Merge pull request #2997 from github/update-v3.29.5-80a09d7b0

Merge main into releases/v3
Update changelog for v3.29.5
2025-12-07 00:08:06 +08:00 · 2025-07-29 14:05:50 -07:00 · 2025-07-29 20:38:47 +00:00 · 2025-07-29 18:24:06 +01:00 · 2025-07-29 18:22:54 +01:00 · 2025-07-29 18:10:01 +01:00
3665 changed files with 595639 additions and 51995 deletions
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
@@ -29,24 +29,27 @@ runs:
    - id: get-url
      name: Determine URL
      shell: bash
+      env:
+        VERSION: ${{ inputs.version }}
+        USE_ALL_PLATFORM_BUNDLE: ${{ inputs.use-all-platform-bundle }}
      run: |
        set -e # Fail this Action if `gh release list` fails.

-        if [[ ${{ inputs.version }} == "linked" ]]; then
+        if [[ "$VERSION" == "linked" ]]; then
          echo "tools-url=linked" >> "$GITHUB_OUTPUT"
          exit 0
-        elif [[ ${{ inputs.version }} == "default" ]]; then
+        elif [[ "$VERSION" == "default" ]]; then
          echo "tools-url=" >> "$GITHUB_OUTPUT"
          exit 0
        fi

-        if [[ ${{ inputs.version }} == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then
+        if [[ "$VERSION" == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then
          extension="tar.zst"
        else
          extension="tar.gz"
        fi

-        if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then
+        if [[ "$USE_ALL_PLATFORM_BUNDLE" == "true" ]]; then
          artifact_name="codeql-bundle.$extension"
        elif [[ "$RUNNER_OS" == "Linux" ]]; then
          artifact_name="codeql-bundle-linux64.$extension"
@@ -59,14 +62,14 @@ runs:
          exit 1
        fi

-        if [[ ${{ inputs.version }} == "nightly-latest" ]]; then
+        if [[ "$VERSION" == "nightly-latest" ]]; then
          tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
-        elif [[ ${{ inputs.version }} == *"nightly"* ]]; then
-          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+        elif [[ "$VERSION" == *"nightly"* ]]; then
+          version=`echo "$VERSION" | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
-        elif [[ ${{ inputs.version }} == *"stable"* ]]; then
-          version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
+        elif [[ "$VERSION" == *"stable"* ]]; then
+          version=`echo "$VERSION" | sed -e 's/^.*\-//'`
          echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
        else
          echo "::error::Unrecognized version specified!"
--- a/.github/actions/release-branches/action.yml
+++ b/.github/actions/release-branches/action.yml
@@ -18,8 +18,11 @@ runs:
  using: "composite"
  steps:
    - id: branches
+      env:
+        MAJOR_VERSION: ${{ inputs.major_version }}
+        LATEST_TAG: ${{ inputs.latest_tag }}
      run: |
        python ${{ github.action_path }}/release-branches.py \
-            --major-version ${{ inputs.major_version }} \
-            --latest-tag ${{ inputs.latest_tag }}
+            --major-version "$MAJOR_VERSION" \
+            --latest-tag "$LATEST_TAG"
      shell: bash
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,5 @@
+# CodeQL Action - Copilot Instructions
+
+The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
+
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,8 +2,6 @@ version: 2
 updates:
  - package-ecosystem: npm
    directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
    schedule:
      interval: weekly
    labels:
@@ -26,8 +24,6 @@ updates:
          - "*"
  - package-ecosystem: github-actions
    directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
    schedule:
      interval: weekly
    groups:
@@ -36,8 +32,6 @@ updates:
          - "*"
  - package-ecosystem: github-actions
    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "github/codeql-production-shield"
    schedule:
      interval: weekly
    groups:
--- a/.github/workflows/__all-platform-bundle.yml
+++ b/.github/workflows/__all-platform-bundle.yml
@@ -45,6 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'true'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - id: init
        uses: ./../action/init
        with:
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -49,6 +49,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__build-mode-manual.yml
+++ b/.github/workflows/__build-mode-manual.yml
@@ -45,6 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
+++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
@@ -27,6 +27,8 @@ jobs:
      fail-fast: false
      matrix:
        include:
+          - os: macos-latest
+            version: linked
          - os: macos-latest
            version: nightly-latest
    name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -49,6 +49,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -47,9 +47,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          languages: go
--- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
@@ -45,10 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-      # We need a Go version that ships with statically linked binaries on Linux
          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          languages: go
--- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
@@ -45,10 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-      # We need a Go version that ships with statically linked binaries on Linux
          go-version: '>=1.21.0'
+          cache: false
      - name: Remove `file` program
        run: |
          echo $(which file)
--- a/.github/workflows/__go-indirect-tracing-workaround.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround.yml
@@ -45,10 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-      # We need a Go version that ships with statically linked binaries on Linux
          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          languages: go
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -27,14 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.16.6
          - os: ubuntu-latest
            version: stable-v2.17.6
          - os: macos-latest
@@ -47,6 +39,14 @@ jobs:
            version: stable-v2.19.4
          - os: macos-latest
            version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.21.4
+          - os: macos-latest
+            version: stable-v2.21.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
          cache: false
      - uses: ./../action/init
        with:
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -27,14 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.16.6
          - os: ubuntu-latest
            version: stable-v2.17.6
          - os: macos-latest
@@ -47,6 +39,14 @@ jobs:
            version: stable-v2.19.4
          - os: macos-latest
            version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.21.4
+          - os: macos-latest
+            version: stable-v2.21.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
          cache: false
      - uses: ./../action/init
        with:
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -27,14 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.16.6
-          - os: macos-latest
-            version: stable-v2.16.6
          - os: ubuntu-latest
            version: stable-v2.17.6
          - os: macos-latest
@@ -47,6 +39,14 @@ jobs:
            version: stable-v2.19.4
          - os: macos-latest
            version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.21.4
+          - os: macos-latest
+            version: stable-v2.21.4
          - os: ubuntu-latest
            version: default
          - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
          cache: false
      - uses: ./../action/init
        with:
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -27,14 +27,6 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.16.6
-          - os: ubuntu-latest
-            version: stable-v2.16.6
          - os: macos-latest
            version: stable-v2.17.6
          - os: ubuntu-latest
@@ -47,6 +39,14 @@ jobs:
            version: stable-v2.19.4
          - os: ubuntu-latest
            version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.21.4
+          - os: ubuntu-latest
+            version: stable-v2.21.4
          - os: macos-latest
            version: default
          - os: ubuntu-latest
@@ -75,10 +75,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
        with:
          go-version: '>=1.21.0'
-
+          cache: false
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -61,6 +61,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -61,6 +61,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -61,6 +61,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging.yml
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -61,6 +61,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging2.yml
--- a/.github/workflows/__quality-queries.yml
+++ b/.github/workflows/__quality-queries.yml
@@ -0,0 +1,117 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Quality queries input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  quality-queries:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
+    name: Quality queries input
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          quality-queries: code-quality
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload security SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Upload quality SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.quality.sarif.json
+          path: ${{ runner.temp }}/results/javascript.quality.sarif
+          retention-days: 7
+      - name: Check quality query does not appear in security SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+          EXPECT_PRESENT: 'false'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
+      - name: Check quality query appears in quality SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif
+          EXPECT_PRESENT: 'true'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
+    env:
+      CHECK_SCRIPT: |
+        const fs = require('fs');
+
+        const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+        const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']);
+        const run = sarif.runs[0];
+        const extensions = run.tool.extensions;
+
+        if (extensions === undefined) {
+          core.setFailed('`extensions` property not found in the SARIF run property bag.');
+        }
+
+        // ID of a query we want to check the presence for
+        const targetId = 'js/regex/always-matches';
+        const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId));
+
+        if (found && expectPresent) {
+          console.log(`Found rule with id '${targetId}'.`);
+        } else if (!found && !expectPresent) {
+          console.log(`Rule with id '${targetId}' was not found.`);
+        } else {
+          core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
+        }
+      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -47,6 +47,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -46,7 +46,7 @@ jobs:
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
      - name: Set up Ruby
-        uses: ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f # v1.227.0
+        uses: ruby/setup-ruby@472790540115ce5bd69d399a020189a8c87d641f # v1.247.0
        with:
          ruby-version: 2.6
      - name: Install Code Scanning integration
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -55,6 +55,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          config-file: .github/codeql/codeql-config-packaging3.yml
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -49,6 +49,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        id: init
        with:
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -45,6 +45,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - name: Fetch a CodeQL bundle
        shell: bash
        env:
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -47,6 +47,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        id: init
        with:
@@ -54,9 +59,6 @@ jobs:
      # Swift is not supported on Ubuntu so we manually exclude it from the list here
          languages: cpp,csharp,go,java,javascript,python,ruby
          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.21.0'
      - name: Build code
        shell: bash
        run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
--- a/.github/workflows/__upload-quality-sarif.yml
+++ b/.github/workflows/__upload-quality-sarif.yml
@@ -0,0 +1,78 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: 'PR Check - Upload-sarif: code quality endpoint'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  upload-quality-sarif:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+    name: 'Upload-sarif: code quality endpoint'
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+          quality-queries: code-quality
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+  # Generate some SARIF we can upload with the upload-sarif step
+      - uses: ./../action/analyze
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          upload: never
+      - uses: ./../action/upload-sarif
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+    env:
+      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -49,6 +49,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -49,6 +49,11 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
      - name: Delete original checkout
        shell: bash
        run: |
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -75,7 +75,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-13,macos-14]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2022,windows-2025,macos-13,macos-14,macos-15]
        tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
    runs-on: ${{ matrix.os }}

--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -3,6 +3,9 @@
 name: Code-Scanning config CLI tests
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # Diff informed queries add an additional query filter which is not yet
+  # taken into account by these tests.
+  CODEQL_ACTION_DIFF_INFORMED_QUERIES: false

 on:
  push:
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@@ -168,7 +168,7 @@ jobs:
            --draft

      - name: Generate token
-        uses: actions/create-github-app-token@v1.11.7
+        uses: actions/create-github-app-token@v2.0.6
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/.github/workflows/update-proxy-release.yml
+++ b/.github/workflows/update-proxy-release.yml
@@ -0,0 +1,101 @@
+name: Update dependency proxy release assets
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
+        type: string
+        required: true
+
+jobs:
+  update:
+    name: Update code and create PR
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to push the updated files
+      pull-requests: write # needed to create the PR
+    env:
+      RELEASE_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Check release tag format
+        id: checks
+        shell: bash
+        run: |
+          if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
+            exit 1
+          fi
+
+          echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check that the release exists
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
+          ref: main
+
+      - name: Update git config
+        shell: bash
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update release tag and version
+        shell: bash
+        run: |
+          NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
+          sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
+          sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
+
+      - name: Compile TypeScript and commit changes
+        shell: bash
+        env:
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+        run: |
+          set -exu
+          git checkout -b "$TARGET_BRANCH"
+
+          npm run build
+          git add ./src/start-proxy-action.ts
+          git add ./lib
+          git commit -m "Update release used by \`start-proxy\` action"
+
+      - name: Push changes and open PR
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+          PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
+        run: |
+          set -exu
+          pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
+          pr_body=$(cat << EOF
+            This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
+            are attached as release assets to the \`$RELEASE_TAG\` release.
+
+
+            Please do the following before merging:
+
+            - [ ] Verify that the changes to the code are correct.
+            - [ ] Mark the PR as ready for review to trigger the CI.
+          EOF
+          )
+
+          git push origin "$TARGET_BRANCH"
+          gh pr create \
+            --head "$TARGET_BRANCH" \
+            --base "main" \
+            --title "${pr_title}" \
+            --body "${pr_body}" \
+            $PR_FLAG
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -124,7 +124,7 @@ jobs:
      pull-requests: write # needed to create pull request
    steps:
    - name: Generate token
-      uses: actions/create-github-app-token@v1.11.7
+      uses: actions/create-github-app-token@v2.0.6
      id: app-token
      with:
        app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,10 +2,70 @@

 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

-## [UNRELEASED]
+## 3.29.5 - 29 Jul 2025
+
+- Update default CodeQL bundle version to 2.22.2. [#2986](https://github.com/github/codeql-action/pull/2986)
+
+## 3.29.4 - 23 Jul 2025

 No user facing changes.

+## 3.29.3 - 21 Jul 2025
+
+No user facing changes.
+
+## 3.29.2 - 30 Jun 2025
+
+- Experimental: When the `quality-queries` input for the `init` action is provided with an argument, separate `.quality.sarif` files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#2935](https://github.com/github/codeql-action/pull/2935)
+
+## 3.29.1 - 27 Jun 2025
+
+- Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
+- Update default CodeQL bundle version to 2.22.1. [#2950](https://github.com/github/codeql-action/pull/2950)
+
+## 3.29.0 - 11 Jun 2025
+
+- Update default CodeQL bundle version to 2.22.0. [#2925](https://github.com/github/codeql-action/pull/2925)
+- Bump minimum CodeQL bundle version to 2.16.6. [#2912](https://github.com/github/codeql-action/pull/2912)
+
+## 3.28.21 - 28 July 2025
+
+No user facing changes.
+
+## 3.28.20 - 21 July 2025
+
+- Remove support for combining SARIF files from a single upload for GHES 3.18, see [the changelog post](https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/). [#2959](https://github.com/github/codeql-action/pull/2959)
+
+## 3.28.19 - 03 Jun 2025
+
+- The CodeQL Action no longer includes its own copy of the extractor for the `actions` language, which is currently in public preview.
+  The `actions` extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the `actions` language _and_ you have pinned
+  your `tools:` property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
+  `actions` analysis.
+- Update default CodeQL bundle version to 2.21.4. [#2910](https://github.com/github/codeql-action/pull/2910)
+
+## 3.28.18 - 16 May 2025
+
+- Update default CodeQL bundle version to 2.21.3. [#2893](https://github.com/github/codeql-action/pull/2893)
+- Skip validating SARIF produced by CodeQL for improved performance. [#2894](https://github.com/github/codeql-action/pull/2894)
+- The number of threads and amount of RAM used by CodeQL can now be set via the `CODEQL_THREADS` and `CODEQL_RAM` runner environment variables. If set, these environment variables override the `threads` and `ram` inputs respectively. [#2891](https://github.com/github/codeql-action/pull/2891)
+
+## 3.28.17 - 02 May 2025
+
+- Update default CodeQL bundle version to 2.21.2. [#2872](https://github.com/github/codeql-action/pull/2872)
+
+## 3.28.16 - 23 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.1. [#2863](https://github.com/github/codeql-action/pull/2863)
+
+## 3.28.15 - 07 Apr 2025
+
+- Fix bug where the action would fail if it tried to produce a debug artifact with more than 65535 files. [#2842](https://github.com/github/codeql-action/pull/2842)
+
+## 3.28.14 - 07 Apr 2025
+
+- Update default CodeQL bundle version to 2.21.0. [#2838](https://github.com/github/codeql-action/pull/2838)
+
 ## 3.28.13 - 24 Mar 2025

 No user facing changes.
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ For compiled languages:

 - `manual` build mode will typically produce the most precise results, but it is more difficult to set up and will cause the analysis to take slightly more time to run.
 - `autobuild` build mode is simpler to set up, but will only work for projects with generic build steps that can be guessed by the heuristics of the autobuild scripts. If `autobuild` fails, then you must switch to `manual` or `none`. If `autobuild` succeeds, then the results and run time will be the same as `manual` mode.
- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by C/C++, Swift, Go, or Kotlin.
+- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by Swift, Go, or Kotlin. It is in public preview for C/C++.


 ## Supported versions of the CodeQL Action
@@ -70,10 +70,11 @@ We typically release new minor versions of the CodeQL Action and Bundle when a n

 | Minimum CodeQL Action | Minimum CodeQL Bundle Version | GitHub Environment | Notes |
 |-----------------------|-------------------------------|--------------------|-------|
-| `v3.26.6`  | `2.18.4` | Enterprise Server 3.15 | |
-| `v3.25.11` | `2.17.6` | Enterprise Server 3.14 | |
-| `v3.24.11` | `2.16.6` | Enterprise Server 3.13 | |
-| `v3.22.12` | `2.15.5` | Enterprise Server 3.12 | |
+| `v3.28.21`  | `2.21.3` | Enterprise Server 3.18 | |
+| `v3.28.12`  | `2.20.7` | Enterprise Server 3.17 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.16 | |
+| `v3.28.6`  | `2.20.3` | Enterprise Server 3.15 | |
+| `v3.28.6` | `2.20.3` | Enterprise Server 3.14 | |

 See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).

--- a/actions-extractor/codeql-extractor.yml
+++ b/actions-extractor/codeql-extractor.yml
@@ -1,44 +0,0 @@
-name: "actions"
-aliases: []
-display_name: "GitHub Actions"
-version: 0.0.1
-column_kind: "utf16"
-unicode_newlines: true
-build_modes:
-  - none
-file_coverage_languages: []
-github_api_languages: []
-scc_languages: []
-file_types:
-  - name: workflow
-    display_name: GitHub Actions workflow files
-    extensions:
-      - .yml
-      - .yaml
-forwarded_extractor_name: javascript
-options:
-  trap:
-    title: TRAP options
-    description: Options about how the extractor handles TRAP files
-    type: object
-    visibility: 3
-    properties:
-      cache:
-        title: TRAP cache options
-        description: Options about how the extractor handles its TRAP cache
-        type: object
-        properties:
-          dir:
-            title: TRAP cache directory
-            description: The directory of the TRAP cache to use
-            type: string
-          bound:
-            title: TRAP cache bound
-            description: A soft limit (in MB) on the size of the TRAP cache
-            type: string
-            pattern: "[0-9]+"
-          write:
-            title: TRAP cache writeable
-            description: Whether to write to the TRAP cache as well as reading it
-            type: string
-            pattern: "(true|TRUE|false|FALSE)"
--- a/actions-extractor/tools/autobuild-impl.ps1
+++ b/actions-extractor/tools/autobuild-impl.ps1
@@ -1,40 +0,0 @@
-if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
-    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
-} else {
-    Write-Output 'No path filters set. Using the default filters.'
-    $DefaultPathFilters = @(
-        'exclude:**/*',
-        'include:.github/workflows/**/*.yml',
-        'include:.github/workflows/**/*.yaml',
-        'include:**/action.yml',
-        'include:**/action.yaml'
-    )
-
-    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
-}
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-$CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
-if ($LASTEXITCODE -ne 0) {
-    throw 'Failed to resolve JavaScript extractor.'
-}
-
-Write-Output "Found JavaScript extractor at '${env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder.
-$JavaScriptAutoBuild = Join-Path $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT 'tools\autobuild.cmd'
-Write-Output "Running JavaScript autobuilder at '${JavaScriptAutoBuild}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_LOG_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR
-$env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE
-
-&$JavaScriptAutoBuild
-if ($LASTEXITCODE -ne 0) {
-    throw "JavaScript autobuilder failed."
-}
--- a/actions-extractor/tools/autobuild.cmd
+++ b/actions-extractor/tools/autobuild.cmd
@@ -1,3 +0,0 @@
-@echo off
-rem All of the work is done in the PowerShell script
-powershell.exe %~dp0autobuild-impl.ps1
--- a/actions-extractor/tools/autobuild.sh
+++ b/actions-extractor/tools/autobuild.sh
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-DEFAULT_PATH_FILTERS=$(cat << END
-exclude:**/*
-include:.github/workflows/**/*.yml
-include:.github/workflows/**/*.yaml
-include:**/action.yml
-include:**/action.yaml
-END
-)
-
-if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
-    echo "Path filters set. Passing them through to the JavaScript extractor."
-else
-    echo "No path filters set. Using the default filters."
-    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
-    export LGTM_INDEX_FILTERS
-fi
-
-# Find the JavaScript extractor directory via `codeql resolve extractor`.
-CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
-export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT
-
-echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
-
-# Run the JavaScript autobuilder
-JAVASCRIPT_AUTO_BUILD="${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}/tools/autobuild.sh"
-echo "Running JavaScript autobuilder at '${JAVASCRIPT_AUTO_BUILD}'."
-
-# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
-env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR="${CODEQL_EXTRACTOR_ACTIONS_LOG_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR="${CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \
-    CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \
-    ${JAVASCRIPT_AUTO_BUILD}
--- a/init/action.yml
+++ b/init/action.yml
@@ -83,6 +83,9 @@ inputs:
  queries:
    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
    required: false
+  quality-queries:
+    description: '[Internal] Comma-separated list of code quality queries to run.'
+    required: false
  packs:
    description: >-
      Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -49,10 +49,13 @@ exports.isDefaultSetup = isDefaultSetup;
 exports.prettyPrintInvocation = prettyPrintInvocation;
 exports.ensureEndsInPeriod = ensureEndsInPeriod;
 exports.runTool = runTool;
+exports.getPullRequestBranches = getPullRequestBranches;
+exports.isAnalyzingPullRequest = isAnalyzingPullRequest;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
+const github = __importStar(require("@actions/github"));
 const io = __importStar(require("@actions/io"));
 const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs, @typescript-eslint/no-require-imports
@@ -352,4 +355,41 @@ const restoreInputs = function () {
    }
 };
 exports.restoreInputs = restoreInputs;
+/**
+ * Returns the base and head branches of the pull request being analyzed.
+ *
+ * @returns the base and head branches of the pull request, or undefined if
+ * we are not analyzing a pull request.
+ */
+function getPullRequestBranches() {
+    const pullRequest = github.context.payload.pull_request;
+    if (pullRequest) {
+        return {
+            base: pullRequest.base.ref,
+            // We use the head label instead of the head ref here, because the head
+            // ref lacks owner information and by itself does not uniquely identify
+            // the head branch (which may be in a forked repository).
+            head: pullRequest.head.label,
+        };
+    }
+    // PR analysis under Default Setup does not have the pull_request context,
+    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
+    const codeScanningRef = process.env.CODE_SCANNING_REF;
+    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
+    if (codeScanningRef && codeScanningBaseBranch) {
+        return {
+            base: codeScanningBaseBranch,
+            // PR analysis under Default Setup analyzes the PR head commit instead of
+            // the merge commit, so we can use the provided ref directly.
+            head: codeScanningRef,
+        };
+    }
+    return undefined;
+}
+/**
+ * Returns whether we are analyzing a pull request.
+ */
+function isAnalyzingPullRequest() {
+    return getPullRequestBranches() !== undefined;
+}
 //# sourceMappingURL=actions-util.js.map
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/actions-util.test.js
+++ b/lib/actions-util.test.js
@@ -1,14 +1,78 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
+const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const environment_1 = require("./environment");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
+function withMockedContext(mockPayload, testFn) {
+    const originalPayload = github.context.payload;
+    github.context.payload = mockPayload;
+    try {
+        return testFn();
+    }
+    finally {
+        github.context.payload = originalPayload;
+    }
+}
+function withMockedEnv(envVars, testFn) {
+    const originalEnv = { ...process.env };
+    // Apply environment changes
+    for (const [key, value] of Object.entries(envVars)) {
+        if (value === undefined) {
+            delete process.env[key];
+        }
+        else {
+            process.env[key] = value;
+        }
+    }
+    try {
+        return testFn();
+    }
+    finally {
+        // Restore original environment
+        process.env = originalEnv;
+    }
+}
 (0, ava_1.default)("computeAutomationID()", async (t) => {
    let actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/");
@@ -25,6 +89,78 @@ const util_1 = require("./util");
    actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", undefined);
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/");
 });
+(0, ava_1.default)("getPullRequestBranches() with pull request context", (t) => {
+    withMockedContext({
+        pull_request: {
+            number: 123,
+            base: { ref: "main" },
+            head: { label: "user:feature-branch" },
+        },
+    }, () => {
+        t.deepEqual((0, actions_util_1.getPullRequestBranches)(), {
+            base: "main",
+            head: "user:feature-branch",
+        });
+        t.is((0, actions_util_1.isAnalyzingPullRequest)(), true);
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined with push context", (t) => {
+    withMockedContext({
+        push: {
+            ref: "refs/heads/main",
+        },
+    }, () => {
+        t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+        t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() with Default Setup environment variables", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: "refs/heads/feature-branch",
+            CODE_SCANNING_BASE_BRANCH: "main",
+        }, () => {
+            t.deepEqual((0, actions_util_1.getPullRequestBranches)(), {
+                base: "main",
+                head: "refs/heads/feature-branch",
+            });
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), true);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when only CODE_SCANNING_REF is set", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: "refs/heads/feature-branch",
+            CODE_SCANNING_BASE_BRANCH: undefined,
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when only CODE_SCANNING_BASE_BRANCH is set", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: undefined,
+            CODE_SCANNING_BASE_BRANCH: "main",
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when no PR context", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: undefined,
+            CODE_SCANNING_BASE_BRANCH: undefined,
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
 (0, ava_1.default)("initializeEnvironment", (t) => {
    (0, util_1.initializeEnvironment)("1.2.3");
    t.deepEqual(process.env[environment_1.EnvVar.VERSION], "1.2.3");
--- a/lib/actions-util.test.js.map
+++ b/lib/actions-util.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"actions-util.test.js","sourceRoot":"","sources":["../src/actions-util.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,6CAAmD;AACnD,+CAAuC;AACvC,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxC,IAAI,kBAAkB,GAAG,IAAA,gCAAmB,EAC1C,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,gCAAgC;IAChC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,6DAA6D;IAC7D,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,IAAI,CACL,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;IAEF,sCAAsC;IACtC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,qDAAqD,CACtD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gEAAgE,CACjE,CAAC;IAEF,8BAA8B;IAC9B,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,SAAS,CACV,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE;IAClC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC"}
+{"version":3,"file":"actions-util.test.js","sourceRoot":"","sources":["../src/actions-util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,8CAAuB;AAEvB,iDAAgF;AAChF,6CAAmD;AACnD,+CAAuC;AACvC,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,iBAAiB,CAAI,WAAgB,EAAE,MAAe;IAC7D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;IAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,eAAe,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,OAA2C,EAC3C,MAAe;IAEf,MAAM,WAAW,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEvC,4BAA4B;IAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,+BAA+B;QAC/B,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,IAAA,aAAI,EAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxC,IAAI,kBAAkB,GAAG,IAAA,gCAAmB,EAC1C,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,gCAAgC;IAChC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,6DAA6D;IAC7D,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,IAAI,CACL,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;IAEF,sCAAsC;IACtC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,qDAAqD,CACtD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gEAAgE,CACjE,CAAC;IAEF,8BAA8B;IAC9B,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,SAAS,CACV,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oDAAoD,EAAE,CAAC,CAAC,EAAE,EAAE;IAC/D,iBAAiB,CACf;QACE,YAAY,EAAE;YACZ,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE;SACvC;KACF,EACD,GAAG,EAAE;QACH,CAAC,CAAC,SAAS,CAAC,IAAA,qCAAsB,GAAE,EAAE;YACpC,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,qBAAqB;SAC5B,CAAC,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8DAA8D,EAAE,CAAC,CAAC,EAAE,EAAE;IACzE,iBAAiB,CACf;QACE,IAAI,EAAE;YACJ,GAAG,EAAE,iBAAiB;SACvB;KACF,EACD,GAAG,EAAE;QACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mEAAmE,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9E,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,2BAA2B;YAC9C,yBAAyB,EAAE,MAAM;SAClC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,SAAS,CAAC,IAAA,qCAAsB,GAAE,EAAE;gBACpC,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,2BAA2B;aAClC,CAAC,CAAC;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,IAAI,CAAC,CAAC;QACvC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+EAA+E,EAAE,CAAC,CAAC,EAAE,EAAE;IAC1F,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,2BAA2B;YAC9C,yBAAyB,EAAE,SAAS;SACrC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uFAAuF,EAAE,CAAC,CAAC,EAAE,EAAE;IAClG,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,SAAS;YAC5B,yBAAyB,EAAE,MAAM;SAClC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+DAA+D,EAAE,CAAC,CAAC,EAAE,EAAE;IAC1E,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,SAAS;YAC5B,yBAAyB,EAAE,SAAS;SACrC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE;IAClC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-env.test.js
+++ b/lib/analyze-action-env.test.js
@@ -68,6 +68,7 @@ const util = __importStar(require("./util"));
        };
        sinon.stub(configUtils, "getConfig").resolves({
            gitHubVersion,
+            augmentationProperties: {},
            languages: [],
            packs: [],
            trapCaches: {},
@@ -75,6 +76,7 @@ const util = __importStar(require("./util"));
        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
        requiredInputStub.withArgs("token").returns("fake-token");
        requiredInputStub.withArgs("upload-database").returns("false");
+        requiredInputStub.withArgs("output").returns("out");
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        optionalInputStub.withArgs("expect-error").returns("false");
--- a/lib/analyze-action-env.test.js.map
+++ b/lib/analyze-action-env.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-input.test.js
+++ b/lib/analyze-action-input.test.js
@@ -67,6 +67,7 @@ const util = __importStar(require("./util"));
        };
        sinon.stub(configUtils, "getConfig").resolves({
            gitHubVersion,
+            augmentationProperties: {},
            languages: [],
            packs: [],
            trapCaches: {},
@@ -74,6 +75,7 @@ const util = __importStar(require("./util"));
        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
        requiredInputStub.withArgs("token").returns("fake-token");
        requiredInputStub.withArgs("upload-database").returns("false");
+        requiredInputStub.withArgs("output").returns("out");
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        optionalInputStub.withArgs("expect-error").returns("false");
--- a/lib/analyze-action-input.test.js.map
+++ b/lib/analyze-action-input.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -55,6 +55,7 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
 const statusReport = __importStar(require("./status-report"));
 const status_report_1 = require("./status-report");
@@ -201,7 +202,14 @@ async function run() {
        await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
        await runAutobuildIfLegacyGoWorkflow(config, logger);
        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
-        const cleanupLevel = actionsUtil.getOptionalInput("cleanup-level") || "brutal";
+        // An overlay-base database should always use the 'overlay' cleanup level
+        // to preserve the cached intermediate results.
+        //
+        // Note that we may be overriding the 'cleanup-level' input parameter.
+        const cleanupLevel = config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.OverlayBase
+            ? "overlay"
+            : actionsUtil.getOptionalInput("cleanup-level") || "brutal";
        if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, cleanupLevel, diffRangePackDir, actionsUtil.getOptionalInput("category"), config, logger, features);
        }
@@ -216,14 +224,20 @@ async function run() {
        core.setOutput("sarif-output", path_1.default.resolve(outputDir));
        const uploadInput = actionsUtil.getOptionalInput("upload");
        if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger);
+            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, uploadLib.CodeScanningTarget);
            core.setOutput("sarif-id", uploadResult.sarifID);
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                const qualityUploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, uploadLib.CodeQualityTarget);
+                core.setOutput("quality-sarif-id", qualityUploadResult.sarifID);
+            }
        }
        else {
            logger.info("Not uploading results");
        }
        // Possibly upload the database bundles for remote queries
        await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
+        // Possibly upload the overlay-base database to actions cache
+        await (0, overlay_database_utils_1.uploadOverlayBaseDatabaseToCache)(codeql, config, logger);
        // Possibly upload the TRAP caches for later re-use
        const trapCacheUploadStartTime = perf_hooks_1.performance.now();
        didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -36,10 +36,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.exportedForTesting = exports.CodeQLAnalysisError = void 0;
+exports.exportedForTesting = exports.defaultSuites = exports.CodeQLAnalysisError = void 0;
 exports.runExtraction = runExtraction;
 exports.dbIsFinalized = dbIsFinalized;
 exports.setupDiffInformedQueryRun = setupDiffInformedQueryRun;
+exports.resolveQuerySuiteAlias = resolveQuerySuiteAlias;
 exports.runQueries = runQueries;
 exports.runFinalize = runFinalize;
 exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
@@ -50,7 +51,7 @@ const perf_hooks_1 = require("perf_hooks");
 const io = __importStar(require("@actions/io"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
-const actionsUtil = __importStar(require("./actions-util"));
+const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
@@ -61,10 +62,9 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
-const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
@@ -98,8 +98,7 @@ async function runExtraction(codeql, config, logger) {
            if (language === languages_1.Language.python) {
                await setupPythonExtractor(logger);
            }
-            if (config.buildMode &&
-                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+            if (config.buildMode) {
                if (language === languages_1.Language.cpp &&
                    config.buildMode === util_1.BuildMode.Autobuild) {
                    await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
@@ -248,7 +247,7 @@ function getDiffRanges(fileDiff, logger) {
    // uses forward slashes as the path separator, so on Windows we need to
    // replace any backslashes with forward slashes.
    const filename = path
-        .join(actionsUtil.getRequiredInput("checkout_path"), fileDiff.filename)
+        .join((0, actions_util_1.getRequiredInput)("checkout_path"), fileDiff.filename)
        .replaceAll(path.sep, "/");
    if (fileDiff.patch === undefined) {
        if (fileDiff.changes === 0) {
@@ -342,8 +341,13 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
        // range to a non-empty list that cannot match any alert location.
        ranges = [{ path: "", startLine: 0, endLine: 0 }];
    }
-    const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
-    fs.mkdirSync(diffRangeDir);
+    const diffRangeDir = path.join((0, actions_util_1.getTemporaryDirectory)(), "pr-diff-range");
+    // We expect the Actions temporary directory to already exist, so are mainly
+    // using `recursive: true` to avoid errors if the directory already exists,
+    // for example if the analyze Action is run multiple times in the same job.
+    // This is not really something that is supported, but we make use of it in
+    // tests.
+    fs.mkdirSync(diffRangeDir, { recursive: true });
    fs.writeFileSync(path.join(diffRangeDir, "qlpack.yml"), `
 name: codeql-action/pr-diff-range
 version: 0.0.0
@@ -358,6 +362,7 @@ extensions:
  - addsTo:
      pack: codeql/util
      extensible: restrictAlertsTo
+      checkPresence: false
    data:
 `;
    let data = ranges
@@ -382,10 +387,33 @@ extensions:
    (0, diff_informed_analysis_utils_1.writeDiffRangesJsonFile)(logger, ranges);
    return diffRangeDir;
 }
+// A set of default query suite names that are understood by the CLI.
+exports.defaultSuites = new Set([
+    "security-experimental",
+    "security-extended",
+    "security-and-quality",
+    "code-quality",
+    "code-scanning",
+]);
+/**
+ * If `maybeSuite` is the name of a default query suite, it is resolved into the corresponding
+ * query suite name for the given `language`. Otherwise, `maybeSuite` is returned as is.
+ *
+ * @param language The language for which to resolve the default query suite name.
+ * @param maybeSuite The string that potentially contains the name of a default query suite.
+ * @returns Returns the resolved query suite name, or the unmodified input.
+ */
+function resolveQuerySuiteAlias(language, maybeSuite) {
+    if (exports.defaultSuites.has(maybeSuite)) {
+        return `${language}-${maybeSuite}.qls`;
+    }
+    return maybeSuite;
+}
 // Runs queries and creates sarif files in the given folder
 async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, cleanupLevel, diffRangePackDir, automationDetailsId, config, logger, features) {
    const statusReport = {};
    const queryFlags = [memoryFlag, threadsFlag];
+    const incrementalMode = [];
    if (cleanupLevel !== "overlay") {
        queryFlags.push("--expect-discarded-cache");
    }
@@ -393,14 +421,33 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
    if (diffRangePackDir) {
        queryFlags.push(`--additional-packs=${diffRangePackDir}`);
        queryFlags.push("--extension-packs=codeql-action/pr-diff-range");
+        incrementalMode.push("diff-informed");
    }
-    const sarifRunPropertyFlag = diffRangePackDir
-        ? "--sarif-run-property=incrementalMode=diff-informed"
+    statusReport.analysis_is_overlay =
+        config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.Overlay;
+    statusReport.analysis_builds_overlay_base_database =
+        config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.OverlayBase;
+    if (config.augmentationProperties.overlayDatabaseMode ===
+        overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
+        incrementalMode.push("overlay");
+    }
+    const sarifRunPropertyFlag = incrementalMode.length > 0
+        ? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}`
        : undefined;
    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    for (const language of config.languages) {
        try {
            const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+            const queries = [];
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                queries.push(path.join(util.getCodeQLDatabasePath(config, language), "temp", "config-queries.qls"));
+                for (const qualityQuery of config.augmentationProperties
+                    .qualityQueriesInput) {
+                    queries.push(resolveQuerySuiteAlias(language, qualityQuery.uses));
+                }
+            }
            // The work needed to generate the query suites
            // is done in the CLI. We just need to make a single
            // call to run all the queries for each language and
@@ -408,7 +455,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
            logger.startGroup(`Running queries for ${language}`);
            const startTimeRunQueries = new Date().getTime();
            const databasePath = util.getCodeQLDatabasePath(config, language);
-            await codeql.databaseRunQueries(databasePath, queryFlags);
+            await codeql.databaseRunQueries(databasePath, queryFlags, queries);
            logger.debug(`Finished running queries for ${language}.`);
            // TODO should not be using `builtin` here. We should be using `all` instead.
            // The status report does not support `all` yet.
@@ -417,13 +464,20 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
            logger.startGroup(`Interpreting results for ${language}`);
            const startTimeInterpretResults = new Date();
            const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                logger.info(`Interpreting quality results for ${language}`);
+                const qualitySarifFile = path.join(sarifFolder, `${language}.quality.sarif`);
+                const qualityAnalysisSummary = await runInterpretResults(language, config.augmentationProperties.qualityQueriesInput.map((i) => resolveQuerySuiteAlias(language, i.uses)), qualitySarifFile, config.debugMode);
+                // TODO: move
+                logger.info(qualityAnalysisSummary);
+            }
            const endTimeInterpretResults = new Date();
            statusReport[`interpret_results_${language}_duration_ms`] =
                endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();
            logger.endGroup();
            logger.info(analysisSummary);
            if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
-                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile);
                const perQueryAlertCountEventReport = {
                    event: "codeql database interpret-results",
                    started_at: startTimeInterpretResults.toISOString(),
@@ -451,8 +505,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", sarifRunPropertyFlag, automationDetailsId, config, features);
    }
    /** Get an object with all queries and their counts parsed from a SARIF file path. */
-    function getPerQueryAlertCounts(sarifPath, log) {
-        (0, upload_lib_1.validateSarifFileSchema)(sarifPath, log);
+    function getPerQueryAlertCounts(sarifPath) {
        const sarifObject = JSON.parse(fs.readFileSync(sarifPath, "utf8"));
        // We do not need to compute fingerprints because we are not sending data based off of locations.
        // Generate the query: alert count object
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/analyze.test.js
+++ b/lib/analyze.test.js
@@ -116,7 +116,9 @@ const util = __importStar(require("./util"));
            });
            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, "brutal", undefined, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
            t.deepEqual(Object.keys(statusReport).sort(), [
+                "analysis_builds_overlay_base_database",
                "analysis_is_diff_informed",
+                "analysis_is_overlay",
                `analyze_builtin_queries_${language}_duration_ms`,
                "event_reports",
                `interpret_results_${language}_duration_ms`,
@@ -313,4 +315,17 @@ function runGetDiffRanges(changes, patch) {
    const diffRanges = runGetDiffRanges(2, ["@@ 30 +50,2 @@", "+1", "+2"]);
    t.deepEqual(diffRanges, undefined);
 });
+(0, ava_1.default)("resolveQuerySuiteAlias", (t) => {
+    // default query suite names should resolve to something language-specific ending in `.qls`.
+    for (const suite of analyze_1.defaultSuites) {
+        const resolved = (0, analyze_1.resolveQuerySuiteAlias)(languages_1.Language.go, suite);
+        t.assert(resolved.endsWith(".qls"), "Resolved default suite doesn't end in .qls");
+        t.assert(resolved.indexOf(languages_1.Language.go) >= 0, "Resolved default suite doesn't contain language name");
+    }
+    // other inputs should be returned unchanged
+    const names = ["foo", "bar", "codeql/go-queries@1.0"];
+    for (const name of names) {
+        t.deepEqual((0, analyze_1.resolveQuerySuiteAlias)(languages_1.Language.go, name), name);
+    }
+});
 //# sourceMappingURL=analyze.test.js.map
--- a/lib/analyze.test.js.map
+++ b/lib/analyze.test.js.map
--- a/lib/api-client.js
+++ b/lib/api-client.js
@@ -206,9 +206,14 @@ function wrapApiConfigurationError(e) {
    if ((0, util_1.isHTTPError)(e)) {
        if (e.message.includes("API rate limit exceeded for installation") ||
            e.message.includes("commit not found") ||
+            e.message.includes("Resource not accessible by integration") ||
            /ref .* not found in this repository/.test(e.message)) {
            return new util_1.ConfigurationError(e.message);
        }
+        else if (e.message.includes("Bad credentials") ||
+            e.message.includes("Not Found")) {
+            return new util_1.ConfigurationError("Please check that your token is valid and has the required permissions: contents: read, security-events: write");
+        }
    }
    return e;
 }
--- a/lib/api-client.js.map
+++ b/lib/api-client.js.map
--- a/lib/api-client.test.js
+++ b/lib/api-client.test.js
@@ -145,5 +145,15 @@ function mockGetMetaVersionHeader(versionHeader) {
    const apiRateLimitError = new util.HTTPError("API rate limit exceeded for installation", 403);
    res = api.wrapApiConfigurationError(apiRateLimitError);
    t.deepEqual(res, new util.ConfigurationError("API rate limit exceeded for installation"));
+    const tokenSuggestionMessage = "Please check that your token is valid and has the required permissions: contents: read, security-events: write";
+    const badCredentialsError = new util.HTTPError("Bad credentials", 401);
+    res = api.wrapApiConfigurationError(badCredentialsError);
+    t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
+    const notFoundError = new util.HTTPError("Not Found", 404);
+    res = api.wrapApiConfigurationError(notFoundError);
+    t.deepEqual(res, new util.ConfigurationError(tokenSuggestionMessage));
+    const resourceNotAccessibleError = new util.HTTPError("Resource not accessible by integration", 403);
+    res = api.wrapApiConfigurationError(resourceNotAccessibleError);
+    t.deepEqual(res, new util.ConfigurationError("Resource not accessible by integration"));
 });
 //# sourceMappingURL=api-client.test.js.map
--- a/lib/api-client.test.js.map
+++ b/lib/api-client.test.js.map
--- a/lib/api-compatibility.json
+++ b/lib/api-compatibility.json
@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.12" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.14" }
--- a/lib/autobuild.js
+++ b/lib/autobuild.js
@@ -45,11 +45,9 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(codeql, config, logger) {
-    if ((config.buildMode === util_1.BuildMode.None &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
+async function determineAutobuildLanguages(_codeql, config, logger) {
+    if (config.buildMode === util_1.BuildMode.None ||
        config.buildMode === util_1.BuildMode.Manual) {
        logger.info(`Using build mode "${config.buildMode}", nothing to autobuild. ` +
            `See ${doc_url_1.DocUrl.CODEQL_BUILD_MODES} for more information.`);
@@ -150,8 +148,7 @@ async function runAutobuild(config, language, logger) {
    if (language === languages_1.Language.cpp) {
        await setupCppAutobuild(codeQL, logger);
    }
-    if (config.buildMode &&
-        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode) {
        await codeQL.extractUsingBuildMode(config, language);
    }
    else {
--- a/lib/autobuild.js.map
+++ b/lib/autobuild.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEAkGC;AAED,8CAmCC;AAED,oCAsBC;AA9KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,qDAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAiGC;AAED,8CAmCC;AAED,oCAmBC;AAzKD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAA0B,EAC1B,MAAc;IAEd,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QACnC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -50,11 +50,11 @@ const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
 const cli_errors_1 = require("./cli-errors");
+const config_utils_1 = require("./config-utils");
 const doc_url_1 = require("./doc-url");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const git_utils_1 = require("./git-utils");
-const languages_1 = require("./languages");
 const overlay_database_utils_1 = require("./overlay-database-utils");
 const setupCodeql = __importStar(require("./setup-codeql"));
 const tools_features_1 = require("./tools-features");
@@ -74,19 +74,19 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.15.5";
+const CODEQL_MINIMUM_VERSION = "2.16.6";
 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.15.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.11";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-12-19";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
 /*
@@ -255,34 +255,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async supportsFeature(feature) {
            return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
        },
-        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
            if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config)) {
                extraArgs.push("--begin-tracing");
                extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                extraArgs.push(`--trace-process-name=${processName}`);
            }
-            if (config.languages.indexOf(languages_1.Language.actions) >= 0) {
-                // We originally added an embedded version of the Actions extractor to the CodeQL Action
-                // itself in order to deploy the extractor between CodeQL releases. When we did add the
-                // extractor to the CLI, though, its autobuild script was missing the execute bit.
-                // 2.20.6 is the first CLI release with the fully-functional extractor in the CLI. For older
-                // versions, we'll keep using the embedded extractor. We can remove the embedded extractor
-                // once 2.20.6 is deployed in the runner images.
-                if (!(await util.codeQlVersionAtLeast(codeql, "2.20.6"))) {
-                    extraArgs.push("--search-path");
-                    const extractorPath = path.resolve(__dirname, "../actions-extractor");
-                    extraArgs.push(extractorPath);
-                }
-            }
-            const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
+            const codeScanningConfigFile = await writeCodeScanningConfigFile(config, logger);
            const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
            extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
            if (externalRepositoryToken) {
                extraArgs.push("--external-repository-token-stdin");
            }
-            if (config.buildMode !== undefined &&
-                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
+            if (config.buildMode !== undefined) {
                extraArgs.push(`--build-mode=${config.buildMode}`);
            }
            if (qlconfigFile !== undefined) {
@@ -291,6 +277,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
                ? "--force-overwrite"
                : "--overwrite";
+            const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
            if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
                const overlayChangesFile = await (0, overlay_database_utils_1.writeOverlayChangesFile)(config, sourceRoot, logger);
                extraArgs.push(`--overlay-changes=${overlayChangesFile}`);
@@ -465,7 +452,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
            }
        },
-        async databaseRunQueries(databasePath, flags) {
+        async databaseRunQueries(databasePath, flags, queries = []) {
            const codeqlArgs = [
                "database",
                "run-queries",
@@ -474,6 +461,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                "--intra-layer-parallelism",
                "--min-disk-free=1024", // Try to leave at least 1GB free
                "-v",
+                ...queries,
                ...getExtraOptionsFromEnv(["database", "run-queries"], {
                    ignoringOptions: ["--expect-discarded-cache"],
                }),
@@ -769,53 +757,9 @@ async function runCli(cmd, args = [], opts = {}) {
 * @param config The configuration to use.
 * @returns the path to the generated user configuration file.
 */
-async function generateCodeScanningConfig(config, logger) {
+async function writeCodeScanningConfigFile(config, logger) {
    const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
-    // make a copy so we can modify it
-    const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
-    // Inject the queries from the input
-    if (config.augmentationProperties.queriesInput) {
-        if (config.augmentationProperties.queriesInputCombines) {
-            augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
-        }
-        else {
-            augmentedConfig.queries = config.augmentationProperties.queriesInput;
-        }
-    }
-    if (augmentedConfig.queries?.length === 0) {
-        delete augmentedConfig.queries;
-    }
-    // Inject the packs from the input
-    if (config.augmentationProperties.packsInput) {
-        if (config.augmentationProperties.packsInputCombines) {
-            // At this point, we already know that this is a single-language analysis
-            if (Array.isArray(augmentedConfig.packs)) {
-                augmentedConfig.packs = (augmentedConfig.packs || []).concat(config.augmentationProperties.packsInput);
-            }
-            else if (!augmentedConfig.packs) {
-                augmentedConfig.packs = config.augmentationProperties.packsInput;
-            }
-            else {
-                // At this point, we know there is only one language.
-                // If there were more than one language, an error would already have been thrown.
-                const language = Object.keys(augmentedConfig.packs)[0];
-                augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(config.augmentationProperties.packsInput);
-            }
-        }
-        else {
-            augmentedConfig.packs = config.augmentationProperties.packsInput;
-        }
-    }
-    if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
-        delete augmentedConfig.packs;
-    }
-    augmentedConfig["query-filters"] = [
-        ...(config.augmentationProperties.defaultQueryFilters || []),
-        ...(augmentedConfig["query-filters"] || []),
-    ];
-    if (augmentedConfig["query-filters"]?.length === 0) {
-        delete augmentedConfig["query-filters"];
-    }
+    const augmentedConfig = (0, config_utils_1.generateCodeScanningConfig)(config.originalUserInput, config.augmentationProperties);
    logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
    logger.startGroup("Augmented user configuration file contents");
    logger.info(yaml.dump(augmentedConfig));
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@@ -49,11 +49,11 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
+const config_utils_1 = require("./config-utils");
 const defaults = __importStar(require("./defaults.json"));
 const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
-const overlay_database_utils_1 = require("./overlay-database-utils");
 const setup_codeql_1 = require("./setup-codeql");
 const testing_utils_1 = require("./testing-utils");
 const tools_features_1 = require("./tools-features");
@@ -336,7 +336,7 @@ const injectedConfigMacro = ava_1.default.macro({
                tempDir,
                augmentationProperties,
            };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
            const args = runnerConstructorStub.firstCall.args[1];
            // should have used an config file
            const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -350,18 +350,16 @@ const injectedConfigMacro = ava_1.default.macro({
    title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
 });
 (0, ava_1.default)("basic", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
 }, {}, {});
 (0, ava_1.default)("injected packs from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
    packsInput: ["xxx", "yyy"],
 }, {}, {
    packs: ["xxx", "yyy"],
 });
 (0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
-    queriesInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
    packsInputCombines: true,
    packsInput: ["xxx", "yyy"],
 }, {
@@ -376,8 +374,7 @@ const injectedConfigMacro = ava_1.default.macro({
    },
 });
 (0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
    packsInput: ["xxx", "yyy"],
 }, {
    originalUserInput: {
@@ -390,8 +387,7 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 // similar, but with queries
 (0, ava_1.default)("injected queries from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
    queries: [
@@ -404,8 +400,7 @@ const injectedConfigMacro = ava_1.default.macro({
    ],
 });
 (0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
    originalUserInput: {
@@ -422,8 +417,8 @@ const injectedConfigMacro = ava_1.default.macro({
    ],
 });
 (0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
    queriesInputCombines: true,
-    packsInputCombines: false,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
    originalUserInput: {
@@ -443,6 +438,7 @@ const injectedConfigMacro = ava_1.default.macro({
    ],
 });
 (0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
    queriesInputCombines: true,
    packsInputCombines: true,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -457,6 +453,7 @@ const injectedConfigMacro = ava_1.default.macro({
    ],
 });
 (0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
    queriesInputCombines: true,
    packsInputCombines: true,
    queriesInput: [],
@@ -472,7 +469,7 @@ const injectedConfigMacro = ava_1.default.macro({
        const runnerConstructorStub = stubToolRunnerConstructor();
        const codeqlObject = await codeql.getCodeQLForTesting();
        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        // should have used a config file
        const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -488,7 +485,7 @@ const injectedConfigMacro = ava_1.default.macro({
        const codeqlObject = await codeql.getCodeQLForTesting();
        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
-        overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+        (0, logging_1.getRunnerLogger)(true));
        const args = runnerConstructorStub.firstCall.args[1];
        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
        t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
@@ -639,7 +636,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
    sinon.stub(io, "which").resolves("");
    process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
        '{ "database": { "init": ["--overwrite"] } }';
-    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(false));
+    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, logging_1.getRunnerLogger)(false));
    t.true(runnerConstructorStub.calledOnce);
    const args = runnerConstructorStub.firstCall.args[1];
    t.is(args.filter((option) => option === "--overwrite").length, 1, "--overwrite should only be passed once");
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@@ -47,6 +47,7 @@ exports.getLanguages = getLanguages;
 exports.getRawLanguages = getRawLanguages;
 exports.getDefaultConfig = getDefaultConfig;
 exports.calculateAugmentation = calculateAugmentation;
+exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.parsePacksFromInput = parsePacksFromInput;
 exports.parsePacksSpecification = parsePacksSpecification;
 exports.validatePackSpecification = validatePackSpecification;
@@ -57,16 +58,20 @@ exports.getConfig = getConfig;
 exports.generateRegistries = generateRegistries;
 exports.wrapEnvironment = wrapEnvironment;
 exports.parseBuildModeInput = parseBuildModeInput;
+exports.generateCodeScanningConfig = generateCodeScanningConfig;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
+const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const feature_flags_1 = require("./feature-flags");
+const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 // Property names from the user-supplied config file.
@@ -80,7 +85,10 @@ exports.defaultAugmentationProperties = {
    packsInputCombines: false,
    packsInput: undefined,
    queriesInput: undefined,
-    defaultQueryFilters: [],
+    qualityQueriesInput: undefined,
+    extraQueryExclusions: [],
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
 };
 function getPacksStrInvalid(packStr, configFile) {
    return configFile
@@ -224,12 +232,12 @@ async function getRawLanguages(languagesInput, repository, logger) {
    return { rawLanguages, autodetected };
 }
 /**
- * Get the default config for when the user has not supplied one.
+ * Get the default config, populated without user configuration file.
 */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
    const languages = await getLanguages(codeql, languagesInput, repository, logger);
    const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(packsInput, queriesInput, qualityQueriesInput, languages);
    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
    return {
        languages,
@@ -258,11 +266,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
    }
    return { trapCaches, trapCacheDownloadTime };
 }
-/**
- * Load the config from the given file.
- */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
-    let parsedYAML;
+async function loadUserConfig(configFile, workspacePath, apiDetails, tempDir) {
    if (isLocal(configFile)) {
        if (configFile !== userConfigFromActionPath(tempDir)) {
            // If the config file is not generated by the Action, it should be relative to the workspace.
@@ -272,31 +276,11 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
                throw new util_1.ConfigurationError(getConfigFileOutsideWorkspaceErrorMessage(configFile));
            }
        }
-        parsedYAML = getLocalConfig(configFile);
+        return getLocalConfig(configFile);
    }
    else {
-        parsedYAML = await getRemoteConfig(configFile, apiDetails);
+        return await getRemoteConfig(configFile, apiDetails);
    }
-    const languages = await getLanguages(codeql, languagesInput, repository, logger);
-    const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
-    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
-    return {
-        languages,
-        buildMode,
-        originalUserInput: parsedYAML,
-        tempDir,
-        codeQLCmd: codeql.getPath(),
-        gitHubVersion: githubVersion,
-        dbLocation: dbLocationOrDefault(dbLocation, tempDir),
-        debugMode,
-        debugArtifactName,
-        debugDatabaseName,
-        augmentationProperties,
-        trapCaches,
-        trapCacheDownloadTime,
-        dependencyCachingEnabled: (0, caching_utils_1.getCachingKind)(dependencyCachingEnabled),
-    };
 }
 /**
 * Calculates how the codeql config file needs to be augmented before passing
@@ -305,14 +289,11 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
 * and the CLI does not know about these inputs so we need to inject them into
 * the config file sent to the CLI.
 *
- * @param codeql The CodeQL object.
- * @param features The feature enablement object.
 * @param rawPacksInput The packs input from the action configuration.
 * @param rawQueriesInput The queries input from the action configuration.
 * @param languages The languages that the config file is for. If the packs input
 *    is non-empty, then there must be exactly one language. Otherwise, an
 *    error is thrown.
- * @param logger The logger to use for logging.
 *
 * @returns The properties that need to be augmented in the config file.
 *
@@ -320,21 +301,21 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
 *     not have exactly one language.
 */
 // exported for testing.
-async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, languages, logger) {
+async function calculateAugmentation(rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages) {
    const packsInputCombines = shouldCombine(rawPacksInput);
    const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
    const queriesInputCombines = shouldCombine(rawQueriesInput);
    const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
-    const defaultQueryFilters = [];
-    if (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger)) {
-        defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
-    }
+    const qualityQueriesInput = parseQueriesFromInput(rawQualityQueriesInput, false);
    return {
        packsInputCombines,
        packsInput: packsInput?.[languages[0]],
        queriesInput,
        queriesInputCombines,
-        defaultQueryFilters,
+        qualityQueriesInput,
+        extraQueryExclusions: [],
+        overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+        useOverlayDatabaseCaching: false,
    };
 }
 function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
@@ -349,6 +330,142 @@ function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
    }
    return trimmedInput.split(",").map((query) => ({ uses: query.trim() }));
 }
+const OVERLAY_ANALYSIS_FEATURES = {
+    actions: feature_flags_1.Feature.OverlayAnalysisActions,
+    cpp: feature_flags_1.Feature.OverlayAnalysisCpp,
+    csharp: feature_flags_1.Feature.OverlayAnalysisCsharp,
+    go: feature_flags_1.Feature.OverlayAnalysisGo,
+    java: feature_flags_1.Feature.OverlayAnalysisJava,
+    javascript: feature_flags_1.Feature.OverlayAnalysisJavascript,
+    python: feature_flags_1.Feature.OverlayAnalysisPython,
+    ruby: feature_flags_1.Feature.OverlayAnalysisRuby,
+    rust: feature_flags_1.Feature.OverlayAnalysisRust,
+    swift: feature_flags_1.Feature.OverlayAnalysisSwift,
+};
+const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
+    actions: feature_flags_1.Feature.OverlayAnalysisCodeScanningActions,
+    cpp: feature_flags_1.Feature.OverlayAnalysisCodeScanningCpp,
+    csharp: feature_flags_1.Feature.OverlayAnalysisCodeScanningCsharp,
+    go: feature_flags_1.Feature.OverlayAnalysisCodeScanningGo,
+    java: feature_flags_1.Feature.OverlayAnalysisCodeScanningJava,
+    javascript: feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    python: feature_flags_1.Feature.OverlayAnalysisCodeScanningPython,
+    ruby: feature_flags_1.Feature.OverlayAnalysisCodeScanningRuby,
+    rust: feature_flags_1.Feature.OverlayAnalysisCodeScanningRust,
+    swift: feature_flags_1.Feature.OverlayAnalysisCodeScanningSwift,
+};
+async function isOverlayAnalysisFeatureEnabled(repository, features, codeql, languages, codeScanningConfig) {
+    // TODO: Remove the repository owner check once support for overlay analysis
+    // stabilizes, and no more backward-incompatible changes are expected.
+    if (!["github", "dsp-testing"].includes(repository.owner)) {
+        return false;
+    }
+    if (!(await features.getValue(feature_flags_1.Feature.OverlayAnalysis, codeql))) {
+        return false;
+    }
+    let enableForCodeScanningOnly = false;
+    for (const language of languages) {
+        const feature = OVERLAY_ANALYSIS_FEATURES[language];
+        if (feature && (await features.getValue(feature, codeql))) {
+            continue;
+        }
+        const codeScanningFeature = OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES[language];
+        if (codeScanningFeature &&
+            (await features.getValue(codeScanningFeature, codeql))) {
+            enableForCodeScanningOnly = true;
+            continue;
+        }
+        return false;
+    }
+    if (enableForCodeScanningOnly) {
+        // A code-scanning configuration runs only the (default) code-scanning suite
+        // if the default queries are not disabled, and no packs, queries, or
+        // query-filters are specified.
+        return (codeScanningConfig["disable-default-queries"] !== true &&
+            codeScanningConfig.packs === undefined &&
+            codeScanningConfig.queries === undefined &&
+            codeScanningConfig["query-filters"] === undefined);
+    }
+    return true;
+}
+/**
+ * Calculate and validate the overlay database mode and caching to use.
+ *
+ * - If the environment variable `CODEQL_OVERLAY_DATABASE_MODE` is set, use it.
+ *   In this case, the workflow is responsible for managing database storage and
+ *   retrieval, and the action will not perform overlay database caching. Think
+ *   of it as a "manual control" mode where the calling workflow is responsible
+ *   for making sure that everything is set up correctly.
+ * - Otherwise, if `Feature.OverlayAnalysis` is enabled, calculate the mode
+ *   based on what we are analyzing. Think of it as a "automatic control" mode
+ *   where the action will do the right thing by itself.
+ *   - If we are analyzing a pull request, use `Overlay` with caching.
+ *   - If we are analyzing the default branch, use `OverlayBase` with caching.
+ * - Otherwise, use `None`.
+ *
+ * For `Overlay` and `OverlayBase`, the function performs further checks and
+ * reverts to `None` if any check should fail.
+ *
+ * @returns An object containing the overlay database mode and whether the
+ * action should perform overlay-base database caching.
+ */
+async function getOverlayDatabaseMode(codeql, repository, features, languages, sourceRoot, buildMode, codeScanningConfig, logger) {
+    let overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.None;
+    let useOverlayDatabaseCaching = false;
+    const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
+    // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and
+    // treated as if the environment variable was not set.
+    if (modeEnv === overlay_database_utils_1.OverlayDatabaseMode.Overlay ||
+        modeEnv === overlay_database_utils_1.OverlayDatabaseMode.OverlayBase ||
+        modeEnv === overlay_database_utils_1.OverlayDatabaseMode.None) {
+        overlayDatabaseMode = modeEnv;
+        logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+            "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.");
+    }
+    else if (await isOverlayAnalysisFeatureEnabled(repository, features, codeql, languages, codeScanningConfig)) {
+        if ((0, actions_util_1.isAnalyzingPullRequest)()) {
+            overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.Overlay;
+            useOverlayDatabaseCaching = true;
+            logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+                "with caching because we are analyzing a pull request.");
+        }
+        else if (await (0, git_utils_1.isAnalyzingDefaultBranch)()) {
+            overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.OverlayBase;
+            useOverlayDatabaseCaching = true;
+            logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+                "with caching because we are analyzing the default branch.");
+        }
+    }
+    const nonOverlayAnalysis = {
+        overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+        useOverlayDatabaseCaching: false,
+    };
+    if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.None) {
+        return nonOverlayAnalysis;
+    }
+    if (buildMode !== util_1.BuildMode.None && languages.some(languages_1.isTracedLanguage)) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `build-mode is set to "${buildMode}" instead of "none". ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION))) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `the CodeQL CLI is older than ${overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    if ((await (0, git_utils_1.getGitRoot)(sourceRoot)) === undefined) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `the source root "${sourceRoot}" is not inside a git repository. ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    return {
+        overlayDatabaseMode,
+        useOverlayDatabaseCaching,
+    };
+}
 /**
 * Pack names must be in the form of `scope/name`, with only alpha-numeric characters,
 * and `-` allowed as long as not the first or last char.
@@ -485,7 +602,6 @@ function userConfigFromActionPath(tempDir) {
 * a default config. The parsed config is then stored to a known location.
 */
 async function initConfig(inputs) {
-    let config;
    const { logger, tempDir } = inputs;
    // if configInput is set, it takes precedence over configFile
    if (inputs.configInput) {
@@ -496,14 +612,31 @@ async function initConfig(inputs) {
        fs.writeFileSync(inputs.configFile, inputs.configInput);
        logger.debug(`Using config from action input: ${inputs.configFile}`);
    }
-    // If no config file was provided create an empty one
+    let userConfig = {};
    if (!inputs.configFile) {
        logger.debug("No configuration file was provided");
-        config = await getDefaultConfig(inputs);
    }
    else {
-        // Convince the type checker that inputs.configFile is defined.
-        config = await loadConfig({ ...inputs, configFile: inputs.configFile });
+        logger.debug(`Using configuration file: ${inputs.configFile}`);
+        userConfig = await loadUserConfig(inputs.configFile, inputs.workspacePath, inputs.apiDetails, tempDir);
+    }
+    const config = await getDefaultConfig(inputs);
+    const augmentationProperties = config.augmentationProperties;
+    config.originalUserInput = userConfig;
+    // The choice of overlay database mode depends on the selection of languages
+    // and queries, which in turn depends on the user config and the augmentation
+    // properties. So we need to calculate the overlay database mode after the
+    // rest of the config has been populated.
+    const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode(inputs.codeql, inputs.repository, inputs.features, config.languages, inputs.sourceRoot, config.buildMode, generateCodeScanningConfig(userConfig, augmentationProperties), logger);
+    logger.info(`Using overlay database mode: ${overlayDatabaseMode} ` +
+        `${useOverlayDatabaseCaching ? "with" : "without"} caching.`);
+    augmentationProperties.overlayDatabaseMode = overlayDatabaseMode;
+    augmentationProperties.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
+    if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.Overlay ||
+        (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(inputs.codeql, inputs.features, logger))) {
+        augmentationProperties.extraQueryExclusions.push({
+            exclude: { tags: "exclude-from-incremental" },
+        });
    }
    // Save the config so we can easily access it again in the future
    await saveConfig(config, logger);
@@ -706,4 +839,56 @@ async function parseBuildModeInput(input, languages, features, logger) {
    }
    return input;
 }
+function generateCodeScanningConfig(originalUserInput, augmentationProperties) {
+    // make a copy so we can modify it
+    const augmentedConfig = (0, util_1.cloneObject)(originalUserInput);
+    // Inject the queries from the input
+    if (augmentationProperties.queriesInput) {
+        if (augmentationProperties.queriesInputCombines) {
+            augmentedConfig.queries = (augmentedConfig.queries || []).concat(augmentationProperties.queriesInput);
+        }
+        else {
+            augmentedConfig.queries = augmentationProperties.queriesInput;
+        }
+    }
+    if (augmentedConfig.queries?.length === 0) {
+        delete augmentedConfig.queries;
+    }
+    // Inject the packs from the input
+    if (augmentationProperties.packsInput) {
+        if (augmentationProperties.packsInputCombines) {
+            // At this point, we already know that this is a single-language analysis
+            if (Array.isArray(augmentedConfig.packs)) {
+                augmentedConfig.packs = (augmentedConfig.packs || []).concat(augmentationProperties.packsInput);
+            }
+            else if (!augmentedConfig.packs) {
+                augmentedConfig.packs = augmentationProperties.packsInput;
+            }
+            else {
+                // At this point, we know there is only one language.
+                // If there were more than one language, an error would already have been thrown.
+                const language = Object.keys(augmentedConfig.packs)[0];
+                augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput);
+            }
+        }
+        else {
+            augmentedConfig.packs = augmentationProperties.packsInput;
+        }
+    }
+    if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
+        delete augmentedConfig.packs;
+    }
+    augmentedConfig["query-filters"] = [
+        // Ordering matters. If the first filter is an inclusion, it implicitly
+        // excludes all queries that are not included. If it is an exclusion,
+        // it implicitly includes all queries that are not excluded. So user
+        // filters (if any) should always be first to preserve intent.
+        ...(augmentedConfig["query-filters"] || []),
+        ...augmentationProperties.extraQueryExclusions,
+    ];
+    if (augmentedConfig["query-filters"]?.length === 0) {
+        delete augmentedConfig["query-filters"];
+    }
+    return augmentedConfig;
+}
 //# sourceMappingURL=config-utils.js.map
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -42,13 +42,16 @@ const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const feature_flags_1 = require("./feature-flags");
+const gitUtils = __importStar(require("./git-utils"));
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
@@ -58,6 +61,7 @@ function createTestInitConfigInputs(overrides) {
    return Object.assign({}, {
        languagesInput: undefined,
        queriesInput: undefined,
+        qualityQueriesInput: undefined,
        packsInput: undefined,
        configFile: undefined,
        dbLocation: undefined,
@@ -72,6 +76,7 @@ function createTestInitConfigInputs(overrides) {
        tempDir: "",
        codeql: {},
        workspacePath: "",
+        sourceRoot: "",
        githubVersion,
        apiDetails: {
            auth: "token",
@@ -623,58 +628,63 @@ const packSpecPrettyPrintingMacro = ava_1.default.macro({
 });
 const mockLogger = (0, logging_1.getRunnerLogger)(true);
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger);
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = await configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages);
        t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
    },
    title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
-    queriesInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
    queriesInputCombines: true,
    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With quality queries", undefined, undefined, " a, b , c, d", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    qualityQueriesInput: [
+        { uses: "a" },
+        { uses: "b" },
+        { uses: "c" },
+        { uses: "d" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With security and quality queries", undefined, " a, b , c, d", "e, f , g,h", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+        { uses: "e" },
+        { uses: "f" },
+        { uses: "g" },
+        { uses: "h" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
    packsInputCombines: true,
    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
-        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger), { message: expectedError });
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedError) => {
+        await t.throwsAsync(() => configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages), { message: expectedError });
    },
    title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 (0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
    return await (0, util_1.withTmpDir)(async (tmpDir) => {
        const registriesInput = undefined;
@@ -818,4 +828,391 @@ for (const { displayName, language, feature } of [
        ]);
    });
 }
+const defaultOverlayDatabaseModeTestSetup = {
+    overlayDatabaseEnvVar: undefined,
+    features: [],
+    isPullRequest: false,
+    isDefaultBranch: false,
+    repositoryOwner: "github",
+    buildMode: util_1.BuildMode.None,
+    languages: [languages_1.Language.javascript],
+    codeqlVersion: "2.21.0",
+    gitRoot: "/some/git/root",
+    codeScanningConfig: {},
+};
+const getOverlayDatabaseModeMacro = ava_1.default.macro({
+    exec: async (t, _title, setupOverrides, expected) => {
+        return await (0, util_1.withTmpDir)(async (tempDir) => {
+            const messages = [];
+            const logger = (0, testing_utils_1.getRecordingLogger)(messages);
+            // Save the original environment
+            const originalEnv = { ...process.env };
+            try {
+                const setup = {
+                    ...defaultOverlayDatabaseModeTestSetup,
+                    ...setupOverrides,
+                };
+                // Set up environment variable if specified
+                delete process.env.CODEQL_OVERLAY_DATABASE_MODE;
+                if (setup.overlayDatabaseEnvVar !== undefined) {
+                    process.env.CODEQL_OVERLAY_DATABASE_MODE =
+                        setup.overlayDatabaseEnvVar;
+                }
+                // Mock feature flags
+                const features = (0, testing_utils_1.createFeatures)(setup.features);
+                // Mock isAnalyzingPullRequest function
+                sinon
+                    .stub(actionsUtil, "isAnalyzingPullRequest")
+                    .returns(setup.isPullRequest);
+                // Mock repository owner
+                const repository = {
+                    owner: setup.repositoryOwner,
+                    repo: "test-repo",
+                };
+                // Set up CodeQL mock
+                const codeql = (0, testing_utils_1.mockCodeQLVersion)(setup.codeqlVersion);
+                // Mock git root detection
+                if (setup.gitRoot !== undefined) {
+                    sinon.stub(gitUtils, "getGitRoot").resolves(setup.gitRoot);
+                }
+                // Mock default branch detection
+                sinon
+                    .stub(gitUtils, "isAnalyzingDefaultBranch")
+                    .resolves(setup.isDefaultBranch);
+                const result = await configUtils.getOverlayDatabaseMode(codeql, repository, features, setup.languages, tempDir, // sourceRoot
+                setup.buildMode, setup.codeScanningConfig, logger);
+                t.deepEqual(result, expected);
+            }
+            finally {
+                // Restore the original environment
+                process.env = originalEnv;
+            }
+        });
+    },
+    title: (_, title) => `getOverlayDatabaseMode: ${title}`,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - Overlay", {
+    overlayDatabaseEnvVar: "overlay",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - OverlayBase", {
+    overlayDatabaseEnvVar: "overlay-base",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - None", {
+    overlayDatabaseEnvVar: "none",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Ignore invalid environment variable", {
+    overlayDatabaseEnvVar: "invalid-mode",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Ignore feature flag when analyzing non-default branch", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay-base database on default branch when feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay-base database on default branch when feature enabled with custom analysis", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    codeScanningConfig: {
+        packs: ["some-custom-pack@1.0.0"],
+    },
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay-base database on default branch when code-scanning feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        "disable-default-queries": true,
+    },
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with packs", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        packs: ["some-custom-pack@1.0.0"],
+    },
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with queries", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        queries: [{ uses: "some-query.ql" }],
+    },
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with query-filters", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        "query-filters": [{ include: { "security-severity": "high" } }],
+    },
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when only language-specific feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when only code-scanning feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript],
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when language-specific feature disabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis],
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay analysis on PR when feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay analysis on PR when feature enabled with custom analysis", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    codeScanningConfig: {
+        packs: ["some-custom-pack@1.0.0"],
+    },
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay analysis on PR when code-scanning feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        "disable-default-queries": true,
+    },
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with packs", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        packs: ["some-custom-pack@1.0.0"],
+    },
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with queries", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        queries: [{ uses: "some-query.ql" }],
+    },
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with query-filters", {
+    languages: [languages_1.Language.javascript],
+    features: [
+        feature_flags_1.Feature.OverlayAnalysis,
+        feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript,
+    ],
+    codeScanningConfig: {
+        "query-filters": [{ include: { "security-severity": "high" } }],
+    },
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when only language-specific feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when only code-scanning feature enabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysisCodeScanningJavascript],
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when language-specific feature disabled", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis],
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by env for dsp-testing", {
+    overlayDatabaseEnvVar: "overlay",
+    repositoryOwner: "dsp-testing",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by env for other-org", {
+    overlayDatabaseEnvVar: "overlay",
+    repositoryOwner: "other-org",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by feature flag for dsp-testing", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isPullRequest: true,
+    repositoryOwner: "dsp-testing",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay PR analysis by feature flag for other-org", {
+    languages: [languages_1.Language.javascript],
+    features: [feature_flags_1.Feature.OverlayAnalysis, feature_flags_1.Feature.OverlayAnalysisJavascript],
+    isPullRequest: true,
+    repositoryOwner: "other-org",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to autobuild with traced language", {
+    overlayDatabaseEnvVar: "overlay",
+    buildMode: util_1.BuildMode.Autobuild,
+    languages: [languages_1.Language.java],
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to no build mode with traced language", {
+    overlayDatabaseEnvVar: "overlay",
+    buildMode: undefined,
+    languages: [languages_1.Language.java],
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to old CodeQL version", {
+    overlayDatabaseEnvVar: "overlay",
+    codeqlVersion: "2.14.0",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to missing git root", {
+    overlayDatabaseEnvVar: "overlay",
+    gitRoot: undefined,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+// Exercise language-specific overlay analysis features code paths
+for (const language in languages_1.Language) {
+    (0, ava_1.default)(getOverlayDatabaseModeMacro, `Check default overlay analysis feature for ${language}`, {
+        languages: [language],
+        features: [feature_flags_1.Feature.OverlayAnalysis],
+        isPullRequest: true,
+    }, {
+        overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+        useOverlayDatabaseCaching: false,
+    });
+}
 //# sourceMappingURL=config-utils.test.js.map
--- a/lib/config-utils.test.js.map
+++ b/lib/config-utils.test.js.map
--- a/lib/debug-artifacts.js
+++ b/lib/debug-artifacts.js
@@ -46,7 +46,7 @@ const path = __importStar(require("path"));
 const artifact = __importStar(require("@actions/artifact"));
 const artifactLegacy = __importStar(require("@actions/artifact-legacy"));
 const core = __importStar(require("@actions/core"));
-const adm_zip_1 = __importDefault(require("adm-zip"));
+const archiver_1 = __importDefault(require("archiver"));
 const del_1 = __importDefault(require("del"));
 const actions_util_1 = require("./actions-util");
 const analyze_1 = require("./analyze");
@@ -56,7 +56,7 @@ const logging_1 = require("./logging");
 const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
-    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
+    return name.replace(/[^a-zA-Z0-9_-]+/g, "");
 }
 /**
 * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
@@ -250,9 +250,20 @@ async function createPartialDatabaseBundle(config, language) {
    if (fs.existsSync(databaseBundlePath)) {
        await (0, del_1.default)(databaseBundlePath, { force: true });
    }
-    const zip = new adm_zip_1.default();
-    zip.addLocalFolder(databasePath);
-    zip.writeZip(databaseBundlePath);
+    const output = fs.createWriteStream(databaseBundlePath);
+    const zip = (0, archiver_1.default)("zip");
+    zip.on("error", (err) => {
+        throw err;
+    });
+    zip.on("warning", (err) => {
+        // Ignore ENOENT warnings. There's nothing anyone can do about it.
+        if (err.code !== "ENOENT") {
+            throw err;
+        }
+    });
+    zip.pipe(output);
+    zip.directory(databasePath, false);
+    await zip.finalize();
    return databaseBundlePath;
 }
 /**
--- a/lib/debug-artifacts.js.map
+++ b/lib/debug-artifacts.js.map
--- a/lib/debug-artifacts.test.js
+++ b/lib/debug-artifacts.test.js
@@ -45,6 +45,7 @@ const util_1 = require("./util");
    t.deepEqual(debugArtifacts.sanitizeArtifactName("hello`world`"), "helloworld");
    t.deepEqual(debugArtifacts.sanitizeArtifactName("hello===123"), "hello123");
    t.deepEqual(debugArtifacts.sanitizeArtifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
+    t.deepEqual(debugArtifacts.sanitizeArtifactName("\\foo\\bar//baz"), "foobarbaz");
 });
 // These next tests check the correctness of the logic to determine whether or not
 // artifacts are uploaded in debug mode. Since it's not easy to mock the actual
--- a/lib/debug-artifacts.test.js.map
+++ b/lib/debug-artifacts.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,EACtD,WAAW,CACZ,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.20.7",
-    "cliVersion": "2.20.7",
-    "priorBundleVersion": "codeql-bundle-v2.20.6",
-    "priorCliVersion": "2.20.6"
+    "bundleVersion": "codeql-bundle-v2.22.2",
+    "cliVersion": "2.22.2",
+    "priorBundleVersion": "codeql-bundle-v2.22.1",
+    "priorCliVersion": "2.22.1"
 }
--- a/lib/dependency-caching.js
+++ b/lib/dependency-caching.js
@@ -57,42 +57,44 @@ function getJavaTempDependencyDir() {
 /**
 * Default caching configurations per language.
 */
-const CODEQL_DEFAULT_CACHE_CONFIG = {
-    java: {
-        paths: [
-            // Maven
-            (0, path_1.join)(os.homedir(), ".m2", "repository"),
-            // Gradle
-            (0, path_1.join)(os.homedir(), ".gradle", "caches"),
-            // CodeQL Java build-mode: none
-            getJavaTempDependencyDir(),
-        ],
-        hash: [
-            // Maven
-            "**/pom.xml",
-            // Gradle
-            "**/*.gradle*",
-            "**/gradle-wrapper.properties",
-            "buildSrc/**/Versions.kt",
-            "buildSrc/**/Dependencies.kt",
-            "gradle/*.versions.toml",
-            "**/versions.properties",
-        ],
-    },
-    csharp: {
-        paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
-        hash: [
-            // NuGet
-            "**/packages.lock.json",
-            // Paket
-            "**/paket.lock",
-        ],
-    },
-    go: {
-        paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
-        hash: ["**/go.sum"],
-    },
-};
+function getDefaultCacheConfig() {
+    return {
+        java: {
+            paths: [
+                // Maven
+                (0, path_1.join)(os.homedir(), ".m2", "repository"),
+                // Gradle
+                (0, path_1.join)(os.homedir(), ".gradle", "caches"),
+                // CodeQL Java build-mode: none
+                getJavaTempDependencyDir(),
+            ],
+            hash: [
+                // Maven
+                "**/pom.xml",
+                // Gradle
+                "**/*.gradle*",
+                "**/gradle-wrapper.properties",
+                "buildSrc/**/Versions.kt",
+                "buildSrc/**/Dependencies.kt",
+                "gradle/*.versions.toml",
+                "**/versions.properties",
+            ],
+        },
+        csharp: {
+            paths: [(0, path_1.join)(os.homedir(), ".nuget", "packages")],
+            hash: [
+                // NuGet
+                "**/packages.lock.json",
+                // Paket
+                "**/paket.lock",
+            ],
+        },
+        go: {
+            paths: [(0, path_1.join)(os.homedir(), "go", "pkg", "mod")],
+            hash: ["**/go.sum"],
+        },
+    };
+}
 async function makeGlobber(patterns) {
    return glob.create(patterns.join("\n"));
 }
@@ -106,7 +108,7 @@ async function makeGlobber(patterns) {
 async function downloadDependencyCaches(languages, logger) {
    const restoredCaches = [];
    for (const language of languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
        if (cacheConfig === undefined) {
            logger.info(`Skipping download of dependency cache for ${language} as we have no caching configuration for it.`);
            continue;
@@ -140,7 +142,7 @@ async function downloadDependencyCaches(languages, logger) {
 */
 async function uploadDependencyCaches(config, logger) {
    for (const language of config.languages) {
-        const cacheConfig = CODEQL_DEFAULT_CACHE_CONFIG[language];
+        const cacheConfig = getDefaultCacheConfig()[language];
        if (cacheConfig === undefined) {
            logger.info(`Skipping upload of dependency cache for ${language} as we have no caching configuration for it.`);
            continue;
--- a/lib/dependency-caching.js.map
+++ b/lib/dependency-caching.js.map
@@ -1 +1 @@
-{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAqDD,4DAmDC;AAQD,wDAiEC;AAvND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,2BAA2B,GAAwC;IACvE,IAAI,EAAE;QACJ,KAAK,EAAE;YACL,QAAQ;YACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;YACvC,SAAS;YACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;YACvC,+BAA+B;YAC/B,wBAAwB,EAAE;SAC3B;QACD,IAAI,EAAE;YACJ,QAAQ;YACR,YAAY;YACZ,SAAS;YACT,cAAc;YACd,8BAA8B;YAC9B,yBAAyB;YACzB,6BAA6B;YAC7B,wBAAwB;YACxB,wBAAwB;SACzB;KACF;IACD,MAAM,EAAE;QACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,EAAE;YACJ,QAAQ;YACR,uBAAuB;YACvB,QAAQ;YACR,eAAe;SAChB;KACF;IACD,EAAE,EAAE;QACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;KACpB;CACF,CAAC;AAEF,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}
+{"version":3,"file":"dependency-caching.js","sourceRoot":"","sources":["../src/dependency-caching.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoCA,4DAEC;AAuDD,4DAmDC;AAQD,wDAiEC;AAzND,uCAAyB;AACzB,+BAA4B;AAE5B,6DAA+C;AAC/C,oDAAsC;AAEtC,iDAAuD;AACvD,mDAAoD;AAEpD,+CAAuC;AAGvC,iCAA6C;AAgB7C,MAAM,8BAA8B,GAAG,qBAAqB,CAAC;AAC7D,MAAM,+BAA+B,GAAG,CAAC,CAAC;AAE1C;;;;GAIG;AACH,SAAgB,wBAAwB;IACtC,OAAO,IAAA,WAAI,EAAC,IAAA,oCAAqB,GAAE,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB;IAC5B,OAAO;QACL,IAAI,EAAE;YACJ,KAAK,EAAE;gBACL,QAAQ;gBACR,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,CAAC;gBACvC,SAAS;gBACT,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC;gBACvC,+BAA+B;gBAC/B,wBAAwB,EAAE;aAC3B;YACD,IAAI,EAAE;gBACJ,QAAQ;gBACR,YAAY;gBACZ,SAAS;gBACT,cAAc;gBACd,8BAA8B;gBAC9B,yBAAyB;gBACzB,6BAA6B;gBAC7B,wBAAwB;gBACxB,wBAAwB;aACzB;SACF;QACD,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ;gBACR,uBAAuB;gBACvB,QAAQ;gBACR,eAAe;aAChB;SACF;QACD,EAAE,EAAE;YACF,KAAK,EAAE,CAAC,IAAA,WAAI,EAAC,EAAE,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;YAC/C,IAAI,EAAE,CAAC,WAAW,CAAC;SACpB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,wBAAwB,CAC5C,SAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAe,EAAE,CAAC;IAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,8CAA8C,CACpG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,6CAA6C,QAAQ,mDAAmD,CACzG,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACzD,MAAM,WAAW,GAAa,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;QAE5D,MAAM,CAAC,IAAI,CACT,yBAAyB,QAAQ,aAAa,UAAU,qBAAqB,WAAW,CAAC,IAAI,CAC3F,IAAI,CACL,EAAE,CACJ,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,CAC5C,WAAW,CAAC,KAAK,EACjB,UAAU,EACV,WAAW,CACZ,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,oBAAoB,MAAM,QAAQ,QAAQ,GAAG,CAAC,CAAC;YAC3D,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,+BAA+B,QAAQ,GAAG,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAc,EAAE,MAAc;IACzE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,8CAA8C,CAClG,CAAC;YACF,SAAS;QACX,CAAC;QAED,gGAAgG;QAChG,wBAAwB;QACxB,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,mDAAmD,CACvG,CAAC;YACF,SAAS;QACX,CAAC;QAED,yGAAyG;QACzG,uGAAuG;QACvG,uCAAuC;QACvC,uGAAuG;QACvG,uGAAuG;QACvG,sCAAsC;QACtC,uGAAuG;QACvG,sGAAsG;QACtG,sGAAsG;QACtG,4CAA4C;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAA,iCAAiB,EAAC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;QAEtE,iCAAiC;QACjC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CACT,2CAA2C,QAAQ,qBAAqB,CACzE,CAAC;YACF,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAElD,MAAM,CAAC,IAAI,CACT,2BAA2B,IAAI,QAAQ,QAAQ,aAAa,GAAG,KAAK,CACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,yFAAyF;YACzF,uFAAuF;YACvF,gCAAgC;YAChC,IAAI,KAAK,YAAY,YAAY,CAAC,iBAAiB,EAAE,CAAC;gBACpD,MAAM,CAAC,IAAI,CACT,2BAA2B,QAAQ,aAAa,GAAG,qBAAqB,CACzE,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,kCAAkC;gBAClC,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAkB,EAClB,WAAwB;IAExB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,CAAC;AACjD,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,WAAW,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,yBAAyB,CAAC,CAAC;IACnE,IAAI,MAAM,GAAG,8BAA8B,CAAC;IAE5C,IAAI,YAAY,KAAK,SAAS,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAG,MAAM,IAAI,YAAY,EAAE,CAAC;IACvC,CAAC;IAED,OAAO,GAAG,MAAM,IAAI,+BAA+B,IAAI,QAAQ,IAAI,QAAQ,GAAG,CAAC;AACjF,CAAC"}
--- a/lib/diff-informed-analysis-utils.js
+++ b/lib/diff-informed-analysis-utils.js
@@ -39,34 +39,10 @@ exports.writeDiffRangesJsonFile = writeDiffRangesJsonFile;
 exports.readDiffRangesJsonFile = readDiffRangesJsonFile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const github = __importStar(require("@actions/github"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const feature_flags_1 = require("./feature-flags");
-function getPullRequestBranches() {
-    const pullRequest = github.context.payload.pull_request;
-    if (pullRequest) {
-        return {
-            base: pullRequest.base.ref,
-            // We use the head label instead of the head ref here, because the head
-            // ref lacks owner information and by itself does not uniquely identify
-            // the head branch (which may be in a forked repository).
-            head: pullRequest.head.label,
-        };
-    }
-    // PR analysis under Default Setup does not have the pull_request context,
-    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
-    const codeScanningRef = process.env.CODE_SCANNING_REF;
-    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
-    if (codeScanningRef && codeScanningBaseBranch) {
-        return {
-            base: codeScanningBaseBranch,
-            // PR analysis under Default Setup analyzes the PR head commit instead of
-            // the merge commit, so we can use the provided ref directly.
-            head: codeScanningRef,
-        };
-    }
-    return undefined;
-}
+const util_1 = require("./util");
 /**
 * Check if the action should perform diff-informed analysis.
 */
@@ -85,7 +61,12 @@ async function getDiffInformedAnalysisBranches(codeql, features, logger) {
    if (!(await features.getValue(feature_flags_1.Feature.DiffInformedQueries, codeql))) {
        return undefined;
    }
-    const branches = getPullRequestBranches();
+    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+    if (gitHubVersion.type === util_1.GitHubVariant.GHES &&
+        (0, util_1.satisfiesGHESVersion)(gitHubVersion.version, "<3.19", true)) {
+        return undefined;
+    }
+    const branches = actionsUtil.getPullRequestBranches();
    if (!branches) {
        logger.info("Not performing diff-informed analysis " +
            "because we are not analyzing a pull request.");
--- a/lib/diff-informed-analysis-utils.js.map
+++ b/lib/diff-informed-analysis-utils.js.map
@@ -1 +1 @@
-{"version":3,"file":"diff-informed-analysis-utils.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,8EASC;AASD,0EAiBC;AAYD,0DAUC;AAED,wDAaC;AArHD,uCAAyB;AACzB,2CAA6B;AAE7B,wDAA0C;AAE1C,4DAA8C;AAE9C,mDAA6D;AAQ7D,SAAS,sBAAsB;IAC7B,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;IACxD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG;YAC1B,uEAAuE;YACvE,uEAAuE;YACvE,yDAAyD;YACzD,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACtD,MAAM,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACrE,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,yEAAyE;YACzE,6DAA6D;YAC7D,IAAI,EAAE,eAAe;SACtB,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,OAAO,CACL,CAAC,MAAM,+BAA+B,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,+BAA+B,CACnD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;IAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CACT,wCAAwC;YACtC,8CAA8C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}
+{"version":3,"file":"diff-informed-analysis-utils.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,8EASC;AASD,0EAyBC;AAYD,0DAUC;AAED,wDAaC;AA9FD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAE9C,6CAAgD;AAEhD,mDAA6D;AAE7D,iCAA6D;AAE7D;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,OAAO,CACL,CAAC,MAAM,+BAA+B,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,+BAA+B,CACnD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IACE,aAAa,CAAC,IAAI,KAAK,oBAAa,CAAC,IAAI;QACzC,IAAA,2BAAoB,EAAC,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAC1D,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,sBAAsB,EAAE,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CACT,wCAAwC;YACtC,8CAA8C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}
--- a/lib/diff-informed-analysis-utils.test.js
+++ b/lib/diff-informed-analysis-utils.test.js
@@ -0,0 +1,130 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
+const apiClient = __importStar(require("./api-client"));
+const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
+const feature_flags_1 = require("./feature-flags");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const testing_utils_1 = require("./testing-utils");
+const util_1 = require("./util");
+(0, testing_utils_1.setupTests)(ava_1.default);
+const defaultTestCase = {
+    featureEnabled: true,
+    gitHubVersion: {
+        type: util_1.GitHubVariant.DOTCOM,
+    },
+    pullRequestBranches: {
+        base: "main",
+        head: "feature-branch",
+    },
+    codeQLVersion: "2.21.0",
+};
+const testShouldPerformDiffInformedAnalysis = ava_1.default.macro({
+    exec: async (t, _title, partialTestCase, expectedResult) => {
+        return await (0, util_1.withTmpDir)(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            const testCase = { ...defaultTestCase, ...partialTestCase };
+            const logger = (0, logging_1.getRunnerLogger)(true);
+            const codeql = (0, testing_utils_1.mockCodeQLVersion)(testCase.codeQLVersion);
+            if (testCase.diffInformedQueriesEnvVar !== undefined) {
+                process.env.CODEQL_ACTION_DIFF_INFORMED_QUERIES =
+                    testCase.diffInformedQueriesEnvVar.toString();
+            }
+            else {
+                delete process.env.CODEQL_ACTION_DIFF_INFORMED_QUERIES;
+            }
+            const features = new feature_flags_1.Features(testCase.gitHubVersion, (0, repository_1.parseRepositoryNwo)("github/example"), tmpDir, logger);
+            (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {
+                [feature_flags_1.Feature.DiffInformedQueries]: testCase.featureEnabled,
+            });
+            const getGitHubVersionStub = sinon
+                .stub(apiClient, "getGitHubVersion")
+                .resolves(testCase.gitHubVersion);
+            const getPullRequestBranchesStub = sinon
+                .stub(actionsUtil, "getPullRequestBranches")
+                .returns(testCase.pullRequestBranches);
+            const result = await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger);
+            t.is(result, expectedResult);
+            delete process.env.CODEQL_ACTION_DIFF_INFORMED_QUERIES;
+            getGitHubVersionStub.restore();
+            getPullRequestBranchesStub.restore();
+        });
+    },
+    title: (_, title) => `shouldPerformDiffInformedAnalysis: ${title}`,
+});
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns true in the default test case", {}, true);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false when feature flag is disabled from the API", {
+    featureEnabled: false,
+}, false);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false when CODEQL_ACTION_DIFF_INFORMED_QUERIES is set to false", {
+    featureEnabled: true,
+    diffInformedQueriesEnvVar: false,
+}, false);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns true when CODEQL_ACTION_DIFF_INFORMED_QUERIES is set to true", {
+    featureEnabled: false,
+    diffInformedQueriesEnvVar: true,
+}, true);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false for CodeQL version 2.20.0", {
+    codeQLVersion: "2.20.0",
+}, false);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false for invalid GHES version", {
+    gitHubVersion: {
+        type: util_1.GitHubVariant.GHES,
+        version: "invalid-version",
+    },
+}, false);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false for GHES version 3.18.5", {
+    gitHubVersion: {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.5",
+    },
+}, false);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns true for GHES version 3.19.0", {
+    gitHubVersion: {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.19.0",
+    },
+}, true);
+(0, ava_1.default)(testShouldPerformDiffInformedAnalysis, "returns false when not a pull request", {
+    pullRequestBranches: undefined,
+}, false);
+//# sourceMappingURL=diff-informed-analysis-utils.test.js.map
--- a/lib/diff-informed-analysis-utils.test.js.map
+++ b/lib/diff-informed-analysis-utils.test.js.map
@@ -0,0 +1 @@
+{"version":3,"file":"diff-informed-analysis-utils.test.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAA6C;AAC7C,6CAA+B;AAE/B,4DAA8C;AAE9C,wDAA0C;AAC1C,iFAAmF;AACnF,mDAAoD;AACpD,uCAA4C;AAC5C,6CAAkD;AAClD,mDAKyB;AACzB,iCAAmD;AAGnD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAUjB,MAAM,eAAe,GAAiC;IACpD,cAAc,EAAE,IAAI;IACpB,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,MAAM;KAC3B;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,gBAAgB;KACvB;IACD,aAAa,EAAE,QAAQ;CACxB,CAAC;AAEF,MAAM,qCAAqC,GAAG,aAAI,CAAC,KAAK,CAAC;IACvD,IAAI,EAAE,KAAK,EACT,CAAmB,EACnB,MAAc,EACd,eAAsD,EACtD,cAAuB,EACvB,EAAE;QACF,OAAO,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACvC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,QAAQ,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,eAAe,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,IAAA,iCAAiB,EAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAEzD,IAAI,QAAQ,CAAC,yBAAyB,KAAK,SAAS,EAAE,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,mCAAmC;oBAC7C,QAAQ,CAAC,yBAAyB,CAAC,QAAQ,EAAE,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;YACzD,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,QAAQ,CAAC,aAAa,EACtB,IAAA,+BAAkB,EAAC,gBAAgB,CAAC,EACpC,MAAM,EACN,MAAM,CACP,CAAC;YACF,IAAA,0CAA0B,EAAC,GAAG,EAAE;gBAC9B,CAAC,uBAAO,CAAC,mBAAmB,CAAC,EAAE,QAAQ,CAAC,cAAc;aACvD,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,KAAK;iBAC/B,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC;iBACnC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACpC,MAAM,0BAA0B,GAAG,KAAK;iBACrC,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;iBAC3C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;YAEzC,MAAM,MAAM,GAAG,MAAM,IAAA,gEAAiC,EACpD,MAAM,EACN,QAAQ,EACR,MAAM,CACP,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAE7B,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;YAEvD,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC/B,0BAA0B,CAAC,OAAO,EAAE,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IACD,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,sCAAsC,KAAK,EAAE;CACnE,CAAC,CAAC;AAEH,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC,EAAE,EACF,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,0DAA0D,EAC1D;IACE,cAAc,EAAE,KAAK;CACtB,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,wEAAwE,EACxE;IACE,cAAc,EAAE,IAAI;IACpB,yBAAyB,EAAE,KAAK;CACjC,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,sEAAsE,EACtE;IACE,cAAc,EAAE,KAAK;IACrB,yBAAyB,EAAE,IAAI;CAChC,EACD,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,yCAAyC,EACzC;IACE,aAAa,EAAE,QAAQ;CACxB,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,wCAAwC,EACxC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,iBAAiB;KAC3B;CACF,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,QAAQ;KAClB;CACF,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,sCAAsC,EACtC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,QAAQ;KAClB;CACF,EACD,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC;IACE,mBAAmB,EAAE,SAAS;CAC/B,EACD,KAAK,CACN,CAAC"}
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@@ -39,6 +39,7 @@ const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
 const defaults = __importStar(require("./defaults.json"));
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
@@ -61,11 +62,33 @@ var Feature;
    Feature["CppBuildModeNone"] = "cpp_build_mode_none";
    Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
    Feature["DiffInformedQueries"] = "diff_informed_queries";
+    Feature["DisableCombineSarifFiles"] = "disable_combine_sarif_files";
    Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
    Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
    Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
    Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
    Feature["ExtractToToolcache"] = "extract_to_toolcache";
+    Feature["OverlayAnalysis"] = "overlay_analysis";
+    Feature["OverlayAnalysisActions"] = "overlay_analysis_actions";
+    Feature["OverlayAnalysisCodeScanningActions"] = "overlay_analysis_code_scanning_actions";
+    Feature["OverlayAnalysisCodeScanningCpp"] = "overlay_analysis_code_scanning_cpp";
+    Feature["OverlayAnalysisCodeScanningCsharp"] = "overlay_analysis_code_scanning_csharp";
+    Feature["OverlayAnalysisCodeScanningGo"] = "overlay_analysis_code_scanning_go";
+    Feature["OverlayAnalysisCodeScanningJava"] = "overlay_analysis_code_scanning_java";
+    Feature["OverlayAnalysisCodeScanningJavascript"] = "overlay_analysis_code_scanning_javascript";
+    Feature["OverlayAnalysisCodeScanningPython"] = "overlay_analysis_code_scanning_python";
+    Feature["OverlayAnalysisCodeScanningRuby"] = "overlay_analysis_code_scanning_ruby";
+    Feature["OverlayAnalysisCodeScanningRust"] = "overlay_analysis_code_scanning_rust";
+    Feature["OverlayAnalysisCodeScanningSwift"] = "overlay_analysis_code_scanning_swift";
+    Feature["OverlayAnalysisCpp"] = "overlay_analysis_cpp";
+    Feature["OverlayAnalysisCsharp"] = "overlay_analysis_csharp";
+    Feature["OverlayAnalysisGo"] = "overlay_analysis_go";
+    Feature["OverlayAnalysisJava"] = "overlay_analysis_java";
+    Feature["OverlayAnalysisJavascript"] = "overlay_analysis_javascript";
+    Feature["OverlayAnalysisPython"] = "overlay_analysis_python";
+    Feature["OverlayAnalysisRuby"] = "overlay_analysis_ruby";
+    Feature["OverlayAnalysisRust"] = "overlay_analysis_rust";
+    Feature["OverlayAnalysisSwift"] = "overlay_analysis_swift";
    Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
    Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
    Feature["RustAnalysis"] = "rust_analysis";
@@ -94,10 +117,14 @@ exports.featureConfig = {
        minimumVersion: "2.15.0",
    },
    [Feature.DiffInformedQueries]: {
-        defaultValue: false,
+        defaultValue: true,
        envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES",
+        minimumVersion: "2.21.0",
+    },
+    [Feature.DisableCombineSarifFiles]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_COMBINE_SARIF_FILES",
        minimumVersion: undefined,
-        toolsFeature: tools_features_1.ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty,
    },
    [Feature.DisableCsharpBuildless]: {
        defaultValue: false,
@@ -127,6 +154,111 @@ exports.featureConfig = {
        envVar: "CODEQL_ACTION_EXTRACT_TOOLCACHE",
        minimumVersion: undefined,
    },
+    [Feature.OverlayAnalysis]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
+        minimumVersion: overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION,
+    },
+    [Feature.OverlayAnalysisActions]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningActions]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningCpp]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningCsharp]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningGo]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningJava]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningJavascript]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningPython]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningRuby]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningRust]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCodeScanningSwift]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCpp]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisCsharp]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisGo]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisJava]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisJavascript]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisPython]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisRuby]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisRust]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
+        minimumVersion: undefined,
+    },
+    [Feature.OverlayAnalysisSwift]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
+        minimumVersion: undefined,
+    },
    [Feature.PythonDefaultIsToNotExtractStdlib]: {
        defaultValue: false,
        envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION",
@@ -358,14 +490,22 @@ class GitHubFeatureFlags {
        try {
            const featuresToRequest = Object.entries(exports.featureConfig)
                .filter(([, config]) => !config.legacyApi)
-                .map(([f]) => f)
-                .join(",");
-            const response = await (0, api_client_1.getApiClient)().request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
-                owner: this.repositoryNwo.owner,
-                repo: this.repositoryNwo.repo,
-                features: featuresToRequest,
-            });
-            const remoteFlags = response.data;
+                .map(([f]) => f);
+            const FEATURES_PER_REQUEST = 25;
+            const featureChunks = [];
+            while (featuresToRequest.length > 0) {
+                featureChunks.push(featuresToRequest.splice(0, FEATURES_PER_REQUEST));
+            }
+            let remoteFlags = {};
+            for (const chunk of featureChunks) {
+                const response = await (0, api_client_1.getApiClient)().request("GET /repos/:owner/:repo/code-scanning/codeql-action/features", {
+                    owner: this.repositoryNwo.owner,
+                    repo: this.repositoryNwo.repo,
+                    features: chunk.join(","),
+                });
+                const chunkFlags = response.data;
+                remoteFlags = { ...remoteFlags, ...chunkFlags };
+            }
            this.logger.debug("Loaded the following default values for the feature flags from the Code Scanning API:");
            for (const [feature, value] of Object.entries(remoteFlags).sort(([nameA], [nameB]) => nameA.localeCompare(nameB))) {
                this.logger.debug(`  ${feature}: ${value}`);
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/feature-flags.test.js
+++ b/lib/feature-flags.test.js
@@ -36,7 +36,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.initializeFeatures = initializeFeatures;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
@@ -68,7 +67,7 @@ const testRepositoryNwo = (0, repository_1.parseRepositoryNwo)("github/example")
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const loggedMessages = [];
        const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages), { type: util_1.GitHubVariant.GHE_DOTCOM });
-        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, initializeFeatures(true));
+        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, (0, testing_utils_1.initializeFeatures)(true));
        for (const feature of Object.values(feature_flags_1.Feature)) {
            // Ensure we have gotten a response value back from the Mock API
            t.assert(await features.getValue(feature, includeCodeQlIfRequired(feature)));
@@ -103,6 +102,24 @@ const testRepositoryNwo = (0, repository_1.parseRepositoryNwo)("github/example")
        assertAllFeaturesUndefinedInApi(t, loggedMessages);
    });
 });
+(0, ava_1.default)("Include no more than 25 features in each API request", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        const features = setUpFeatureFlagTests(tmpDir);
+        (0, testing_utils_1.stubFeatureFlagApiEndpoint)((request) => {
+            const requestedFeatures = request.features.split(",");
+            return {
+                status: requestedFeatures.length <= 25 ? 200 : 400,
+                messageIfError: "Can request a maximum of 25 features.",
+                data: {},
+            };
+        });
+        // We only need to call getValue once, and it does not matter which feature
+        // we ask for. Under the hood, the features library will request all features
+        // from the API.
+        const feature = Object.values(feature_flags_1.Feature)[0];
+        await t.notThrowsAsync(async () => features.getValue(feature, includeCodeQlIfRequired(feature)));
+    });
+});
 (0, ava_1.default)("Feature flags exception is propagated if the API request errors", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
@@ -135,7 +152,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    (0, ava_1.default)(`Only feature '${feature}' is enabled if the associated environment variable is true. Others disabled.`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
            const features = setUpFeatureFlagTests(tmpDir);
-            const expectedFeatureEnablement = initializeFeatures(false);
+            const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(false);
            (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
            // feature should be disabled initially
            t.assert(!(await features.getValue(feature, includeCodeQlIfRequired(feature))));
@@ -147,7 +164,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    (0, ava_1.default)(`Feature '${feature}' is disabled if the associated environment variable is false, even if enabled in API`, async (t) => {
        await (0, util_1.withTmpDir)(async (tmpDir) => {
            const features = setUpFeatureFlagTests(tmpDir);
-            const expectedFeatureEnablement = initializeFeatures(true);
+            const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
            (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
            // feature should be enabled initially
            t.assert(await features.getValue(feature, includeCodeQlIfRequired(feature)));
@@ -161,7 +178,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
        (0, ava_1.default)(`Getting feature '${feature} should throw if no codeql is provided`, async (t) => {
            await (0, util_1.withTmpDir)(async (tmpDir) => {
                const features = setUpFeatureFlagTests(tmpDir);
-                const expectedFeatureEnablement = initializeFeatures(true);
+                const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
                (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
                await t.throwsAsync(async () => features.getValue(feature), {
                    message: `Internal error: A ${feature_flags_1.featureConfig[feature].minimumVersion !== undefined
@@ -175,7 +192,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
        (0, ava_1.default)(`Feature '${feature}' is disabled if the minimum CLI version is below ${feature_flags_1.featureConfig[feature].minimumVersion}`, async (t) => {
            await (0, util_1.withTmpDir)(async (tmpDir) => {
                const features = setUpFeatureFlagTests(tmpDir);
-                const expectedFeatureEnablement = initializeFeatures(true);
+                const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
                (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
                // feature should be disabled when an old CLI version is set
                let codeql = (0, testing_utils_1.mockCodeQLVersion)("2.0.0");
@@ -199,7 +216,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
        (0, ava_1.default)(`Feature '${feature}' is disabled if the required tools feature is not enabled`, async (t) => {
            await (0, util_1.withTmpDir)(async (tmpDir) => {
                const features = setUpFeatureFlagTests(tmpDir);
-                const expectedFeatureEnablement = initializeFeatures(true);
+                const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
                (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
                // feature should be disabled when the required tools feature is not enabled
                let codeql = (0, testing_utils_1.mockCodeQLVersion)("2.0.0");
@@ -225,7 +242,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
 (0, ava_1.default)("Feature flags are saved to disk", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
        const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
        t.false(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should not exist before getting feature flags");
@@ -244,7 +261,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
 (0, ava_1.default)("Environment variable can override feature flag cache", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
        const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
        t.true(await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.QaTelemetryEnabled)), "Feature flag should be enabled initially");
@@ -266,7 +283,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
 (0, ava_1.default)("selects CLI v2.20.1 on Dotcom when feature flags enable v2.20.0 and v2.20.1", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        expectedFeatureEnablement["default_codeql_version_2_20_0_enabled"] = true;
        expectedFeatureEnablement["default_codeql_version_2_20_1_enabled"] = true;
        expectedFeatureEnablement["default_codeql_version_2_20_2_enabled"] = false;
@@ -285,7 +302,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
 (0, ava_1.default)("includes tag name", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        expectedFeatureEnablement["default_codeql_version_2_20_0_enabled"] = true;
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
        const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
@@ -299,7 +316,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
 (0, ava_1.default)(`selects CLI from defaults.json on Dotcom when no default version feature flags are enabled`, async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const features = setUpFeatureFlagTests(tmpDir);
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
        const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
        t.deepEqual(defaultCliVersion, {
@@ -313,7 +330,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const loggedMessages = [];
        const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
-        const expectedFeatureEnablement = initializeFeatures(true);
+        const expectedFeatureEnablement = (0, testing_utils_1.initializeFeatures)(true);
        expectedFeatureEnablement["default_codeql_version_2_20_0_enabled"] = true;
        expectedFeatureEnablement["default_codeql_version_2_20_1_enabled"] = true;
        expectedFeatureEnablement["default_codeql_version_2_20_invalid_enabled"] =
@@ -358,12 +375,6 @@ function assertAllFeaturesUndefinedInApi(t, loggedMessages) {
            v.message.includes("undefined in API response")) !== undefined);
    }
 }
-function initializeFeatures(initialValue) {
-    return Object.keys(feature_flags_1.featureConfig).reduce((features, key) => {
-        features[key] = initialValue;
-        return features;
-    }, {});
-}
 function setUpFeatureFlagTests(tmpDir, logger = (0, logging_1.getRunnerLogger)(true), gitHubVersion = { type: util_1.GitHubVariant.DOTCOM }) {
    (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
    return new feature_flags_1.Features(gitHubVersion, testRepositoryNwo, tmpDir, logger);
--- a/lib/feature-flags.test.js.map
+++ b/lib/feature-flags.test.js.map
--- a/lib/init-action-post-helper.js
+++ b/lib/init-action-post-helper.js
@@ -87,7 +87,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
        await codeql.databaseExportDiagnostics(databasePath, sarifFile, category);
    }
    logger.info(`Uploading failed SARIF file ${sarifFile}`);
-    const uploadResult = await uploadLib.uploadFiles(sarifFile, checkoutPath, category, features, logger);
+    const uploadResult = await uploadLib.uploadFiles(sarifFile, checkoutPath, category, features, logger, uploadLib.CodeScanningTarget);
    await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
    return uploadResult
        ? { ...uploadResult.statusReport, sarifID: uploadResult.sarifID }
--- a/lib/init-action-post-helper.js.map
+++ b/lib/init-action-post-helper.js.map
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -87,7 +87,9 @@ async function runWrapper() {
            ...uploadFailedSarifResult,
            job_status: initActionPostHelper.getFinalJobStatus(),
        };
+        logger.info("Sending status report for init-post step.");
        await (0, status_report_1.sendStatusReport)(statusReport);
+        logger.info("Status report sent for init-post step.");
    }
 }
 void runWrapper();
--- a/lib/init-action-post.js.map
+++ b/lib/init-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAgD;AAChD,mDAOyB;AACzB,iCAA8E;AAO9E,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAgD;AAChD,mDAOyB;AACzB,iCAA8E;AAO9E,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACzD,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -57,7 +57,7 @@ const status_report_1 = require("./status-report");
 const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
-async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
+async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, logger, error) {
    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, error?.message, error?.stack);
    if (statusReportBase === undefined) {
        return;
@@ -126,6 +126,8 @@ async function sendCompletedStatusReport(startedAt, config, configFile, toolsDow
            trap_cache_languages: Object.keys(config.trapCaches).join(","),
            trap_cache_download_size_bytes: Math.round(await (0, caching_utils_1.getTotalCacheSize)(Object.values(config.trapCaches), logger)),
            trap_cache_download_duration_ms: Math.round(config.trapCacheDownloadTime),
+            overlay_base_database_download_size_bytes: overlayBaseDatabaseStats?.databaseSizeBytes,
+            overlay_base_database_download_duration_ms: overlayBaseDatabaseStats?.databaseDownloadDurationMs,
            query_filters: JSON.stringify(config.originalUserInput["query-filters"] ?? []),
            registries: JSON.stringify(configUtils.parseRegistriesWithoutCredentials((0, actions_util_1.getOptionalInput)("registries")) ?? []),
        };
@@ -167,6 +169,10 @@ async function run() {
    core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, jobRunUuid);
    core.exportVariable(environment_1.EnvVar.INIT_ACTION_HAS_RUN, "true");
    const configFile = (0, actions_util_1.getOptionalInput)("config-file");
+    // path.resolve() respects the intended semantics of source-root. If
+    // source-root is relative, it is relative to the GITHUB_WORKSPACE. If
+    // source-root is absolute, it is used as given.
+    const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
    try {
        const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
        if (statusReportBase !== undefined) {
@@ -192,6 +198,7 @@ async function run() {
        config = await (0, init_1.initConfig)({
            languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
            queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
+            qualityQueriesInput: (0, actions_util_1.getOptionalInput)("quality-queries"),
            packsInput: (0, actions_util_1.getOptionalInput)("packs"),
            buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
            configFile,
@@ -204,19 +211,18 @@ async function run() {
            // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
            //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
            debugMode: (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(),
-            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") ||
-                util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") ||
-                util_1.DEFAULT_DEBUG_DATABASE_NAME,
+            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME,
            repository: repositoryNwo,
            tempDir: (0, actions_util_1.getTemporaryDirectory)(),
            codeql,
            workspacePath: (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"),
+            sourceRoot,
            githubVersion: gitHubVersion,
            apiDetails,
            features,
            logger,
-        }, codeql);
+        });
        await (0, init_1.checkInstallPython311)(config.languages, codeql);
    }
    catch (unwrappedError) {
@@ -228,11 +234,32 @@ async function run() {
        }
        return;
    }
+    let overlayBaseDatabaseStats;
    try {
-        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
-        const overlayDatabaseMode = await (0, init_1.getOverlayDatabaseMode)((await codeql.getVersion()).version, config, sourceRoot, logger);
-        logger.info(`Using overlay database mode: ${overlayDatabaseMode}`);
-        if (overlayDatabaseMode !== overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
+        if (config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.Overlay &&
+            config.augmentationProperties.useOverlayDatabaseCaching) {
+            // OverlayDatabaseMode.Overlay comes in two flavors: with database
+            // caching, or without. The flavor with database caching is intended to be
+            // an "automatic control" mode, which is supposed to be fail-safe. If we
+            // cannot download an overlay-base database, we revert to
+            // OverlayDatabaseMode.None so that the workflow can continue to run.
+            //
+            // The flavor without database caching is intended to be a "manual
+            // control" mode, where the workflow is supposed to make all the
+            // necessary preparations. So, in that mode, we would assume that
+            // everything is in order and let the analysis fail if that turns out not
+            // to be the case.
+            overlayBaseDatabaseStats = await (0, overlay_database_utils_1.downloadOverlayBaseDatabaseFromCache)(codeql, config, logger);
+            if (!overlayBaseDatabaseStats) {
+                config.augmentationProperties.overlayDatabaseMode =
+                    overlay_database_utils_1.OverlayDatabaseMode.None;
+                logger.info("No overlay-base database found in cache, " +
+                    `reverting overlay database mode to ${overlay_database_utils_1.OverlayDatabaseMode.None}.`);
+            }
+        }
+        if (config.augmentationProperties.overlayDatabaseMode !==
+            overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
            (0, init_1.cleanupDatabaseClusterDirectory)(config, logger);
        }
        if (zstdAvailability) {
@@ -319,7 +346,8 @@ async function run() {
        // for details.
        core.exportVariable("CODEQL_RAM", process.env["CODEQL_RAM"] ||
            (0, util_1.getMemoryFlagValue)((0, actions_util_1.getOptionalInput)("ram"), logger).toString());
-        core.exportVariable("CODEQL_THREADS", (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
+        core.exportVariable("CODEQL_THREADS", process.env["CODEQL_THREADS"] ||
+            (0, util_1.getThreadsFlagValue)((0, actions_util_1.getOptionalInput)("threads"), logger).toString());
        // Disable Kotlin extractor if feature flag set
        if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
@@ -352,8 +380,9 @@ async function run() {
            logger.info(`Setting C++ build-mode: none to ${value}`);
            core.exportVariable(bmnVar, value);
        }
-        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
-        if (config.languages.includes(languages_1.Language.rust)) {
+        // For rust: set CODEQL_ENABLE_EXPERIMENTAL_FEATURES, unless codeql already supports rust without it
+        if (config.languages.includes(languages_1.Language.rust) &&
+            !(await codeql.resolveLanguages()).rust) {
            const feat = feature_flags_1.Feature.RustAnalysis;
            const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
            const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
@@ -376,25 +405,12 @@ async function run() {
        if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
            await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
        }
-        // For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
-        // System Integrity Protection (SIP) disabled.
-        if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
-            process.platform === "darwin" &&
-            (process.arch === "arm" || process.arch === "arm64") &&
-            !(await (0, util_1.checkSipEnablement)(logger))) {
-            logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
-        }
-        // From 2.16.0 the default for the python extractor is to not perform any
-        // dependency extraction. For versions before that, you needed to set this flag to
-        // enable this behavior.
+        // Suppress warnings about disabled Python library extraction.
        if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.17.1")) {
            // disabled by default, no warning
        }
-        else if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.16.0")) {
-            // disabled by default, prints warning if environment variable is not set
-            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
-        }
        else {
+            // disabled by default, prints warning if environment variable is not set
            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
        }
        if ((0, actions_util_1.getOptionalInput)("setup-python-dependencies") !== undefined) {
@@ -414,7 +430,7 @@ async function run() {
                core.exportVariable("CODEQL_EXTRACTOR_PYTHON_EXTRACT_STDLIB", "true");
            }
        }
-        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", (0, actions_util_1.getOptionalInput)("registries"), apiDetails, overlayDatabaseMode, logger);
+        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", (0, actions_util_1.getOptionalInput)("registries"), apiDetails, logger);
        if (tracerConfig !== undefined) {
            for (const [key, value] of Object.entries(tracerConfig.env)) {
                core.exportVariable(key, value);
@@ -430,13 +446,13 @@ async function run() {
        const error = (0, util_1.wrapError)(unwrappedError);
        core.setFailed(error.message);
        await sendCompletedStatusReport(startedAt, config, undefined, // We only report config info on success.
-        toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error);
+        toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, logger, error);
        return;
    }
    finally {
        (0, diagnostics_1.logUnwrittenDiagnostics)();
    }
-    await sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
+    await sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, logger);
 }
 function getTrapCachingEnabled() {
    // If the workflow specified something always respect that
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map
--- a/lib/init.js
+++ b/lib/init.js
@@ -35,23 +35,18 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initCodeQL = initCodeQL;
 exports.initConfig = initConfig;
-exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.runInit = runInit;
-exports.printPathFiltersWarning = printPathFiltersWarning;
 exports.checkInstallPython311 = checkInstallPython311;
 exports.cleanupDatabaseClusterDirectory = cleanupDatabaseClusterDirectory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const io = __importStar(require("@actions/io"));
-const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
-const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
-const overlay_database_utils_1 = require("./overlay-database-utils");
-const tools_features_1 = require("./tools-features");
+const logging_1 = require("./logging");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
@@ -67,43 +62,12 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
        zstdAvailability,
    };
 }
-async function initConfig(inputs, codeql) {
-    const logger = inputs.logger;
-    logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(inputs);
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.InformsAboutUnsupportedPathFilters))) {
-        printPathFiltersWarning(config, logger);
-    }
-    logger.endGroup();
-    return config;
+async function initConfig(inputs) {
+    return await (0, logging_1.withGroupAsync)("Load language configuration", async () => {
+        return await configUtils.initConfig(inputs);
+    });
 }
-async function getOverlayDatabaseMode(codeqlVersion, config, sourceRoot, logger) {
-    const overlayDatabaseMode = process.env.CODEQL_OVERLAY_DATABASE_MODE;
-    if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.Overlay ||
-        overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.OverlayBase) {
-        if (config.buildMode !== util.BuildMode.None) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `build-mode is set to "${config.buildMode}" instead of "none". ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        if (semver.lt(codeqlVersion, overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION)) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `the CodeQL CLI is older than ${overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        if ((await (0, git_utils_1.getGitRoot)(sourceRoot)) === undefined) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `the source root "${sourceRoot}" is not inside a git repository. ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        return overlayDatabaseMode;
-    }
-    return overlay_database_utils_1.OverlayDatabaseMode.None;
-}
-async function runInit(codeql, config, sourceRoot, processName, registriesInput, apiDetails, overlayDatabaseMode, logger) {
+async function runInit(codeql, config, sourceRoot, processName, registriesInput, apiDetails, logger) {
    fs.mkdirSync(config.dbLocation, { recursive: true });
    const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries(registriesInput, config.tempDir, logger);
    await configUtils.wrapEnvironment({
@@ -111,18 +75,9 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
        CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
    }, 
    // Init a database cluster
-    async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger));
+    async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger));
    return await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
 }
-function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript/python/ruby.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.originalUserInput.paths?.length ||
-        config.originalUserInput["paths-ignore"]?.length) &&
-        !config.languages.every(languages_1.isScannedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
-    }
-}
 /**
 * If we are running python 3.12+ on windows, we need to switch to python 3.11.
 * This check happens in a powershell script.
--- a/lib/init.js.map
+++ b/lib/init.js.map
@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,gCAyCC;AAED,gCAgBC;AAED,wDAuCC;AAED,0BAoCC;AAED,0DAeC;AAMD,sDAkBC;AAED,0EAkDC;AAjQD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAA0D;AAE1D,qEAGkC;AAIlC,qDAAgD;AAChD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpD,IACE,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAC5B,6BAAY,CAAC,kCAAkC,CAChD,CAAC,EACF,CAAC;QACD,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM;QACrC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QACnD,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,6BAAiB,CAAC,EAC1C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,gCAyCC;AAED,gCAMC;AAED,0BAkCC;AAMD,sDAkBC;AAED,0EAkDC;AApLD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAElC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAuC;AACvC,uCAAmD;AAInD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
--- a/lib/init.test.js
+++ b/lib/init.test.js
@@ -40,26 +40,9 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const init_1 = require("./init");
-const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are undefined", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: {},
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are empty", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: { paths: [], "paths-ignore": [] },
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
 (0, ava_1.default)("cleanupDatabaseClusterDirectory cleans up where possible", async (t) => {
    await (0, util_1.withTmpDir)(async (tmpDir) => {
        const dbLocation = path_1.default.resolve(tmpDir, "dbs");
--- a/lib/init.test.js.map
+++ b/lib/init.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAGvB,iCAGgB;AAChB,2CAAuC;AACvC,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,wFAAwF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE;KACO,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;KACxB,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAEvB,iCAAyD;AACzD,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
--- a/lib/overlay-database-utils.js
+++ b/lib/overlay-database-utils.js
@@ -36,10 +36,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CODEQL_OVERLAY_MINIMUM_VERSION = exports.OverlayDatabaseMode = void 0;
 exports.writeBaseDatabaseOidsFile = writeBaseDatabaseOidsFile;
 exports.writeOverlayChangesFile = writeOverlayChangesFile;
+exports.checkOverlayBaseDatabase = checkOverlayBaseDatabase;
+exports.uploadOverlayBaseDatabaseToCache = uploadOverlayBaseDatabaseToCache;
+exports.downloadOverlayBaseDatabaseFromCache = downloadOverlayBaseDatabaseFromCache;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const actionsCache = __importStar(require("@actions/cache"));
 const actions_util_1 = require("./actions-util");
 const git_utils_1 = require("./git-utils");
+const util_1 = require("./util");
 var OverlayDatabaseMode;
 (function (OverlayDatabaseMode) {
    OverlayDatabaseMode["Overlay"] = "overlay";
@@ -126,4 +131,165 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
    }
    return changes;
 }
+// Constants for database caching
+const CACHE_VERSION = 1;
+const CACHE_PREFIX = "codeql-overlay-base-database";
+const MAX_CACHE_OPERATION_MS = 120_000; // Two minutes
+/**
+ * Checks that the overlay-base database is valid by checking for the
+ * existence of the base database OIDs file.
+ *
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @param warningPrefix Prefix for the check failure warning message
+ * @returns True if the verification succeeded, false otherwise
+ */
+function checkOverlayBaseDatabase(config, logger, warningPrefix) {
+    // An overlay-base database should contain the base database OIDs file.
+    const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
+    if (!fs.existsSync(baseDatabaseOidsFilePath)) {
+        logger.warning(`${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist`);
+        return false;
+    }
+    return true;
+}
+/**
+ * Uploads the overlay-base database to the GitHub Actions cache. If conditions
+ * for uploading are not met, the function does nothing and returns false.
+ *
+ * This function uses the `checkout_path` input to determine the repository path
+ * and works only when called from `analyze` or `upload-sarif`.
+ *
+ * @param codeql The CodeQL instance
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @returns A promise that resolves to true if the upload was performed and
+ * successfully completed, or false otherwise
+ */
+async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
+    const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
+    if (overlayDatabaseMode !== OverlayDatabaseMode.OverlayBase) {
+        logger.debug(`Overlay database mode is ${overlayDatabaseMode}. ` +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    if (!config.augmentationProperties.useOverlayDatabaseCaching) {
+        logger.debug("Overlay database caching is disabled. " +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    if ((0, util_1.isInTestMode)()) {
+        logger.debug("In test mode. Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    const databaseIsValid = checkOverlayBaseDatabase(config, logger, "Abort uploading overlay-base database to cache");
+    if (!databaseIsValid) {
+        return false;
+    }
+    const dbLocation = config.dbLocation;
+    const codeQlVersion = (await codeql.getVersion()).version;
+    const checkoutPath = (0, actions_util_1.getRequiredInput)("checkout_path");
+    const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath);
+    logger.info(`Uploading overlay-base database to Actions cache with key ${cacheKey}`);
+    try {
+        const cacheId = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.saveCache([dbLocation], cacheKey), () => { });
+        if (cacheId === undefined) {
+            logger.warning("Timed out while uploading overlay-base database");
+            return false;
+        }
+    }
+    catch (error) {
+        logger.warning("Failed to upload overlay-base database to cache: " +
+            `${error instanceof Error ? error.message : String(error)}`);
+        return false;
+    }
+    logger.info(`Successfully uploaded overlay-base database from ${dbLocation}`);
+    return true;
+}
+/**
+ * Downloads the overlay-base database from the GitHub Actions cache. If conditions
+ * for downloading are not met, the function does nothing and returns false.
+ *
+ * @param codeql The CodeQL instance
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @returns A promise that resolves to download statistics if an overlay-base
+ * database was successfully downloaded, or undefined if the download was
+ * either not performed or failed.
+ */
+async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) {
+    const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
+    if (overlayDatabaseMode !== OverlayDatabaseMode.Overlay) {
+        logger.debug(`Overlay database mode is ${overlayDatabaseMode}. ` +
+            "Skip downloading overlay-base database from cache.");
+        return undefined;
+    }
+    if (!config.augmentationProperties.useOverlayDatabaseCaching) {
+        logger.debug("Overlay database caching is disabled. " +
+            "Skip downloading overlay-base database from cache.");
+        return undefined;
+    }
+    if ((0, util_1.isInTestMode)()) {
+        logger.debug("In test mode. Skip downloading overlay-base database from cache.");
+        return undefined;
+    }
+    const dbLocation = config.dbLocation;
+    const codeQlVersion = (await codeql.getVersion()).version;
+    const restoreKey = getCacheRestoreKey(config, codeQlVersion);
+    logger.info(`Looking in Actions cache for overlay-base database with restore key ${restoreKey}`);
+    let databaseDownloadDurationMs = 0;
+    try {
+        const databaseDownloadStart = performance.now();
+        const foundKey = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.restoreCache([dbLocation], restoreKey), () => {
+            logger.info("Timed out downloading overlay-base database from cache");
+        });
+        databaseDownloadDurationMs = Math.round(performance.now() - databaseDownloadStart);
+        if (foundKey === undefined) {
+            logger.info("No overlay-base database found in Actions cache");
+            return undefined;
+        }
+        logger.info(`Downloaded overlay-base database in cache with key ${foundKey}`);
+    }
+    catch (error) {
+        logger.warning("Failed to download overlay-base database from cache: " +
+            `${error instanceof Error ? error.message : String(error)}`);
+        return undefined;
+    }
+    const databaseIsValid = checkOverlayBaseDatabase(config, logger, "Downloaded overlay-base database is invalid");
+    if (!databaseIsValid) {
+        logger.warning("Downloaded overlay-base database failed validation");
+        return undefined;
+    }
+    const databaseSizeBytes = await (0, util_1.tryGetFolderBytes)(dbLocation, logger);
+    if (databaseSizeBytes === undefined) {
+        logger.info("Filesystem error while accessing downloaded overlay-base database");
+        // The problem that warrants reporting download failure is not that we are
+        // unable to determine the size of the database. Rather, it is that we
+        // encountered a filesystem error while accessing the database, which
+        // indicates that an overlay analysis will likely fail.
+        return undefined;
+    }
+    logger.info(`Successfully downloaded overlay-base database to ${dbLocation}`);
+    return {
+        databaseSizeBytes: Math.round(databaseSizeBytes),
+        databaseDownloadDurationMs,
+    };
+}
+async function generateCacheKey(config, codeQlVersion, checkoutPath) {
+    const sha = await (0, git_utils_1.getCommitOid)(checkoutPath);
+    return `${getCacheRestoreKey(config, codeQlVersion)}${sha}`;
+}
+function getCacheRestoreKey(config, codeQlVersion) {
+    // The restore key (prefix) specifies which cached overlay-base databases are
+    // compatible with the current analysis: the cached database must have the
+    // same cache version and the same CodeQL bundle version.
+    //
+    // Actions cache supports using multiple restore keys to indicate preference.
+    // Technically we prefer a cached overlay-base database with the same SHA as
+    // we are analyzing. However, since overlay-base databases are built from the
+    // default branch and used in PR analysis, it is exceedingly unlikely that
+    // the commit SHA will ever be the same, so we can just leave it out.
+    const languages = [...config.languages].sort().join("_");
+    return `${CACHE_PREFIX}-${CACHE_VERSION}-${languages}-${codeQlVersion}-`;
+}
 //# sourceMappingURL=overlay-database-utils.js.map
--- a/lib/overlay-database-utils.js.map
+++ b/lib/overlay-database-utils.js.map
--- a/lib/overlay-database-utils.test.js
+++ b/lib/overlay-database-utils.test.js
@@ -38,6 +38,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const actionsCache = __importStar(require("@actions/cache"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
@@ -45,6 +46,7 @@ const gitUtils = __importStar(require("./git-utils"));
 const logging_1 = require("./logging");
 const overlay_database_utils_1 = require("./overlay-database-utils");
 const testing_utils_1 = require("./testing-utils");
+const utils = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 (0, ava_1.default)("writeOverlayChangesFile generates correct changes file", async (t) => {
@@ -91,4 +93,93 @@ const util_1 = require("./util");
        t.deepEqual(parsedContent.changes.sort(), ["added.js", "deleted.js", "modified.js"], "Should identify added, deleted, and modified files");
    });
 });
+const defaultDownloadTestCase = {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+    isInTestMode: false,
+    restoreCacheResult: "cache-key",
+    hasBaseDatabaseOidsFile: true,
+    tryGetFolderBytesSucceeds: true,
+    codeQLVersion: "2.20.5",
+};
+const testDownloadOverlayBaseDatabaseFromCache = ava_1.default.macro({
+    exec: async (t, _title, partialTestCase, expectDownloadSuccess) => {
+        await (0, util_1.withTmpDir)(async (tmpDir) => {
+            const dbLocation = path.join(tmpDir, "db");
+            await fs.promises.mkdir(dbLocation, { recursive: true });
+            const logger = (0, logging_1.getRunnerLogger)(true);
+            const config = (0, testing_utils_1.createTestConfig)({ dbLocation });
+            const testCase = { ...defaultDownloadTestCase, ...partialTestCase };
+            config.augmentationProperties.overlayDatabaseMode =
+                testCase.overlayDatabaseMode;
+            config.augmentationProperties.useOverlayDatabaseCaching =
+                testCase.useOverlayDatabaseCaching;
+            if (testCase.hasBaseDatabaseOidsFile) {
+                const baseDatabaseOidsFile = path.join(dbLocation, "base-database-oids.json");
+                await fs.promises.writeFile(baseDatabaseOidsFile, JSON.stringify({}));
+            }
+            const stubs = [];
+            const isInTestModeStub = sinon
+                .stub(utils, "isInTestMode")
+                .returns(testCase.isInTestMode);
+            stubs.push(isInTestModeStub);
+            if (testCase.restoreCacheResult instanceof Error) {
+                const restoreCacheStub = sinon
+                    .stub(actionsCache, "restoreCache")
+                    .rejects(testCase.restoreCacheResult);
+                stubs.push(restoreCacheStub);
+            }
+            else {
+                const restoreCacheStub = sinon
+                    .stub(actionsCache, "restoreCache")
+                    .resolves(testCase.restoreCacheResult);
+                stubs.push(restoreCacheStub);
+            }
+            const tryGetFolderBytesStub = sinon
+                .stub(utils, "tryGetFolderBytes")
+                .resolves(testCase.tryGetFolderBytesSucceeds ? 1024 * 1024 : undefined);
+            stubs.push(tryGetFolderBytesStub);
+            try {
+                const result = await (0, overlay_database_utils_1.downloadOverlayBaseDatabaseFromCache)((0, testing_utils_1.mockCodeQLVersion)(testCase.codeQLVersion), config, logger);
+                if (expectDownloadSuccess) {
+                    t.truthy(result);
+                }
+                else {
+                    t.is(result, undefined);
+                }
+            }
+            finally {
+                for (const stub of stubs) {
+                    stub.restore();
+                }
+            }
+        });
+    },
+    title: (_, title) => `downloadOverlayBaseDatabaseFromCache: ${title}`,
+});
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns stats when successful", {}, true);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when mode is OverlayDatabaseMode.OverlayBase", {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when mode is OverlayDatabaseMode.None", {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when caching is disabled", {
+    useOverlayDatabaseCaching: false,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined in test mode", {
+    isInTestMode: true,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when cache miss", {
+    restoreCacheResult: undefined,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when download fails", {
+    restoreCacheResult: new Error("Download failed"),
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when downloaded database is invalid", {
+    hasBaseDatabaseOidsFile: false,
+}, false);
+(0, ava_1.default)(testDownloadOverlayBaseDatabaseFromCache, "returns undefined when filesystem error occurs", {
+    tryGetFolderBytesSucceeds: false,
+}, false);
 //# sourceMappingURL=overlay-database-utils.test.js.map
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				{"version":3,"file":"diff-informed-analysis-utils.test.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAA6C;AAC7C,6CAA+B;AAE/B,4DAA8C;AAE9C,wDAA0C;AAC1C,iFAAmF;AACnF,mDAAoD;AACpD,uCAA4C;AAC5C,6CAAkD;AAClD,mDAKyB;AACzB,iCAAmD;AAGnD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAUjB,MAAM,eAAe,GAAiC;IACpD,cAAc,EAAE,IAAI;IACpB,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,MAAM;KAC3B;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,gBAAgB;KACvB;IACD,aAAa,EAAE,QAAQ;CACxB,CAAC;AAEF,MAAM,qCAAqC,GAAG,aAAI,CAAC,KAAK,CAAC;IACvD,IAAI,EAAE,KAAK,EACT,CAAmB,EACnB,MAAc,EACd,eAAsD,EACtD,cAAuB,EACvB,EAAE;QACF,OAAO,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACvC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,QAAQ,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,eAAe,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;YACrC,MAAM,MAAM,GAAG,IAAA,iCAAiB,EAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YAEzD,IAAI,QAAQ,CAAC,yBAAyB,KAAK,SAAS,EAAE,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,mCAAmC;oBAC7C,QAAQ,CAAC,yBAAyB,CAAC,QAAQ,EAAE,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;YACzD,CAAC;YAED,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,QAAQ,CAAC,aAAa,EACtB,IAAA,+BAAkB,EAAC,gBAAgB,CAAC,EACpC,MAAM,EACN,MAAM,CACP,CAAC;YACF,IAAA,0CAA0B,EAAC,GAAG,EAAE;gBAC9B,CAAC,uBAAO,CAAC,mBAAmB,CAAC,EAAE,QAAQ,CAAC,cAAc;aACvD,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,KAAK;iBAC/B,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC;iBACnC,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;YACpC,MAAM,0BAA0B,GAAG,KAAK;iBACrC,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;iBAC3C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;YAEzC,MAAM,MAAM,GAAG,MAAM,IAAA,gEAAiC,EACpD,MAAM,EACN,QAAQ,EACR,MAAM,CACP,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAE7B,OAAO,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC;YAEvD,oBAAoB,CAAC,OAAO,EAAE,CAAC;YAC/B,0BAA0B,CAAC,OAAO,EAAE,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IACD,KAAK,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC,sCAAsC,KAAK,EAAE;CACnE,CAAC,CAAC;AAEH,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC,EAAE,EACF,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,0DAA0D,EAC1D;IACE,cAAc,EAAE,KAAK;CACtB,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,wEAAwE,EACxE;IACE,cAAc,EAAE,IAAI;IACpB,yBAAyB,EAAE,KAAK;CACjC,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,sEAAsE,EACtE;IACE,cAAc,EAAE,KAAK;IACrB,yBAAyB,EAAE,IAAI;CAChC,EACD,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,yCAAyC,EACzC;IACE,aAAa,EAAE,QAAQ;CACxB,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,wCAAwC,EACxC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,iBAAiB;KAC3B;CACF,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,QAAQ;KAClB;CACF,EACD,KAAK,CACN,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,sCAAsC,EACtC;IACE,aAAa,EAAE;QACb,IAAI,EAAE,oBAAa,CAAC,IAAI;QACxB,OAAO,EAAE,QAAQ;KAClB;CACF,EACD,IAAI,CACL,CAAC;AAEF,IAAA,aAAI,EACF,qCAAqC,EACrC,uCAAuC,EACvC;IACE,mBAAmB,EAAE,SAAS;CAC/B,EACD,KAAK,CACN,CAAC"}