Merge pull request #3357 from github/backport-v3.31.8-1b168cd39

Merge releases/v4 into releases/v3

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node24
+  using: node20
   main: index.js

.github/pull_request_template.md

@@ -34,7 +34,7 @@ Products:
 
 Environments:
 
-- **Dotcom** - Impacts CodeQL workflows on `github.com` and/or GitHub Enterprise Cloud with Data Residency.
+- **Dotcom** - Impacts CodeQL workflows on `github.com`.
 - **GHES** - Impacts CodeQL workflows on GitHub Enterprise Server.
 - **Testing/None** - This change does not impact any CodeQL workflows in production.
 

.github/workflows/__bundle-zstd.yml

@@ -79,7 +79,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ matrix.os }}-zstd-bundle.sarif
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__config-export.yml

@@ -67,7 +67,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__diagnostics-export.yml

@@ -78,7 +78,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__export-file-baseline-information.yml

@@ -99,7 +99,7 @@ jobs:
         with:
           output: ${{ runner.temp }}/results
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__job-run-uuid-sarif.yml

@@ -64,7 +64,7 @@ jobs:
         with:
           output: ${{ runner.temp }}/results
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__quality-queries.yml

@@ -83,7 +83,7 @@ jobs:
           post-processed-sarif-path: ${{ runner.temp }}/post-processed
       - name: Upload security SARIF
         if: contains(matrix.analysis-kinds, 'code-scanning')
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: |
             quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
@@ -91,14 +91,14 @@ jobs:
           retention-days: 7
       - name: Upload quality SARIF
         if: contains(matrix.analysis-kinds, 'code-quality')
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: |
             quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
           path: ${{ runner.temp }}/results/javascript.quality.sarif
           retention-days: 7
       - name: Upload post-processed SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v5
         with:
           name: |
             post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json

.github/workflows/__rubocop-multi-language.yml

@@ -56,7 +56,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
+        uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71 # v1.268.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/debug-artifacts-failure-safe.yml

@@ -83,7 +83,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
       - name: Check expected artifacts exist
         run: |
           LANGUAGES="cpp csharp go java javascript python"

.github/workflows/debug-artifacts-safe.yml

@@ -77,7 +77,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v6
       - name: Check expected artifacts exist
         run: |
           VERSIONS="stable-v2.20.3 default linked nightly-latest"

.github/workflows/post-release-mergeback.yml

@@ -142,7 +142,7 @@ jobs:
           token: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v2.2.0
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/rollback-release.yml

@@ -137,7 +137,7 @@ jobs:
 
       - name: Generate token
         if: github.event_name == 'workflow_dispatch'
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v2.2.0
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -93,7 +93,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.2.1
+      uses: actions/create-github-app-token@v2.2.0
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

CHANGELOG.md

@@ -2,64 +2,56 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
-## [UNRELEASED]
+## 3.31.8 - 11 Dec 2025
-
-No user facing changes.
-
-## 4.31.9 - 16 Dec 2025
-
-No user facing changes.
-
-## 4.31.8 - 11 Dec 2025
 
 - Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354)
 
-## 4.31.7 - 05 Dec 2025
+## 3.31.7 - 05 Dec 2025
 
 - Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343)
 
-## 4.31.6 - 01 Dec 2025
+## 3.31.6 - 01 Dec 2025
 
 No user facing changes.
 
-## 4.31.5 - 24 Nov 2025
+## 3.31.5 - 24 Nov 2025
 
 - Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321)
 
-## 4.31.4 - 18 Nov 2025
+## 3.31.4 - 18 Nov 2025
 
 No user facing changes.
 
-## 4.31.3 - 13 Nov 2025
+## 3.31.3 - 13 Nov 2025
 
 - CodeQL Action v3 will be deprecated in December 2026.  The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
 - Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288)
 
-## 4.31.2 - 30 Oct 2025
+## 3.31.2 - 30 Oct 2025
 
 No user facing changes.
 
-## 4.31.1 - 30 Oct 2025
+## 3.31.1 - 30 Oct 2025
 
 - The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.
 
-## 4.31.0 - 24 Oct 2025
+## 3.31.0 - 24 Oct 2025
 
 - Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223)
 - When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222)
 
-## 4.30.9 - 17 Oct 2025
+## 3.30.9 - 17 Oct 2025
 
 - Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
 - Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)
 
-## 4.30.8 - 10 Oct 2025
+## 3.30.8 - 10 Oct 2025
 
 No user facing changes.
 
-## 4.30.7 - 06 Oct 2025
+## 3.30.7 - 06 Oct 2025
 
-- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)
+No user facing changes.
 
 ## 3.30.6 - 02 Oct 2025
 
@@ -295,17 +287,13 @@ No user facing changes.
 ## 3.26.12 - 07 Oct 2024
 
 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.14.5 and earlier. These versions of CodeQL were discontinued on 24 September 2024 alongside GitHub Enterprise Server 3.10, and will be unsupported by CodeQL Action versions 3.27.0 and later and versions 2.27.0 and later. [#2520](https://github.com/github/codeql-action/pull/2520)
-
   - If you are using one of these versions, please update to CodeQL CLI version 2.14.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
-
   - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.13.5 and 2.14.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.26.11` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.26.11` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
 
 ## 3.26.11 - 03 Oct 2024
 
 - _Upcoming breaking change_: Add support for using `actions/download-artifact@v4` to programmatically consume CodeQL Action debug artifacts.
-
   Starting November 30, 2024, GitHub.com customers will [no longer be able to use `actions/download-artifact@v3`](https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/). Therefore, to avoid breakage, customers who programmatically download the CodeQL Action debug artifacts should set the `CODEQL_ACTION_ARTIFACT_V4_UPGRADE` environment variable to `true` and bump `actions/download-artifact@v3` to `actions/download-artifact@v4` in their workflows. The CodeQL Action will enable this behavior by default in early November and workflows that have not yet bumped `actions/download-artifact@v3` to `actions/download-artifact@v4` will begin failing then.
-
   This change is currently unavailable for GitHub Enterprise Server customers, as `actions/upload-artifact@v4` and `actions/download-artifact@v4` are not yet compatible with GHES.
 - Update default CodeQL bundle version to 2.19.1. [#2519](https://github.com/github/codeql-action/pull/2519)
 
@@ -428,12 +416,9 @@ No user facing changes.
 ## 3.25.0 - 15 Apr 2024
 
 - The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)
-
   As a result, the following inputs and environment variables are now ignored:
-
   - The `setup-python-dependencies` input to the `init` Action
   - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
-
   We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
 - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
 - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)

analyze/action.yml

@@ -94,6 +94,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: node24
+  using: node20
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -15,5 +15,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: node24
+  using: node20
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -165,6 +165,6 @@ outputs:
   codeql-version:
     description: The version of the CodeQL binary used for analysis
 runs:
-  using: node24
+  using: node20
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "4.31.10",
+  "version": "3.31.8",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -24,12 +24,12 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/artifact": "^5.0.1",
+    "@actions/artifact": "^4.0.0",
     "@actions/artifact-legacy": "npm:@actions/artifact@^1.1.2",
-    "@actions/cache": "^5.0.1",
+    "@actions/cache": "^4.1.0",
-    "@actions/core": "^2.0.1",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^2.0.0",
+    "@actions/exec": "^1.1.1",
-    "@actions/github": "^6.0.1",
+    "@actions/github": "^6.0.0",
     "@actions/glob": "^0.5.0",
     "@actions/http-client": "^3.0.0",
     "@actions/io": "^2.0.0",
@@ -43,7 +43,7 @@
     "js-yaml": "^4.1.1",
     "jsonschema": "1.4.1",
     "long": "^5.3.2",
-    "node-forge": "^1.3.3",
+    "node-forge": "^1.3.2",
     "semver": "^7.7.3",
     "uuid": "^13.0.0"
   },
@@ -51,7 +51,7 @@
     "@ava/typescript": "6.0.0",
     "@eslint/compat": "^2.0.0",
     "@eslint/eslintrc": "^3.3.3",
-    "@eslint/js": "^9.39.2",
+    "@eslint/js": "^9.39.1",
     "@microsoft/eslint-formatter-sarif": "^3.1.0",
     "@octokit/types": "^16.0.0",
     "@types/archiver": "^7.0.0",
@@ -61,16 +61,16 @@
     "@types/node-forge": "^1.3.14",
     "@types/semver": "^7.7.1",
     "@types/sinon": "^21.0.0",
-    "@typescript-eslint/eslint-plugin": "^8.49.0",
+    "@typescript-eslint/eslint-plugin": "^8.48.0",
     "@typescript-eslint/parser": "^8.48.0",
     "ava": "^6.4.1",
-    "esbuild": "^0.27.1",
+    "esbuild": "^0.27.0",
     "eslint": "^8.57.1",
     "eslint-import-resolver-typescript": "^3.8.7",
     "eslint-plugin-filenames": "^1.3.2",
     "eslint-plugin-github": "^5.1.8",
     "eslint-plugin-import": "2.29.1",
-    "eslint-plugin-jsdoc": "^61.5.0",
+    "eslint-plugin-jsdoc": "^61.4.1",
     "eslint-plugin-no-async-foreach": "^0.1.1",
     "glob": "^11.1.0",
     "nock": "^14.0.10",

pr-checks/checks/bundle-zstd.yml

@@ -27,7 +27,7 @@ steps:
       output: ${{ runner.temp }}/results
       upload-database: false
   - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: ${{ matrix.os }}-zstd-bundle.sarif
       path: ${{ runner.temp }}/results/javascript.sarif

pr-checks/checks/config-export.yml

@@ -12,7 +12,7 @@ steps:
       output: "${{ runner.temp }}/results"
       upload-database: false
   - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
       path: "${{ runner.temp }}/results/javascript.sarif"

pr-checks/checks/diagnostics-export.yml

@@ -25,7 +25,7 @@ steps:
       output: "${{ runner.temp }}/results"
       upload-database: false
   - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
       path: "${{ runner.temp }}/results/javascript.sarif"

pr-checks/checks/export-file-baseline-information.yml

@@ -18,7 +18,7 @@ steps:
     with:
       output: "${{ runner.temp }}/results"
   - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
       path: "${{ runner.temp }}/results/javascript.sarif"

pr-checks/checks/job-run-uuid-sarif.yml

@@ -11,7 +11,7 @@ steps:
     with:
       output: "${{ runner.temp }}/results"
   - name: Upload SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
       path: "${{ runner.temp }}/results/javascript.sarif"

pr-checks/checks/quality-queries.yml

@@ -39,7 +39,7 @@ steps:
       post-processed-sarif-path: "${{ runner.temp }}/post-processed"
   - name: Upload security SARIF
     if: contains(matrix.analysis-kinds, 'code-scanning')
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: |
         quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
@@ -47,14 +47,14 @@ steps:
       retention-days: 7
   - name: Upload quality SARIF
     if: contains(matrix.analysis-kinds, 'code-quality')
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: |
         quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
       path: "${{ runner.temp }}/results/javascript.quality.sarif"
       retention-days: 7
   - name: Upload post-processed SARIF
-    uses: actions/upload-artifact@v6
+    uses: actions/upload-artifact@v5
     with:
       name: |
         post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json

pr-checks/checks/rubocop-multi-language.yml

@@ -4,7 +4,7 @@ description: "Tests using RuboCop to analyze a multi-language repository and the
 versions: ["default"]
 steps:
   - name: Set up Ruby
-    uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
+    uses: ruby/setup-ruby@8aeb6ff8030dd539317f8e1769a044873b56ea71 # v1.268.0
     with:
       ruby-version: 2.6
   - name: Install Code Scanning integration

resolve-environment/action.yml

@@ -21,5 +21,5 @@ outputs:
   environment:
     description: The inferred build environment configuration.
 runs:
-  using: node24
+  using: node20
   main: '../lib/resolve-environment-action.js'

setup-codeql/action.yml

@@ -35,5 +35,5 @@ outputs:
   codeql-version:
     description: The version of the CodeQL binary that was installed.
 runs:
-  using: node24
+  using: node20
   main: '../lib/setup-codeql-action.js'

src/analyze-action.ts

@@ -19,18 +19,20 @@ import { getApiDetails, getGitHubVersion } from "./api-client";
 import { runAutobuild } from "./autobuild";
 import { getTotalCacheSize, shouldStoreCache } from "./caching-utils";
 import { getCodeQL } from "./codeql";
-import { Config, getConfig } from "./config-utils";
 import {
-  cleanupAndUploadDatabases,
+  Config,
-  DatabaseUploadResult,
+  getConfig,
-} from "./database-upload";
+  isCodeQualityEnabled,
+  isCodeScanningEnabled,
+} from "./config-utils";
+import { cleanupAndUploadDatabases } from "./database-upload";
 import {
   DependencyCacheUploadStatusReport,
   uploadDependencyCaches,
 } from "./dependency-caching";
 import { getDiffInformedAnalysisBranches } from "./diff-informed-analysis-utils";
 import { EnvVar } from "./environment";
-import { Features } from "./feature-flags";
+import { Feature, Features } from "./feature-flags";
 import { KnownLanguage } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { cleanupAndUploadOverlayBaseDatabaseToCache } from "./overlay-database-utils";
@@ -57,13 +59,15 @@ interface AnalysisStatusReport
   extends uploadLib.UploadStatusReport,
     QueriesStatusReport {}
 
+interface DependencyCachingUploadStatusReport {
+  dependency_caching_upload_results?: DependencyCacheUploadStatusReport;
+}
+
 interface FinishStatusReport
   extends StatusReportBase,
     DatabaseCreationTimings,
-    AnalysisStatusReport {
+    AnalysisStatusReport,
-  dependency_caching_upload_results?: DependencyCacheUploadStatusReport;
+    DependencyCachingUploadStatusReport {}
-  database_upload_results: DatabaseUploadResult[];
-}
 
 interface FinishWithTrapUploadStatusReport extends FinishStatusReport {
   /** Size of TRAP caches that we uploaded, in bytes. */
@@ -82,7 +86,6 @@ async function sendStatusReport(
   didUploadTrapCaches: boolean,
   trapCacheCleanup: TrapCacheCleanupStatusReport | undefined,
   dependencyCacheResults: DependencyCacheUploadStatusReport | undefined,
-  databaseUploadResults: DatabaseUploadResult[],
   logger: Logger,
 ) {
   const status = getActionsStatus(error, stats?.analyze_failure_language);
@@ -103,7 +106,6 @@ async function sendStatusReport(
       ...(dbCreationTimings || {}),
       ...(trapCacheCleanup || {}),
       dependency_caching_upload_results: dependencyCacheResults,
-      database_upload_results: databaseUploadResults,
     };
     if (config && didUploadTrapCaches) {
       const trapCacheUploadStatusReport: FinishWithTrapUploadStatusReport = {
@@ -221,7 +223,6 @@ async function run() {
   let dbCreationTimings: DatabaseCreationTimings | undefined = undefined;
   let didUploadTrapCaches = false;
   let dependencyCacheResults: DependencyCacheUploadStatusReport | undefined;
-  let databaseUploadResults: DatabaseUploadResult[] = [];
   util.initializeEnvironment(actionsUtil.getActionVersion());
 
   // Make inputs accessible in the `post` step, details at
@@ -357,6 +358,7 @@ async function run() {
       const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
       const category = actionsUtil.getOptionalInput("category");
 
+      if (await features.getValue(Feature.AnalyzeUseNewUpload)) {
         uploadResults = await postProcessAndUploadSarif(
           logger,
           features,
@@ -366,6 +368,36 @@ async function run() {
           category,
           actionsUtil.getOptionalInput("post-processed-sarif-path"),
         );
+      } else if (uploadKind === "always") {
+        uploadResults = {};
+
+        if (isCodeScanningEnabled(config)) {
+          uploadResults[analyses.AnalysisKind.CodeScanning] =
+            await uploadLib.uploadFiles(
+              outputDir,
+              checkoutPath,
+              category,
+              features,
+              logger,
+              analyses.CodeScanning,
+            );
+        }
+
+        if (isCodeQualityEnabled(config)) {
+          uploadResults[analyses.AnalysisKind.CodeQuality] =
+            await uploadLib.uploadFiles(
+              outputDir,
+              checkoutPath,
+              category,
+              features,
+              logger,
+              analyses.CodeQuality,
+            );
+        }
+      } else {
+        uploadResults = {};
+        logger.info("Not uploading results");
+      }
 
       // Set the SARIF id outputs only if we have results for them, to avoid
       // having keys with empty values in the action output.
@@ -393,7 +425,7 @@ async function run() {
     // Possibly upload the database bundles for remote queries.
     // Note: Take care with the ordering of this call since databases may be cleaned up
     // at the `overlay` or `clear` level.
-    databaseUploadResults = await cleanupAndUploadDatabases(
+    await cleanupAndUploadDatabases(
       repositoryNwo,
       codeql,
       config,
@@ -465,7 +497,6 @@ async function run() {
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
       dependencyCacheResults,
-      databaseUploadResults,
       logger,
     );
     return;
@@ -488,7 +519,6 @@ async function run() {
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
       dependencyCacheResults,
-      databaseUploadResults,
       logger,
     );
   } else if (runStats !== undefined) {
@@ -502,7 +532,6 @@ async function run() {
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
       dependencyCacheResults,
-      databaseUploadResults,
       logger,
     );
   } else {
@@ -516,7 +545,6 @@ async function run() {
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
       dependencyCacheResults,
-      databaseUploadResults,
       logger,
     );
   }

src/api-client.test.ts

@@ -95,14 +95,14 @@ test("getGitHubVersion for different domain", async (t) => {
   t.deepEqual({ type: util.GitHubVariant.DOTCOM }, v3);
 });
 
-test("getGitHubVersion for GHEC-DR", async (t) => {
+test("getGitHubVersion for GHE_DOTCOM", async (t) => {
   mockGetMetaVersionHeader("ghe.com");
   const gheDotcom = await api.getGitHubVersionFromApi(api.getApiClient(), {
     auth: "",
     url: "https://foo.ghe.com",
     apiURL: undefined,
   });
-  t.deepEqual({ type: util.GitHubVariant.GHEC_DR }, gheDotcom);
+  t.deepEqual({ type: util.GitHubVariant.GHE_DOTCOM }, gheDotcom);
 });
 
 test("wrapApiConfigurationError correctly wraps specific configuration errors", (t) => {

src/api-client.ts

@@ -125,7 +125,7 @@ export async function getGitHubVersionFromApi(
   }
 
   if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "ghe.com") {
-    return { type: GitHubVariant.GHEC_DR };
+    return { type: GitHubVariant.GHE_DOTCOM };
   }
 
   const version = response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] as string;

src/database-upload.test.ts

@@ -231,7 +231,7 @@ test("Don't crash if uploading a database fails", async (t) => {
         (v) =>
           v.type === "warning" &&
           v.message ===
-            "Failed to upload database for javascript: some error message",
+            "Failed to upload database for javascript: Error: some error message",
       ) !== undefined,
     );
   });

src/database-upload.ts

@@ -13,20 +13,6 @@ import { RepositoryNwo } from "./repository";
 import * as util from "./util";
 import { bundleDb, CleanupLevel, parseGitHubUrl } from "./util";
 
-/** Information about a database upload. */
-export interface DatabaseUploadResult {
-  /** Language of the database. */
-  language: string;
-  /** Size of the zipped database in bytes. */
-  zipped_upload_size_bytes?: number;
-  /** Whether the uploaded database is an overlay base. */
-  is_overlay_base?: boolean;
-  /** Time taken to upload database in milliseconds. */
-  upload_duration_ms?: number;
-  /** If there was an error during database upload, this is its message. */
-  error?: string;
-}
-
 export async function cleanupAndUploadDatabases(
   repositoryNwo: RepositoryNwo,
   codeql: CodeQL,
@@ -34,44 +20,42 @@ export async function cleanupAndUploadDatabases(
   apiDetails: GitHubApiDetails,
   features: FeatureEnablement,
   logger: Logger,
-): Promise<DatabaseUploadResult[]> {
+): Promise<void> {
   if (actionsUtil.getRequiredInput("upload-database") !== "true") {
     logger.debug("Database upload disabled in workflow. Skipping upload.");
-    return [];
+    return;
   }
 
   if (!config.analysisKinds.includes(AnalysisKind.CodeScanning)) {
     logger.debug(
       `Not uploading database because 'analysis-kinds: ${AnalysisKind.CodeScanning}' is not enabled.`,
     );
-    return [];
+    return;
   }
 
   if (util.isInTestMode()) {
     logger.debug("In test mode. Skipping database upload.");
-    return [];
+    return;
   }
 
   // Do nothing when not running against github.com
   if (
     config.gitHubVersion.type !== util.GitHubVariant.DOTCOM &&
-    config.gitHubVersion.type !== util.GitHubVariant.GHEC_DR
+    config.gitHubVersion.type !== util.GitHubVariant.GHE_DOTCOM
   ) {
     logger.debug("Not running against github.com or GHEC-DR. Skipping upload.");
-    return [];
+    return;
   }
 
   if (!(await gitUtils.isAnalyzingDefaultBranch())) {
     // We only want to upload a database if we are analyzing the default branch.
     logger.debug("Not analyzing default branch. Skipping upload.");
-    return [];
+    return;
   }
 
-  // If config.overlayDatabaseMode is OverlayBase, then we have overlay base databases for all languages.
+  const cleanupLevel =
-  const shouldUploadOverlayBase =
     config.overlayDatabaseMode === OverlayDatabaseMode.OverlayBase &&
-    (await features.getValue(Feature.UploadOverlayDbToApi));
+    (await features.getValue(Feature.UploadOverlayDbToApi))
-  const cleanupLevel = shouldUploadOverlayBase
       ? CleanupLevel.Overlay
       : CleanupLevel.Clear;
 
@@ -93,7 +77,6 @@ export async function cleanupAndUploadDatabases(
     uploadsBaseUrl = uploadsBaseUrl.slice(0, -1);
   }
 
-  const reports: DatabaseUploadResult[] = [];
   for (const language of config.languages) {
     try {
       // Upload the database bundle.
@@ -107,7 +90,6 @@ export async function cleanupAndUploadDatabases(
         actionsUtil.getRequiredInput("checkout_path"),
       );
       try {
-        const startTime = performance.now();
         await client.request(
           `POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`,
           {
@@ -125,27 +107,13 @@ export async function cleanupAndUploadDatabases(
             },
           },
         );
-        const endTime = performance.now();
-        reports.push({
-          language,
-          zipped_upload_size_bytes: bundledDbSize,
-          is_overlay_base: shouldUploadOverlayBase,
-          upload_duration_ms: endTime - startTime,
-        });
         logger.debug(`Successfully uploaded database for ${language}`);
       } finally {
         bundledDbReadStream.close();
       }
     } catch (e) {
       // Log a warning but don't fail the workflow
-      logger.warning(
+      logger.warning(`Failed to upload database for ${language}: ${e}`);
-        `Failed to upload database for ${language}: ${util.getErrorMessage(e)}`,
-      );
-      reports.push({
-        language,
-        error: util.getErrorMessage(e),
-      });
     }
   }
-  return reports;
 }

src/dependency-caching.test.ts

@@ -603,6 +603,28 @@ test("getFeaturePrefix - returns empty string if no features are enabled", async
   }
 });
 
+test("getFeaturePrefix - Java - returns 'minify-' if JavaMinimizeDependencyJars is enabled", async (t) => {
+  const codeql = createStubCodeQL({});
+  const features = createFeatures([Feature.JavaMinimizeDependencyJars]);
+
+  const result = await getFeaturePrefix(codeql, features, KnownLanguage.java);
+  t.deepEqual(result, "minify-");
+});
+
+test("getFeaturePrefix - non-Java - returns '' if JavaMinimizeDependencyJars is enabled", async (t) => {
+  const codeql = createStubCodeQL({});
+  const features = createFeatures([Feature.JavaMinimizeDependencyJars]);
+
+  for (const knownLanguage of Object.values(KnownLanguage)) {
+    // Skip Java since we expect a result for it, which is tested in the previous test.
+    if (knownLanguage === KnownLanguage.java) {
+      continue;
+    }
+    const result = await getFeaturePrefix(codeql, features, knownLanguage);
+    t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`);
+  }
+});
+
 test("getFeaturePrefix - C# - returns prefix if CsharpNewCacheKey is enabled", async (t) => {
   const codeql = createStubCodeQL({});
   const features = createFeatures([Feature.CsharpNewCacheKey]);

src/dependency-caching.ts

@@ -541,7 +541,18 @@ export async function getFeaturePrefix(
     }
   };
 
-  if (language === KnownLanguage.csharp) {
+  if (language === KnownLanguage.java) {
+    // To ensure a safe rollout of JAR minimization, we change the key when the feature is enabled.
+    const minimizeJavaJars = await features.getValue(
+      Feature.JavaMinimizeDependencyJars,
+      codeql,
+    );
+
+    // To maintain backwards compatibility with this, we return "minify-" instead of a hash.
+    if (minimizeJavaJars) {
+      return "minify-";
+    }
+  } else if (language === KnownLanguage.csharp) {
     await addFeatureIfEnabled(Feature.CsharpNewCacheKey);
     await addFeatureIfEnabled(Feature.CsharpCacheBuildModeNone);
   }
@@ -582,8 +593,14 @@ async function cachePrefix(
   // experimental features that affect the cache contents.
   const featurePrefix = await getFeaturePrefix(codeql, features, language);
 
-  // Assemble the cache key.
+  // Assemble the cache key. For backwards compatibility with the JAR minification experiment's existing
+  // feature prefix usage, we add that feature prefix at the start. Other feature prefixes are inserted
+  // after the general CodeQL dependency cache prefix.
+  if (featurePrefix === "minify-") {
+    return `${featurePrefix}${prefix}-${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  } else {
     return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  }
 }
 
 /** Represents information about our overall cache usage for CodeQL dependency caches. */

src/feature-flags.test.ts

@@ -62,13 +62,13 @@ test(`All features are disabled if running against GHES`, async (t) => {
   });
 });
 
-test(`Feature flags are requested in GHEC-DR`, async (t) => {
+test(`Feature flags are requested in Proxima`, async (t) => {
   await withTmpDir(async (tmpDir) => {
     const loggedMessages = [];
     const features = setUpFeatureFlagTests(
       tmpDir,
       getRecordingLogger(loggedMessages),
-      { type: GitHubVariant.GHEC_DR },
+      { type: GitHubVariant.GHE_DOTCOM },
     );
 
     mockFeatureFlagApiEndpoint(200, initializeFeatures(true));
@@ -436,48 +436,65 @@ test(`selects CLI from defaults.json on GHES`, async (t) => {
   });
 });
 
-for (const variant of [GitHubVariant.DOTCOM, GitHubVariant.GHEC_DR]) {
+test("selects CLI v2.20.1 on Dotcom when feature flags enable v2.20.0 and v2.20.1", async (t) => {
-  test(`selects CLI v2.20.1 on ${variant} when feature flags enable v2.20.0 and v2.20.1`, async (t) => {
   await withTmpDir(async (tmpDir) => {
     const features = setUpFeatureFlagTests(tmpDir);
     const expectedFeatureEnablement = initializeFeatures(true);
     expectedFeatureEnablement["default_codeql_version_2_20_0_enabled"] = true;
     expectedFeatureEnablement["default_codeql_version_2_20_1_enabled"] = true;
-      expectedFeatureEnablement["default_codeql_version_2_20_2_enabled"] =
+    expectedFeatureEnablement["default_codeql_version_2_20_2_enabled"] = false;
-        false;
+    expectedFeatureEnablement["default_codeql_version_2_20_3_enabled"] = false;
-      expectedFeatureEnablement["default_codeql_version_2_20_3_enabled"] =
+    expectedFeatureEnablement["default_codeql_version_2_20_4_enabled"] = false;
-        false;
+    expectedFeatureEnablement["default_codeql_version_2_20_5_enabled"] = false;
-      expectedFeatureEnablement["default_codeql_version_2_20_4_enabled"] =
-        false;
-      expectedFeatureEnablement["default_codeql_version_2_20_5_enabled"] =
-        false;
     mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
 
-      const defaultCliVersion = await features.getDefaultCliVersion(variant);
+    const defaultCliVersion = await features.getDefaultCliVersion(
+      GitHubVariant.DOTCOM,
+    );
     t.deepEqual(defaultCliVersion, {
       cliVersion: "2.20.1",
       tagName: "codeql-bundle-v2.20.1",
       toolsFeatureFlagsValid: true,
     });
   });
-  });
+});
 
-  test(`selects CLI from defaults.json on ${variant} when no default version feature flags are enabled`, async (t) => {
+test("includes tag name", async (t) => {
+  await withTmpDir(async (tmpDir) => {
+    const features = setUpFeatureFlagTests(tmpDir);
+    const expectedFeatureEnablement = initializeFeatures(true);
+    expectedFeatureEnablement["default_codeql_version_2_20_0_enabled"] = true;
+    mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
+
+    const defaultCliVersion = await features.getDefaultCliVersion(
+      GitHubVariant.DOTCOM,
+    );
+    t.deepEqual(defaultCliVersion, {
+      cliVersion: "2.20.0",
+      tagName: "codeql-bundle-v2.20.0",
+      toolsFeatureFlagsValid: true,
+    });
+  });
+});
+
+test(`selects CLI from defaults.json on Dotcom when no default version feature flags are enabled`, async (t) => {
   await withTmpDir(async (tmpDir) => {
     const features = setUpFeatureFlagTests(tmpDir);
     const expectedFeatureEnablement = initializeFeatures(true);
     mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
 
-      const defaultCliVersion = await features.getDefaultCliVersion(variant);
+    const defaultCliVersion = await features.getDefaultCliVersion(
+      GitHubVariant.DOTCOM,
+    );
     t.deepEqual(defaultCliVersion, {
       cliVersion: defaults.cliVersion,
       tagName: defaults.bundleVersion,
       toolsFeatureFlagsValid: false,
     });
   });
-  });
+});
 
-  test(`ignores invalid version numbers in default version feature flags on ${variant}`, async (t) => {
+test("ignores invalid version numbers in default version feature flags", async (t) => {
   await withTmpDir(async (tmpDir) => {
     const loggedMessages = [];
     const features = setUpFeatureFlagTests(
@@ -491,7 +508,9 @@ for (const variant of [GitHubVariant.DOTCOM, GitHubVariant.GHEC_DR]) {
       true;
     mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
 
-      const defaultCliVersion = await features.getDefaultCliVersion(variant);
+    const defaultCliVersion = await features.getDefaultCliVersion(
+      GitHubVariant.DOTCOM,
+    );
     t.deepEqual(defaultCliVersion, {
       cliVersion: "2.20.1",
       tagName: "codeql-bundle-v2.20.1",
@@ -507,8 +526,7 @@ for (const variant of [GitHubVariant.DOTCOM, GitHubVariant.GHEC_DR]) {
       ) !== undefined,
     );
   });
-  });
+});
-}
 
 test("legacy feature flags should end with _enabled", async (t) => {
   for (const [feature, config] of Object.entries(featureConfig)) {

src/feature-flags.ts

@@ -44,6 +44,7 @@ export interface FeatureEnablement {
  */
 export enum Feature {
   AllowToolcacheInput = "allow_toolcache_input",
+  AnalyzeUseNewUpload = "analyze_use_new_upload",
   CleanupTrapCaches = "cleanup_trap_caches",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   CsharpCacheBuildModeNone = "csharp_cache_bmn",
@@ -53,6 +54,7 @@ export enum Feature {
   DisableJavaBuildlessEnabled = "disable_java_buildless_enabled",
   DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
   ExportDiagnosticsEnabled = "export_diagnostics_enabled",
+  JavaMinimizeDependencyJars = "java_minimize_dependency_jars",
   OverlayAnalysis = "overlay_analysis",
   OverlayAnalysisActions = "overlay_analysis_actions",
   OverlayAnalysisCodeScanningActions = "overlay_analysis_code_scanning_actions",
@@ -118,6 +120,11 @@ export const featureConfig: Record<
     envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT",
     minimumVersion: undefined,
   },
+  [Feature.AnalyzeUseNewUpload]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_ANALYZE_USE_NEW_UPLOAD",
+    minimumVersion: undefined,
+  },
   [Feature.CleanupTrapCaches]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",
@@ -167,6 +174,11 @@ export const featureConfig: Record<
     legacyApi: true,
     minimumVersion: undefined,
   },
+  [Feature.JavaMinimizeDependencyJars]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0",
+  },
   [Feature.OverlayAnalysis]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -486,8 +498,8 @@ class GitHubFeatureFlags {
   async getDefaultCliVersion(
     variant: util.GitHubVariant,
   ): Promise<CodeQLDefaultVersionInfo> {
-    if (supportsFeatureFlags(variant)) {
+    if (variant === util.GitHubVariant.DOTCOM) {
-      return await this.getDefaultCliVersionFromFlags();
+      return await this.getDefaultDotcomCliVersion();
     }
     return {
       cliVersion: defaults.cliVersion,
@@ -495,7 +507,7 @@ class GitHubFeatureFlags {
     };
   }
 
-  async getDefaultCliVersionFromFlags(): Promise<CodeQLDefaultVersionInfo> {
+  async getDefaultDotcomCliVersion(): Promise<CodeQLDefaultVersionInfo> {
     const response = await this.getAllFeatures();
 
     const enabledFeatureFlagCliVersions = Object.entries(response)
@@ -621,7 +633,10 @@ class GitHubFeatureFlags {
 
   private async loadApiResponse(): Promise<GitHubFeatureFlagsApiResponse> {
     // Do nothing when not running against github.com
-    if (!supportsFeatureFlags(this.gitHubVersion.type)) {
+    if (
+      this.gitHubVersion.type !== util.GitHubVariant.DOTCOM &&
+      this.gitHubVersion.type !== util.GitHubVariant.GHE_DOTCOM
+    ) {
       this.logger.debug(
         "Not running against github.com. Disabling all toggleable features.",
       );
@@ -687,10 +702,3 @@ class GitHubFeatureFlags {
     }
   }
 }
-
-function supportsFeatureFlags(githubVariant: util.GitHubVariant): boolean {
-  return (
-    githubVariant === util.GitHubVariant.DOTCOM ||
-    githubVariant === util.GitHubVariant.GHEC_DR
-  );
-}

src/init-action.ts

@@ -88,13 +88,6 @@ import {
 } from "./util";
 import { checkWorkflow } from "./workflow";
 
-/**
- * First version of CodeQL where the Java extractor safely supports the option to minimize
- * dependency jars. Note: some earlier versions of the extractor will respond to the corresponding
- * option, but may rewrite jars in ways that lead to extraction errors.
- */
-export const CODEQL_VERSION_JAR_MINIMIZATION = "2.23.0";
-
 /**
  * Sends a status report indicating that the `init` Action is starting.
  *
@@ -645,20 +638,18 @@ async function run() {
       }
     }
 
-    // If we are doing a Java `build-mode: none` analysis, then set the environment variable that
+    // If the feature flag to minimize Java dependency jars is enabled, and we are doing a Java
-    // enables the option in the Java extractor to minimize dependency jars. We also only do this if
+    // `build-mode: none` analysis (i.e. the flag is relevant), then set the environment variable
-    // dependency caching is enabled, since the option is intended to reduce the size of dependency
+    // that enables the corresponding option in the Java extractor. We also only do this if
-    // caches, but the jar-rewriting does have a performance cost that we'd like to avoid when
+    // dependency caching is enabled, since the option is intended to reduce the size of
-    // caching is not being used.
+    // dependency caches, but the jar-rewriting does have a performance cost that we'd like to avoid
-    // TODO: Remove this language-specific mechanism and replace it with a more general one that
+    // when caching is not being used.
-    // tells extractors when dependency caching is enabled, and then the Java extractor can make its
-    // own decision about whether to rewrite jars.
     if (process.env[EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS]) {
       logger.debug(
         `${EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS} is already set to '${process.env[EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS]}', so the Action will not override it.`,
       );
     } else if (
-      (await codeQlVersionAtLeast(codeql, CODEQL_VERSION_JAR_MINIMIZATION)) &&
+      (await features.getValue(Feature.JavaMinimizeDependencyJars, codeql)) &&
       config.dependencyCachingEnabled &&
       config.buildMode === BuildMode.None &&
       config.languages.includes(KnownLanguage.java)

src/setup-codeql.ts

@@ -511,7 +511,7 @@ export async function getCodeQLSource(
   // different version to save download time if the version hasn't been
   // specified explicitly (in which case we always honor it).
   if (
-    variant === util.GitHubVariant.GHES &&
+    variant !== util.GitHubVariant.DOTCOM &&
     !forceShippedTools &&
     !toolsInput
   ) {

src/util.test.ts

@@ -433,8 +433,8 @@ function formatGitHubVersion(version: util.GitHubVersion): string {
   switch (version.type) {
     case util.GitHubVariant.DOTCOM:
       return "dotcom";
-    case util.GitHubVariant.GHEC_DR:
+    case util.GitHubVariant.GHE_DOTCOM:
-      return "GHEC-DR";
+      return "GHE dotcom";
     case util.GitHubVariant.GHES:
       return `GHES ${version.version}`;
     default:
@@ -445,12 +445,12 @@ function formatGitHubVersion(version: util.GitHubVersion): string {
 const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> =
   [
     ["2.2.1", { type: util.GitHubVariant.DOTCOM }, true],
-    ["2.2.1", { type: util.GitHubVariant.GHEC_DR }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true],
     ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
     ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false],
     ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false],
     ["3.2.1", { type: util.GitHubVariant.DOTCOM }, true],
-    ["3.2.1", { type: util.GitHubVariant.GHEC_DR }, true],
+    ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true],
     ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
     ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false],
     ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false],
@@ -458,7 +458,7 @@ const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> =
     ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, true],
     ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, true],
     ["4.2.1", { type: util.GitHubVariant.DOTCOM }, false],
-    ["4.2.1", { type: util.GitHubVariant.GHEC_DR }, false],
+    ["4.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false],
     ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.19" }, false],
     ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.20" }, false],
     ["4.2.1", { type: util.GitHubVariant.GHES, version: "3.21" }, false],

src/util.ts

@@ -556,17 +556,13 @@ const CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR =
 let hasBeenWarnedAboutVersion = false;
 
 export enum GitHubVariant {
-  /** [GitHub.com](https://github.com) */
+  DOTCOM,
-  DOTCOM = "GitHub.com",
+  GHES,
-  /** [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@latest/admin/overview/about-github-enterprise-server) */
+  GHE_DOTCOM,
-  GHES = "GitHub Enterprise Server",
-  /** [GitHub Enterprise Cloud with data residency](https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency) */
-  GHEC_DR = "GitHub Enterprise Cloud with data residency",
 }
-
 export type GitHubVersion =
   | { type: GitHubVariant.DOTCOM }
-  | { type: GitHubVariant.GHEC_DR }
+  | { type: GitHubVariant.GHE_DOTCOM }
   | { type: GitHubVariant.GHES; version: string };
 
 export function checkGitHubVersionInRange(
@@ -1109,7 +1105,7 @@ export function checkActionVersion(
     // and should update to CodeQL Action v4.
     if (
       githubVersion.type === GitHubVariant.DOTCOM ||
-      githubVersion.type === GitHubVariant.GHEC_DR ||
+      githubVersion.type === GitHubVariant.GHE_DOTCOM ||
       (githubVersion.type === GitHubVariant.GHES &&
         semver.satisfies(
           semver.coerce(githubVersion.version) ?? "0.0.0",

start-proxy/action.yml

@@ -29,6 +29,6 @@ outputs:
   proxy_urls:
     description: A stringified JSON array of objects containing the types and URLs of the configured registries.
 runs:
-  using: node24
+  using: node20
   main: "../lib/start-proxy-action.js"
   post: "../lib/start-proxy-action-post.js"

upload-sarif/action.yml

@@ -41,6 +41,6 @@ outputs:
 
       { "code-scanning": "some-id", "code-quality": "some-other-id" }
 runs:
-  using: node24
+  using: node20
   main: '../lib/upload-sarif-action.js'
   post: '../lib/upload-sarif-action-post.js'