Merge pull request #2953 from github/update-v3.29.1-428aea55f

Merge main into releases/v3

.github/copilot-instructions.md

@@ -0,0 +1,5 @@
+# CodeQL Action - Copilot Instructions
+
+The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
+
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.

.github/workflows/__all-platform-bundle.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'true'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - id: init
         uses: ./../action/init
         with:

.github/workflows/__analyze-ref-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__build-mode-manual.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -27,6 +27,8 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: macos-latest
+            version: linked
           - os: macos-latest
             version: nightly-latest
     name: 'C/C++: autoinstalling dependencies is skipped (macOS)'

.github/workflows/__export-file-baseline-information.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__go-custom-queries.yml

@@ -47,9 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - name: Remove `file` program
         run: |
           echo $(which file)

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -45,10 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-      # We need a Go version that ships with statically linked binaries on Linux
           go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-tracing-autobuilder.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: ubuntu-latest
-            version: stable-v2.15.5
-          - os: macos-latest
-            version: stable-v2.15.5
           - os: ubuntu-latest
             version: stable-v2.16.6
           - os: macos-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: macos-latest
             version: stable-v2.19.4
+          - os: ubuntu-latest
+            version: stable-v2.20.7
+          - os: macos-latest
+            version: stable-v2.20.7
           - os: ubuntu-latest
             version: default
           - os: macos-latest
@@ -75,11 +75,10 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
-          go-version: ~1.24.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
+          go-version: '>=1.21.0'
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__multi-language-autodetect.yml

@@ -27,10 +27,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - os: macos-latest
-            version: stable-v2.15.5
-          - os: ubuntu-latest
-            version: stable-v2.15.5
           - os: macos-latest
             version: stable-v2.16.6
           - os: ubuntu-latest
@@ -47,6 +43,10 @@ jobs:
             version: stable-v2.19.4
           - os: ubuntu-latest
             version: stable-v2.19.4
+          - os: macos-latest
+            version: stable-v2.20.7
+          - os: ubuntu-latest
+            version: stable-v2.20.7
           - os: macos-latest
             version: default
           - os: ubuntu-latest
@@ -75,10 +75,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/setup-go@v5
+      - name: Install Go
+        uses: actions/setup-go@v5
         with:
           go-version: '>=1.21.0'
-
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging.yml

.github/workflows/__packaging-inputs-js.yml

@@ -61,6 +61,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging2.yml

.github/workflows/__quality-queries.yml

@@ -0,0 +1,100 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Quality queries input
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  quality-queries:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: macos-latest
+            version: linked
+          - os: windows-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+          - os: macos-latest
+            version: nightly-latest
+          - os: windows-latest
+            version: nightly-latest
+    name: Quality queries input
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: javascript
+          quality-queries: code-quality
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+      - uses: ./../action/analyze
+        with:
+          output: ${{ runner.temp }}/results
+          upload-database: false
+      - name: Upload SARIF
+        uses: actions/upload-artifact@v4
+        with:
+          name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+          path: ${{ runner.temp }}/results/javascript.sarif
+          retention-days: 7
+      - name: Check config properties appear in SARIF
+        uses: actions/github-script@v7
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+        with:
+          script: |
+            const fs = require('fs');
+
+            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+            const run = sarif.runs[0];
+            const configSummary = run.properties.codeqlConfigSummary;
+
+            if (configSummary === undefined) {
+              core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+            }
+            if (configSummary.disableDefaultQueries !== false) {
+              core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+                `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+            }
+            const expectedQueries = [{ type: 'builtinSuite', uses: 'code-quality' }];
+            // Use JSON.stringify to deep-equal the arrays.
+            if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+              core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+                `${JSON.stringify(configSummary.queries)}.`);
+            }
+            core.info('Finished config export tests.');
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__remote-config.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__rubocop-multi-language.yml

@@ -46,7 +46,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@13e7a03dc3ac6c3798f4570bfead2aed4d96abfb # v1.244.0
+        uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/__split-workflow.yml

@@ -55,6 +55,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__swift-custom-build.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__test-local-codeql.yml

@@ -45,6 +45,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - name: Fetch a CodeQL bundle
         shell: bash
         env:

.github/workflows/__unset-environment.yml

@@ -47,6 +47,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         id: init
         with:
@@ -54,9 +59,6 @@ jobs:
       # Swift is not supported on Ubuntu so we manually exclude it from the list here
           languages: cpp,csharp,go,java,javascript,python,ruby
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: '>=1.21.0'
       - name: Build code
         shell: bash
         run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

.github/workflows/__upload-ref-sha-input.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__with-checkout-path.yml

@@ -49,6 +49,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '>=1.21.0'
+          cache: false
       - name: Delete original checkout
         shell: bash
         run: |

.github/workflows/update-proxy-release.yml

@@ -0,0 +1,101 @@
+name: Update dependency proxy release assets
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
+        type: string
+        required: true
+
+jobs:
+  update:
+    name: Update code and create PR
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to push the updated files
+      pull-requests: write # needed to create the PR
+    env:
+      RELEASE_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Check release tag format
+        id: checks
+        shell: bash
+        run: |
+          if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
+            exit 1
+          fi
+
+          echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check that the release exists
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
+          ref: main
+
+      - name: Update git config
+        shell: bash
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update release tag and version
+        shell: bash
+        run: |
+          NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
+          sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
+          sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
+
+      - name: Compile TypeScript and commit changes
+        shell: bash
+        env:
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+        run: |
+          set -exu
+          git checkout -b "$TARGET_BRANCH"
+
+          npm run build
+          git add ./src/start-proxy-action.ts
+          git add ./lib
+          git commit -m "Update release used by \`start-proxy\` action"
+
+      - name: Push changes and open PR
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+          PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
+        run: |
+          set -exu
+          pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
+          pr_body=$(cat << EOF
+            This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
+            are attached as release assets to the \`$RELEASE_TAG\` release.
+
+
+            Please do the following before merging:
+
+            - [ ] Verify that the changes to the code are correct.
+            - [ ] Mark the PR as ready for review to trigger the CI.
+          EOF
+          )
+
+          git push origin "$TARGET_BRANCH"
+          gh pr create \
+            --head "$TARGET_BRANCH" \
+            --base "main" \
+            --title "${pr_title}" \
+            --body "${pr_body}" \
+            $PR_FLAG

CHANGELOG.md

@@ -2,9 +2,15 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
-## [UNRELEASED]
+## 3.29.1 - 27 Jun 2025
 
-No user facing changes.
+- Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
+- Update default CodeQL bundle version to 2.22.1. [#2950](https://github.com/github/codeql-action/pull/2950)
+
+## 3.29.0 - 11 Jun 2025
+
+- Update default CodeQL bundle version to 2.22.0. [#2925](https://github.com/github/codeql-action/pull/2925)
+- Bump minimum CodeQL bundle version to 2.16.6. [#2912](https://github.com/github/codeql-action/pull/2912)
 
 ## 3.28.19 - 03 Jun 2025
 

README.md

@@ -55,7 +55,7 @@ For compiled languages:
 
 - `manual` build mode will typically produce the most precise results, but it is more difficult to set up and will cause the analysis to take slightly more time to run.
 - `autobuild` build mode is simpler to set up, but will only work for projects with generic build steps that can be guessed by the heuristics of the autobuild scripts. If `autobuild` fails, then you must switch to `manual` or `none`. If `autobuild` succeeds, then the results and run time will be the same as `manual` mode.
-- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by C/C++, Swift, Go, or Kotlin.
+- `none` build mode is also simpler to set up and is slightly faster to run, but there is a possibility that some alerts will be missed. This may happen if your repository does any code generation during compilation or if there are any dependencies downloaded from registries that the workflow does not have access to. `none` is not yet supported by Swift, Go, or Kotlin. It is in public preview for C/C++.
 
 
 ## Supported versions of the CodeQL Action

init/action.yml

@@ -83,6 +83,9 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  quality-queries:
+    description: '[Internal] Comma-separated list of code quality queries to run.'
+    required: false
   packs:
     description: >-
       Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not

lib/analyze.js

@@ -62,7 +62,6 @@ const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
@@ -97,8 +96,7 @@ async function runExtraction(codeql, config, logger) {
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger);
             }
-            if (config.buildMode &&
-                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+            if (config.buildMode) {
                 if (language === languages_1.Language.cpp &&
                     config.buildMode === util_1.BuildMode.Autobuild) {
                     await (0, autobuild_1.setupCppAutobuild)(codeql, logger);

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.18", "minimumVersion": "3.13" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.14" }

lib/autobuild.js

@@ -45,11 +45,9 @@ const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(codeql, config, logger) {
-    if ((config.buildMode === util_1.BuildMode.None &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
+async function determineAutobuildLanguages(_codeql, config, logger) {
+    if (config.buildMode === util_1.BuildMode.None ||
         config.buildMode === util_1.BuildMode.Manual) {
         logger.info(`Using build mode "${config.buildMode}", nothing to autobuild. ` +
             `See ${doc_url_1.DocUrl.CODEQL_BUILD_MODES} for more information.`);
@@ -150,8 +148,7 @@ async function runAutobuild(config, language, logger) {
     if (language === languages_1.Language.cpp) {
         await setupCppAutobuild(codeQL, logger);
     }
-    if (config.buildMode &&
-        (await codeQL.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode) {
         await codeQL.extractUsingBuildMode(config, language);
     }
     else {

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAeA,kEAkGC;AAED,8CAmCC;AAED,oCAsBC;AA9KD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,qDAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAiGC;AAED,8CAmCC;AAED,oCAmBC;AAzKD,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,uCAAmC;AACnC,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAgD;AAChD,iCAAmC;AAE5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAA0B,EAC1B,MAAc;IAEd,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QACnC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CACT,qBAAqB,MAAM,CAAC,SAAS,2BAA2B;YAC9D,OAAO,gBAAM,CAAC,kBAAkB,wBAAwB,CAC3D,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,OAAO,gBAAM,CAAC,4BAA4B,wBAAwB,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,6BAAgB,GAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,gBAAM,CAAC,oBAAoB,wBAAwB;gBAClJ,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,gBAAM,CAAC,oBAAoB,wBAAwB,CACnK,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC"}

lib/codeql.js

@@ -73,7 +73,7 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.15.5";
+const CODEQL_MINIMUM_VERSION = "2.16.6";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
@@ -267,8 +267,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (externalRepositoryToken) {
                 extraArgs.push("--external-repository-token-stdin");
             }
-            if (config.buildMode !== undefined &&
-                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
+            if (config.buildMode !== undefined) {
                 extraArgs.push(`--build-mode=${config.buildMode}`);
             }
             if (qlconfigFile !== undefined) {
@@ -760,12 +759,14 @@ async function generateCodeScanningConfig(config, logger) {
     // make a copy so we can modify it
     const augmentedConfig = (0, util_1.cloneObject)(config.originalUserInput);
     // Inject the queries from the input
-    if (config.augmentationProperties.queriesInput) {
+    if (config.augmentationProperties.queriesInput ||
+        config.augmentationProperties.qualityQueriesInput) {
+        const queryInputs = (config.augmentationProperties.queriesInput || []).concat(config.augmentationProperties.qualityQueriesInput || []);
         if (config.augmentationProperties.queriesInputCombines) {
-            augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
+            augmentedConfig.queries = (augmentedConfig.queries || []).concat(queryInputs);
         }
         else {
-            augmentedConfig.queries = config.augmentationProperties.queriesInput;
+            augmentedConfig.queries = queryInputs;
         }
     }
     if (augmentedConfig.queries?.length === 0) {
@@ -796,8 +797,12 @@ async function generateCodeScanningConfig(config, logger) {
         delete augmentedConfig.packs;
     }
     augmentedConfig["query-filters"] = [
-        ...(config.augmentationProperties.defaultQueryFilters || []),
+        // Ordering matters. If the first filter is an inclusion, it implicitly
+        // excludes all queries that are not included. If it is an exclusion,
+        // it implicitly includes all queries that are not excluded. So user
+        // filters (if any) should always be first to preserve intent.
         ...(augmentedConfig["query-filters"] || []),
+        ...(config.augmentationProperties.extraQueryExclusions || []),
     ];
     if (augmentedConfig["query-filters"]?.length === 0) {
         delete augmentedConfig["query-filters"];

lib/codeql.test.js

@@ -49,6 +49,7 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const cli_errors_1 = require("./cli-errors");
 const codeql = __importStar(require("./codeql"));
+const config_utils_1 = require("./config-utils");
 const defaults = __importStar(require("./defaults.json"));
 const doc_url_1 = require("./doc-url");
 const languages_1 = require("./languages");
@@ -350,18 +351,16 @@ const injectedConfigMacro = ava_1.default.macro({
     title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
 });
 (0, ava_1.default)("basic", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
 }, {}, {});
 (0, ava_1.default)("injected packs from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {}, {
     packs: ["xxx", "yyy"],
 });
 (0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
-    queriesInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["xxx", "yyy"],
 }, {
@@ -376,8 +375,7 @@ const injectedConfigMacro = ava_1.default.macro({
     },
 });
 (0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
 }, {
     originalUserInput: {
@@ -390,8 +388,7 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 // similar, but with queries
 (0, ava_1.default)("injected queries from input", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
     queries: [
@@ -404,8 +401,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -422,8 +418,8 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
-    packsInputCombines: false,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
     originalUserInput: {
@@ -443,6 +439,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -457,6 +454,7 @@ const injectedConfigMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
+    ...config_utils_1.defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [],

lib/config-utils.js

@@ -80,7 +80,8 @@ exports.defaultAugmentationProperties = {
     packsInputCombines: false,
     packsInput: undefined,
     queriesInput: undefined,
-    defaultQueryFilters: [],
+    qualityQueriesInput: undefined,
+    extraQueryExclusions: [],
 };
 function getPacksStrInvalid(packStr, configFile) {
     return configFile
@@ -226,10 +227,10 @@ async function getRawLanguages(languagesInput, repository, logger) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
+async function getDefaultConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -261,7 +262,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig({ languagesInput, queriesInput, qualityQueriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, dependencyCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
     let parsedYAML;
     if (isLocal(configFile)) {
         if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -279,7 +280,7 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
     }
     const languages = await getLanguages(codeql, languagesInput, repository, logger);
     const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, languages, logger);
+    const augmentationProperties = await calculateAugmentation(codeql, features, packsInput, queriesInput, qualityQueriesInput, languages, logger);
     const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
     return {
         languages,
@@ -320,21 +321,25 @@ async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeI
  *     not have exactly one language.
  */
 // exported for testing.
-async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, languages, logger) {
+async function calculateAugmentation(codeql, features, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, logger) {
     const packsInputCombines = shouldCombine(rawPacksInput);
     const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
     const queriesInputCombines = shouldCombine(rawQueriesInput);
     const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
-    const defaultQueryFilters = [];
+    const qualityQueriesInput = parseQueriesFromInput(rawQualityQueriesInput, false);
+    const extraQueryExclusions = [];
     if (await (0, diff_informed_analysis_utils_1.shouldPerformDiffInformedAnalysis)(codeql, features, logger)) {
-        defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
+        extraQueryExclusions.push({
+            exclude: { tags: "exclude-from-incremental" },
+        });
     }
     return {
         packsInputCombines,
         packsInput: packsInput?.[languages[0]],
         queriesInput,
         queriesInputCombines,
-        defaultQueryFilters,
+        qualityQueriesInput,
+        extraQueryExclusions,
     };
 }
 function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {

lib/config-utils.test.js

@@ -58,6 +58,7 @@ function createTestInitConfigInputs(overrides) {
     return Object.assign({}, {
         languagesInput: undefined,
         queriesInput: undefined,
+        qualityQueriesInput: undefined,
         packsInput: undefined,
         configFile: undefined,
         dbLocation: undefined,
@@ -623,58 +624,63 @@ const packSpecPrettyPrintingMacro = ava_1.default.macro({
 });
 const mockLogger = (0, logging_1.getRunnerLogger)(true);
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger);
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = await configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger);
         t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
     },
     title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
-    queriesInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
+(0, ava_1.default)(calculateAugmentationMacro, "With quality queries", undefined, undefined, " a, b , c, d", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    qualityQueriesInput: [
+        { uses: "a" },
+        { uses: "b" },
+        { uses: "c" },
+        { uses: "d" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With security and quality queries", undefined, " a, b , c, d", "e, f , g,h", [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+        { uses: "e" },
+        { uses: "f" },
+        { uses: "g" },
+        { uses: "h" },
+    ],
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
-    queriesInputCombines: false,
-    queriesInput: undefined,
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
+    ...configUtils.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
-        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, languages, mockLogger), { message: expectedError });
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, expectedError) => {
+        await t.throwsAsync(() => configUtils.calculateAugmentation((0, codeql_1.getCachedCodeQL)(), (0, testing_utils_1.createFeatures)([]), rawPacksInput, rawQueriesInput, rawQualityQueriesInput, languages, mockLogger), { message: expectedError });
     },
     title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 (0, ava_1.default)("no generateRegistries when registries is undefined", async (t) => {
     return await (0, util_1.withTmpDir)(async (tmpDir) => {
         const registriesInput = undefined;

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.21.4",
-    "cliVersion": "2.21.4",
-    "priorBundleVersion": "codeql-bundle-v2.21.3",
-    "priorCliVersion": "2.21.3"
+    "bundleVersion": "codeql-bundle-v2.22.1",
+    "cliVersion": "2.22.1",
+    "priorBundleVersion": "codeql-bundle-v2.22.0",
+    "priorCliVersion": "2.22.0"
 }

lib/init-action.js

@@ -192,6 +192,7 @@ async function run() {
         config = await (0, init_1.initConfig)({
             languagesInput: (0, actions_util_1.getOptionalInput)("languages"),
             queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
+            qualityQueriesInput: (0, actions_util_1.getOptionalInput)("quality-queries"),
             packsInput: (0, actions_util_1.getOptionalInput)("packs"),
             buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
             configFile,
@@ -204,10 +205,8 @@ async function run() {
             // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
             //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
             debugMode: (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(),
-            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") ||
-                util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") ||
-                util_1.DEFAULT_DEBUG_DATABASE_NAME,
+            debugArtifactName: (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME,
             repository: repositoryNwo,
             tempDir: (0, actions_util_1.getTemporaryDirectory)(),
             codeql,
@@ -216,7 +215,7 @@ async function run() {
             apiDetails,
             features,
             logger,
-        }, codeql);
+        });
         await (0, init_1.checkInstallPython311)(config.languages, codeql);
     }
     catch (unwrappedError) {
@@ -353,8 +352,9 @@ async function run() {
             logger.info(`Setting C++ build-mode: none to ${value}`);
             core.exportVariable(bmnVar, value);
         }
-        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
-        if (config.languages.includes(languages_1.Language.rust)) {
+        // For rust: set CODEQL_ENABLE_EXPERIMENTAL_FEATURES, unless codeql already supports rust without it
+        if (config.languages.includes(languages_1.Language.rust) &&
+            !(await codeql.resolveLanguages()).rust) {
             const feat = feature_flags_1.Feature.RustAnalysis;
             const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
             const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
@@ -377,25 +377,12 @@ async function run() {
         if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
             await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
         }
-        // For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
-        // System Integrity Protection (SIP) disabled.
-        if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
-            process.platform === "darwin" &&
-            (process.arch === "arm" || process.arch === "arm64") &&
-            !(await (0, util_1.checkSipEnablement)(logger))) {
-            logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
-        }
-        // From 2.16.0 the default for the python extractor is to not perform any
-        // dependency extraction. For versions before that, you needed to set this flag to
-        // enable this behavior.
+        // Suppress warnings about disabled Python library extraction.
         if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.17.1")) {
             // disabled by default, no warning
         }
-        else if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.16.0")) {
-            // disabled by default, prints warning if environment variable is not set
-            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
-        }
         else {
+            // disabled by default, prints warning if environment variable is not set
             core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
         }
         if ((0, actions_util_1.getOptionalInput)("setup-python-dependencies") !== undefined) {

lib/init.js

@@ -37,7 +37,6 @@ exports.initCodeQL = initCodeQL;
 exports.initConfig = initConfig;
 exports.getOverlayDatabaseMode = getOverlayDatabaseMode;
 exports.runInit = runInit;
-exports.printPathFiltersWarning = printPathFiltersWarning;
 exports.checkInstallPython311 = checkInstallPython311;
 exports.cleanupDatabaseClusterDirectory = cleanupDatabaseClusterDirectory;
 const fs = __importStar(require("fs"));
@@ -50,8 +49,8 @@ const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const git_utils_1 = require("./git-utils");
 const languages_1 = require("./languages");
+const logging_1 = require("./logging");
 const overlay_database_utils_1 = require("./overlay-database-utils");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
@@ -67,15 +66,10 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
         zstdAvailability,
     };
 }
-async function initConfig(inputs, codeql) {
-    const logger = inputs.logger;
-    logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(inputs);
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.InformsAboutUnsupportedPathFilters))) {
-        printPathFiltersWarning(config, logger);
-    }
-    logger.endGroup();
-    return config;
+async function initConfig(inputs) {
+    return await (0, logging_1.withGroupAsync)("Load language configuration", async () => {
+        return await configUtils.initConfig(inputs);
+    });
 }
 async function getOverlayDatabaseMode(codeqlVersion, config, sourceRoot, logger) {
     const overlayDatabaseMode = process.env.CODEQL_OVERLAY_DATABASE_MODE;
@@ -114,15 +108,6 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
     async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, overlayDatabaseMode, logger));
     return await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
 }
-function printPathFiltersWarning(config, logger) {
-    // Index include/exclude/filters only work in javascript/python/ruby.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.originalUserInput.paths?.length ||
-        config.originalUserInput["paths-ignore"]?.length) &&
-        !config.languages.every(languages_1.isScannedLanguage)) {
-        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
-    }
-}
 /**
  * If we are running python 3.12+ on windows, we need to switch to python 3.11.
  * This check happens in a powershell script.

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,gCAyCC;AAED,gCAgBC;AAED,wDAuCC;AAED,0BAoCC;AAED,0DAeC;AAMD,sDAkBC;AAED,0EAkDC;AAjQD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAA0D;AAE1D,qEAGkC;AAIlC,qDAAgD;AAChD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACpD,IACE,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAC5B,6BAAY,CAAC,kCAAkC,CAChD,CAAC,EACF,CAAC;QACD,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAM;QACrC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;QACnD,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,6BAAiB,CAAC,EAC1C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBA,gCAyCC;AAED,gCAMC;AAED,wDAuCC;AAED,0BAoCC;AAMD,sDAkBC;AAED,0EAkDC;AArOD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,+CAAiC;AAEjC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAyC;AACzC,2CAAuC;AACvC,uCAAmD;AACnD,qEAGkC;AAIlC,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,aAAqB,EACrB,MAA0B,EAC1B,UAAkB,EAClB,MAAc;IAEd,MAAM,mBAAmB,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IAErE,IACE,mBAAmB,KAAK,4CAAmB,CAAC,OAAO;QACnD,mBAAmB,KAAK,4CAAmB,CAAC,WAAW,EACvD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,yBAAyB,MAAM,CAAC,SAAS,uBAAuB;gBAChE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,aAAa,EAAE,uDAA8B,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,gCAAgC,uDAA8B,IAAI;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,MAAM,IAAA,sBAAU,EAAC,UAAU,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACjD,MAAM,CAAC,OAAO,CACZ,mBAAmB,mBAAmB,oBAAoB;gBACxD,oBAAoB,UAAU,oCAAoC;gBAClE,0DAA0D,CAC7D,CAAC;YACF,OAAO,4CAAmB,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,OAAO,mBAA0C,CAAC;IACpD,CAAC;IACD,OAAO,4CAAmB,CAAC,IAAI,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,mBAAwC,EACxC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,mBAAmB,EACnB,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,oBAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,EAC3C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

lib/init.test.js

@@ -40,26 +40,9 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const init_1 = require("./init");
-const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are undefined", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: {},
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
-(0, ava_1.default)("printPathFiltersWarning does not trigger when 'paths' and 'paths-ignore' are empty", async (t) => {
-    const messages = [];
-    (0, init_1.printPathFiltersWarning)({
-        languages: [languages_1.Language.cpp],
-        originalUserInput: { paths: [], "paths-ignore": [] },
-    }, (0, testing_utils_1.getRecordingLogger)(messages));
-    t.is(messages.length, 0);
-});
 (0, ava_1.default)("cleanupDatabaseClusterDirectory cleans up where possible", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         const dbLocation = path_1.default.resolve(tmpDir, "dbs");

lib/init.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAGvB,iCAGgB;AAChB,2CAAuC;AACvC,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,wFAAwF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE;KACO,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,IAAA,8BAAuB,EACrB;QACE,SAAS,EAAE,CAAC,oBAAQ,CAAC,GAAG,CAAC;QACzB,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE,EAAE;KACxB,EAC9B,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;IACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAC3B,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"init.test.js","sourceRoot":"","sources":["../src/init.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,gDAAwB;AAExB,8CAAuB;AAEvB,iCAAyD;AACzD,mDAKyB;AACzB,iCAAwD;AAExD,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0DAA0D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3E,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;QACxC,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAAC,UAAU,EAAE,0BAA0B,CAAC,CAAC;QAC3E,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,CAC7B,CAAC;QAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,yCAAyC,UAAU,GAAG,CACvD,CAAC;QAEF,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,KAAK,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI;IACrD;QACE,SAAS,EAAE,aAAa;QACxB,gBAAgB,EAAE,yBAAkB;QACpC,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,0FAA0F;YAC1F,6FAA6F;YAC7F,8CAA8C;KACjD;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,gBAAgB,EAAE,KAAK;QACvB,OAAO,EAAE,CAAC,UAAU,EAAE,EAAE,CACtB,8FAA8F;YAC9F,MAAM,UAAU,8EAA8E;YAC9F,wFAAwF;YACxF,4FAA4F;YAC5F,2CAA2C;KAC9C;CACF,EAAE,CAAC;IACF,IAAA,aAAI,EAAC,4CAA4C,gBAAgB,CAAC,IAAI,0BAA0B,SAAS,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9H,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAc,EAAE,EAAE;YACxC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,SAAS,CAAC;YAE9C,MAAM,UAAU,GAAG,cAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC/C,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9C,MAAM,aAAa,GAAG,cAAI,CAAC,OAAO,CAChC,UAAU,EACV,0BAA0B,CAC3B,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAEpC,MAAM,WAAW,GAAG,2BAA2B,aAAa,EAAE,CAAC;YAE/D,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,CAAC,CAAC,MAAM,CACN,GAAG,EAAE,CACH,IAAA,sCAA+B,EAC7B,IAAA,gCAAgB,EAAC,EAAE,UAAU,EAAE,CAAC,EAChC,IAAA,kCAAkB,EAAC,QAAQ,CAAC,EAC5B,GAAG,EAAE;gBACH,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;YAC/B,CAAC,CACF,EACH;gBACE,UAAU,EAAE,gBAAgB;gBAC5B,OAAO,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,aAAa,WAAW,EAAE;aAC1D,CACF,CAAC;YAEF,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YACzB,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAClC,CAAC,CAAC,EAAE,CACF,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,EACnB,kCAAkC,UAAU,4CAA4C,CACzF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

lib/start-proxy-action.js

@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [

lib/start-proxy.js

@@ -1,6 +1,40 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getCredentials = getCredentials;
+const core = __importStar(require("@actions/core"));
 const languages_1 = require("./languages");
 const util_1 = require("./util");
 const LANGUAGE_TO_REGISTRY_TYPE = {
@@ -49,6 +83,13 @@ function getCredentials(logger, registrySecrets, registriesCredentials, language
     }
     const out = [];
     for (const e of parsed) {
+        // Mask credentials to reduce chance of accidental leakage in logs.
+        if (e.password !== undefined) {
+            core.setSecret(e.password);
+        }
+        if (e.token !== undefined) {
+            core.setSecret(e.token);
+        }
         if (e.url === undefined && e.host === undefined) {
             // The proxy needs one of these to work. If both are defined, the url has the precedence.
             throw new util_1.ConfigurationError("Invalid credentials - must specify host or url");

lib/start-proxy.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;AA8BA,wCA2EC;AAzGD,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"start-proxy.js","sourceRoot":"","sources":["../src/start-proxy.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgCA,wCAmFC;AAnHD,oDAAsC;AAEtC,2CAAsD;AAEtD,iCAA4C;AAW5C,MAAM,yBAAyB,GAA6B;IAC1D,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,YAAY;IACpB,UAAU,EAAE,cAAc;IAC1B,MAAM,EAAE,cAAc;IACtB,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,gBAAgB;IACtB,EAAE,EAAE,gBAAgB;IACpB,oFAAoF;IACpF,OAAO,EAAE,EAAE;IACX,GAAG,EAAE,EAAE;IACP,KAAK,EAAE,EAAE;CACD,CAAC;AAEX,kEAAkE;AAClE,+DAA+D;AAC/D,gDAAgD;AAChD,SAAgB,cAAc,CAC5B,MAAc,EACd,eAAmC,EACnC,qBAAyC,EACzC,cAAkC;IAElC,MAAM,QAAQ,GAAG,cAAc,CAAC,CAAC,CAAC,IAAA,yBAAa,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5E,MAAM,uBAAuB,GAAG,QAAQ;QACtC,CAAC,CAAC,yBAAyB,CAAC,QAAQ,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAEd,IAAI,cAAsB,CAAC;IAC3B,IAAI,qBAAqB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QACnD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC3E,CAAC;SAAM,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC7C,cAAc,GAAG,eAAe,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,qCAAqC;IACrC,IAAI,MAAoB,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAiB,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACtD,MAAM,IAAI,yBAAkB,CAAC,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,GAAG,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,mEAAmE;QACnE,IAAI,CAAC,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1B,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChD,yFAAyF;YACzF,MAAM,IAAI,yBAAkB,CAC1B,gDAAgD,CACjD,CAAC;QACJ,CAAC;QAED,kFAAkF;QAClF,iEAAiE;QACjE,IAAI,uBAAuB,IAAI,CAAC,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAuB,EAAW,EAAE;YACvD,OAAO,GAAG,CAAC,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjD,CAAC,CAAC;QAEF,IACE,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC;YACpB,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;YACnB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;YACxB,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EACrB,CAAC;YACD,MAAM,IAAI,yBAAkB,CAC1B,qEAAqE,CACtE,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,IAAI,CAAC;YACP,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,GAAG,EAAE,CAAC,CAAC,GAAG;YACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;SACf,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

lib/tools-features.js

@@ -40,12 +40,8 @@ const semver = __importStar(require("semver"));
 var ToolsFeature;
 (function (ToolsFeature) {
     ToolsFeature["AnalysisSummaryV2IsDefault"] = "analysisSummaryV2Default";
-    ToolsFeature["BuildModeOption"] = "buildModeOption";
     ToolsFeature["DatabaseInterpretResultsSupportsSarifRunProperty"] = "databaseInterpretResultsSupportsSarifRunProperty";
     ToolsFeature["IndirectTracingSupportsStaticBinaries"] = "indirectTracingSupportsStaticBinaries";
-    ToolsFeature["InformsAboutUnsupportedPathFilters"] = "informsAboutUnsupportedPathFilters";
-    ToolsFeature["SetsCodeqlRunnerEnvVar"] = "setsCodeqlRunnerEnvVar";
-    ToolsFeature["TraceCommandUseBuildMode"] = "traceCommandUseBuildMode";
     ToolsFeature["SarifMergeRunsFromEqualCategory"] = "sarifMergeRunsFromEqualCategory";
     ToolsFeature["ForceOverwrite"] = "forceOverwrite";
     ToolsFeature["PythonDefaultIsToNotExtractStdlib"] = "pythonDefaultIsToNotExtractStdlib";

lib/tools-features.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwBA,0DAKC;AAcD,oDAIC;AA/CD,+CAAiC;AAIjC,IAAY,YAWX;AAXD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,mDAAmC,CAAA;IACnC,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,yFAAyE,CAAA;IACzE,iEAAiD,CAAA;IACjD,qEAAqD,CAAA;IACrD,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAXW,YAAY,4BAAZ,YAAY,QAWvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}
+{"version":3,"file":"tools-features.js","sourceRoot":"","sources":["../src/tools-features.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,0DAKC;AAcD,oDAIC;AA3CD,+CAAiC;AAIjC,IAAY,YAOX;AAPD,WAAY,YAAY;IACtB,uEAAuD,CAAA;IACvD,qHAAqG,CAAA;IACrG,+FAA+E,CAAA;IAC/E,mFAAmE,CAAA;IACnE,iDAAiC,CAAA;IACjC,uFAAuE,CAAA;AACzE,CAAC,EAPW,YAAY,4BAAZ,YAAY,QAOvB;AAED;;;;;;GAMG;AACH,SAAgB,uBAAuB,CACrC,WAAwB,EACxB,OAAqB;IAErB,OAAO,CAAC,CAAC,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,yBAAyB,GAAG,QAAQ,CAAC;AAElD;;;;;;;;;GASG;AACH,SAAgB,oBAAoB,CAAC,aAAsB;IACzD,OAAO,CAAC,aAAa;QACnB,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,EAAE,iCAAyB,CAAC,CAAC;AAC3D,CAAC"}

lib/tools-features.test.js

@@ -8,14 +8,8 @@ const testing_utils_1 = require("./testing-utils");
 const tools_features_1 = require("./tools-features");
 (0, ava_1.default)("isSupportedToolsFeature", async (t) => {
     const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-    versionInfo.features = { indirectTracingSupportsStaticBinaries: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries));
-});
-(0, ava_1.default)("setsCodeqlRunnerEnvVar", async (t) => {
-    const versionInfo = (0, testing_utils_1.makeVersionInfo)("1.0.0");
-    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
-    versionInfo.features = { setsCodeqlRunnerEnvVar: true };
-    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar));
+    t.false((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
+    versionInfo.features = { forceOverwrite: true };
+    t.true((0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.ForceOverwrite));
 });
 //# sourceMappingURL=tools-features.test.js.map

lib/tools-features.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,qCAAqC,EAAE,IAAI,EAAE,CAAC;IAEvE,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EACrB,WAAW,EACX,6BAAY,CAAC,qCAAqC,CACnD,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,wBAAwB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACzC,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CACL,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;IAEF,WAAW,CAAC,QAAQ,GAAG,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC;IAExD,CAAC,CAAC,IAAI,CACJ,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,sBAAsB,CAAC,CAC1E,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tools-features.test.js","sourceRoot":"","sources":["../src/tools-features.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAAkD;AAClD,qDAAyE;AAEzE,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,WAAW,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAE7C,CAAC,CAAC,KAAK,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAE3E,WAAW,CAAC,QAAQ,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;IAEhD,CAAC,CAAC,IAAI,CAAC,IAAA,wCAAuB,EAAC,WAAW,EAAE,6BAAY,CAAC,cAAc,CAAC,CAAC,CAAC;AAC5E,CAAC,CAAC,CAAC"}

lib/tracer-config.js

@@ -40,17 +40,15 @@ exports.getCombinedTracerConfig = getCombinedTracerConfig;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const languages_1 = require("./languages");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function shouldEnableIndirectTracing(codeql, config) {
+async function shouldEnableIndirectTracing(_codeql, config) {
     // We don't need to trace build mode none, or languages which unconditionally don't need tracing.
     if (config.buildMode === util_1.BuildMode.None) {
         return false;
     }
     // If the CLI supports `trace-command` with a `--build-mode`, we'll use direct tracing instead of
     // indirect tracing.
-    if (config.buildMode === util_1.BuildMode.Autobuild &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
+    if (config.buildMode === util_1.BuildMode.Autobuild) {
         return false;
     }
     // Otherwise, use direct tracing if any of the languages need to be traced.
@@ -98,18 +96,6 @@ async function getCombinedTracerConfig(codeql, config) {
     if (!(await shouldEnableIndirectTracing(codeql, config))) {
         return undefined;
     }
-    const mainTracerConfig = await getTracerConfigForCluster(config);
-    // If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
-    // the runner executable path, we set it here in the Action.
-    if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
-        // On macOS when System Integrity Protection is enabled, it's necessary to prefix
-        // the build command with the runner executable for indirect tracing, so we expose
-        // it here via the CODEQL_RUNNER environment variable.
-        // The executable also exists and works for other platforms so we unconditionally
-        // set the environment variable.
-        const runnerExeName = process.platform === "win32" ? "runner.exe" : "runner";
-        mainTracerConfig.env["CODEQL_RUNNER"] = path.join(mainTracerConfig.env["CODEQL_DIST"], "tools", mainTracerConfig.env["CODEQL_PLATFORM"], runnerExeName);
-    }
-    return mainTracerConfig;
+    return await getTracerConfigForCluster(config);
 }
 //# sourceMappingURL=tracer-config.js.map

lib/tracer-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAcA,kEAoBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DA6BC;AAjID,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,qDAAgD;AAChD,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IACE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS;QACxC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,EACrE,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAEjE,mFAAmF;IACnF,4DAA4D;IAC5D,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,sBAAsB,CAAC,CAAC,EAAE,CAAC;QACzE,iFAAiF;QACjF,kFAAkF;QAClF,sDAAsD;QACtD,iFAAiF;QACjF,gCAAgC;QAChC,MAAM,aAAa,GACjB,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC;QACzD,gBAAgB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CAC/C,gBAAgB,CAAC,GAAG,CAAC,aAAa,CAAC,EACnC,OAAO,EACP,gBAAgB,CAAC,GAAG,CAAC,iBAAiB,CAAC,EACvC,aAAa,CACd,CAAC;IACJ,CAAC;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC"}
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA,kEAiBC;AAWD,oDAoCC;AAED,8DAeC;AAED,0DASC;AAzGD,uCAAyB;AACzB,2CAA6B;AAI7B,2CAA+C;AAE/C,iCAAmC;AAM5B,KAAK,UAAU,2BAA2B,CAC/C,OAAe,EACf,MAAc;IAEd,iGAAiG;IACjG,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,iGAAiG;IACjG,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,2EAA2E;IAC3E,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,4BAAgB,EAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAE,OAAO;IAEjE,MAAM,CAAC,IAAI,CACT,iGAAiG,CAClG,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CACnC,MAAM,CAAC,UAAU,EACjB,0CAA0C,CAC3C,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,kDAAkD,gBAAgB,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,sBAAsB,GAA+B,IAAI,CAAC,KAAK,CACnE,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAC1C,CAAC;QACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAClE,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc;IAEd,MAAM,mBAAmB,GAAG,IAAI,CAAC,KAAK,CACpC,EAAE,CAAC,YAAY,CACb,IAAI,CAAC,OAAO,CACV,MAAM,CAAC,UAAU,EACjB,4CAA4C,CAC7C,EACD,MAAM,CACP,CACF,CAAC;IACF,OAAO;QACL,GAAG,EAAE,mBAAmB;KACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAc;IAEd,IAAI,CAAC,CAAC,MAAM,2BAA2B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;QACzD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;AACjD,CAAC"}

lib/tracer-config.test.js

@@ -59,7 +59,7 @@ function getTestConfig(tempDir) {
         t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config), undefined);
     });
 });
-(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         const config = getTestConfig(tmpDir);
         const bundlePath = path.join(tmpDir, "bundle");
@@ -79,41 +79,6 @@ function getTestConfig(tempDir) {
         fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
         const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0"), config);
         t.notDeepEqual(result, undefined);
-        const expectedEnv = startTracingEnv;
-        if (process.platform === "win32") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
-        }
-        else if (process.platform === "darwin") {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/osx64/runner");
-        }
-        else {
-            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
-        }
-        t.deepEqual(result, {
-            env: expectedEnv,
-        });
-    });
-});
-(0, ava_1.default)("getCombinedTracerConfig - with SetsCodeqlRunnerEnvVar feature enabled in CLI", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const bundlePath = path.join(tmpDir, "bundle");
-        const codeqlPlatform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "darwin"
-                ? "osx64"
-                : "linux64";
-        const startTracingEnv = {
-            foo: "bar",
-            CODEQL_DIST: bundlePath,
-            CODEQL_PLATFORM: codeqlPlatform,
-        };
-        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
-        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
-        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
-        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)((0, testing_utils_1.mockCodeQLVersion)("1.0.0", { setsCodeqlRunnerEnvVar: true }), config);
-        t.notDeepEqual(result, undefined);
         t.false(Object.prototype.hasOwnProperty.call(result?.env, "CODEQL_RUNNER"));
     });
 });

lib/tracer-config.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oEAAoE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,MAAM,WAAW,GAAG,eAAe,CAAC;QAEpC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,wBAAwB,CACzB,CAAC;QACJ,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACzC,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,oBAAoB,CACrB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,IAAI,CACtC,UAAU,EACV,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE;YAClB,GAAG,EAAE,WAAW;SACjB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,8EAA8E,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/F,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAC,EAC5D,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"tracer-config.test.js","sourceRoot":"","sources":["../src/tracer-config.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,8CAAuB;AAGvB,2CAAuC;AACvC,mDAIyB;AACzB,mDAA0D;AAC1D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,IAAA,gCAAgB,EAAC;QACtB,SAAS,EAAE,CAAC,oBAAQ,CAAC,IAAI,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;KACtD,CAAC,CAAC;AACL,CAAC;AAED,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACrC,sBAAsB;QACtB,MAAM,CAAC,SAAS,GAAG,CAAC,oBAAQ,CAAC,UAAU,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC,CAAC,SAAS,CACT,MAAM,IAAA,uCAAuB,EAAC,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAAE,MAAM,CAAC,EACjE,SAAS,CACV,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/C,MAAM,cAAc,GAClB,OAAO,CAAC,QAAQ,KAAK,OAAO;YAC1B,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;gBAC7B,CAAC,CAAC,OAAO;gBACT,CAAC,CAAC,SAAS,CAAC;QAClB,MAAM,eAAe,GAAG;YACtB,GAAG,EAAE,KAAK;YACV,WAAW,EAAE,UAAU;YACvB,eAAe,EAAE,cAAc;SAChC,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,IAAI,CACrC,MAAM,CAAC,UAAU,EACjB,MAAM,EACN,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAChC,qBAAqB,EACrB,oBAAoB,CACrB,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,IAAA,uCAAuB,EAC1C,IAAA,iCAAiB,EAAC,OAAO,CAAC,EAC1B,MAAM,CACP,CAAC;QACF,CAAC,CAAC,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAElC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.28.20",
+  "version": "3.29.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "3.28.20",
+  "version": "3.29.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "3.28.20",
+      "version": "3.29.1",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^2.3.1",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.28.20",
+  "version": "3.29.1",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

pr-checks/checks/all-platform-bundle.yml

@@ -3,12 +3,13 @@ description: "Tests using an all-platform CodeQL Bundle"
 versions: ["nightly-latest"]
 operatingSystems: ["ubuntu"]
 useAllPlatformBundle: "true"
+installGo: "true"
 steps:
   - id: init
     uses: ./../action/init
     with:
       # Swift is not supported on Ubuntu so we manually exclude it from the list here
-      languages: cpp,csharp,go,java,javascript,python,ruby 
+      languages: cpp,csharp,go,java,javascript,python,ruby
       tools: ${{ steps.prepare-test.outputs.tools-url }}
   - name: Build code
     shell: bash

pr-checks/checks/analyze-ref-input.yml

@@ -1,6 +1,7 @@
 name: "Analyze: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/build-mode-manual.yml

@@ -2,6 +2,7 @@ name: "Build mode manual"
 description: "An end-to-end integration test of a Java repository built using 'build-mode: manual'"
 operatingSystems: ["ubuntu"]
 versions: ["nightly-latest"]
+installGo: "true"
 steps:
   - uses: ./../action/init
     id: init

pr-checks/checks/cpp-deptrace-enabled-on-macos.yml

@@ -1,7 +1,7 @@
 name: "C/C++: autoinstalling dependencies is skipped (macOS)"
 description: "Checks that running C/C++ autobuild with autoinstalling dependencies explicitly enabled is a no-op on macOS"
 operatingSystems: ["macos"]
-versions: ["nightly-latest"]  # This is not released yet, will come with 2.15.2
+versions: ["linked", "nightly-latest"]
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
 steps:

pr-checks/checks/export-file-baseline-information.yml

@@ -1,6 +1,7 @@
 name: "Export file baseline information"
 description: "Tests that file baseline information is exported when the feature is enabled"
 versions: ["nightly-latest"]
+installGo: "true"
 env:
   CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
 steps:

pr-checks/checks/go-custom-queries.yml

@@ -5,12 +5,10 @@ operatingSystems:
 versions:
   - linked
   - nightly-latest
+installGo: "true"
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      go-version: ">=1.21.0"
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/go-indirect-tracing-workaround-diagnostic.yml

@@ -4,11 +4,8 @@ description: "Checks that we emit a diagnostic if Go is changed after the init s
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      # We need a Go version that ships with statically linked binaries on Linux
-      go-version: ">=1.21.0"
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml

@@ -4,11 +4,8 @@ description: "Checks that we emit a diagnostic if the `file` program is not inst
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      # We need a Go version that ships with statically linked binaries on Linux
-      go-version: ">=1.21.0"
   - name: Remove `file` program
     run: |
       echo $(which file)

pr-checks/checks/go-indirect-tracing-workaround.yml

@@ -4,11 +4,8 @@ description: "Checks that our workaround for indirect tracing for Go 1.21+ on Li
 operatingSystems: ["ubuntu"]
 # pinned to a version which does not support statically linked binaries for indirect tracing
 versions: ["default"]
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      # We need a Go version that ships with statically linked binaries on Linux
-      go-version: ">=1.21.0"
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/go-tracing-autobuilder.yml

@@ -3,13 +3,8 @@ description: "Checks that Go tracing works when using an autobuilder step"
 operatingSystems: ["ubuntu", "macos"]
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      go-version: "~1.24.0"
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-      cache: false
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/go-tracing-custom-build-steps.yml

@@ -1,13 +1,8 @@
 name: "Go: tracing with custom build steps"
 description: "Checks that Go tracing traces the build when using custom build steps"
 operatingSystems: ["ubuntu", "macos"]
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      go-version: "~1.24.0"
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-      cache: false
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/go-tracing-legacy-workflow.yml

@@ -3,13 +3,8 @@ description: "Checks that we run the autobuilder in legacy workflows with neithe
 operatingSystems: ["ubuntu", "macos"]
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      go-version: "~1.24.0"
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-      cache: false
   - uses: ./../action/init
     with:
       languages: go

pr-checks/checks/multi-language-autodetect.yml

@@ -1,11 +1,8 @@
 name: "Multi-language repository"
 description: "An end-to-end integration test of a multi-language repository using automatic language detection for macOS"
 operatingSystems: ["macos", "ubuntu"]
+installGo: "true"
 steps:
-  - uses: actions/setup-go@v5
-    with:
-      go-version: ">=1.21.0"
-
   - uses: ./../action/init
     id: init
     with:

pr-checks/checks/packaging-codescanning-config-inputs-js.yml

@@ -1,6 +1,7 @@
 name: "Packaging: Config and input passed to the CLI"
 description: "Checks that specifying packages using a combination of a config file and input to the Action works"
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/packaging-config-inputs-js.yml

@@ -1,6 +1,7 @@
 name: "Packaging: Config and input"
 description: "Checks that specifying packages using a combination of a config file and input to the Action works"
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/packaging-config-js.yml

@@ -1,6 +1,7 @@
 name: "Packaging: Config file"
 description: "Checks that specifying packages using only a config file works"
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/packaging-inputs-js.yml

@@ -1,6 +1,7 @@
 name: "Packaging: Action input"
 description: "Checks that specifying packages using the input to the Action works"
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/quality-queries.yml

@@ -0,0 +1,45 @@
+name: "Quality queries input"
+description: "Tests that queries specified in the quality-queries input are used."
+versions: ["linked", "nightly-latest"]
+steps:
+  - uses: ./../action/init
+    with:
+      languages: javascript
+      quality-queries: code-quality
+      tools: ${{ steps.prepare-test.outputs.tools-url }}
+  - uses: ./../action/analyze
+    with:
+      output: "${{ runner.temp }}/results"
+      upload-database: false
+  - name: Upload SARIF
+    uses: actions/upload-artifact@v4
+    with:
+      name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+      path: "${{ runner.temp }}/results/javascript.sarif"
+      retention-days: 7
+  - name: Check config properties appear in SARIF
+    uses: actions/github-script@v7
+    env:
+      SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
+    with:
+      script: |
+        const fs = require('fs');
+
+        const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+        const run = sarif.runs[0];
+        const configSummary = run.properties.codeqlConfigSummary;
+
+        if (configSummary === undefined) {
+          core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
+        }
+        if (configSummary.disableDefaultQueries !== false) {
+          core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+            `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
+        }
+        const expectedQueries = [{ type: 'builtinSuite', uses: 'code-quality' }];
+        // Use JSON.stringify to deep-equal the arrays.
+        if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
+          core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+            `${JSON.stringify(configSummary.queries)}.`);
+        }
+        core.info('Finished config export tests.');

pr-checks/checks/remote-config.yml

@@ -5,6 +5,7 @@ operatingSystems:
 versions:
   - linked
   - nightly-latest
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/rubocop-multi-language.yml

@@ -5,7 +5,7 @@ operatingSystems: ["ubuntu"]
 versions: ["default"]
 steps:
   - name: Set up Ruby
-    uses: ruby/setup-ruby@13e7a03dc3ac6c3798f4570bfead2aed4d96abfb # v1.244.0
+    uses: ruby/setup-ruby@a4effe49ee8ee5b8b5091268c473a4628afb5651 # v1.245.0
     with:
       ruby-version: 2.6
   - name: Install Code Scanning integration

pr-checks/checks/split-workflow.yml

@@ -2,6 +2,7 @@ name: "Split workflow"
 description: "Tests a split-up workflow in which we first build a database and later analyze it"
 operatingSystems: ["ubuntu", "macos"]
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/swift-custom-build.yml

@@ -2,6 +2,7 @@ name: "Swift analysis using a custom build command"
 description: "Tests creation of a Swift database using custom build"
 versions: ["linked", "default", "nightly-latest"]
 operatingSystems: ["macos"]
+installGo: "true"
 env:
   DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
 steps:

pr-checks/checks/test-local-codeql.yml

@@ -2,6 +2,7 @@ name: "Local CodeQL bundle"
 description: "Tests using a CodeQL bundle from a local file rather than a URL"
 versions: ["nightly-latest"]
 operatingSystems: ["ubuntu"]
+installGo: "true"
 steps:
   - name: Fetch a CodeQL bundle
     shell: bash

pr-checks/checks/unset-environment.yml

@@ -5,17 +5,15 @@ operatingSystems:
 versions:
   - linked
   - nightly-latest
+installGo: "true"
 steps:
   - uses: ./../action/init
     id: init
     with:
       db-location: ${{ runner.temp }}/customDbLocation
       # Swift is not supported on Ubuntu so we manually exclude it from the list here
-      languages: cpp,csharp,go,java,javascript,python,ruby 
+      languages: cpp,csharp,go,java,javascript,python,ruby
       tools: ${{ steps.prepare-test.outputs.tools-url }}
-  - uses: actions/setup-go@v5
-    with:
-      go-version: '>=1.21.0'
   - name: Build code
     shell: bash
     run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

pr-checks/checks/upload-ref-sha-input.yml

@@ -1,6 +1,7 @@
 name: "Upload-sarif: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
+installGo: "true"
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/with-checkout-path.yml

@@ -1,6 +1,7 @@
 name: "Use a custom `checkout_path`"
 description: "Checks that a custom `checkout_path` will find the proper commit_oid"
 versions: ["linked"]
+installGo: "true"
 steps:
   # This ensures we don't accidentally use the original checkout for any part of the test.
   - name: Delete original checkout

pr-checks/sync.py

@@ -9,8 +9,6 @@ import os
 # The default set of CodeQL Bundle versions to use for the PR checks.
 defaultTestVersions = [
     # The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
-    "stable-v2.15.5",
-    # The last CodeQL release in the 2.16 series.
     "stable-v2.16.6",
     # The last CodeQL release in the 2.17 series.
     "stable-v2.17.6",
@@ -18,6 +16,8 @@ defaultTestVersions = [
     "stable-v2.18.4",
     # The last CodeQL release in the 2.19 series.
     "stable-v2.19.4",
+    # The last CodeQL release in the 2.20 series.
+    "stable-v2.20.7",
     # The default version of CodeQL for Dotcom, as determined by feature flags.
     "default",
     # The version of CodeQL shipped with the Action in `defaults.json`. During the release process
@@ -108,6 +108,22 @@ for file in (this_dir / 'checks').glob('*.yml'):
         },
     ]
 
+    installGo = False
+    if checkSpecification.get('installGo'):
+        installGo = True if checkSpecification['installGo'].lower() == "true" else False
+
+    if installGo:
+        steps.append({
+            'name': 'Install Go',
+            'uses': 'actions/setup-go@v5',
+            'with': {
+                'go-version': '>=1.21.0',
+                # to avoid potentially misleading autobuilder results where we expect it to download
+                # dependencies successfully, but they actually come from a warm cache
+                'cache': False
+            }
+        })
+
     # If container initialisation steps are present in the check specification,
     # make sure to execute them first.
     if 'container' in checkSpecification and 'container-init-steps' in checkSpecification:

src/analyze.ts

@@ -24,7 +24,6 @@ import { isScannedLanguage, Language } from "./languages";
 import { Logger, withGroupAsync } from "./logging";
 import { getRepositoryNwoFromEnv } from "./repository";
 import { DatabaseCreationTimings, EventReport } from "./status-report";
-import { ToolsFeature } from "./tools-features";
 import { endTracingForCluster } from "./tracer-config";
 import * as util from "./util";
 import { BuildMode } from "./util";
@@ -167,10 +166,7 @@ export async function runExtraction(
       if (language === Language.python) {
         await setupPythonExtractor(logger);
       }
-      if (
-        config.buildMode &&
-        (await codeql.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))
-      ) {
+      if (config.buildMode) {
         if (
           language === Language.cpp &&
           config.buildMode === BuildMode.Autobuild

src/api-compatibility.json

@@ -1 +1 @@
-{"maximumVersion": "3.18", "minimumVersion": "3.13"}
+{"maximumVersion": "3.18", "minimumVersion": "3.14"}

src/autobuild.ts

@@ -10,17 +10,15 @@ import { Feature, featureConfig, Features } from "./feature-flags";
 import { isTracedLanguage, Language } from "./languages";
 import { Logger } from "./logging";
 import { getRepositoryNwo } from "./repository";
-import { ToolsFeature } from "./tools-features";
 import { BuildMode } from "./util";
 
 export async function determineAutobuildLanguages(
-  codeql: CodeQL,
+  _codeql: CodeQL,
   config: configUtils.Config,
   logger: Logger,
 ): Promise<Language[] | undefined> {
   if (
-    (config.buildMode === BuildMode.None &&
-      (await codeql.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))) ||
+    config.buildMode === BuildMode.None ||
     config.buildMode === BuildMode.Manual
   ) {
     logger.info(
@@ -160,10 +158,7 @@ export async function runAutobuild(
   if (language === Language.cpp) {
     await setupCppAutobuild(codeQL, logger);
   }
-  if (
-    config.buildMode &&
-    (await codeQL.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))
-  ) {
+  if (config.buildMode) {
     await codeQL.extractUsingBuildMode(config, language);
   } else {
     await codeQL.runAutobuild(config, language);

src/codeql.test.ts

@@ -14,7 +14,11 @@ import * as actionsUtil from "./actions-util";
 import { GitHubApiDetails } from "./api-client";
 import { CliError } from "./cli-errors";
 import * as codeql from "./codeql";
-import { AugmentationProperties, Config } from "./config-utils";
+import {
+  AugmentationProperties,
+  Config,
+  defaultAugmentationProperties,
+} from "./config-utils";
 import * as defaults from "./defaults.json";
 import { DocUrl } from "./doc-url";
 import { FeatureEnablement } from "./feature-flags";
@@ -537,8 +541,7 @@ test(
   "basic",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...defaultAugmentationProperties,
   },
   {},
   {},
@@ -548,8 +551,7 @@ test(
   "injected packs from input",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
   },
   {},
@@ -562,7 +564,7 @@ test(
   "injected packs from input with existing packs combines",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
+    ...defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["xxx", "yyy"],
   },
@@ -584,8 +586,7 @@ test(
   "injected packs from input with existing packs overrides",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...defaultAugmentationProperties,
     packsInput: ["xxx", "yyy"],
   },
   {
@@ -605,8 +606,7 @@ test(
   "injected queries from input",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
   },
   {},
@@ -626,8 +626,7 @@ test(
   "injected queries from input overrides",
   injectedConfigMacro,
   {
-    queriesInputCombines: false,
-    packsInputCombines: false,
+    ...defaultAugmentationProperties,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
   },
   {
@@ -651,8 +650,8 @@ test(
   "injected queries from input combines",
   injectedConfigMacro,
   {
+    ...defaultAugmentationProperties,
     queriesInputCombines: true,
-    packsInputCombines: false,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
   },
   {
@@ -679,6 +678,7 @@ test(
   "injected queries from input combines 2",
   injectedConfigMacro,
   {
+    ...defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -700,6 +700,7 @@ test(
   "injected queries and packs, but empty",
   injectedConfigMacro,
   {
+    ...defaultAugmentationProperties,
     queriesInputCombines: true,
     packsInputCombines: true,
     queriesInput: [],

src/codeql.ts

@@ -280,7 +280,7 @@ let cachedCodeQL: CodeQL | undefined = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.15.5";
+const CODEQL_MINIMUM_VERSION = "2.16.6";
 
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
@@ -582,10 +582,7 @@ export async function getCodeQLForCmd(
         extraArgs.push("--external-repository-token-stdin");
       }
 
-      if (
-        config.buildMode !== undefined &&
-        (await this.supportsFeature(ToolsFeature.BuildModeOption))
-      ) {
+      if (config.buildMode !== undefined) {
         extraArgs.push(`--build-mode=${config.buildMode}`);
       }
       if (qlconfigFile !== undefined) {
@@ -1222,13 +1219,20 @@ async function generateCodeScanningConfig(
   const augmentedConfig = cloneObject(config.originalUserInput);
 
   // Inject the queries from the input
-  if (config.augmentationProperties.queriesInput) {
+  if (
+    config.augmentationProperties.queriesInput ||
+    config.augmentationProperties.qualityQueriesInput
+  ) {
+    const queryInputs = (
+      config.augmentationProperties.queriesInput || []
+    ).concat(config.augmentationProperties.qualityQueriesInput || []);
+
     if (config.augmentationProperties.queriesInputCombines) {
       augmentedConfig.queries = (augmentedConfig.queries || []).concat(
-        config.augmentationProperties.queriesInput,
+        queryInputs,
       );
     } else {
-      augmentedConfig.queries = config.augmentationProperties.queriesInput;
+      augmentedConfig.queries = queryInputs;
     }
   }
   if (augmentedConfig.queries?.length === 0) {
@@ -1262,8 +1266,12 @@ async function generateCodeScanningConfig(
   }
 
   augmentedConfig["query-filters"] = [
-    ...(config.augmentationProperties.defaultQueryFilters || []),
+    // Ordering matters. If the first filter is an inclusion, it implicitly
+    // excludes all queries that are not included. If it is an exclusion,
+    // it implicitly includes all queries that are not excluded. So user
+    // filters (if any) should always be first to preserve intent.
     ...(augmentedConfig["query-filters"] || []),
+    ...(config.augmentationProperties.extraQueryExclusions || []),
   ];
   if (augmentedConfig["query-filters"]?.length === 0) {
     delete augmentedConfig["query-filters"];

src/config-utils.test.ts

@@ -47,6 +47,7 @@ function createTestInitConfigInputs(
     {
       languagesInput: undefined,
       queriesInput: undefined,
+      qualityQueriesInput: undefined,
       packsInput: undefined,
       configFile: undefined,
       dbLocation: undefined,
@@ -806,6 +807,7 @@ const calculateAugmentationMacro = test.macro({
     _title: string,
     rawPacksInput: string | undefined,
     rawQueriesInput: string | undefined,
+    rawQualityQueriesInput: string | undefined,
     languages: Language[],
     expectedAugmentationProperties: configUtils.AugmentationProperties,
   ) => {
@@ -815,6 +817,7 @@ const calculateAugmentationMacro = test.macro({
         createFeatures([]),
         rawPacksInput,
         rawQueriesInput,
+        rawQualityQueriesInput,
         languages,
         mockLogger,
       );
@@ -828,14 +831,11 @@ test(
   "All empty",
   undefined,
   undefined,
+  undefined,
   [Language.javascript],
   {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
-  } as configUtils.AugmentationProperties,
+    ...configUtils.defaultAugmentationProperties,
+  },
 );
 
 test(
@@ -843,14 +843,12 @@ test(
   "With queries",
   undefined,
   " a, b , c, d",
+  undefined,
   [Language.javascript],
   {
-    queriesInputCombines: false,
+    ...configUtils.defaultAugmentationProperties,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
-  } as configUtils.AugmentationProperties,
+  },
 );
 
 test(
@@ -858,14 +856,50 @@ test(
   "With queries combining",
   undefined,
   "   +   a, b , c, d ",
+  undefined,
   [Language.javascript],
   {
+    ...configUtils.defaultAugmentationProperties,
     queriesInputCombines: true,
     queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
-    packsInputCombines: false,
-    packsInput: undefined,
-    defaultQueryFilters: [],
-  } as configUtils.AugmentationProperties,
+  },
+);
+
+test(
+  calculateAugmentationMacro,
+  "With quality queries",
+  undefined,
+  undefined,
+  " a, b , c, d",
+  [Language.javascript],
+  {
+    ...configUtils.defaultAugmentationProperties,
+    qualityQueriesInput: [
+      { uses: "a" },
+      { uses: "b" },
+      { uses: "c" },
+      { uses: "d" },
+    ],
+  },
+);
+
+test(
+  calculateAugmentationMacro,
+  "With security and quality queries",
+  undefined,
+  " a, b , c, d",
+  "e, f , g,h",
+  [Language.javascript],
+  {
+    ...configUtils.defaultAugmentationProperties,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    qualityQueriesInput: [
+      { uses: "e" },
+      { uses: "f" },
+      { uses: "g" },
+      { uses: "h" },
+    ],
+  },
 );
 
 test(
@@ -873,14 +907,12 @@ test(
   "With packs",
   "   codeql/a , codeql/b   , codeql/c  , codeql/d  ",
   undefined,
+  undefined,
   [Language.javascript],
   {
-    queriesInputCombines: false,
-    queriesInput: undefined,
-    packsInputCombines: false,
+    ...configUtils.defaultAugmentationProperties,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
-  } as configUtils.AugmentationProperties,
+  },
 );
 
 test(
@@ -888,14 +920,13 @@ test(
   "With packs combining",
   "   +   codeql/a, codeql/b, codeql/c, codeql/d",
   undefined,
+  undefined,
   [Language.javascript],
   {
-    queriesInputCombines: false,
-    queriesInput: undefined,
+    ...configUtils.defaultAugmentationProperties,
     packsInputCombines: true,
     packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
-    defaultQueryFilters: [],
-  } as configUtils.AugmentationProperties,
+  },
 );
 
 const calculateAugmentationErrorMacro = test.macro({
@@ -904,6 +935,7 @@ const calculateAugmentationErrorMacro = test.macro({
     _title: string,
     rawPacksInput: string | undefined,
     rawQueriesInput: string | undefined,
+    rawQualityQueriesInput: string | undefined,
     languages: Language[],
     expectedError: RegExp | string,
   ) => {
@@ -914,6 +946,7 @@ const calculateAugmentationErrorMacro = test.macro({
           createFeatures([]),
           rawPacksInput,
           rawQueriesInput,
+          rawQualityQueriesInput,
           languages,
           mockLogger,
         ),
@@ -928,6 +961,7 @@ test(
   "Plus (+) with nothing else (queries)",
   undefined,
   "   +   ",
+  undefined,
   [Language.javascript],
   /The workflow property "queries" is invalid/,
 );
@@ -937,6 +971,7 @@ test(
   "Plus (+) with nothing else (packs)",
   "   +   ",
   undefined,
+  undefined,
   [Language.javascript],
   /The workflow property "packs" is invalid/,
 );
@@ -946,6 +981,7 @@ test(
   "Packs input with multiple languages",
   "   +  a/b, c/d ",
   undefined,
+  undefined,
   [Language.javascript, Language.java],
   /Cannot specify a 'packs' input in a multi-language analysis/,
 );
@@ -955,6 +991,7 @@ test(
   "Packs input with no languages",
   "   +  a/b, c/d ",
   undefined,
+  undefined,
   [],
   /No languages specified/,
 );
@@ -964,6 +1001,7 @@ test(
   "Invalid packs",
   " a-pack-without-a-scope ",
   undefined,
+  undefined,
   [Language.javascript],
   /"a-pack-without-a-scope" is not a valid pack/,
 );

src/config-utils.ts

@@ -170,6 +170,11 @@ export interface AugmentationProperties {
    */
   queriesInput?: Array<{ uses: string }>;
 
+  /**
+   * The quality queries input from the `with` block of the action declaration.
+   */
+  qualityQueriesInput?: Array<{ uses: string }>;
+
   /**
    * Whether or not the packs input combines with the packs in the config.
    */
@@ -181,9 +186,9 @@ export interface AugmentationProperties {
   packsInput?: string[];
 
   /**
-   * Default query filters to apply to the queries in the config.
+   * Extra query exclusions to append to the config.
    */
-  defaultQueryFilters?: QueryFilter[];
+  extraQueryExclusions?: ExcludeQueryFilter[];
 }
 
 /**
@@ -195,7 +200,8 @@ export const defaultAugmentationProperties: AugmentationProperties = {
   packsInputCombines: false,
   packsInput: undefined,
   queriesInput: undefined,
-  defaultQueryFilters: [],
+  qualityQueriesInput: undefined,
+  extraQueryExclusions: [],
 };
 export type Packs = Partial<Record<Language, string[]>>;
 
@@ -405,6 +411,7 @@ export async function getRawLanguages(
 export interface InitConfigInputs {
   languagesInput: string | undefined;
   queriesInput: string | undefined;
+  qualityQueriesInput: string | undefined;
   packsInput: string | undefined;
   configFile: string | undefined;
   dbLocation: string | undefined;
@@ -440,6 +447,7 @@ type LoadConfigInputs = Omit<InitConfigInputs, "configInput"> & {
 export async function getDefaultConfig({
   languagesInput,
   queriesInput,
+  qualityQueriesInput,
   packsInput,
   buildModeInput,
   dbLocation,
@@ -474,6 +482,7 @@ export async function getDefaultConfig({
     features,
     packsInput,
     queriesInput,
+    qualityQueriesInput,
     languages,
     logger,
   );
@@ -528,6 +537,7 @@ async function downloadCacheWithTime(
 async function loadConfig({
   languagesInput,
   queriesInput,
+  qualityQueriesInput,
   packsInput,
   buildModeInput,
   configFile,
@@ -583,6 +593,7 @@ async function loadConfig({
     features,
     packsInput,
     queriesInput,
+    qualityQueriesInput,
     languages,
     logger,
   );
@@ -639,6 +650,7 @@ export async function calculateAugmentation(
   features: FeatureEnablement,
   rawPacksInput: string | undefined,
   rawQueriesInput: string | undefined,
+  rawQualityQueriesInput: string | undefined,
   languages: Language[],
   logger: Logger,
 ): Promise<AugmentationProperties> {
@@ -654,9 +666,16 @@ export async function calculateAugmentation(
     queriesInputCombines,
   );
 
-  const defaultQueryFilters: QueryFilter[] = [];
+  const qualityQueriesInput = parseQueriesFromInput(
+    rawQualityQueriesInput,
+    false,
+  );
+
+  const extraQueryExclusions: ExcludeQueryFilter[] = [];
   if (await shouldPerformDiffInformedAnalysis(codeql, features, logger)) {
-    defaultQueryFilters.push({ exclude: { tags: "exclude-from-incremental" } });
+    extraQueryExclusions.push({
+      exclude: { tags: "exclude-from-incremental" },
+    });
   }
 
   return {
@@ -664,7 +683,8 @@ export async function calculateAugmentation(
     packsInput: packsInput?.[languages[0]],
     queriesInput,
     queriesInputCombines,
-    defaultQueryFilters,
+    qualityQueriesInput,
+    extraQueryExclusions,
   };
 }
 

src/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.21.4",
-  "cliVersion": "2.21.4",
-  "priorBundleVersion": "codeql-bundle-v2.21.3",
-  "priorCliVersion": "2.21.3"
+  "bundleVersion": "codeql-bundle-v2.22.1",
+  "cliVersion": "2.22.1",
+  "priorBundleVersion": "codeql-bundle-v2.22.0",
+  "priorCliVersion": "2.22.0"
 }