiDetails) {
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
             t.is(result.toolsVersion, `0.0.0-${version}`);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
         }
         t.is(toolcache.findAllVersions("CodeQL").length, 2);
     });
@@ -109,17 +110,15 @@ function mockApiDetails(apiDetails) {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const url = (0, testing_utils_1.mockBundleDownloadApi)({
-            tagName: `codeql-bundle-v2.15.0`,
+            tagName: `codeql-bundle-v2.14.0`,
             isPinned: false,
         });
         const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(toolcache.findAllVersions("CodeQL").length, 1);
-        t.assert(toolcache.find("CodeQL", `2.15.0`));
-        t.is(result.toolsVersion, `2.15.0`);
+        t.assert(toolcache.find("CodeQL", `2.14.0`));
+        t.is(result.toolsVersion, `2.14.0`);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        if (result.toolsDownloadStatusReport) {
-            assertDurationsInteger(t, result.toolsDownloadStatusReport);
-        }
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
     });
 });
 (0, ava_1.default)("downloads an explicitly requested bundle even if a different version is cached", async (t) => {
@@ -137,9 +136,7 @@ function mockApiDetails(apiDetails) {
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
         t.deepEqual(result.toolsVersion, "0.0.0-20200610");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        if (result.toolsDownloadStatusReport) {
-            assertDurationsInteger(t, result.toolsDownloadStatusReport);
-        }
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
     });
 });
 const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
@@ -187,9 +184,7 @@ for (const toolcacheVersion of [
             const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-            t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
             t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
-            t.is(result.toolsDownloadStatusReport?.extractionDurationMs, undefined);
         });
     });
 }
@@ -207,9 +202,7 @@ for (const toolcacheVersion of [
         }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, "0.0.0-20200601");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-        t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
         t.is(result.toolsDownloadStatusReport?.downloadDurationMs, undefined);
-        t.is(result.toolsDownloadStatusReport?.extractionDurationMs, undefined);
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
     });
@@ -231,9 +224,7 @@ for (const toolcacheVersion of [
         }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        if (result.toolsDownloadStatusReport) {
-            assertDurationsInteger(t, result.toolsDownloadStatusReport);
-        }
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
@@ -252,9 +243,7 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        if (result.toolsDownloadStatusReport) {
-            assertDurationsInteger(t, result.toolsDownloadStatusReport);
-        }
+        t.assert(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
@@ -265,7 +254,7 @@ for (const toolcacheVersion of [
         mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
         sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
         const releasesApiMock = mockReleaseApi({
-            assetNames: ["cli-version-2.14.6.txt"],
+            assetNames: ["cli-version-2.13.5.txt"],
             tagName: "codeql-bundle-20230203",
         });
         (0, testing_utils_1.mockBundleDownloadApi)({
@@ -276,22 +265,13 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(result.toolsVersion, "0.0.0-20230203");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        if (result.toolsDownloadStatusReport) {
-            assertDurationsInteger(t, result.toolsDownloadStatusReport);
-        }
+        t.true(Number.isInteger(result.toolsDownloadStatusReport?.downloadDurationMs));
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
         t.is(cachedVersions[0], "0.0.0-20230203");
         t.false(releasesApiMock.isDone());
     });
 });
-function assertDurationsInteger(t, statusReport) {
-    t.assert(Number.isInteger(statusReport?.combinedDurationMs));
-    if (statusReport.downloadDurationMs !== undefined) {
-        t.assert(Number.isInteger(statusReport?.downloadDurationMs));
-        t.assert(Number.isInteger(statusReport?.extractionDurationMs));
-    }
-}
 (0, ava_1.default)("getExtraOptions works for explicit paths", (t) => {
     t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);
     t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]);
@@ -533,7 +513,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
         sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
         // safeWhich throws because of the test CodeQL object.
         sinon.stub(safeWhich, "safeWhich").resolves("");
-        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", undefined, "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]));
+        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]));
         const actualArgs = runnerConstructorStub.firstCall.args[1];
         t.is(actualArgs.includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
         t.is(actualArgs.includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
@@ -611,7 +591,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
     await t.throwsAsync(async () => await codeqlObject.databaseRunQueries(stubConfig.dbLocation, []), {
-        instanceOf: cli_errors_1.CliError,
+        instanceOf: cli_errors_1.CommandInvocationError,
         message: `Encountered a fatal error while running "codeql-for-testing database run-queries  --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
     com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
     Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk. See the logs for more details.`,

lib/config-utils.js

@@ -34,6 +34,7 @@ exports.getNoLanguagesError = getNoLanguagesError;
 exports.getUnknownLanguagesError = getUnknownLanguagesError;
 exports.getLanguagesInRepo = getLanguagesInRepo;
 exports.getLanguages = getLanguages;
+exports.getLanguageAliases = getLanguageAliases;
 exports.getRawLanguages = getRawLanguages;
 exports.getDefaultConfig = getDefaultConfig;
 exports.calculateAugmentation = calculateAugmentation;
@@ -53,7 +54,7 @@ const perf_hooks_1 = require("perf_hooks");
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
-const caching_utils_1 = require("./caching-utils");
+const codeql_1 = require("./codeql");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const trap_caching_1 = require("./trap-caching");
@@ -154,7 +155,7 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
         logger.info(`Automatically detected languages: ${languages.join(", ")}`);
     }
     else {
-        const aliases = (await codeQL.betterResolveLanguages()).aliases;
+        const aliases = await getLanguageAliases(codeQL);
         if (aliases) {
             languages = languages.map((lang) => aliases[lang] || lang);
         }
@@ -184,6 +185,16 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
     }
     return parsedLanguages;
 }
+/**
+ * Gets the set of languages supported by CodeQL, along with their aliases if supported by the
+ * version of the CLI.
+ */
+async function getLanguageAliases(codeql) {
+    if (await (0, util_1.codeQlVersionAtLeast)(codeql, codeql_1.CODEQL_VERSION_LANGUAGE_ALIASING)) {
+        return (await codeql.betterResolveLanguages()).aliases;
+    }
+    return undefined;
+}
 /**
  * Gets the set of languages in the current repository without checking to
  * see if these languages are actually supported by CodeQL.
@@ -214,7 +225,7 @@ async function getRawLanguages(languagesInput, repository, logger) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
     const augmentationProperties = calculateAugmentation(packsInput, queriesInput, languages);
@@ -233,7 +244,6 @@ async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buil
         augmentationProperties,
         trapCaches,
         trapCacheDownloadTime,
-        dependencyCachingEnabled: (0, caching_utils_1.getCachingKind)(dependencyCachingEnabled),
     };
 }
 async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger) {
@@ -249,7 +259,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
     let parsedYAML;
     if (isLocal(configFile)) {
         if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -283,7 +293,6 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
         augmentationProperties,
         trapCaches,
         trapCacheDownloadTime,
-        dependencyCachingEnabled: (0, caching_utils_1.getCachingKind)(dependencyCachingEnabled),
     };
 }
 /**
@@ -501,8 +510,8 @@ function parseRegistries(registriesInput) {
 }
 function parseRegistriesWithoutCredentials(registriesInput) {
     return parseRegistries(registriesInput)?.map((r) => {
-        const { url, packages, kind } = r;
-        return { url, packages, kind };
+        const { url, packages } = r;
+        return { url, packages };
     });
 }
 function isLocal(configPath) {
@@ -626,7 +635,6 @@ function createRegistriesBlock(registries) {
         // ensure the url ends with a slash to avoid a bug in the CLI 2.10.4
         url: !registry?.url.endsWith("/") ? `${registry.url}/` : registry.url,
         packages: registry.packages,
-        kind: registry.kind,
     }));
     const qlconfig = {
         registries: safeRegistries,