Do not attempt to upload undefined status reports

Bump the npm group across 1 directory with 7 updates

.github/copilot-instructions.md

@@ -0,0 +1,5 @@
+# CodeQL Action - Copilot Instructions
+
+The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
+
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.

.github/workflows/__all-platform-bundle.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'true'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - id: init
         uses: ./../action/init
         with:

.github/workflows/__analyze-ref-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__build-mode-manual.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -27,6 +27,8 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: macos-latest
+            version: linked
           - os: macos-latest
             version: nightly-latest
     name: 'C/C++: autoinstalling dependencies is skipped (macOS)'

.github/workflows/__export-file-baseline-information.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__go-custom-queries.yml

@@ -47,9 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - name: Remove `file` program
         run: |
           echo $(which file)

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-tracing-autobuilder.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__multi-language-autodetect.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.15.5
           - os: macos-latest
             version: stable-v2.16.6
           - os: ubuntu-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: ubuntu-latest
             version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.20.7
           - os: macos-latest
             version: default
           - os: ubuntu-latest
@@ -75,10 +75,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
           go-version: '>=1.21.0'
-
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging.yml

.github/workflows/__packaging-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging2.yml

.github/workflows/__quality-queries.yml

@@ -0,0 +1,117 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Quality queries input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  quality-queries:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
+    name: Quality queries input
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          quality-queries: code-quality
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload security SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Upload quality SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.quality.sarif.json
+          path: ${{ runner.temp }}/results/javascript.quality.sarif
+          retention-days: 7
+      - name: Check quality query does not appear in security SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+          EXPECT_PRESENT: 'false'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
+      - name: Check quality query appears in quality SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif
+          EXPECT_PRESENT: 'true'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
+    env:
+      CHECK_SCRIPT: |
+        const fs = require('fs');
+
+        const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+        const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']);
+        const run = sarif.runs[0];
+        const extensions = run.tool.extensions;
+
+        if (extensions === undefined) {
+          core.setFailed('`extensions` property not found in the SARIF run property bag.');
+        }
+
+        // ID of a query we want to check the presence for
+        const targetId = 'js/regex/always-matches';
+        const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId));
+
+        if (found && expectPresent) {
+          console.log(`Found rule with id '${targetId}'.`);
+        } else if (!found && !expectPresent) {
+          console.log(`Rule with id '${targetId}' was not found.`);
+        } else {
+          core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
+        }
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__remote-config.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__rubocop-multi-language.yml

@@ -46,7 +46,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@13e7a03dc3ac6c3798f4570bfead2aed4d96abfb # v1.244.0
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/__split-workflow.yml

@@ -55,6 +55,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__swift-custom-build.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__test-local-codeql.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - name: Fetch a CodeQL bundle
         shell: bash
         env:

.github/workflows/__unset-environment.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:
@@ -54,9 +59,6 @@ jobs:
       # Swift is not supported on Ubuntu so we manually exclude it from the list here
           languages: cpp,csharp,go,java,javascript,python,ruby
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.21.0'
       - name: Build code
         shell: bash
         run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

.github/workflows/__upload-quality-sarif.yml

@@ -0,0 +1,78 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: 'PR Check - Upload-sarif: code quality endpoint'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  upload-quality-sarif:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: default
+          - os: macos-latest
+            version: default
+          - os: windows-latest
+            version: default
+    name: 'Upload-sarif: code quality endpoint'
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          languages: cpp,csharp,java,javascript,python
+          config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
+            github.sha }}
+          quality-queries: code-quality
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+  # Generate some SARIF we can upload with the upload-sarif step
+      - uses: ./../action/analyze
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          upload: never
+      - uses: ./../action/upload-sarif
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__upload-ref-sha-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__with-checkout-path.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - name: Delete original checkout
         shell: bash
         run: |

.github/workflows/codeql.yml

@@ -75,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04,ubuntu-24.04,windows-2019,windows-2022,macos-13,macos-14]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2022,windows-2025,macos-13,macos-14,macos-15]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
     runs-on: ${{ matrix.os }}
 

.github/workflows/update-proxy-release.yml

@@ -0,0 +1,101 @@
+name: Update dependency proxy release assets
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
+        type: string
+        required: true
+
+jobs:
+  update:
+    name: Update code and create PR
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to push the updated files
+      pull-requests: write # needed to create the PR
+    env:
+      RELEASE_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Check release tag format
+        id: checks
+        shell: bash
+        run: |
+          if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
+            exit 1
+          fi
+
+          echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check that the release exists
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
+          ref: main
+
+      - name: Update git config
+        shell: bash
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update release tag and version
+        shell: bash
+        run: |
+          NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
+          sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
+          sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
+
+      - name: Compile TypeScript and commit changes
+        shell: bash
+        env:
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+        run: |
+          set -exu
+          git checkout -b "$TARGET_BRANCH"
+
+          npm run build
+          git add ./src/start-proxy-action.ts
+          git add ./lib
+          git commit -m "Update release used by \`start-proxy\` action"
+
+      - name: Push changes and open PR
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+          PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
+        run: |
+          set -exu
+          pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
+          pr_body=$(cat << EOF
+            This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
+            are attached as release assets to the \`$RELEASE_TAG\` release.
+
+
+            Please do the following before merging:
+
+            - [ ] Verify that the changes to the code are correct.
+            - [ ] Mark the PR as ready for review to trigger the CI.
+          EOF
+          )
+
+          git push origin "$TARGET_BRANCH"
+          gh pr create \
+            --head "$TARGET_BRANCH" \
+            --base "main" \
+            --title "${pr_title}" \
+            --body "${pr_body}" \
+            $PR_FLAG

CHANGELOG.md

@@ -4,10 +4,29 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
+No user facing changes.
+
+## 3.29.2 - 30 Jun 2025
+
+- Experimental: When the `quality-queries` input for the `init` action is provided with an argument, separate `.quality.sarif` files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#2935](https://github.com/github/codeql-action/pull/2935)
+
+## 3.29.1 - 27 Jun 2025
+
+- Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
+- Update default CodeQL bundle version to 2.22.1. [#2950](https://github.com/github/codeql-action/pull/2950)
+
+## 3.29.0 - 11 Jun 2025
+
+- Update default CodeQL bundle version to 2.22.0. [#2925](https://github.com/github/codeql-action/pull/2925)
+- Bump minimum CodeQL bundle version to 2.16.6. [#2912](https://github.com/github/codeql-action/pull/2912)
+
+## 3.28.19 - 03 Jun 2025
+
 - The CodeQL Action no longer includes its own copy of the extractor for the `actions` language, which is currently in public preview.
   The `actions` extractor has been included in the CodeQL CLI since v2.20.6. If your workflow has enabled the `actions` language _and_ you have pinned
   your `tools:` property to a specific version of the CodeQL CLI earlier than v2.20.6, you will need to update to at least CodeQL v2.20.6 or disable
   `actions` analysis.
+- Update default CodeQL bundle version to 2.21.4. [#2910](https://github.com/github/codeql-action/pull/2910)
 
 ## 3.28.18 - 16 May 2025
 

README.md

@@ -55,7 +55,7 @@ For compiled languages:
 
 - `manual` build mode will typically produce the most precise results, but it is more difficult to set up and will cause the analysis to take slightly more time to run.
 - `autobuild` build mode is simpler to set up, but will only work for projects with generic build steps that can be guessed by the heuristics of the autobuild scripts. If `autobuild` fails, then you must switch to `manual` or `none`. If `autobuild` succeeds, then the results and run time will be the same as `manual` mode.
-- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by C/C++, Swift, Go, or Kotlin.
+- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by Swift, Go, or Kotlin. It is in public preview for C/C++.
 
 
 ## Supported versions of the CodeQL Action

init/action.yml

@@ -83,6 +83,9 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  quality-queries:
+    description: '[Internal] Comma-separated list of code quality queries to run.'
+    required: false
   packs:
     description: >-
       Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not

lib/actions-util.js

@@ -49,10 +49,13 @@ exports.isDefaultSetup = isDefaultSetup;
 exports.prettyPrintInvocation = prettyPrintInvocation;
 exports.ensureEndsInPeriod = ensureEndsInPeriod;
 exports.runTool = runTool;
+exports.getPullRequestBranches = getPullRequestBranches;
+exports.isAnalyzingPullRequest = isAnalyzingPullRequest;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
+const github = __importStar(require("@actions/github"));
 const io = __importStar(require("@actions/io"));
 const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs, @typescript-eslint/no-require-imports
@@ -352,4 +355,41 @@ const restoreInputs = function () {
     }
 };
 exports.restoreInputs = restoreInputs;
+/**
+ * Returns the base and head branches of the pull request being analyzed.
+ *
+ * @returns the base and head branches of the pull request, or undefined if
+ * we are not analyzing a pull request.
+ */
+function getPullRequestBranches() {
+    const pullRequest = github.context.payload.pull_request;
+    if (pullRequest) {
+        return {
+            base: pullRequest.base.ref,
+            // We use the head label instead of the head ref here, because the head
+            // ref lacks owner information and by itself does not uniquely identify
+            // the head branch (which may be in a forked repository).
+            head: pullRequest.head.label,
+        };
+    }
+    // PR analysis under Default Setup does not have the pull_request context,
+    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
+    const codeScanningRef = process.env.CODE_SCANNING_REF;
+    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
+    if (codeScanningRef && codeScanningBaseBranch) {
+        return {
+            base: codeScanningBaseBranch,
+            // PR analysis under Default Setup analyzes the PR head commit instead of
+            // the merge commit, so we can use the provided ref directly.
+            head: codeScanningRef,
+        };
+    }
+    return undefined;
+}
+/**
+ * Returns whether we are analyzing a pull request.
+ */
+function isAnalyzingPullRequest() {
+    return getPullRequestBranches() !== undefined;
+}
 //# sourceMappingURL=actions-util.js.map

lib/actions-util.test.js

@@ -1,14 +1,78 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
+const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const environment_1 = require("./environment");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
+function withMockedContext(mockPayload, testFn) {
+    const originalPayload = github.context.payload;
+    github.context.payload = mockPayload;
+    try {
+        return testFn();
+    }
+    finally {
+        github.context.payload = originalPayload;
+    }
+}
+function withMockedEnv(envVars, testFn) {
+    const originalEnv = { ...process.env };
+    // Apply environment changes
+    for (const [key, value] of Object.entries(envVars)) {
+        if (value === undefined) {
+            delete process.env[key];
+        }
+        else {
+            process.env[key] = value;
+        }
+    }
+    try {
+        return testFn();
+    }
+    finally {
+        // Restore original environment
+        process.env = originalEnv;
+    }
+}
 (0, ava_1.default)("computeAutomationID()", async (t) => {
     let actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
     t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/");
@@ -25,6 +89,78 @@ const util_1 = require("./util");
     actualAutomationID = (0, api_client_1.computeAutomationID)(".github/workflows/codeql-analysis.yml:analyze", undefined);
     t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/");
 });
+(0, ava_1.default)("getPullRequestBranches() with pull request context", (t) => {
+    withMockedContext({
+        pull_request: {
+            number: 123,
+            base: { ref: "main" },
+            head: { label: "user:feature-branch" },
+        },
+    }, () => {
+        t.deepEqual((0, actions_util_1.getPullRequestBranches)(), {
+            base: "main",
+            head: "user:feature-branch",
+        });
+        t.is((0, actions_util_1.isAnalyzingPullRequest)(), true);
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined with push context", (t) => {
+    withMockedContext({
+        push: {
+            ref: "refs/heads/main",
+        },
+    }, () => {
+        t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+        t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() with Default Setup environment variables", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: "refs/heads/feature-branch",
+            CODE_SCANNING_BASE_BRANCH: "main",
+        }, () => {
+            t.deepEqual((0, actions_util_1.getPullRequestBranches)(), {
+                base: "main",
+                head: "refs/heads/feature-branch",
+            });
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), true);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when only CODE_SCANNING_REF is set", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: "refs/heads/feature-branch",
+            CODE_SCANNING_BASE_BRANCH: undefined,
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when only CODE_SCANNING_BASE_BRANCH is set", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: undefined,
+            CODE_SCANNING_BASE_BRANCH: "main",
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
+(0, ava_1.default)("getPullRequestBranches() returns undefined when no PR context", (t) => {
+    withMockedContext({}, () => {
+        withMockedEnv({
+            CODE_SCANNING_REF: undefined,
+            CODE_SCANNING_BASE_BRANCH: undefined,
+        }, () => {
+            t.is((0, actions_util_1.getPullRequestBranches)(), undefined);
+            t.is((0, actions_util_1.isAnalyzingPullRequest)(), false);
+        });
+    });
+});
 (0, ava_1.default)("initializeEnvironment", (t) => {
     (0, util_1.initializeEnvironment)("1.2.3");
     t.deepEqual(process.env[environment_1.EnvVar.VERSION], "1.2.3");

lib/actions-util.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"actions-util.test.js","sourceRoot":"","sources":["../src/actions-util.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,6CAAmD;AACnD,+CAAuC;AACvC,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxC,IAAI,kBAAkB,GAAG,IAAA,gCAAmB,EAC1C,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,gCAAgC;IAChC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,6DAA6D;IAC7D,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,IAAI,CACL,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;IAEF,sCAAsC;IACtC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,qDAAqD,CACtD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gEAAgE,CACjE,CAAC;IAEF,8BAA8B;IAC9B,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,SAAS,CACV,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE;IAClC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC"}
+{"version":3,"file":"actions-util.test.js","sourceRoot":"","sources":["../src/actions-util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,8CAAuB;AAEvB,iDAAgF;AAChF,6CAAmD;AACnD,+CAAuC;AACvC,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,iBAAiB,CAAI,WAAgB,EAAE,MAAe;IAC7D,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;IAC/C,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,WAAW,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,eAAe,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CACpB,OAA2C,EAC3C,MAAe;IAEf,MAAM,WAAW,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEvC,4BAA4B;IAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,CAAC;IAClB,CAAC;YAAS,CAAC;QACT,+BAA+B;QAC/B,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,IAAA,aAAI,EAAC,uBAAuB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxC,IAAI,kBAAkB,GAAG,IAAA,gCAAmB,EAC1C,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,gCAAgC;IAChC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,2CAA2C,CAC5C,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,6EAA6E,CAC9E,CAAC;IAEF,6DAA6D;IAC7D,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,IAAI,CACL,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;IAEF,sCAAsC;IACtC,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,qDAAqD,CACtD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gEAAgE,CACjE,CAAC;IAEF,8BAA8B;IAC9B,kBAAkB,GAAG,IAAA,gCAAmB,EACtC,+CAA+C,EAC/C,SAAS,CACV,CAAC;IACF,CAAC,CAAC,SAAS,CACT,kBAAkB,EAClB,gDAAgD,CACjD,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oDAAoD,EAAE,CAAC,CAAC,EAAE,EAAE;IAC/D,iBAAiB,CACf;QACE,YAAY,EAAE;YACZ,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE;YACrB,IAAI,EAAE,EAAE,KAAK,EAAE,qBAAqB,EAAE;SACvC;KACF,EACD,GAAG,EAAE;QACH,CAAC,CAAC,SAAS,CAAC,IAAA,qCAAsB,GAAE,EAAE;YACpC,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,qBAAqB;SAC5B,CAAC,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8DAA8D,EAAE,CAAC,CAAC,EAAE,EAAE;IACzE,iBAAiB,CACf;QACE,IAAI,EAAE;YACJ,GAAG,EAAE,iBAAiB;SACvB;KACF,EACD,GAAG,EAAE;QACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;QAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mEAAmE,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9E,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,2BAA2B;YAC9C,yBAAyB,EAAE,MAAM;SAClC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,SAAS,CAAC,IAAA,qCAAsB,GAAE,EAAE;gBACpC,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,2BAA2B;aAClC,CAAC,CAAC;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,IAAI,CAAC,CAAC;QACvC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+EAA+E,EAAE,CAAC,CAAC,EAAE,EAAE;IAC1F,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,2BAA2B;YAC9C,yBAAyB,EAAE,SAAS;SACrC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uFAAuF,EAAE,CAAC,CAAC,EAAE,EAAE;IAClG,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,SAAS;YAC5B,yBAAyB,EAAE,MAAM;SAClC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+DAA+D,EAAE,CAAC,CAAC,EAAE,EAAE;IAC1E,iBAAiB,CAAC,EAAE,EAAE,GAAG,EAAE;QACzB,aAAa,CACX;YACE,iBAAiB,EAAE,SAAS;YAC5B,yBAAyB,EAAE,SAAS;SACrC,EACD,GAAG,EAAE;YACH,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,SAAS,CAAC,CAAC;YAC1C,CAAC,CAAC,EAAE,CAAC,IAAA,qCAAsB,GAAE,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uBAAuB,EAAE,CAAC,CAAC,EAAE,EAAE;IAClC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAC/B,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -68,6 +68,7 @@ const util = __importStar(require("./util"));
         };
         sinon.stub(configUtils, "getConfig").resolves({
             gitHubVersion,
+            augmentationProperties: {},
             languages: [],
             packs: [],
             trapCaches: {},
@@ -75,6 +76,7 @@ const util = __importStar(require("./util"));
         const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
         requiredInputStub.withArgs("token").returns("fake-token");
         requiredInputStub.withArgs("upload-database").returns("false");
+        requiredInputStub.withArgs("output").returns("out");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
         optionalInputStub.withArgs("expect-error").returns("false");

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -67,6 +67,7 @@ const util = __importStar(require("./util"));
         };
         sinon.stub(configUtils, "getConfig").resolves({
             gitHubVersion,
+            augmentationProperties: {},
             languages: [],
             packs: [],
             trapCaches: {},
@@ -74,6 +75,7 @@ const util = __importStar(require("./util"));
         const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
         requiredInputStub.withArgs("token").returns("fake-token");
         requiredInputStub.withArgs("upload-database").returns("false");
+        requiredInputStub.withArgs("output").returns("out");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
         optionalInputStub.withArgs("expect-error").returns("false");

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -55,6 +55,7 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
 const statusReport = __importStar(require("./status-report"));
 const status_report_1 = require("./status-report");
@@ -201,7 +202,14 @@ async function run() {
         await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
-        const cleanupLevel = actionsUtil.getOptionalInput("cleanup-level") || "brutal";
+        // An overlay-base database should always use the 'overlay' cleanup level
+        // to preserve the cached intermediate results.
+        //
+        // Note that we may be overriding the 'cleanup-level' input parameter.
+        const cleanupLevel = config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.OverlayBase
+            ? "overlay"
+            : actionsUtil.getOptionalInput("cleanup-level") || "brutal";
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
             runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, cleanupLevel, diffRangePackDir, actionsUtil.getOptionalInput("category"), config, logger, features);
         }
@@ -216,14 +224,20 @@ async function run() {
         core.setOutput("sarif-output", path_1.default.resolve(outputDir));
         const uploadInput = actionsUtil.getOptionalInput("upload");
         if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger);
+            uploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, uploadLib.CodeScanningTarget);
             core.setOutput("sarif-id", uploadResult.sarifID);
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                const qualityUploadResult = await uploadLib.uploadFiles(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, uploadLib.CodeQualityTarget);
+                core.setOutput("quality-sarif-id", qualityUploadResult.sarifID);
+            }
         }
         else {
             logger.info("Not uploading results");
         }
         // Possibly upload the database bundles for remote queries
         await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
+        // Possibly upload the overlay-base database to actions cache
+        await (0, overlay_database_utils_1.uploadOverlayBaseDatabaseToCache)(codeql, config, logger);
         // Possibly upload the TRAP caches for later re-use
         const trapCacheUploadStartTime = perf_hooks_1.performance.now();
         didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);

lib/analyze.js

@@ -36,10 +36,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.exportedForTesting = exports.CodeQLAnalysisError = void 0;
+exports.exportedForTesting = exports.defaultSuites = exports.CodeQLAnalysisError = void 0;
 exports.runExtraction = runExtraction;
 exports.dbIsFinalized = dbIsFinalized;
 exports.setupDiffInformedQueryRun = setupDiffInformedQueryRun;
+exports.resolveQuerySuiteAlias = resolveQuerySuiteAlias;
 exports.runQueries = runQueries;
 exports.runFinalize = runFinalize;
 exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
@@ -50,7 +51,7 @@ const perf_hooks_1 = require("perf_hooks");
 const io = __importStar(require("@actions/io"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
-const actionsUtil = __importStar(require("./actions-util"));
+const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
@@ -61,8 +62,8 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
@@ -97,8 +98,7 @@ async function runExtraction(codeql, config, logger) {
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger);
             }
-            if (config.buildMode &&
-                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+            if (config.buildMode) {
                 if (language === languages_1.Language.cpp &&
                     config.buildMode === util_1.BuildMode.Autobuild) {
                     await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
@@ -247,7 +247,7 @@ function getDiffRanges(fileDiff, logger) {
     // uses forward slashes as the path separator, so on Windows we need to
     // replace any backslashes with forward slashes.
     const filename = path
-        .join(actionsUtil.getRequiredInput("checkout_path"), fileDiff.filename)
+        .join((0, actions_util_1.getRequiredInput)("checkout_path"), fileDiff.filename)
         .replaceAll(path.sep, "/");
     if (fileDiff.patch === undefined) {
         if (fileDiff.changes === 0) {
@@ -341,7 +341,7 @@ function writeDiffRangeDataExtensionPack(logger, ranges) {
         // range to a non-empty list that cannot match any alert location.
         ranges = [{ path: "", startLine: 0, endLine: 0 }];
     }
-    const diffRangeDir = path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range");
+    const diffRangeDir = path.join((0, actions_util_1.getTemporaryDirectory)(), "pr-diff-range");
     // We expect the Actions temporary directory to already exist, so are mainly
     // using `recursive: true` to avoid errors if the directory already exists,
     // for example if the analyze Action is run multiple times in the same job.
@@ -387,10 +387,33 @@ extensions:
     (0, diff_informed_analysis_utils_1.writeDiffRangesJsonFile)(logger, ranges);
     return diffRangeDir;
 }
+// A set of default query suite names that are understood by the CLI.
+exports.defaultSuites = new Set([
+    "security-experimental",
+    "security-extended",
+    "security-and-quality",
+    "code-quality",
+    "code-scanning",
+]);
+/**
+ * If `maybeSuite` is the name of a default query suite, it is resolved into the corresponding
+ * query suite name for the given `language`. Otherwise, `maybeSuite` is returned as is.
+ *
+ * @param language The language for which to resolve the default query suite name.
+ * @param maybeSuite The string that potentially contains the name of a default query suite.
+ * @returns Returns the resolved query suite name, or the unmodified input.
+ */
+function resolveQuerySuiteAlias(language, maybeSuite) {
+    if (exports.defaultSuites.has(maybeSuite)) {
+        return `${language}-${maybeSuite}.qls`;
+    }
+    return maybeSuite;
+}
 // Runs queries and creates sarif files in the given folder
 async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, cleanupLevel, diffRangePackDir, automationDetailsId, config, logger, features) {
     const statusReport = {};
     const queryFlags = [memoryFlag, threadsFlag];
+    const incrementalMode = [];
     if (cleanupLevel !== "overlay") {
         queryFlags.push("--expect-discarded-cache");
     }
@@ -398,14 +421,27 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     if (diffRangePackDir) {
         queryFlags.push(`--additional-packs=${diffRangePackDir}`);
         queryFlags.push("--extension-packs=codeql-action/pr-diff-range");
+        incrementalMode.push("diff-informed");
     }
-    const sarifRunPropertyFlag = diffRangePackDir
-        ? "--sarif-run-property=incrementalMode=diff-informed"
+    if (config.augmentationProperties.overlayDatabaseMode ===
+        overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
+        incrementalMode.push("overlay");
+    }
+    const sarifRunPropertyFlag = incrementalMode.length > 0
+        ? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}`
         : undefined;
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     for (const language of config.languages) {
         try {
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+            const queries = [];
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                queries.push(path.join(util.getCodeQLDatabasePath(config, language), "temp", "config-queries.qls"));
+                for (const qualityQuery of config.augmentationProperties
+                    .qualityQueriesInput) {
+                    queries.push(resolveQuerySuiteAlias(language, qualityQuery.uses));
+                }
+            }
             // The work needed to generate the query suites
             // is done in the CLI. We just need to make a single
             // call to run all the queries for each language and
@@ -413,7 +449,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             logger.startGroup(`Running queries for ${language}`);
             const startTimeRunQueries = new Date().getTime();
             const databasePath = util.getCodeQLDatabasePath(config, language);
-            await codeql.databaseRunQueries(databasePath, queryFlags);
+            await codeql.databaseRunQueries(databasePath, queryFlags, queries);
             logger.debug(`Finished running queries for ${language}.`);
             // TODO should not be using `builtin` here. We should be using `all` instead.
             // The status report does not support `all` yet.
@@ -422,6 +458,13 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             logger.startGroup(`Interpreting results for ${language}`);
             const startTimeInterpretResults = new Date();
             const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+            if (config.augmentationProperties.qualityQueriesInput !== undefined) {
+                logger.info(`Interpreting quality results for ${language}`);
+                const qualitySarifFile = path.join(sarifFolder, `${language}.quality.sarif`);
+                const qualityAnalysisSummary = await runInterpretResults(language, config.augmentationProperties.qualityQueriesInput.map((i) => resolveQuerySuiteAlias(language, i.uses)), qualitySarifFile, config.debugMode);
+                // TODO: move
+                logger.info(qualityAnalysisSummary);
+            }
             const endTimeInterpretResults = new Date();
             statusReport[`interpret_results_${language}_duration_ms`] =
                 endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();

lib/analyze.test.js

@@ -313,4 +313,17 @@ function runGetDiffRanges(changes, patch) {
     const diffRanges = runGetDiffRanges(2, ["@@ 30 +50,2 @@", "+1", "+2"]);
     t.deepEqual(diffRanges, undefined);
 });
+(0, ava_1.default)("resolveQuerySuiteAlias", (t) => {
+    // default query suite names should resolve to something language-specific ending in `.qls`.
+    for (const suite of analyze_1.defaultSuites) {
+        const resolved = (0, analyze_1.resolveQuerySuiteAlias)(languages_1.Language.go, suite);
+        t.assert(resolved.endsWith(".qls"), "Resolved default suite doesn't end in .qls");
+        t.assert(resolved.indexOf(languages_1.Language.go) >= 0, "Resolved default suite doesn't contain language name");
+    }
+    // other inputs should be returned unchanged
+    const names = ["foo", "bar", "codeql/go-queries@1.0"];
+    for (const name of names) {
+        t.deepEqual((0, analyze_1.resolveQuerySuiteAlias)(languages_1.Language.go, name), name);
+    }
+});
 //# sourceMappingURL=analyze.test.js.map

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.17", "minimumVersion": "3.13" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.13" }

lib/autobuild.js

@@ -45,11 +45,9 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(codeql, config, logger) {
-    if ((config.buildMode === util_1.BuildMode.None &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
+async function determineAutobuildLanguages(_codeql, config, logger) {
+    if (config.buildMode === util_1.BuildMode.None ||
         config.buildMode === util_1.BuildMode.Manual) {
         logger.info(`Using build mode "${config.buildMode}", nothing to autobuild. ` +
             `See ${doc_url_1.DocUrl.CODEQL_BUILD_MODES} for more information.`);
@@ -150,8 +148,7 @@ async function runAutobuild(config, language, logger) {
     if (language === languages_1.Language.cpp) {
         await setupCppAutobuild(codeQL, logger);
     }
-    if (config.buildMode &&
-        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode) {
         await codeQL.extractUsingBuildMode(config, language);
     }
     else {

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEAkGC;AAED,8CAmCC;AAED,oCAsBC;AA9KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,qDAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAiGC;AAED,8CAmCC;AAED,oCAmBC;AAzKD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAA0B,EAC1B,MAAc;IAEd,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QACnC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}

lib/codeql.js

@@ -73,7 +73,7 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.15.5";
+const CODEQL_MINIMUM_VERSION = "2.16.6";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
@@ -254,7 +254,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async supportsFeature(feature) {
             return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
         },
-        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
             const extraArgs = config.languages.map((language) => `--language=${language}`);
             if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config)) {
                 extraArgs.push("--begin-tracing");
@@ -267,8 +267,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (externalRepositoryToken) {
                 extraArgs.push("--external-repository-token-stdin");
             }
-            if (config.buildMode !== undefined &&
-                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
+            if (config.buildMode !== undefined) {
                 extraArgs.push(`--build-mode=${config.buildMode}`);
             }
             if (qlconfigFile !== undefined) {
@@ -277,6 +276,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
                 ? "--force-overwrite"
                 : "--overwrite";
+            const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
             if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
                 const overlayChangesFile = await (0, overlay_database_utils_1.writeOverlayChangesFile)(config, sourceRoot, logger);
                 extraArgs.push(`--overlay-changes=${overlayChangesFile}`);
@@ -451,7 +451,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
             }
         },
-        async databaseRunQueries(databasePath, flags) {
+        async databaseRunQueries(databasePath, flags, queries = []) {
             const codeqlArgs = [
                 "database",
                 "run-queries",
@@ -460,6 +460,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "--intra-layer-parallelism",
                 "--min-disk-free=1024", // Try to leave at least 1GB free
                 "-v",
+                ...queries,
                 ...getExtraOptionsFromEnv(["database", "run-queries"], {
                     ignoringOptions: ["--expect-discarded-cache"],
                 }),
@@ -796,8 +797,12 @@ async function generateCodeScanningConfig(config, logger) {
         delete augmentedConfig.packs;
     }
     augmentedConfig["query-filters"] = [
-        ...(config.augmentationProperties.defaultQueryFilters || []),
+        // Ordering matters. If the first filter is an inclusion, it implicitly
+        // excludes all queries that are not included. If it is an exclusion,
+        // it implicitly includes all queries that are not excluded. So user
+        // filters (if any) should always be first to preserve intent.
         ...(augmentedConfig["query-filters"] || []),
+        ...(config.augmentationProperties.extraQueryExclusions || []),
     ];
     if (augmentedConfig["query-filters"]?.length === 0) {
         delete augmentedConfig["query-filters"];

lib/codeql.test.js

@@ -49,11 +49,11 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
+const config_utils_1 = require("./config-utils");
 const defaults = __importStar(require("./defaults.json"));
 const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
-const overlay_database_utils_1 = require("./overlay-database-utils");
 const setup_codeql_1 = require("./setup-codeql");
 const testing_utils_1 = require("./testing-utils");
 const tools_features_1 = require("./tools-features");
@@ -336,7 +336,7 @@ const injectedConfigMacro = ava_1.default.macro({
                 tempDir,
                 augmentationProperties,
             };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
             const args = runnerConstructorStub.firstCall.args[1];
             // should have used an config file
             const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -350,18 +350,16 @@ const injectedConfigMacro = ava_1.default.macro({
     title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
 });
 (0, ava_1.default)("basic", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
 }, {}, {});
 (0, ava_1.default)("injected packs from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {}, {
     packs: ["xxx", "yyy"],
 });
 (0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
-    queriesInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["xxx", "yyy"],
 }, {
@@ -376,8 +374,7 @@ const injectedConfigMacro = ava_1.default.macro({
     },
 });
 (0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {
     originalUserInput: {
@@ -390,8 +387,7 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 // similar, but with queries
 (0, ava_1.default)("injected queries from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
     queries: [
@@ -404,8 +400,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -422,8 +417,8 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
-    packsInputCombines: false,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -443,6 +438,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -457,6 +453,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [],
@@ -472,7 +469,7 @@ const injectedConfigMacro = ava_1.default.macro({
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         // should have used a config file
         const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -488,7 +485,7 @@ const injectedConfigMacro = ava_1.default.macro({
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
         await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
-        overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(true));
+        (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
         t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
@@ -639,7 +636,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     sinon.stub(io, "which").resolves("");
     process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
         '{ "database": { "init": ["--overwrite"] } }';
-    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, overlay_database_utils_1.OverlayDatabaseMode.None, (0, logging_1.getRunnerLogger)(false));
+    await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, logging_1.getRunnerLogger)(false));
     t.true(runnerConstructorStub.calledOnce);
     const args = runnerConstructorStub.firstCall.args[1];
     t.is(args.filter((option) => option === "--overwrite").length, 1, "--overwrite should only be passed once");

lib/config-utils.js

@@ -47,6 +47,7 @@ exports.getLanguages = getLanguages;
 exports.getRawLanguages = getRawLanguages;
 exports.getDefaultConfig = getDefaultConfig;
 exports.calculateAugmentation = calculateAugmentation;
+exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.parsePacksFromInput = parsePacksFromInput;
 exports.parsePacksSpecification = parsePacksSpecification;
 exports.validatePackSpecification = validatePackSpecification;
@@ -62,11 +63,14 @@ const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
+const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const feature_flags_1 = require("./feature-flags");
+const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 // Property names from the user-supplied config file.
@@ -80,7 +84,10 @@ exports.defaultAugmentationProperties = {
     packsInputCombines: false,
     packsInput: undefined,
     queriesInput: undefined,
-    defaultQueryFilters: [],
+    qualityQueriesInput: undefined,
+    extraQueryExclusions: [],
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
 };
 function getPacksStrInvalid(packStr, configFile) {
     return configFile
@@ -226,10 +233,10 @@ async function getRawLanguages(languagesInput, repository, logger) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, sourceRoot, githubVersion, features, logger, }) {
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, repository, features, packsInput, queriesInput, qualityQueriesInput, languages, sourceRoot, buildMode, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -261,7 +268,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, sourceRoot, githubVersion, apiDetails, features, logger, }) {
     let parsedYAML;
     if (isLocal(configFile)) {
         if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -279,7 +286,7 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
     }
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, repository, features, packsInput, queriesInput, qualityQueriesInput, languages, sourceRoot, buildMode, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -306,12 +313,15 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  * the config file sent to the CLI.
  *
  * @param codeql The CodeQL object.
+ * @param repository The repository to analyze.
  * @param features The feature enablement object.
  * @param rawPacksInput The packs input from the action configuration.
  * @param rawQueriesInput The queries input from the action configuration.
  * @param languages The languages that the config file is for. If the packs input
  *    is non-empty, then there must be exactly one language. Otherwise, an
  *    error is thrown.
+ * @param sourceRoot The source root of the repository.
+ * @param buildMode The build mode to use.
  * @param logger The logger to use for logging.
  *
  * @returns The properties that need to be augmented in the config file.
@@ -320,21 +330,30 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  *     not have exactly one language.
  */
 // exported for testing.
-async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, languages, logger) {
+async function calculateAugmentation(codeql, repository, features, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, sourceRoot, buildMode, logger) {
     const packsInputCombines = shouldCombine(rawPacksInput);
     const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
     const queriesInputCombines = shouldCombine(rawQueriesInput);
     const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
-    const defaultQueryFilters = [];
+    const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode(codeql, repository, features, languages, sourceRoot, buildMode, logger);
+    logger.info(`Using overlay database mode: ${overlayDatabaseMode} ` +
+        `${useOverlayDatabaseCaching ? "with" : "without"} caching.`);
+    const qualityQueriesInput = parseQueriesFromInput(rawQualityQueriesInput, false);
+    const extraQueryExclusions = [];
     if (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger)) {
-        defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
+        extraQueryExclusions.push({
+            exclude: { tags: "exclude-from-incremental" },
+        });
     }
     return {
         packsInputCombines,
         packsInput: packsInput?.[languages[0]],
         queriesInput,
         queriesInputCombines,
-        defaultQueryFilters,
+        qualityQueriesInput,
+        extraQueryExclusions,
+        overlayDatabaseMode,
+        useOverlayDatabaseCaching,
     };
 }
 function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
@@ -349,6 +368,88 @@ function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
     }
     return trimmedInput.split(",").map((query) => ({ uses: query.trim() }));
 }
+/**
+ * Calculate and validate the overlay database mode and caching to use.
+ *
+ * - If the environment variable `CODEQL_OVERLAY_DATABASE_MODE` is set, use it.
+ *   In this case, the workflow is responsible for managing database storage and
+ *   retrieval, and the action will not perform overlay database caching. Think
+ *   of it as a "manual control" mode where the calling workflow is responsible
+ *   for making sure that everything is set up correctly.
+ * - Otherwise, if `Feature.OverlayAnalysis` is enabled, calculate the mode
+ *   based on what we are analyzing. Think of it as a "automatic control" mode
+ *   where the action will do the right thing by itself.
+ *   - If we are analyzing a pull request, use `Overlay` with caching.
+ *   - If we are analyzing the default branch, use `OverlayBase` with caching.
+ * - Otherwise, use `None`.
+ *
+ * For `Overlay` and `OverlayBase`, the function performs further checks and
+ * reverts to `None` if any check should fail.
+ *
+ * @returns An object containing the overlay database mode and whether the
+ * action should perform overlay-base database caching.
+ */
+async function getOverlayDatabaseMode(codeql, repository, features, languages, sourceRoot, buildMode, logger) {
+    let overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.None;
+    let useOverlayDatabaseCaching = false;
+    const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
+    // Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and
+    // treated as if the environment variable was not set.
+    if (modeEnv === overlay_database_utils_1.OverlayDatabaseMode.Overlay ||
+        modeEnv === overlay_database_utils_1.OverlayDatabaseMode.OverlayBase ||
+        modeEnv === overlay_database_utils_1.OverlayDatabaseMode.None) {
+        overlayDatabaseMode = modeEnv;
+        logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+            "from the CODEQL_OVERLAY_DATABASE_MODE environment variable.");
+    }
+    else if (
+    // TODO: Remove the repository owner check once support for overlay analysis
+    // stabilizes, and no more backward-incompatible changes are expected.
+    ["github", "dsp-testing"].includes(repository.owner) &&
+        (await features.getValue(feature_flags_1.Feature.OverlayAnalysis, codeql))) {
+        if ((0, actions_util_1.isAnalyzingPullRequest)()) {
+            overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.Overlay;
+            useOverlayDatabaseCaching = true;
+            logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+                "with caching because we are analyzing a pull request.");
+        }
+        else if (await (0, git_utils_1.isAnalyzingDefaultBranch)()) {
+            overlayDatabaseMode = overlay_database_utils_1.OverlayDatabaseMode.OverlayBase;
+            useOverlayDatabaseCaching = true;
+            logger.info(`Setting overlay database mode to ${overlayDatabaseMode} ` +
+                "with caching because we are analyzing the default branch.");
+        }
+    }
+    const nonOverlayAnalysis = {
+        overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+        useOverlayDatabaseCaching: false,
+    };
+    if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.None) {
+        return nonOverlayAnalysis;
+    }
+    if (buildMode !== util_1.BuildMode.None && languages.some(languages_1.isTracedLanguage)) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `build-mode is set to "${buildMode}" instead of "none". ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION))) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `the CodeQL CLI is older than ${overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    if ((await (0, git_utils_1.getGitRoot)(sourceRoot)) === undefined) {
+        logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
+            `the source root "${sourceRoot}" is not inside a git repository. ` +
+            "Falling back to creating a normal full database instead.");
+        return nonOverlayAnalysis;
+    }
+    return {
+        overlayDatabaseMode,
+        useOverlayDatabaseCaching,
+    };
+}
 /**
  * Pack names must be in the form of `scope/name`, with only alpha-numeric characters,
  * and `-` allowed as long as not the first or last char.

lib/config-utils.test.js

@@ -42,13 +42,16 @@ const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
 const api = __importStar(require("./api-client"));
 const caching_utils_1 = require("./caching-utils");
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const feature_flags_1 = require("./feature-flags");
+const gitUtils = __importStar(require("./git-utils"));
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
@@ -58,6 +61,7 @@ function createTestInitConfigInputs(overrides) {
     return Object.assign({}, {
         languagesInput: undefined,
         queriesInput: undefined,
+        qualityQueriesInput: undefined,
         packsInput: undefined,
         configFile: undefined,
         dbLocation: undefined,
@@ -72,6 +76,7 @@ function createTestInitConfigInputs(overrides) {
         tempDir: "",
         codeql: {},
         workspacePath: "",
+        sourceRoot: "",
         githubVersion,
         apiDetails: {
             auth: "token",
@@ -623,58 +628,67 @@ const packSpecPrettyPrintingMacro = ava_1.default.macro({
 });
 const mockLogger = (0, logging_1.getRunnerLogger)(true);
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger);
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), { owner: "github", repo: "repo" }, (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, "", // sourceRoot
+        undefined, // buildMode
+        mockLogger);
         t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
     },
     title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
-    queriesInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With quality queries", undefined, undefined, " a, b , c, d", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    qualityQueriesInput: [
+        { uses: "a" },
+        { uses: "b" },
+        { uses: "c" },
+        { uses: "d" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With security and quality queries", undefined, " a, b , c, d", "e, f , g,h", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+        { uses: "e" },
+        { uses: "f" },
+        { uses: "g" },
+        { uses: "h" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
-        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger), { message: expectedError });
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedError) => {
+        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), { owner: "github", repo: "repo" }, (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, "", // sourceRoot
+        undefined, // buildMode
+        mockLogger), { message: expectedError });
     },
     title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 (0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
     return await (0, util_1.withTmpDir)(async (tmpDir) => {
         const registriesInput = undefined;
@@ -818,4 +832,182 @@ for (const { displayName, language, feature } of [
         ]);
     });
 }
+const defaultOverlayDatabaseModeTestSetup = {
+    overlayDatabaseEnvVar: undefined,
+    isFeatureEnabled: false,
+    isPullRequest: false,
+    isDefaultBranch: false,
+    repositoryOwner: "github",
+    buildMode: util_1.BuildMode.None,
+    languages: [languages_1.Language.javascript],
+    codeqlVersion: "2.21.0",
+    gitRoot: "/some/git/root",
+};
+const getOverlayDatabaseModeMacro = ava_1.default.macro({
+    exec: async (t, _title, setupOverrides, expected) => {
+        return await (0, util_1.withTmpDir)(async (tempDir) => {
+            const messages = [];
+            const logger = (0, testing_utils_1.getRecordingLogger)(messages);
+            // Save the original environment
+            const originalEnv = { ...process.env };
+            try {
+                const setup = {
+                    ...defaultOverlayDatabaseModeTestSetup,
+                    ...setupOverrides,
+                };
+                // Set up environment variable if specified
+                delete process.env.CODEQL_OVERLAY_DATABASE_MODE;
+                if (setup.overlayDatabaseEnvVar !== undefined) {
+                    process.env.CODEQL_OVERLAY_DATABASE_MODE =
+                        setup.overlayDatabaseEnvVar;
+                }
+                // Mock feature flags
+                const features = (0, testing_utils_1.createFeatures)(setup.isFeatureEnabled ? [feature_flags_1.Feature.OverlayAnalysis] : []);
+                // Mock isAnalyzingPullRequest function
+                sinon
+                    .stub(actionsUtil, "isAnalyzingPullRequest")
+                    .returns(setup.isPullRequest);
+                // Mock repository owner
+                const repository = {
+                    owner: setup.repositoryOwner,
+                    repo: "test-repo",
+                };
+                // Set up CodeQL mock
+                const codeql = (0, testing_utils_1.mockCodeQLVersion)(setup.codeqlVersion);
+                // Mock git root detection
+                if (setup.gitRoot !== undefined) {
+                    sinon.stub(gitUtils, "getGitRoot").resolves(setup.gitRoot);
+                }
+                // Mock default branch detection
+                sinon
+                    .stub(gitUtils, "isAnalyzingDefaultBranch")
+                    .resolves(setup.isDefaultBranch);
+                const result = await configUtils.getOverlayDatabaseMode(codeql, repository, features, setup.languages, tempDir, // sourceRoot
+                setup.buildMode, logger);
+                t.deepEqual(result, expected);
+            }
+            finally {
+                // Restore the original environment
+                process.env = originalEnv;
+            }
+        });
+    },
+    title: (_, title) => `getOverlayDatabaseMode: ${title}`,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - Overlay", {
+    overlayDatabaseEnvVar: "overlay",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - OverlayBase", {
+    overlayDatabaseEnvVar: "overlay-base",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Environment variable override - None", {
+    overlayDatabaseEnvVar: "none",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Ignore invalid environment variable", {
+    overlayDatabaseEnvVar: "invalid-mode",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Ignore feature flag when analyzing non-default branch", {
+    isFeatureEnabled: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay-base database on default branch when feature enabled", {
+    isFeatureEnabled: true,
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.OverlayBase,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay-base database on default branch when feature disabled", {
+    isDefaultBranch: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay analysis on PR when feature enabled", {
+    isFeatureEnabled: true,
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay analysis on PR when feature disabled", {
+    isPullRequest: true,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by env for dsp-testing", {
+    overlayDatabaseEnvVar: "overlay",
+    repositoryOwner: "dsp-testing",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by env for other-org", {
+    overlayDatabaseEnvVar: "overlay",
+    repositoryOwner: "other-org",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Overlay PR analysis by feature flag for dsp-testing", {
+    isFeatureEnabled: true,
+    isPullRequest: true,
+    repositoryOwner: "dsp-testing",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "No overlay PR analysis by feature flag for other-org", {
+    isFeatureEnabled: true,
+    isPullRequest: true,
+    repositoryOwner: "other-org",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to autobuild with traced language", {
+    overlayDatabaseEnvVar: "overlay",
+    buildMode: util_1.BuildMode.Autobuild,
+    languages: [languages_1.Language.java],
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to no build mode with traced language", {
+    overlayDatabaseEnvVar: "overlay",
+    buildMode: undefined,
+    languages: [languages_1.Language.java],
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to old CodeQL version", {
+    overlayDatabaseEnvVar: "overlay",
+    codeqlVersion: "2.14.0",
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
+(0, ava_1.default)(getOverlayDatabaseModeMacro, "Fallback due to missing git root", {
+    overlayDatabaseEnvVar: "overlay",
+    gitRoot: undefined,
+}, {
+    overlayDatabaseMode: overlay_database_utils_1.OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+});
 //# sourceMappingURL=config-utils.test.js.map

lib/debug-artifacts.js

@@ -56,7 +56,7 @@ const logging_1 = require("./logging");
 const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
-    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
+    return name.replace(/[^a-zA-Z0-9_-]+/g, "");
 }
 /**
  * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF

lib/debug-artifacts.test.js

@@ -45,6 +45,7 @@ const util_1 = require("./util");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello`world`"), "helloworld");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello===123"), "hello123");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
+    t.deepEqual(debugArtifacts.sanitizeArtifactName("\\foo\\bar//baz"), "foobarbaz");
 });
 // These next tests check the correctness of the logic to determine whether or not
 // artifacts are uploaded in debug mode. Since it's not easy to mock the actual

lib/debug-artifacts.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,EACtD,WAAW,CACZ,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.21.3",
-    "cliVersion": "2.21.3",
-    "priorBundleVersion": "codeql-bundle-v2.21.2",
-    "priorCliVersion": "2.21.2"
+    "bundleVersion": "codeql-bundle-v2.22.1",
+    "cliVersion": "2.22.1",
+    "priorBundleVersion": "codeql-bundle-v2.22.0",
+    "priorCliVersion": "2.22.0"
 }

lib/diff-informed-analysis-utils.js

@@ -39,34 +39,8 @@ exports.writeDiffRangesJsonFile = writeDiffRangesJsonFile;
 exports.readDiffRangesJsonFile = readDiffRangesJsonFile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const github = __importStar(require("@actions/github"));
 const actionsUtil = __importStar(require("./actions-util"));
 const feature_flags_1 = require("./feature-flags");
-function getPullRequestBranches() {
-    const pullRequest = github.context.payload.pull_request;
-    if (pullRequest) {
-        return {
-            base: pullRequest.base.ref,
-            // We use the head label instead of the head ref here, because the head
-            // ref lacks owner information and by itself does not uniquely identify
-            // the head branch (which may be in a forked repository).
-            head: pullRequest.head.label,
-        };
-    }
-    // PR analysis under Default Setup does not have the pull_request context,
-    // but it should set CODE_SCANNING_REF and CODE_SCANNING_BASE_BRANCH.
-    const codeScanningRef = process.env.CODE_SCANNING_REF;
-    const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
-    if (codeScanningRef && codeScanningBaseBranch) {
-        return {
-            base: codeScanningBaseBranch,
-            // PR analysis under Default Setup analyzes the PR head commit instead of
-            // the merge commit, so we can use the provided ref directly.
-            head: codeScanningRef,
-        };
-    }
-    return undefined;
-}
 /**
  * Check if the action should perform diff-informed analysis.
  */
@@ -85,7 +59,7 @@ async function getDiffInformedAnalysisBranches(codeql, features, logger) {
     if (!(await features.getValue(feature_flags_1.Feature.DiffInformedQueries, codeql))) {
         return undefined;
     }
-    const branches = getPullRequestBranches();
+    const branches = actionsUtil.getPullRequestBranches();
     if (!branches) {
         logger.info("Not performing diff-informed analysis " +
             "because we are not analyzing a pull request.");

lib/diff-informed-analysis-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"diff-informed-analysis-utils.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6CA,8EASC;AASD,0EAiBC;AAYD,0DAUC;AAED,wDAaC;AArHD,uCAAyB;AACzB,2CAA6B;AAE7B,wDAA0C;AAE1C,4DAA8C;AAE9C,mDAA6D;AAQ7D,SAAS,sBAAsB;IAC7B,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC;IACxD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG;YAC1B,uEAAuE;YACvE,uEAAuE;YACvE,yDAAyD;YACzD,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACtD,MAAM,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACrE,IAAI,eAAe,IAAI,sBAAsB,EAAE,CAAC;QAC9C,OAAO;YACL,IAAI,EAAE,sBAAsB;YAC5B,yEAAyE;YACzE,6DAA6D;YAC7D,IAAI,EAAE,eAAe;SACtB,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,OAAO,CACL,CAAC,MAAM,+BAA+B,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,+BAA+B,CACnD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;IAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CACT,wCAAwC;YACtC,8CAA8C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}
+{"version":3,"file":"diff-informed-analysis-utils.js","sourceRoot":"","sources":["../src/diff-informed-analysis-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYA,8EASC;AASD,0EAiBC;AAYD,0DAUC;AAED,wDAaC;AApFD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAG9C,mDAA6D;AAG7D;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,OAAO,CACL,CAAC,MAAM,+BAA+B,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjE,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,+BAA+B,CACnD,MAAc,EACd,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,sBAAsB,EAAE,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,CAAC,IAAI,CACT,wCAAwC;YACtC,8CAA8C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAQD,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}

lib/feature-flags.js

@@ -39,6 +39,7 @@ const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
 const defaults = __importStar(require("./defaults.json"));
+const overlay_database_utils_1 = require("./overlay-database-utils");
 const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
@@ -61,11 +62,13 @@ var Feature;
     Feature["CppBuildModeNone"] = "cpp_build_mode_none";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["DiffInformedQueries"] = "diff_informed_queries";
+    Feature["DisableCombineSarifFiles"] = "disable_combine_sarif_files";
     Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["ExtractToToolcache"] = "extract_to_toolcache";
+    Feature["OverlayAnalysis"] = "overlay_analysis";
     Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
     Feature["RustAnalysis"] = "rust_analysis";
@@ -98,6 +101,11 @@ exports.featureConfig = {
         envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES",
         minimumVersion: "2.21.0",
     },
+    [Feature.DisableCombineSarifFiles]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_COMBINE_SARIF_FILES",
+        minimumVersion: undefined,
+    },
     [Feature.DisableCsharpBuildless]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS",
@@ -126,6 +134,11 @@ exports.featureConfig = {
         envVar: "CODEQL_ACTION_EXTRACT_TOOLCACHE",
         minimumVersion: undefined,
     },
+    [Feature.OverlayAnalysis]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
+        minimumVersion: overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION,
+    },
     [Feature.PythonDefaultIsToNotExtractStdlib]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION",

lib/init-action-post-helper.js

@@ -87,7 +87,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
         await codeql.databaseExportDiagnostics(databasePath, sarifFile, category);
     }
     logger.info(`Uploading failed SARIF file ${sarifFile}`);
-    const uploadResult = await uploadLib.uploadFiles(sarifFile, checkoutPath, category, features, logger);
+    const uploadResult = await uploadLib.uploadFiles(sarifFile, checkoutPath, category, features, logger, uploadLib.CodeScanningTarget);
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
     return uploadResult
         ? { ...uploadResult.statusReport, sarifID: uploadResult.sarifID }

lib/init-action.js

@@ -167,6 +167,10 @@ async function run() {
     core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, jobRunUuid);
     core.exportVariable(environment_1.EnvVar.INIT_ACTION_HAS_RUN, "true");
     const configFile = (0, actions_util_1.getOptionalInput)("config-file");
+    // path.resolve() respects the intended semantics of source-root. If
+    // source-root is relative, it is relative to the GITHUB_WORKSPACE. If
+    // source-root is absolute, it is used as given.
+    const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
     try {
         const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
         if (statusReportBase !== undefined) {
@@ -192,6 +196,7 @@ async function run() {
         config = await (0, init_1.initConfig)({
             languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
             queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
+            qualityQueriesInput: (0, actions_util_1.getOptionalInput)("quality-queries"),
             packsInput: (0, actions_util_1.getOptionalInput)("packs"),
             buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
             configFile,
@@ -204,19 +209,18 @@ async function run() {
             // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
             //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
             debugMode: (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(),
-            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") ||
-                util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") ||
-                util_1.DEFAULT_DEBUG_DATABASE_NAME,
+            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME,
             repository: repositoryNwo,
             tempDir: (0, actions_util_1.getTemporaryDirectory)(),
             codeql,
             workspacePath: (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"),
+            sourceRoot,
             githubVersion: gitHubVersion,
             apiDetails,
             features,
             logger,
-        }, codeql);
+        });
         await (0, init_1.checkInstallPython311)(config.languages, codeql);
     }
     catch (unwrappedError) {
@@ -229,10 +233,30 @@ async function run() {
         return;
     }
     try {
-        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
-        const overlayDatabaseMode = await (0, init_1.getOverlayDatabaseMode)((await codeql.getVersion()).version, config, sourceRoot, logger);
-        logger.info(`Using overlay database mode: ${overlayDatabaseMode}`);
-        if (overlayDatabaseMode !== overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
+        if (config.augmentationProperties.overlayDatabaseMode ===
+            overlay_database_utils_1.OverlayDatabaseMode.Overlay &&
+            config.augmentationProperties.useOverlayDatabaseCaching) {
+            // OverlayDatabaseMode.Overlay comes in two flavors: with database
+            // caching, or without. The flavor with database caching is intended to be
+            // an "automatic control" mode, which is supposed to be fail-safe. If we
+            // cannot download an overlay-base database, we revert to
+            // OverlayDatabaseMode.None so that the workflow can continue to run.
+            //
+            // The flavor without database caching is intended to be a "manual
+            // control" mode, where the workflow is supposed to make all the
+            // necessary preparations. So, in that mode, we would assume that
+            // everything is in order and let the analysis fail if that turns out not
+            // to be the case.
+            const overlayDatabaseDownloaded = await (0, overlay_database_utils_1.downloadOverlayBaseDatabaseFromCache)(codeql, config, logger);
+            if (!overlayDatabaseDownloaded) {
+                config.augmentationProperties.overlayDatabaseMode =
+                    overlay_database_utils_1.OverlayDatabaseMode.None;
+                logger.info("No overlay-base database found in cache, " +
+                    `reverting overlay database mode to ${overlay_database_utils_1.OverlayDatabaseMode.None}.`);
+            }
+        }
+        if (config.augmentationProperties.overlayDatabaseMode !==
+            overlay_database_utils_1.OverlayDatabaseMode.Overlay) {
             (0, init_1.cleanupDatabaseClusterDirectory)(config, logger);
         }
         if (zstdAvailability) {
@@ -353,8 +377,9 @@ async function run() {
             logger.info(`Setting C++ build-mode: none to ${value}`);
             core.exportVariable(bmnVar, value);
         }
-        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
-        if (config.languages.includes(languages_1.Language.rust)) {
+        // For rust: set CODEQL_ENABLE_EXPERIMENTAL_FEATURES, unless codeql already supports rust without it
+        if (config.languages.includes(languages_1.Language.rust) &&
+            !(await codeql.resolveLanguages()).rust) {
             const feat = feature_flags_1.Feature.RustAnalysis;
             const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
             const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
@@ -377,25 +402,12 @@ async function run() {
         if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
             await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
         }
-        // For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
-        // System Integrity Protection (SIP) disabled.
-        if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
-            process.platform === "darwin" &&
-            (process.arch === "arm" || process.arch === "arm64") &&
-            !(await (0, util_1.checkSipEnablement)(logger))) {
-            logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
-        }
-        // From 2.16.0 the default for the python extractor is to not perform any
-        // dependency extraction. For versions before that, you needed to set this flag to
-        // enable this behavior.
+        // Suppress warnings about disabled Python library extraction.
         if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.17.1")) {
             // disabled by default, no warning
         }
-        else if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.16.0")) {
-            // disabled by default, prints warning if environment variable is not set
-            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
-        }
         else {
+            // disabled by default, prints warning if environment variable is not set
             core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
         }
         if ((0, actions_util_1.getOptionalInput)("setup-python-dependencies") !== undefined) {
@@ -415,7 +427,7 @@ async function run() {
                 core.exportVariable("CODEQL_EXTRACTOR_PYTHON_EXTRACT_STDLIB", "true");
             }
         }
-        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", (0, actions_util_1.getOptionalInput)("registries"), apiDetails, overlayDatabaseMode, logger);
+        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", (0, actions_util_1.getOptionalInput)("registries"), apiDetails, logger);
         if (tracerConfig !== undefined) {
             for (const [key, value] of Object.entries(tracerConfig.env)) {
                 core.exportVariable(key, value);

lib/init.js

@@ -35,23 +35,18 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initCodeQL = initCodeQL;
 exports.initConfig = initConfig;
-exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.runInit = runInit;
-exports.printPathFiltersWarning = printPathFiltersWarning;
 exports.checkInstallPython311 = checkInstallPython311;
 exports.cleanupDatabaseClusterDirectory = cleanupDatabaseClusterDirectory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const io = __importStar(require("@actions/io"));
-const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
-const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
-const overlay_database_utils_1 = require("./overlay-database-utils");
-const tools_features_1 = require("./tools-features");
+const logging_1 = require("./logging");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
@@ -67,43 +62,12 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
         zstdAvailability,
     };
 }
-async function initConfig(inputs, codeql) {
-    const logger = inputs.logger;
-    logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(inputs);
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.InformsAboutUnsupportedPathFilters))) {
-        printPathFiltersWarning(config, logger);
-    }
-    logger.endGroup();
-    return config;
+async function initConfig(inputs) {
+    return await (0, logging_1.withGroupAsync)("Load language configuration", async () => {
+        return await configUtils.initConfig(inputs);
+    });
 }
-async function getOverlayDatabaseMode(codeqlVersion, config, sourceRoot, logger) {
-    const overlayDatabaseMode = process.env.CODEQL_OVERLAY_DATABASE_MODE;
-    if (overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.Overlay ||
-        overlayDatabaseMode === overlay_database_utils_1.OverlayDatabaseMode.OverlayBase) {
-        if (config.buildMode !== util.BuildMode.None) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `build-mode is set to "${config.buildMode}" instead of "none". ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        if (semver.lt(codeqlVersion, overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION)) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `the CodeQL CLI is older than ${overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        if ((await (0, git_utils_1.getGitRoot)(sourceRoot)) === undefined) {
-            logger.warning(`Cannot build an ${overlayDatabaseMode} database because ` +
-                `the source root "${sourceRoot}" is not inside a git repository. ` +
-                "Falling back to creating a normal full database instead.");
-            return overlay_database_utils_1.OverlayDatabaseMode.None;
-        }
-        return overlayDatabaseMode;
-    }
-    return overlay_database_utils_1.OverlayDatabaseMode.None;
-}
-async function runInit(codeql, config, sourceRoot, processName, registriesInput, apiDetails, overlayDatabaseMode, logger) {
+async function runInit(codeql, config, sourceRoot, processName, registriesInput, apiDetails, logger) {
     fs.mkdirSync(config.dbLocation, { recursive: true });
     const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries(registriesInput, config.tempDir, logger);
     await configUtils.wrapEnvironment({
@@ -111,18 +75,9 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
         CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
     }, 
     // Init a database cluster
-    async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger));
+    async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger));
     return await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
 }
-function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript/python/ruby.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.originalUserInput.paths?.length ||
-        config.originalUserInput["paths-ignore"]?.length) &&
-        !config.languages.every(languages_1.isScannedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
-    }
-}
 /**
  * If we are running python 3.12+ on windows, we need to switch to python 3.11.
  * This check happens in a powershell script.

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,gCAyCC;AAED,gCAgBC;AAED,wDAuCC;AAED,0BAoCC;AAED,0DAeC;AAMD,sDAkBC;AAED,0EAkDC;AAjQD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAA0D;AAE1D,qEAGkC;AAIlC,qDAAgD;AAChD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpD,IACE,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAC5B,6BAAY,CAAC,kCAAkC,CAChD,CAAC,EACF,CAAC;QACD,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM;QACrC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QACnD,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,6BAAiB,CAAC,EAC1C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,gCAyCC;AAED,gCAMC;AAED,0BAkCC;AAMD,sDAkBC;AAED,0EAkDC;AApLD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAElC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAuC;AACvC,uCAAmD;AAInD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

lib/init.test.js

@@ -40,26 +40,9 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const init_1 = require("./init");
-const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are undefined", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: {},
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are empty", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: { paths: [], "paths-ignore": [] },
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
 (0, ava_1.default)("cleanupDatabaseClusterDirectory cleans up where possible", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         const dbLocation = path_1.default.resolve(tmpDir, "dbs");

lib/init.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAGvB,iCAGgB;AAChB,2CAAuC;AACvC,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,wFAAwF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE;KACO,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;KACxB,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAEvB,iCAAyD;AACzD,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

lib/overlay-database-utils.js

@@ -36,10 +36,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CODEQL_OVERLAY_MINIMUM_VERSION = exports.OverlayDatabaseMode = void 0;
 exports.writeBaseDatabaseOidsFile = writeBaseDatabaseOidsFile;
 exports.writeOverlayChangesFile = writeOverlayChangesFile;
+exports.checkOverlayBaseDatabase = checkOverlayBaseDatabase;
+exports.uploadOverlayBaseDatabaseToCache = uploadOverlayBaseDatabaseToCache;
+exports.downloadOverlayBaseDatabaseFromCache = downloadOverlayBaseDatabaseFromCache;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const actionsCache = __importStar(require("@actions/cache"));
 const actions_util_1 = require("./actions-util");
 const git_utils_1 = require("./git-utils");
+const util_1 = require("./util");
 var OverlayDatabaseMode;
 (function (OverlayDatabaseMode) {
     OverlayDatabaseMode["Overlay"] = "overlay";
@@ -126,4 +131,149 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
     }
     return changes;
 }
+// Constants for database caching
+const CACHE_VERSION = 1;
+const CACHE_PREFIX = "codeql-overlay-base-database";
+const MAX_CACHE_OPERATION_MS = 120_000; // Two minutes
+/**
+ * Checks that the overlay-base database is valid by checking for the
+ * existence of the base database OIDs file.
+ *
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @param warningPrefix Prefix for the check failure warning message
+ * @returns True if the verification succeeded, false otherwise
+ */
+function checkOverlayBaseDatabase(config, logger, warningPrefix) {
+    // An overlay-base database should contain the base database OIDs file.
+    const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config);
+    if (!fs.existsSync(baseDatabaseOidsFilePath)) {
+        logger.warning(`${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist`);
+        return false;
+    }
+    return true;
+}
+/**
+ * Uploads the overlay-base database to the GitHub Actions cache. If conditions
+ * for uploading are not met, the function does nothing and returns false.
+ *
+ * This function uses the `checkout_path` input to determine the repository path
+ * and works only when called from `analyze` or `upload-sarif`.
+ *
+ * @param codeql The CodeQL instance
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @returns A promise that resolves to true if the upload was performed and
+ * successfully completed, or false otherwise
+ */
+async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
+    const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
+    if (overlayDatabaseMode !== OverlayDatabaseMode.OverlayBase) {
+        logger.debug(`Overlay database mode is ${overlayDatabaseMode}. ` +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    if (!config.augmentationProperties.useOverlayDatabaseCaching) {
+        logger.debug("Overlay database caching is disabled. " +
+            "Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    if ((0, util_1.isInTestMode)()) {
+        logger.debug("In test mode. Skip uploading overlay-base database to cache.");
+        return false;
+    }
+    const databaseIsValid = checkOverlayBaseDatabase(config, logger, "Abort uploading overlay-base database to cache");
+    if (!databaseIsValid) {
+        return false;
+    }
+    const dbLocation = config.dbLocation;
+    const codeQlVersion = (await codeql.getVersion()).version;
+    const checkoutPath = (0, actions_util_1.getRequiredInput)("checkout_path");
+    const cacheKey = await generateCacheKey(config, codeQlVersion, checkoutPath);
+    logger.info(`Uploading overlay-base database to Actions cache with key ${cacheKey}`);
+    try {
+        const cacheId = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.saveCache([dbLocation], cacheKey), () => { });
+        if (cacheId === undefined) {
+            logger.warning("Timed out while uploading overlay-base database");
+            return false;
+        }
+    }
+    catch (error) {
+        logger.warning("Failed to upload overlay-base database to cache: " +
+            `${error instanceof Error ? error.message : String(error)}`);
+        return false;
+    }
+    logger.info(`Successfully uploaded overlay-base database from ${dbLocation}`);
+    return true;
+}
+/**
+ * Downloads the overlay-base database from the GitHub Actions cache. If conditions
+ * for downloading are not met, the function does nothing and returns false.
+ *
+ * @param codeql The CodeQL instance
+ * @param config The configuration object
+ * @param logger The logger instance
+ * @returns A promise that resolves to true if the download was performed and
+ * successfully completed, or false otherwise
+ */
+async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) {
+    const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode;
+    if (overlayDatabaseMode !== OverlayDatabaseMode.Overlay) {
+        logger.debug(`Overlay database mode is ${overlayDatabaseMode}. ` +
+            "Skip downloading overlay-base database from cache.");
+        return false;
+    }
+    if (!config.augmentationProperties.useOverlayDatabaseCaching) {
+        logger.debug("Overlay database caching is disabled. " +
+            "Skip downloading overlay-base database from cache.");
+        return false;
+    }
+    if ((0, util_1.isInTestMode)()) {
+        logger.debug("In test mode. Skip downloading overlay-base database from cache.");
+        return false;
+    }
+    const dbLocation = config.dbLocation;
+    const codeQlVersion = (await codeql.getVersion()).version;
+    const restoreKey = getCacheRestoreKey(config, codeQlVersion);
+    logger.info(`Looking in Actions cache for overlay-base database with restore key ${restoreKey}`);
+    try {
+        const foundKey = await (0, util_1.withTimeout)(MAX_CACHE_OPERATION_MS, actionsCache.restoreCache([dbLocation], restoreKey), () => {
+            logger.info("Timed out downloading overlay-base database from cache");
+        });
+        if (foundKey === undefined) {
+            logger.info("No overlay-base database found in Actions cache");
+            return false;
+        }
+        logger.info(`Downloaded overlay-base database in cache with key ${foundKey}`);
+    }
+    catch (error) {
+        logger.warning("Failed to download overlay-base database from cache: " +
+            `${error instanceof Error ? error.message : String(error)}`);
+        return false;
+    }
+    const databaseIsValid = checkOverlayBaseDatabase(config, logger, "Downloaded overlay-base database is invalid");
+    if (!databaseIsValid) {
+        logger.warning("Downloaded overlay-base database failed validation");
+        return false;
+    }
+    logger.info(`Successfully downloaded overlay-base database to ${dbLocation}`);
+    return true;
+}
+async function generateCacheKey(config, codeQlVersion, checkoutPath) {
+    const sha = await (0, git_utils_1.getCommitOid)(checkoutPath);
+    return `${getCacheRestoreKey(config, codeQlVersion)}${sha}`;
+}
+function getCacheRestoreKey(config, codeQlVersion) {
+    // The restore key (prefix) specifies which cached overlay-base databases are
+    // compatible with the current analysis: the cached database must have the
+    // same cache version and the same CodeQL bundle version.
+    //
+    // Actions cache supports using multiple restore keys to indicate preference.
+    // Technically we prefer a cached overlay-base database with the same SHA as
+    // we are analyzing. However, since overlay-base databases are built from the
+    // default branch and used in PR analysis, it is exceedingly unlikely that
+    // the commit SHA will ever be the same, so we can just leave it out.
+    const languages = [...config.languages].sort().join("_");
+    return `${CACHE_PREFIX}-${CACHE_VERSION}-${languages}-${codeQlVersion}-`;
+}
 //# sourceMappingURL=overlay-database-utils.js.map

lib/start-proxy-action.js

@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [

lib/start-proxy.js

@@ -1,6 +1,40 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCredentials = getCredentials;
+const core = __importStar(require("@actions/core"));
 const languages_1 = require("./languages");
 const util_1 = require("./util");
 const LANGUAGE_TO_REGISTRY_TYPE = {
@@ -16,6 +50,14 @@ const LANGUAGE_TO_REGISTRY_TYPE = {
     cpp: "",
     swift: "",
 };
+/**
+ * Checks that `value` is neither `undefined` nor `null`.
+ * @param value The value to test.
+ * @returns Narrows the type of `value` to exclude `undefined` and `null`.
+ */
+function isDefined(value) {
+    return value !== undefined && value !== null;
+}
 // getCredentials returns registry credentials from action inputs.
 // It prefers `registries_credentials` over `registry_secrets`.
 // If neither is set, it returns an empty array.
@@ -47,9 +89,23 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
         logger.error("Failed to parse the credentials data.");
         throw new util_1.ConfigurationError("Invalid credentials format.");
     }
+    // Check that the parsed data is indeed an array.
+    if (!Array.isArray(parsed)) {
+        throw new util_1.ConfigurationError("Expected credentials data to be an array of configurations, but it is not.");
+    }
     const out = [];
     for (const e of parsed) {
-        if (e.url === undefined && e.host === undefined) {
+        if (e === null || typeof e !== "object") {
+            throw new util_1.ConfigurationError("Invalid credentials - must be an object");
+        }
+        // Mask credentials to reduce chance of accidental leakage in logs.
+        if (isDefined(e.password)) {
+            core.setSecret(e.password);
+        }
+        if (isDefined(e.token)) {
+            core.setSecret(e.token);
+        }
+        if (!isDefined(e.url) && !isDefined(e.host)) {
             // The proxy needs one of these to work. If both are defined, the url has the precedence.
             throw new util_1.ConfigurationError("Invalid credentials - must specify host or url");
         }

lib/start-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyCA,wCA8FC;AAvID,oDAAsC;AAEtC,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX;;;;GAIG;AACH,SAAS,SAAS,CAAI,KAA2B;IAC/C,OAAO,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,IAAI,CAAC;AAC/C,CAAC;AAED,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,iDAAiD;IACjD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,yBAAkB,CAC1B,4EAA4E,CAC7E,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,yBAAkB,CAAC,yCAAyC,CAAC,CAAC;QAC1E,CAAC;QAED,mEAAmE;QACnE,IAAI,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

lib/start-proxy.test.js

@@ -41,6 +41,7 @@ const logging_1 = require("./logging");
 const startProxyExports = __importStar(require("./start-proxy"));
 const testing_utils_1 = require("./testing-utils");
 (0, testing_utils_1.setupTests)(ava_1.default);
+const toEncodedJSON = (data) => Buffer.from(JSON.stringify(data)).toString("base64");
 (0, ava_1.default)("getCredentials prefers registriesCredentials over registrySecrets", async (t) => {
     const registryCredentials = Buffer.from(JSON.stringify([
         { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
@@ -52,19 +53,40 @@ const testing_utils_1 = require("./testing-utils");
     t.is(credentials.length, 1);
     t.is(credentials[0].host, "npm.pkg.github.com");
 });
-(0, ava_1.default)("getCredentials throws error when credential missing host and url", async (t) => {
-    const registryCredentials = Buffer.from(JSON.stringify([{ type: "npm_registry", token: "abc" }])).toString("base64");
+(0, ava_1.default)("getCredentials throws an error when configurations are not an array", async (t) => {
+    const registryCredentials = Buffer.from(JSON.stringify({ type: "npm_registry", token: "abc" })).toString("base64");
     t.throws(() => startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, registryCredentials, undefined), {
-        message: "Invalid credentials - must specify host or url",
+        message: "Expected credentials data to be an array of configurations, but it is not.",
     });
 });
+(0, ava_1.default)("getCredentials throws error when credential is not an object", async (t) => {
+    const testCredentials = [["foo"], [null]].map(toEncodedJSON);
+    for (const testCredential of testCredentials) {
+        t.throws(() => startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, testCredential, undefined), {
+            message: "Invalid credentials - must be an object",
+        });
+    }
+});
+(0, ava_1.default)("getCredentials throws error when credential missing host and url", async (t) => {
+    const testCredentials = [
+        [{ type: "npm_registry", token: "abc" }],
+        [{ type: "npm_registry", token: "abc", host: null }],
+        [{ type: "npm_registry", token: "abc", url: null }],
+    ].map(toEncodedJSON);
+    for (const testCredential of testCredentials) {
+        t.throws(() => startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, testCredential, undefined), {
+            message: "Invalid credentials - must specify host or url",
+        });
+    }
+});
 (0, ava_1.default)("getCredentials filters by language when specified", async (t) => {
     const mixedCredentials = [
         { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
         { type: "maven_repository", host: "maven.pkg.github.com", token: "def" },
         { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" },
+        { type: "goproxy_server", host: "goproxy.example.com", token: "jkl" },
     ];
-    const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, Buffer.from(JSON.stringify(mixedCredentials)).toString("base64"), "java");
+    const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, toEncodedJSON(mixedCredentials), "java");
     t.is(credentials.length, 1);
     t.is(credentials[0].type, "maven_repository");
 });
@@ -73,10 +95,11 @@ const testing_utils_1 = require("./testing-utils");
         { type: "npm_registry", host: "npm.pkg.github.com", token: "abc" },
         { type: "maven_repository", host: "maven.pkg.github.com", token: "def" },
         { type: "nuget_feed", host: "nuget.pkg.github.com", token: "ghi" },
+        { type: "goproxy_server", host: "goproxy.example.com", token: "jkl" },
     ];
-    const credentialsInput = Buffer.from(JSON.stringify(mixedCredentials)).toString("base64");
+    const credentialsInput = toEncodedJSON(mixedCredentials);
     const credentials = startProxyExports.getCredentials((0, logging_1.getRunnerLogger)(true), undefined, credentialsInput, undefined);
-    t.is(credentials.length, 3);
+    t.is(credentials.length, mixedCredentials.length);
 });
 (0, ava_1.default)("getCredentials throws an error when non-printable characters are used", async (t) => {
     const invalidCredentials = [

lib/start-proxy.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.test.js","sourceRoot":"","sources":["../src/start-proxy.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,uCAA4C;AAC5C,iEAAmD;AACnD,mDAA6C;AAE7C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC;QACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CACH,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;QACrC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,eAAe,EACf,mBAAmB,EACnB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kEAAkE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,CACzD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,mBAAmB,EACnB,SAAS,CACV,EACH;QACE,OAAO,EAAE,gDAAgD;KAC1D,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mDAAmD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpE,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC;IAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAChE,MAAM,CACP,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC;IACF,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CACjC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uEAAuE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxF,MAAM,kBAAkB,GAAG;QACzB,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,mCAAmC;QAC9G,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,6BAA6B,EAAE,EAAE,kCAAkC;QAC/F;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,uBAAuB;YAC7B,QAAQ,EAAE,WAAW;SACtB,EAAE,sCAAsC;QACzC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sCAAsC;KACnH,CAAC;IAEF,KAAK,MAAM,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;QACnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC,CACpC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,EACH;YACE,OAAO,EACL,qEAAqE;SACxE,CACF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC"}
+{"version":3,"file":"start-proxy.test.js","sourceRoot":"","sources":["../src/start-proxy.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,uCAA4C;AAC5C,iEAAmD;AACnD,mDAA6C;AAE7C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,MAAM,aAAa,GAAG,CAAC,IAAS,EAAE,EAAE,CAClC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAEvD,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC;QACb,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CACH,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrB,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;QACrC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;KACnE,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,eAAe,EACf,mBAAmB,EACnB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;AAClD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,qEAAqE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACtF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CACrC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CACvD,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,mBAAmB,EACnB,SAAS,CACV,EACH;QACE,OAAO,EACL,4EAA4E;KAC/E,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAE7D,KAAK,MAAM,cAAc,IAAI,eAAe,EAAE,CAAC;QAC7C,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,cAAc,EACd,SAAS,CACV,EACH;YACE,OAAO,EAAE,yCAAyC;SACnD,CACF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kEAAkE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnF,MAAM,eAAe,GAAG;QACtB,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QACxC,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACpD,CAAC,EAAE,IAAI,EAAE,cAAc,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;KACpD,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAErB,KAAK,MAAM,cAAc,IAAI,eAAe,EAAE,CAAC;QAC7C,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,cAAc,EACd,SAAS,CACV,EACH;YACE,OAAO,EAAE,gDAAgD;SAC1D,CACF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mDAAmD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpE,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,KAAK,EAAE;KACtE,CAAC;IAEF,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,aAAa,CAAC,gBAAgB,CAAC,EAC/B,MAAM,CACP,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mEAAmE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpF,MAAM,gBAAgB,GAAG;QACvB,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QACxE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,KAAK,EAAE;QAClE,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,KAAK,EAAE;KACtE,CAAC;IACF,MAAM,gBAAgB,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAEzD,MAAM,WAAW,GAAG,iBAAiB,CAAC,cAAc,CAClD,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uEAAuE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxF,MAAM,kBAAkB,GAAG;QACzB,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,mCAAmC;QAC9G,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,6BAA6B,EAAE,EAAE,kCAAkC;QAC/F;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,uBAAuB;YAC7B,QAAQ,EAAE,WAAW;SACtB,EAAE,sCAAsC;QACzC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,sCAAsC;KACnH,CAAC;IAEF,KAAK,MAAM,iBAAiB,IAAI,kBAAkB,EAAE,CAAC;QACnD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,IAAI,CAAC,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC,CACpC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAErB,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,iBAAiB,CAAC,cAAc,CAC9B,IAAA,yBAAe,EAAC,IAAI,CAAC,EACrB,SAAS,EACT,gBAAgB,EAChB,SAAS,CACV,EACH;YACE,OAAO,EACL,qEAAqE;SACxE,CACF,CAAC;IACJ,CAAC;AACH,CAAC,CAAC,CAAC"}

lib/status-report.js

@@ -248,6 +248,10 @@ const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code sc
  * Failures while calling this endpoint are logged as warings.
  */
 async function sendStatusReport(statusReport) {
+    if (statusReport === undefined) {
+        core.warning(`Not uploading a status report, because of an internal problem.`);
+        return;
+    }
     setJobStatusIfUnsuccessful(statusReport.status);
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug(`Sending status report: ${statusReportJSON}`);

lib/tools-features.js

@@ -40,12 +40,8 @@ const semver = __importStar(require("semver"));
 var ToolsFeature;
 (function (ToolsFeature) {
     ToolsFeature["AnalysisSummaryV2IsDefault"] = "analysisSummaryV2Default";
-    ToolsFeature["BuildModeOption"] = "buildModeOption";
     ToolsFeature["DatabaseInterpretResultsSupportsSarifRunProperty"] = "databaseInterpretResultsSupportsSarifRunProperty";
     ToolsFeature["IndirectTracingSupportsStaticBinaries"] = "indirectTracingSupportsStaticBinaries";
-    ToolsFeature["InformsAboutUnsupportedPathFilters"] = "informsAboutUnsupportedPathFilters";
-    ToolsFeature["SetsCodeqlRunnerEnvVar"] = "setsCodeqlRunnerEnvVar";
-    ToolsFeature["TraceCommandUseBuildMode"] = "traceCommandUseBuildMode";
     ToolsFeature["SarifMergeRunsFromEqualCategory"] = "sarifMergeRunsFromEqualCategory";
     ToolsFeature["ForceOverwrite"] = "forceOverwrite";
     ToolsFeature["PythonDefaultIsToNotExtractStdlib"] = "pythonDefaultIsToNotExtractStdlib";

lib/tools-features.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,0DAKC;AAcD,oDAIC;AA/CD,+CAAiC;AAIjC,IAAY,YAWX;AAXD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAXW,YAAY,4BAAZ,YAAY,QAWvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,0DAKC;AAcD,oDAIC;AA3CD,+CAAiC;AAIjC,IAAY,YAOX;AAPD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAPW,YAAY,4BAAZ,YAAY,QAOvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}

lib/tools-features.test.js

@@ -8,14 +8,8 @@ const testing_utils_1 = require("./testing-utils");
 const tools_features_1 = require("./tools-features");
 (0, ava_1.default)("isSupportedToolsFeature", async (t) => {
     const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-    versionInfo.features = { indirectTracingSupportsStaticBinaries: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-});
-(0, ava_1.default)("setsCodeqlRunnerEnvVar", async (t) => {
-    const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
-    versionInfo.features = { setsCodeqlRunnerEnvVar: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
+    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
+    versionInfo.features = { forceOverwrite: true };
+    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
 });
 //# sourceMappingURL=tools-features.test.js.map

lib/tools-features.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,qCAAqC,EAAE,IAAI,EAAE,CAAC;IAEvE,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,wBAAwB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzC,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC;IAExD,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAE3E,WAAW,CAAC,QAAQ,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IAEhD,CAAC,CAAC,IAAI,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC,CAAC"}

lib/tracer-config.js

@@ -40,17 +40,15 @@ exports.getCombinedTracerConfig = getCombinedTracerConfig;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const languages_1 = require("./languages");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function shouldEnableIndirectTracing(codeql, config) {
+async function shouldEnableIndirectTracing(_codeql, config) {
     // We don't need to trace build mode none, or languages which unconditionally don't need tracing.
     if (config.buildMode === util_1.BuildMode.None) {
         return false;
     }
     // If the CLI supports `trace-command` with a `--build-mode`, we'll use direct tracing instead of
     // indirect tracing.
-    if (config.buildMode === util_1.BuildMode.Autobuild &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode === util_1.BuildMode.Autobuild) {
         return false;
     }
     // Otherwise, use direct tracing if any of the languages need to be traced.
@@ -98,18 +96,6 @@ async function getCombinedTracerConfig(codeql, config) {
     if (!(await shouldEnableIndirectTracing(codeql, config))) {
         return undefined;
     }
-    const mainTracerConfig = await getTracerConfigForCluster(config);
-    // If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
-    // the runner executable path, we set it here in the Action.
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
-        // On macOS when System Integrity Protection is enabled, it's necessary to prefix
-        // the build command with the runner executable for indirect tracing, so we expose
-        // it here via the CODEQL_RUNNER environment variable.
-        // The executable also exists and works for other platforms so we unconditionally
-        // set the environment variable.
-        const runnerExeName = process.platform === "win32" ? "runner.exe" : "runner";
-        mainTracerConfig.env["CODEQL_RUNNER"] = path.join(mainTracerConfig.env["CODEQL_DIST"], "tools", mainTracerConfig.env["CODEQL_PLATFORM"], runnerExeName);
-    }
-    return mainTracerConfig;
+    return await getTracerConfigForCluster(config);
 }
 //# sourceMappingURL=tracer-config.js.map

lib/tracer-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAoBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DA6BC;AAjID,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS;QACxC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA,kEAiBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DASC;AAzGD,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC"}

lib/tracer-config.test.js

@@ -59,7 +59,7 @@ function getTestConfig(tempDir) {
         t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config), undefined);
     });
 });
-(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         const config = getTestConfig(tmpDir);
         const bundlePath = path.join(tmpDir, "bundle");
@@ -79,41 +79,6 @@ function getTestConfig(tempDir) {
         fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
         const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config);
         t.notDeepEqual(result, undefined);
-        const expectedEnv = startTracingEnv;
-        if (process.platform === "win32") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
-        }
-        else if (process.platform === "darwin") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/osx64/runner");
-        }
-        else {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
-        }
-        t.deepEqual(result, {
-            env: expectedEnv,
-        });
-    });
-});
-(0, ava_1.default)("getCombinedTracerConfig - with SetsCodeqlRunnerEnvVar feature enabled in CLI", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const bundlePath = path.join(tmpDir, "bundle");
-        const codeqlPlatform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "darwin"
-                ? "osx64"
-                : "linux64";
-        const startTracingEnv = {
-            foo: "bar",
-            CODEQL_DIST: bundlePath,
-            CODEQL_PLATFORM: codeqlPlatform,
-        };
-        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
-        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
-        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
-        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0", { setsCodeqlRunnerEnvVar: true }), config);
-        t.notDeepEqual(result, undefined);
         t.false(Object.prototype.hasOwnProperty.call(result?.env, "CODEQL_RUNNER"));
     });
 });

lib/tracer-config.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oEAAoE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,WAAW,GAAG,eAAe,CAAC;QAEpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,wBAAwB,CACzB,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,oBAAoB,CACrB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE;YAClB,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8EAA8E,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/F,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC,EAC5D,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/upload-lib.js

@@ -36,14 +36,17 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidSarifUploadError = void 0;
+exports.InvalidSarifUploadError = exports.CodeQualityTarget = exports.CodeScanningTarget = exports.SARIF_UPLOAD_ENDPOINT = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
+exports.throwIfCombineSarifFilesDisabled = throwIfCombineSarifFilesDisabled;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
+exports.getSarifFilePaths = getSarifFilePaths;
 exports.readSarifFile = readSarifFile;
 exports.validateSarifFileSchema = validateSarifFileSchema;
 exports.buildPayload = buildPayload;
 exports.uploadFiles = uploadFiles;
+exports.uploadSpecifiedFiles = uploadSpecifiedFiles;
 exports.waitForProcessing = waitForProcessing;
 exports.shouldConsiderConfigurationError = shouldConsiderConfigurationError;
 exports.shouldConsiderInvalidRequest = shouldConsiderInvalidRequest;
@@ -56,13 +59,13 @@ const file_url_1 = __importDefault(require("file-url"));
 const jsonschema = __importStar(require("jsonschema"));
 const semver = __importStar(require("semver"));
 const actionsUtil = __importStar(require("./actions-util"));
-const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const fingerprints = __importStar(require("./fingerprints"));
 const gitUtils = __importStar(require("./git-utils"));
 const init_1 = require("./init");
@@ -136,7 +139,7 @@ function areAllRunsUnique(sarifObjects) {
 async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githubVersion) {
     // Do not show this warning on GHES versions before 3.14.0
     if (githubVersion.type === util_1.GitHubVariant.GHES &&
-        semver.lt(githubVersion.version, "3.14.0")) {
+        semver.lt((0, util_1.parseGhesVersion)(githubVersion.version), "3.14.0")) {
         return false;
     }
     // Only give a deprecation warning when not all runs are unique and
@@ -144,6 +147,36 @@ async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githu
     return (!areAllRunsUnique(sarifObjects) &&
         !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING);
 }
+async function throwIfCombineSarifFilesDisabled(sarifObjects, features, githubVersion) {
+    if (!(await shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion))) {
+        return;
+    }
+    // TODO: Update this changelog URL to the correct one when it's published.
+    const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
+    throw new util_1.ConfigurationError(`The CodeQL Action does not support uploading multiple SARIF runs with the same category. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
+}
+// Checks whether combining SARIF files should be disabled.
+async function shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion) {
+    if (githubVersion.type === util_1.GitHubVariant.GHES) {
+        // Never block on GHES versions before 3.18.
+        if (semver.lt((0, util_1.parseGhesVersion)(githubVersion.version), "3.18.0-0")) {
+            return false;
+        }
+    }
+    else {
+        // Never block when the feature flag is disabled.
+        if (!(await features.getValue(feature_flags_1.Feature.DisableCombineSarifFiles))) {
+            return false;
+        }
+    }
+    if (areAllRunsUnique(sarifObjects)) {
+        // If all runs are unique, we can safely combine them.
+        return false;
+    }
+    // Combining SARIF files is not supported and Code Scanning will return an
+    // error if multiple runs with the same category are uploaded.
+    return true;
+}
 // Takes a list of paths to sarif files and combines them together using the
 // CLI `github merge-results` command when all SARIF files are produced by
 // CodeQL. Otherwise, it will fall back to combining the files in the action.
@@ -158,9 +191,10 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     });
     const deprecationWarningMessage = gitHubVersion.type === util_1.GitHubVariant.GHES
         ? "and will be removed in GitHub Enterprise Server 3.18"
-        : "and will be removed on June 4, 2025";
+        : "and will be removed in July 2025";
     const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
     if (!areAllRunsProducedByCodeQL(sarifObjects)) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
@@ -181,8 +215,8 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     else {
         logger.info("Initializing CodeQL since the 'init' Action was not called before this step.");
         const apiDetails = {
-            auth: (0, actions_util_1.getRequiredInput)("token"),
-            externalRepoAuth: (0, actions_util_1.getOptionalInput)("external-repository-token"),
+            auth: actionsUtil.getRequiredInput("token"),
+            externalRepoAuth: actionsUtil.getOptionalInput("external-repository-token"),
             url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
             apiURL: (0, util_1.getRequiredEnvParam)("GITHUB_API_URL"),
         };
@@ -192,6 +226,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
         codeQL = initCodeQLResult.codeql;
     }
     if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple CodeQL runs with the same category is deprecated ${deprecationWarningMessage} for CodeQL CLI 2.16.6 and earlier. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. ${deprecationMoreInformationMessage}`);
@@ -234,9 +269,15 @@ function getAutomationID(category, analysis_key, environment) {
     }
     return api.computeAutomationID(analysis_key, environment);
 }
+// Enumerates API endpoints that accept SARIF files.
+var SARIF_UPLOAD_ENDPOINT;
+(function (SARIF_UPLOAD_ENDPOINT) {
+    SARIF_UPLOAD_ENDPOINT["CODE_SCANNING"] = "PUT /repos/:owner/:repo/code-scanning/analysis";
+    SARIF_UPLOAD_ENDPOINT["CODE_QUALITY"] = "PUT /repos/:owner/:repo/code-quality/analysis";
+})(SARIF_UPLOAD_ENDPOINT || (exports.SARIF_UPLOAD_ENDPOINT = SARIF_UPLOAD_ENDPOINT = {}));
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
-async function uploadPayload(payload, repositoryNwo, logger) {
+async function uploadPayload(payload, repositoryNwo, logger, target) {
     logger.info("Uploading results");
     // If in test mode we don't want to upload the results
     if (util.isInTestMode()) {
@@ -248,7 +289,7 @@ async function uploadPayload(payload, repositoryNwo, logger) {
     }
     const client = api.getApiClient();
     try {
-        const response = await client.request("PUT /repos/:owner/:repo/code-scanning/analysis", {
+        const response = await client.request(target, {
             owner: repositoryNwo.owner,
             repo: repositoryNwo.repo,
             data: payload,
@@ -276,12 +317,12 @@ async function uploadPayload(payload, repositoryNwo, logger) {
 }
 // Recursively walks a directory and returns all SARIF files it finds.
 // Does not follow symlinks.
-function findSarifFilesInDir(sarifPath) {
+function findSarifFilesInDir(sarifPath, isSarif) {
     const sarifFiles = [];
     const walkSarifFiles = (dir) => {
         const entries = fs.readdirSync(dir, { withFileTypes: true });
         for (const entry of entries) {
-            if (entry.isFile() && entry.name.endsWith(".sarif")) {
+            if (entry.isFile() && isSarif(entry.name)) {
                 sarifFiles.push(path.resolve(dir, entry.name));
             }
             else if (entry.isDirectory()) {
@@ -292,14 +333,14 @@ function findSarifFilesInDir(sarifPath) {
     walkSarifFiles(sarifPath);
     return sarifFiles;
 }
-function getSarifFilePaths(sarifPath) {
+function getSarifFilePaths(sarifPath, isSarif) {
     if (!fs.existsSync(sarifPath)) {
         // This is always a configuration error, even for first-party runs.
         throw new util_1.ConfigurationError(`Path does not exist: ${sarifPath}`);
     }
     let sarifFiles;
     if (fs.lstatSync(sarifPath).isDirectory()) {
-        sarifFiles = findSarifFilesInDir(sarifPath);
+        sarifFiles = findSarifFilesInDir(sarifPath, isSarif);
         if (sarifFiles.length === 0) {
             // This is always a configuration error, even for first-party runs.
             throw new util_1.ConfigurationError(`No SARIF files found to upload in "${sarifPath}".`);
@@ -409,13 +450,33 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
     }
     return payloadObj;
 }
+// Represents the Code Scanning upload target.
+exports.CodeScanningTarget = {
+    name: "code scanning",
+    target: SARIF_UPLOAD_ENDPOINT.CODE_SCANNING,
+    sarifPredicate: (name) => name.endsWith(".sarif") && !exports.CodeQualityTarget.sarifPredicate(name),
+    sentinelPrefix: "CODEQL_UPLOAD_SARIF_",
+};
+// Represents the Code Quality upload target.
+exports.CodeQualityTarget = {
+    name: "code quality",
+    target: SARIF_UPLOAD_ENDPOINT.CODE_QUALITY,
+    sarifPredicate: (name) => name.endsWith(".quality.sarif"),
+    sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_",
+};
 /**
  * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
  */
-async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger) {
-    const sarifPaths = getSarifFilePaths(inputSarifPath);
-    logger.startGroup("Uploading results");
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
+    const sarifPaths = getSarifFilePaths(inputSarifPath, uploadTarget.sarifPredicate);
+    return uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget);
+}
+/**
+ * Uploads the given array of SARIF files.
+ */
+async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget = exports.CodeScanningTarget) {
+    logger.startGroup(`Uploading ${uploadTarget.name} results`);
     logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
     let sarif;
@@ -439,7 +500,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
     sarif = populateRunAutomationDetails(sarif, category, analysisKey, environment);
     const toolNames = util.getToolNames(sarif);
     logger.debug(`Validating that each SARIF run has a unique category`);
-    validateUniqueCategory(sarif);
+    validateUniqueCategory(sarif, uploadTarget.sentinelPrefix);
     logger.debug(`Serializing SARIF for upload`);
     const sarifPayload = JSON.stringify(sarif);
     logger.debug(`Compressing serialized SARIF`);
@@ -454,7 +515,7 @@ async function uploadFiles(inputSarifPath, checkoutPath, category, features, log
     const numResultInSarif = countResultsInSarif(sarifPayload);
     logger.debug(`Number of results in upload: ${numResultInSarif}`);
     // Make the upload
-    const sarifID = await uploadPayload(payload, (0, repository_1.getRepositoryNwo)(), logger);
+    const sarifID = await uploadPayload(payload, (0, repository_1.getRepositoryNwo)(), logger, uploadTarget.target);
     logger.endGroup();
     return {
         statusReport: {
@@ -588,7 +649,7 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
         util.assertNever(status);
     }
 }
-function validateUniqueCategory(sarif) {
+function validateUniqueCategory(sarif, sentinelPrefix = exports.CodeScanningTarget.sentinelPrefix) {
     // duplicate categories are allowed in the same sarif file
     // but not across multiple sarif files
     const categories = {};
@@ -599,7 +660,7 @@ function validateUniqueCategory(sarif) {
         categories[category] = { id, tool };
     }
     for (const [category, { id, tool }] of Object.entries(categories)) {
-        const sentinelEnvVar = `CODEQL_UPLOAD_SARIF_${category}`;
+        const sentinelEnvVar = `${sentinelPrefix}${category}`;
         if (process.env[sentinelEnvVar]) {
             // This is always a configuration error, even for first-party runs.
             throw new util_1.ConfigurationError("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per tool/category. " +

lib/upload-lib.test.js

@@ -39,6 +39,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
@@ -91,13 +92,21 @@ ava_1.default.beforeEach(() => {
         fs.mkdirSync(path.join(tmpDir, "dir3"));
         fs.symlinkSync(tmpDir, path.join(tmpDir, "dir3", "symlink1"), "dir");
         fs.symlinkSync(path.join(tmpDir, "a.sarif"), path.join(tmpDir, "dir3", "symlink2.sarif"), "file");
-        const sarifFiles = uploadLib.findSarifFilesInDir(tmpDir);
+        // add some `.quality.sarif` files that should be ignored, unless we look for them specifically
+        fs.writeFileSync(path.join(tmpDir, "a.quality.sarif"), "");
+        fs.writeFileSync(path.join(tmpDir, "dir1", "b.quality.sarif"), "");
+        const sarifFiles = uploadLib.findSarifFilesInDir(tmpDir, uploadLib.CodeScanningTarget.sarifPredicate);
         t.deepEqual(sarifFiles, [
             path.join(tmpDir, "a.sarif"),
             path.join(tmpDir, "b.sarif"),
             path.join(tmpDir, "dir1", "d.sarif"),
             path.join(tmpDir, "dir1", "dir2", "e.sarif"),
         ]);
+        const qualitySarifFiles = uploadLib.findSarifFilesInDir(tmpDir, uploadLib.CodeQualityTarget.sarifPredicate);
+        t.deepEqual(qualitySarifFiles, [
+            path.join(tmpDir, "a.quality.sarif"),
+            path.join(tmpDir, "dir1", "b.quality.sarif"),
+        ]);
     });
 });
 (0, ava_1.default)("populateRunAutomationDetails", (t) => {
@@ -194,6 +203,10 @@ ava_1.default.beforeEach(() => {
     t.throws(() => uploadLib.validateUniqueCategory(sarif1));
     t.throws(() => uploadLib.validateUniqueCategory(sarif2));
 });
+(0, ava_1.default)("validateUniqueCategory with different prefixes", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif()));
+    t.notThrows(() => uploadLib.validateUniqueCategory(createMockSarif(), uploadLib.CodeQualityTarget.sentinelPrefix));
+});
 (0, ava_1.default)("accept results with invalid artifactLocation.uri value", (t) => {
     const loggedMessages = [];
     const mockLogger = {
@@ -223,6 +236,12 @@ ava_1.default.beforeEach(() => {
         version: "3.14.0",
     }));
 });
+(0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.16 pre", async (t) => {
+    t.true(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def"), createMockSarif("abc", "def")], {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.16.0.pre1",
+    }));
+});
 (0, ava_1.default)("shouldShowCombineSarifFilesDeprecationWarning with only 1 run", async (t) => {
     t.false(await uploadLib.shouldShowCombineSarifFilesDeprecationWarning([createMockSarif("abc", "def")], {
         type: util_1.GitHubVariant.DOTCOM,
@@ -244,6 +263,75 @@ ava_1.default.beforeEach(() => {
         type: util_1.GitHubVariant.DOTCOM,
     }));
 });
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom with feature flag", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom without feature flag", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.13", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.13.2",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.14", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.14.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.17", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.17.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18 pre", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0.pre1",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18 alpha", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0-alpha.1",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0",
+    }), {
+        message: /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    });
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with only 1 run", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct categories", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("def", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct tools", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "abc"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
 (0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
     const error1 = [
         "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",

lib/upload-sarif-action.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const actions_util_1 = require("./actions-util");
@@ -68,14 +69,28 @@ async function run() {
         await (0, status_report_1.sendStatusReport)(startingStatusReportBase);
     }
     try {
-        const uploadResult = await upload_lib.uploadFiles(actionsUtil.getRequiredInput("sarif_file"), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger);
+        const sarifPath = actionsUtil.getRequiredInput("sarif_file");
+        const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
+        const category = actionsUtil.getOptionalInput("category");
+        const uploadResult = await upload_lib.uploadFiles(sarifPath, checkoutPath, category, features, logger, upload_lib.CodeScanningTarget);
         core.setOutput("sarif-id", uploadResult.sarifID);
+        // If there are `.quality.sarif` files in `sarifPath`, then upload those to the code quality service.
+        // Code quality can currently only be enabled on top of security, so we'd currently always expect to
+        // have a directory for the results here.
+        if (fs.lstatSync(sarifPath).isDirectory()) {
+            const qualitySarifFiles = upload_lib.findSarifFilesInDir(sarifPath, upload_lib.CodeQualityTarget.sarifPredicate);
+            if (qualitySarifFiles.length !== 0) {
+                await upload_lib.uploadSpecifiedFiles(qualitySarifFiles, checkoutPath, category, features, logger, upload_lib.CodeQualityTarget);
+            }
+        }
         // We don't upload results in test mode, so don't wait for processing
         if ((0, util_1.isInTestMode)()) {
             core.debug("In test mode. Waiting for processing is disabled.");
         }
         else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.getRepositoryNwo)(), uploadResult.sarifID, logger);
+            // The code quality service does not currently have an endpoint to wait for SARIF processing,
+            // so we can't wait for that here.
         }
         await sendSuccessStatusReport(startedAt, uploadResult.statusReport, logger);
     }

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAyE;AACzE,6CAAgD;AAChD,mDAA2C;AAC3C,uCAAqD;AACrD,6CAAgD;AAChD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA4B;YAC5C,GAAG,gBAAgB;YACnB,GAAG,WAAW;SACf,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IAEF,MAAM,wBAAwB,GAAG,MAAM,IAAA,sCAAsB,EAC3D,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAA,gCAAgB,EAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,WAAW,CAC/C,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,QAAQ,EACR,MAAM,CACP,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,6BAAgB,GAAE,EAClB,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC5C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAExB,MAAM,qBAAqB,GAAG,MAAM,IAAA,sCAAsB,EACxD,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAA,gCAAgB,EAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAyE;AACzE,6CAAgD;AAChD,mDAA2C;AAC3C,uCAAqD;AACrD,6CAAgD;AAChD,mDAOyB;AACzB,yDAA2C;AAC3C,iCAQgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C,EAC1C,MAAc;IAEd,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,WAAW,EACtB,SAAS,EACT,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA4B;YAC5C,GAAG,gBAAgB;YACnB,GAAG,WAAW;SACf,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,6CAA6C;IAC7C,WAAW,CAAC,aAAa,EAAE,CAAC;IAE5B,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IAEF,MAAM,wBAAwB,GAAG,MAAM,IAAA,sCAAsB,EAC3D,0BAAU,CAAC,WAAW,EACtB,UAAU,EACV,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,wBAAwB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,IAAA,gCAAgB,EAAC,wBAAwB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,WAAW,CAC/C,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,UAAU,CAAC,kBAAkB,CAC9B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qGAAqG;QACrG,oGAAoG;QACpG,yCAAyC;QACzC,IAAI,EAAE,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YAC1C,MAAM,iBAAiB,GAAG,UAAU,CAAC,mBAAmB,CACtD,SAAS,EACT,UAAU,CAAC,iBAAiB,CAAC,cAAc,CAC5C,CAAC;YAEF,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACnC,MAAM,UAAU,CAAC,oBAAoB,CACnC,iBAAiB,EACjB,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,UAAU,CAAC,iBAAiB,CAC7B,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,6BAAgB,GAAE,EAClB,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;YACF,6FAA6F;YAC7F,kCAAkC;QACpC,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC9E,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GACT,IAAA,oCAAoB,EAAC,0BAAU,CAAC,WAAW,CAAC;YAC5C,cAAc,YAAY,UAAU,CAAC,uBAAuB;YAC1D,CAAC,CAAC,IAAI,yBAAkB,CAAC,cAAc,CAAC,OAAO,CAAC;YAChD,CAAC,CAAC,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAExB,MAAM,qBAAqB,GAAG,MAAM,IAAA,sCAAsB,EACxD,0BAAU,CAAC,WAAW,EACtB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;YACxC,MAAM,IAAA,gCAAgB,EAAC,qBAAqB,CAAC,CAAC;QAChD,CAAC;QACD,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/util.js

@@ -77,6 +77,7 @@ exports.getErrorMessage = getErrorMessage;
 exports.prettyPrintPack = prettyPrintPack;
 exports.checkDiskUsage = checkDiskUsage;
 exports.checkActionVersion = checkActionVersion;
+exports.parseGhesVersion = parseGhesVersion;
 exports.cloneObject = cloneObject;
 exports.checkSipEnablement = checkSipEnablement;
 exports.cleanUpGlob = cleanUpGlob;
@@ -887,6 +888,22 @@ function checkActionVersion(version, githubVersion) {
         }
     }
 }
+/**
+ * This will parse a GitHub Enterprise Server version string into a SemVer object.
+ *
+ * GHES versions are usually in a semver-compatible format, so usually this will
+ * just call the SemVer constructor. However, for GHES pre-release versions,
+ * the version string is in the format "3.18.0.pre1", which is not a valid semver
+ * version since the pre-release part of the version should be separated by a
+ * hyphen. This function will replace the ".pre" part of the version with "-pre"
+ * to make it a valid semver version.
+ */
+function parseGhesVersion(version) {
+    if (version.includes(".pre")) {
+        version = version.replace(".pre", "-pre");
+    }
+    return new semver.SemVer(version);
+}
 /**
  * Supported build modes.
  *