build: refresh js files

This commit extracts into amendInputConfigFile() the code that processes
configInput, and moves the call from initConfig() into init-action.ts.

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node24
+  using: node20
   main: index.js

.github/actions/prepare-test/action.yml

@@ -2,7 +2,7 @@ name: "Prepare test"
 description: Performs some preparation to run tests
 inputs:
   version:
-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'toolcache', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
+    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
     required: true
   use-all-platform-bundle:
     description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
@@ -41,9 +41,6 @@ runs:
         elif [[ "$VERSION" == "linked" ]]; then
           echo "tools-url=linked" >> "$GITHUB_OUTPUT"
           exit 0
-        elif [[ "$VERSION" == "toolcache" ]]; then
-          echo "tools-url=toolcache" >> "$GITHUB_OUTPUT"
-          exit 0
         elif [[ "$VERSION" == "default" ]]; then
           echo "tools-url=" >> "$GITHUB_OUTPUT"
           exit 0

.github/dependabot.yml

@@ -16,12 +16,9 @@ updates:
       - dependency-name: "eslint-plugin-import"
         versions: [">=2.30.0"]
     groups:
-      npm-minor:
+      npm:
         patterns:
           - "*"
-        update-types:
-          - "minor"
-          - "patch"
   - package-ecosystem: github-actions
     directories:
       - "/.github/workflows"
@@ -31,9 +28,6 @@ updates:
     labels:
       - Rebuild
     groups:
-      actions-minor:
+      actions:
         patterns:
           - "*"
-        update-types:
-          - "minor"
-          - "patch"

.github/pull_request_template.md

@@ -1,13 +1,4 @@
-<!--
-    For GitHub staff: Remember that this is a public repository. Do not link to internal resources.
-                      If necessary, link to this PR from an internal issue and include further details there.
-
-    Everyone: Include a summary of the context of this change, what it aims to accomplish, and why you
-              chose the approach you did if applicable. Indicate any open questions you want to answer
-              during the review process and anything you want reviewers to pay particular attention to.
-
-    See https://github.com/github/codeql-action/blob/main/CONTRIBUTING.md for additional information.
--->
+<!-- For GitHub staff: Remember that this is a public repository. -->
 
 ### Risk assessment
 
@@ -16,44 +7,6 @@ For internal use only. Please select the risk level of this change:
 - **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.
 - **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.
 
-#### Which use cases does this change impact?
-
-<!-- Delete options that don't apply. -->
-
-- **Advanced setup** - Impacts users who have custom workflows.
-- **Default setup** - Impacts users who use default setup.
-- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`).
-- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`).
-- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`).
-- **GHES** - Impacts GitHub Enterprise Server.
-
-#### How did/will you validate this change?
-
-<!-- Delete options that don't apply. -->
-
-- **Test repository** - This change will be tested on a test repository before merging.
-- **Unit tests** - I am depending on unit test coverage (i.e. tests in `.test.ts` files).
-- **End-to-end tests** - I am depending on PR checks (i.e. tests in `pr-checks`).
-- **Other** - Please provide details.
-- **None** - I am not validating these changes.
-
-#### If something goes wrong after this change is released, what are the mitigation and rollback strategies?
-
-<!-- Delete strategies that don't apply. -->
-
-- **Feature flags** - All new or changed code paths can be fully disabled with corresponding feature flags.
-- **Rollback** - Change can only be disabled by rolling back the release or releasing a new version with a fix.
-- **Other** - Please provide details.
-
-#### How will you know if something goes wrong after this change is released?
-
-<!-- Delete options that don't apply. -->
-
-- **Telemetry** - I rely on existing telemetry or have made changes to the telemetry.
-    - **Dashboards** - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
-    - **Alerts** - New or existing monitors will trip if something goes wrong with this change.
-- **Other** - Please provide details.
-
 ### Merge / deployment checklist
 
 - Confirm this change is backwards compatible with existing workflows.

.github/update-release-branch.py

@@ -371,10 +371,10 @@ def main():
       # releases.
       run_git('revert', vOlder_update_commits[0], '--no-edit')
 
-      # Also revert the "Rebuild" commit created by Actions.
-      rebuild_commit = run_git('log', '--grep', '^Rebuild$', '--format=%H').split()[0]
-      print(f'  Reverting {rebuild_commit}')
-      run_git('revert', rebuild_commit, '--no-edit')
+      # Also revert the "Update checked-in dependencies" commit created by Actions.
+      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
+      print(f'  Reverting {update_dependencies_commit}')
+      run_git('revert', update_dependencies_commit, '--no-edit')
 
     else:
       print('  Nothing to revert.')

.github/workflows/__analyze-ref-input.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -80,11 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__local-bundle.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -80,11 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - name: Fetch latest CodeQL bundle
         run: |
           wget https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.zst

.github/workflows/__multi-language-autodetect.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -114,11 +104,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - name: Use Xcode 16
         if: runner.os == 'macOS' && matrix.version != 'nightly-latest'
         run: sudo xcode-select -s "/Applications/Xcode_16.app"

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -91,11 +81,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__remote-config.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -82,11 +72,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__rubocop-multi-language.yml

@@ -56,7 +56,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0
+        uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/__unset-environment.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -82,11 +72,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__upload-quality-sarif.yml

@@ -3,7 +3,7 @@
 #     pr-checks/sync.sh
 # to regenerate this file.
 
-name: 'PR Check - Bundle: From toolcache'
+name: 'PR Check - Upload-sarif: code quality endpoint'
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -21,9 +21,19 @@ on:
   schedule:
     - cron: '0 5 * * *'
   workflow_dispatch:
-    inputs: {}
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
   workflow_call:
-    inputs: {}
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 defaults:
   run:
     shell: bash
@@ -31,14 +41,14 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
   group: ${{ github.workflow }}-${{ github.ref }}
 jobs:
-  bundle-from-toolcache:
+  upload-quality-sarif:
     strategy:
       fail-fast: false
       matrix:
         include:
           - os: ubuntu-latest
-            version: toolcache
-    name: 'Bundle: From toolcache'
+            version: default
+    name: 'Upload-sarif: code quality endpoint'
     if: github.triggering_actor != 'dependabot[bot]'
     permissions:
       contents: read
@@ -55,31 +65,31 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - name: Install @actions/tool-cache
-        run: npm install @actions/tool-cache
-      - name: Check toolcache contains CodeQL
-        continue-on-error: true
-        uses: actions/github-script@v8
+      - name: Install Go
+        uses: actions/setup-go@v6
         with:
-          script: |
-            const toolcache = require('@actions/tool-cache');
-            const allCodeqlVersions = toolcache.findAllVersions('CodeQL');
-            if (allCodeqlVersions.length === 0) {
-              throw new Error(`CodeQL could not be found in the toolcache`);
-            }
-      - id: setup-codeql
-        uses: ./../action/setup-codeql
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
+          cache: false
+      - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - name: Check CodeQL is installed within the toolcache
-        uses: actions/github-script@v8
+          languages: csharp,java,javascript,python
+          analysis-kinds: code-quality
+      - name: Build code
+        run: ./build.sh
+  # Generate some SARIF we can upload with the upload-sarif step
+      - uses: ./../action/analyze
         with:
-          script: |
-            const toolcache = require('@actions/tool-cache');
-            const allCodeqlVersions = toolcache.findAllVersions('CodeQL');
-            console.log(`Found CodeQL versions: ${allCodeqlVersions}`);
-            if (allCodeqlVersions.length === 0) {
-              throw new Error('CodeQL not found in toolcache');
-            }
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+          upload: never
+      - uses: ./../action/upload-sarif
+        id: upload-sarif
+        with:
+          ref: refs/heads/main
+          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
+      - name: Check output from `upload-sarif` step
+        if: fromJSON(steps.upload-sarif.outputs.sarif-ids)[0].analysis != 'code-quality'
+        run: exit 1
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__upload-ref-sha-input.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -80,11 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__upload-sarif.yml

@@ -1,173 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pr-checks/sync.sh
-# to regenerate this file.
-
-name: PR Check - Test different uses of `upload-sarif`
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch:
-    inputs:
-      go-version:
-        type: string
-        description: The version of Go to install
-        required: false
-        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-  workflow_call:
-    inputs:
-      go-version:
-        type: string
-        description: The version of Go to install
-        required: false
-        default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-defaults:
-  run:
-    shell: bash
-concurrency:
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-  group: ${{ github.workflow }}-${{ github.ref }}
-jobs:
-  upload-sarif:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-latest
-            version: default
-            analysis-kinds: code-scanning
-          - os: ubuntu-latest
-            version: default
-            analysis-kinds: code-quality
-          - os: ubuntu-latest
-            version: default
-            analysis-kinds: code-scanning,code-quality
-    name: Test different uses of `upload-sarif`
-    if: github.triggering_actor != 'dependabot[bot]'
-    permissions:
-      contents: read
-      security-events: read
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v5
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Install Go
-        uses: actions/setup-go@v6
-        with:
-          go-version: ${{ inputs.go-version || '>=1.21.0' }}
-          cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - uses: ./../action/init
-        with:
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-          languages: csharp,java,javascript,python
-          analysis-kinds: ${{ matrix.analysis-kinds }}
-      - name: Build code
-        run: ./build.sh
-  # Generate some SARIF we can upload with the upload-sarif step
-      - uses: ./../action/analyze
-        with:
-          ref: refs/heads/main
-          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-          upload: never
-          output: ${{ runner.temp }}/results
-
-      - name: |
-          Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}`
-        uses: ./../action/upload-sarif
-        id: upload-sarif
-        with:
-          ref: refs/heads/main
-          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-          sarif_file: ${{ runner.temp }}/results
-          category: |
-            ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/
-      - name: Fail for missing output from `upload-sarif` step for `code-scanning`
-        if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)
-        run: exit 1
-      - name: Fail for missing output from `upload-sarif` step for `code-quality`
-        if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)
-        run: exit 1
-
-      - name: Upload single SARIF file for Code Scanning
-        uses: ./../action/upload-sarif
-        id: upload-single-sarif-code-scanning
-        if: contains(matrix.analysis-kinds, 'code-scanning')
-        with:
-          ref: refs/heads/main
-          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-          sarif_file: ${{ runner.temp }}/results/javascript.sarif
-          category: |
-            ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/
-      - name: Fail for missing output from `upload-single-sarif-code-scanning` step
-        if: contains(matrix.analysis-kinds, 'code-scanning') &&
-          !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)
-        run: exit 1
-      - name: Upload single SARIF file for Code Quality
-        uses: ./../action/upload-sarif
-        id: upload-single-sarif-code-quality
-        if: contains(matrix.analysis-kinds, 'code-quality')
-        with:
-          ref: refs/heads/main
-          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-          sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif
-          category: |
-            ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/
-      - name: Fail for missing output from `upload-single-sarif-code-quality` step
-        if: contains(matrix.analysis-kinds, 'code-quality') &&
-          !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)
-        run: exit 1
-
-      - name: Change SARIF file extension
-        if: contains(matrix.analysis-kinds, 'code-scanning')
-        run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json
-      - name: Upload single non-`.sarif` file
-        uses: ./../action/upload-sarif
-        id: upload-single-non-sarif
-        if: contains(matrix.analysis-kinds, 'code-scanning')
-        with:
-          ref: refs/heads/main
-          sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-          sarif_file: ${{ runner.temp }}/results/javascript.sarif.json
-          category: |
-            ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/
-      - name: Fail for missing output from `upload-single-non-sarif` step
-        if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)
-        run: exit 1
-    env:
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__with-checkout-path.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
 defaults:
   run:
     shell: bash
@@ -80,11 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
       - name: Delete original checkout
         run: |
           # delete the original checkout so we don't accidentally use it.
@@ -118,30 +103,29 @@ jobs:
 
       - name: Verify SARIF after upload
         run: |
-          PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json"
           EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
           EXPECTED_REF="v1.1.0"
           EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
 
-          ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)"
-          ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)"
-          ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)"
+          ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
+          ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
+          ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
 
           if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
             echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
-            echo "$PAYLOAD_FILE"
+            echo "$RUNNER_TEMP/payload.json"
             exit 1
           fi
 
           if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
             echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
-            echo "$PAYLOAD_FILE"
+            echo "$RUNNER_TEMP/payload.json"
             exit 1
           fi
 
           if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
             echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
-            echo "$PAYLOAD_FILE"
+            echo "$RUNNER_TEMP/payload.json"
             exit 1
           fi
     env:

.github/workflows/codescanning-config-cli.yml

@@ -58,7 +58,7 @@ jobs:
     - name: Set up Node.js
       uses: actions/setup-node@v5
       with:
-        node-version: 24
+        node-version: '20'
         cache: 'npm'
 
     - name: Install dependencies

.github/workflows/post-release-mergeback.yml

@@ -146,7 +146,6 @@ jobs:
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
 
       - name: Create the GitHub release
-        if: steps.check.outputs.exists != 'true'
         env:
           PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
           VERSION: "${{ steps.getVersion.outputs.version }}"

.github/workflows/pr-checks.yml

@@ -20,7 +20,6 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        node-version: [20, 24]
     permissions:
       contents: read
       security-events: write # needed to upload ESLint results
@@ -37,7 +36,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v5
         with:
-          node-version: ${{ matrix.node-version }}
+          node-version: '20.x'
           cache: 'npm'
 
       - name: Set up Python
@@ -73,8 +72,8 @@ jobs:
         run: npm run lint-ci
 
       - name: Upload sarif
-        uses: github/codeql-action/upload-sarif@v4
-        if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24
+        uses: github/codeql-action/upload-sarif@v3
+        if: matrix.os == 'ubuntu-latest'
         with:
           sarif_file: eslint.sarif
           category: eslint

.github/workflows/query-filters.yml

@@ -34,7 +34,7 @@ jobs:
     - name: Install Node.js
       uses: actions/setup-node@v5
       with:
-        node-version: 24
+        node-version: 20.x
         cache: npm
 
     - name: Install dependencies

.github/workflows/update-bundle.yml

@@ -43,7 +43,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v5
         with:
-          node-version: 24
+          node-version: '20.x'
           cache: 'npm'
 
       - name: Install dependencies

.github/workflows/update-proxy-release.yml

@@ -0,0 +1,99 @@
+name: Update dependency proxy release assets
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
+        type: string
+        required: true
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  update:
+    name: Update code and create PR
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to push the updated files
+      pull-requests: write # needed to create the PR
+    env:
+      RELEASE_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Check release tag format
+        id: checks
+        run: |
+          if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
+            exit 1
+          fi
+
+          echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check that the release exists
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
+
+      - name: Install Node
+        uses: actions/setup-node@v5
+
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
+          ref: main
+
+      - name: Update git config
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update release tag and version
+        run: |
+          NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
+          sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
+          sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
+
+      - name: Compile TypeScript and commit changes
+        env:
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+        run: |
+          set -exu
+          git checkout -b "$TARGET_BRANCH"
+
+          npm run build
+          git add ./src/start-proxy-action.ts
+          git add ./lib
+          git commit -m "Update release used by \`start-proxy\` action"
+
+      - name: Push changes and open PR
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+          PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
+        run: |
+          set -exu
+          pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
+          pr_body=$(cat << EOF
+            This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
+            are attached as release assets to the \`$RELEASE_TAG\` release.
+
+
+            Please do the following before merging:
+
+            - [ ] Verify that the changes to the code are correct.
+            - [ ] Mark the PR as ready for review to trigger the CI.
+          EOF
+          )
+
+          git push origin "$TARGET_BRANCH"
+          gh pr create \
+            --head "$TARGET_BRANCH" \
+            --base "main" \
+            --title "${pr_title}" \
+            --body "${pr_body}" \
+            $PR_FLAG

CHANGELOG.md

@@ -4,21 +4,8 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
-- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)
-
-## 4.30.8 - 10 Oct 2025
-
 No user facing changes.
 
-## 4.30.7 - 06 Oct 2025
-
-- [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)
-
-## 3.30.6 - 02 Oct 2025
-
-- Update default CodeQL bundle version to 2.23.2. [#3168](https://github.com/github/codeql-action/pull/3168)
-
 ## 3.30.5 - 26 Sep 2025
 
 - We fixed a bug that was introduced in `3.30.4` with `upload-sarif` which resulted in files without a `.sarif` extension not getting uploaded. [#3160](https://github.com/github/codeql-action/pull/3160)

CONTRIBUTING.md

@@ -13,7 +13,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 
 ## Development and Testing
 
-Before you start, ensure that you have a recent version of node (24 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`.
+Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`.
 
 ### Common tasks
 

README.md

@@ -34,7 +34,6 @@ Actions with special purposes and unlikely to be used directly:
 - `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
 - `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
 - `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
-- `setup-codeql`: [Experimental] Similar to `init`, except it only installs the CodeQL CLI and does not initialize a database.
 
 ### Workflow Permissions
 
@@ -63,8 +62,7 @@ For compiled languages:
 
 The following versions of the CodeQL Action are currently supported:
 
-- v4 (latest)
-- v3
+- v3 (latest)
 
 ## Supported versions of the CodeQL Bundle on GitHub Enterprise Server
 

analyze/action.yml

@@ -92,6 +92,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: node24
+  using: node20
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -15,5 +15,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: node24
+  using: node20
   main: '../lib/autobuild-action.js'

eslint.config.mjs

@@ -146,12 +146,6 @@ export default [
       "@typescript-eslint/prefer-regexp-exec": "off",
       "@typescript-eslint/require-await": "off",
       "@typescript-eslint/restrict-template-expressions": "off",
-      "@typescript-eslint/no-unused-vars": [
-        "error",
-        {
-          "argsIgnorePattern": "^_",
-        }
-      ],
       "func-style": "off",
     },
   },

init/action.yml

@@ -165,6 +165,6 @@ outputs:
   codeql-version:
     description: The version of the CodeQL binary used for analysis
 runs:
-  using: node24
+  using: node20
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

json-schemas.mjs

@@ -1,29 +0,0 @@
-import fs from "node:fs";
-import path from "node:path";
-import { fileURLToPath } from "node:url";
-
-import { globSync } from "glob";
-import { compileFromFile } from 'json-schema-to-typescript';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-
-const SRC_DIR = path.join(__dirname, "schemas");
-const OUT_DIR = path.join(__dirname, "src");
-
-async function generateTypings() {
-  const schemas = globSync(`${SRC_DIR}/*.json`);
-  for (const schema of schemas) {
-    const outPath = path.join(
-      OUT_DIR,
-      `${path.basename(schema, ".json")}.d.ts`,
-    );
-    const ts = await compileFromFile(schema, {
-      bannerComment:
-        "/* This file was automatically generated by `npm run generate:schemas`. Do not edit by hand. */",
-    });
-    fs.writeFileSync(outPath, ts, "utf-8");
-  }
-}
-
-await generateTypings();

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.3",
-  "cliVersion": "2.23.3",
-  "priorBundleVersion": "codeql-bundle-v2.23.2",
-  "priorCliVersion": "2.23.2"
+  "bundleVersion": "codeql-bundle-v2.23.1",
+  "cliVersion": "2.23.1",
+  "priorBundleVersion": "codeql-bundle-v2.23.0",
+  "priorCliVersion": "2.23.0"
 }

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "4.30.9",
+  "version": "3.30.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "4.30.9",
+      "version": "3.30.6",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^2.3.1",
@@ -20,7 +20,6 @@
         "@actions/io": "^1.1.3",
         "@actions/tool-cache": "^2.0.2",
         "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.1",
         "@schemastore/package": "0.0.10",
         "archiver": "^7.0.1",
         "check-disk-space": "^3.4.0",
@@ -34,14 +33,14 @@
         "long": "^5.3.2",
         "node-forge": "^1.3.1",
         "octokit": "^5.0.3",
-        "semver": "^7.7.3",
+        "semver": "^7.7.2",
         "uuid": "^13.0.0"
       },
       "devDependencies": {
         "@ava/typescript": "6.0.0",
         "@eslint/compat": "^1.4.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "^9.37.0",
+        "@eslint/js": "^9.36.0",
         "@microsoft/eslint-formatter-sarif": "^3.1.0",
         "@octokit/types": "^15.0.0",
         "@types/archiver": "^6.0.3",
@@ -52,7 +51,7 @@
         "@types/node-forge": "^1.3.14",
         "@types/semver": "^7.7.1",
         "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.0",
+        "@typescript-eslint/eslint-plugin": "^8.44.1",
         "@typescript-eslint/parser": "^8.41.0",
         "ava": "^6.4.1",
         "esbuild": "^0.25.10",
@@ -63,10 +62,9 @@
         "eslint-plugin-import": "2.29.1",
         "eslint-plugin-no-async-foreach": "^0.1.1",
         "glob": "^11.0.3",
-        "json-schema-to-typescript": "^15.0.4",
         "nock": "^14.0.10",
         "sinon": "^21.0.0",
-        "typescript": "^5.9.3"
+        "typescript": "^5.9.2"
       }
     },
     "node_modules/@aashutoshrathi/word-wrap": {
@@ -430,24 +428,6 @@
         "semver": "^6.1.0"
       }
     },
-    "node_modules/@apidevtools/json-schema-ref-parser": {
-      "version": "11.9.3",
-      "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-11.9.3.tgz",
-      "integrity": "sha512-60vepv88RwcJtSHrD6MjIL6Ta3SOYbgfnkHb+ppAVK+o9mXprRtulx7VlRl3lN3bbvysAfCS7WMVfhUYemB0IQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@jsdevtools/ono": "^7.1.3",
-        "@types/json-schema": "^7.0.15",
-        "js-yaml": "^4.1.0"
-      },
-      "engines": {
-        "node": ">= 16"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/philsturgeon"
-      }
-    },
     "node_modules/@ava/typescript": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/@ava/typescript/-/typescript-6.0.0.tgz",
@@ -1366,9 +1346,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.37.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
-      "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
+      "version": "9.36.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz",
+      "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1544,13 +1524,6 @@
         "node": ">=18.0.0"
       }
     },
-    "node_modules/@jsdevtools/ono": {
-      "version": "7.1.3",
-      "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz",
-      "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@mapbox/node-pre-gyp": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-2.0.0.tgz",
@@ -2202,6 +2175,7 @@
       "version": "26.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
       "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "dev": true,
       "license": "MIT"
     },
     "node_modules/@octokit/openapi-webhooks-types": {
@@ -2325,17 +2299,31 @@
       }
     },
     "node_modules/@octokit/request-error": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
-      "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
-      "license": "MIT",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz",
+      "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==",
       "dependencies": {
-        "@octokit/types": "^15.0.0"
+        "@octokit/types": "^14.0.0"
       },
       "engines": {
         "node": ">= 20"
       }
     },
+    "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
+      "version": "25.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
+      "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/request-error/node_modules/@octokit/types": {
+      "version": "14.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
+      "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^25.1.0"
+      }
+    },
     "node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
       "version": "25.1.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
@@ -2360,6 +2348,7 @@
       "version": "15.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
       "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
         "@octokit/openapi-types": "^26.0.0"
@@ -2670,13 +2659,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@types/lodash": {
-      "version": "4.17.20",
-      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.20.tgz",
-      "integrity": "sha512-H3MHACvFUEiujabxhaI/ImO6gUrd8oOurg7LQtS7mbwIXA/cUqWrvBsaeJ23aZEPk1TAYkurjfMbSELfoCXlGA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@types/node": {
       "version": "20.19.9",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz",
@@ -2730,17 +2712,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.0.tgz",
-      "integrity": "sha512-hA8gxBq4ukonVXPy0OKhiaUh/68D0E88GSmtC1iAEnGaieuDi38LhS7jdCHRLi6ErJBNDGCzvh5EnzdPwUc0DA==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.1.tgz",
+      "integrity": "sha512-molgphGqOBT7t4YKCSkbasmu1tb1MgrZ2szGzHbclF7PNmOkSTQVHy+2jXOSnxvR3+Xe1yySHFZoqMpz3TfQsw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.46.0",
-        "@typescript-eslint/type-utils": "8.46.0",
-        "@typescript-eslint/utils": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0",
+        "@typescript-eslint/scope-manager": "8.44.1",
+        "@typescript-eslint/type-utils": "8.44.1",
+        "@typescript-eslint/utils": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1",
         "graphemer": "^1.4.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
@@ -2754,20 +2736,20 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.46.0",
+        "@typescript-eslint/parser": "^8.44.1",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz",
-      "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz",
+      "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0"
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2778,9 +2760,9 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz",
-      "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz",
+      "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2792,16 +2774,16 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz",
-      "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz",
+      "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.46.0",
-        "@typescript-eslint/tsconfig-utils": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0",
+        "@typescript-eslint/project-service": "8.44.1",
+        "@typescript-eslint/tsconfig-utils": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -2821,16 +2803,16 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.0.tgz",
-      "integrity": "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz",
+      "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/typescript-estree": "8.46.0"
+        "@typescript-eslint/scope-manager": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/typescript-estree": "8.44.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2845,13 +2827,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz",
-      "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz",
+      "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
+        "@typescript-eslint/types": "8.44.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -2924,16 +2906,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz",
-      "integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.1.tgz",
+      "integrity": "sha512-EHrrEsyhOhxYt8MTg4zTF+DJMuNBzWwgvvOYNj/zm1vnaD/IC5zCXFehZv94Piqa2cRFfXrTFxIvO95L7Qc/cw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/typescript-estree": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0",
+        "@typescript-eslint/scope-manager": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/typescript-estree": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -2949,14 +2931,14 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz",
-      "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz",
+      "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0"
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2967,9 +2949,9 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz",
-      "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz",
+      "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2981,16 +2963,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz",
-      "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz",
+      "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.46.0",
-        "@typescript-eslint/tsconfig-utils": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0",
+        "@typescript-eslint/project-service": "8.44.1",
+        "@typescript-eslint/tsconfig-utils": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -3010,13 +2992,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz",
-      "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz",
+      "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
+        "@typescript-eslint/types": "8.44.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -3080,14 +3062,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.0.tgz",
-      "integrity": "sha512-OEhec0mH+U5Je2NZOeK1AbVCdm0ChyapAyTeXVIYTPXDJ3F07+cu87PPXcGoYqZ7M9YJVvFnfpGg1UmCIqM+QQ==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.1.tgz",
+      "integrity": "sha512-ycSa60eGg8GWAkVsKV4E6Nz33h+HjTXbsDT4FILyL8Obk5/mx4tbvCNsLf9zret3ipSumAOG89UcCs/KRaKYrA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.46.0",
-        "@typescript-eslint/types": "^8.46.0",
+        "@typescript-eslint/tsconfig-utils": "^8.44.1",
+        "@typescript-eslint/types": "^8.44.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3102,9 +3084,9 @@
       }
     },
     "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz",
-      "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz",
+      "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3134,9 +3116,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.0.tgz",
-      "integrity": "sha512-WrYXKGAHY836/N7zoK/kzi6p8tXFhasHh8ocFL9VZSAkvH956gfeRfcnhs3xzRy8qQ/dq3q44v1jvQieMFg2cw==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.1.tgz",
+      "integrity": "sha512-B5OyACouEjuIvof3o86lRMvyDsFwZm+4fBOqFHccIctYgBjqR3qT39FBYGN87khcgf0ExpdCBeGKpKRhSFTjKQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3151,15 +3133,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.0.tgz",
-      "integrity": "sha512-hy+lvYV1lZpVs2jRaEYvgCblZxUoJiPyCemwbQZ+NGulWkQRy0HRPYAoef/CNSzaLt+MLvMptZsHXHlkEilaeg==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.1.tgz",
+      "integrity": "sha512-KdEerZqHWXsRNKjF9NYswNISnFzXfXNDfPxoTh7tqohU/PRIbwTmsjGK6V9/RTYWau7NZvfo52lgVk+sJh0K3g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/typescript-estree": "8.46.0",
-        "@typescript-eslint/utils": "8.46.0",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/typescript-estree": "8.44.1",
+        "@typescript-eslint/utils": "8.44.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -3176,14 +3158,14 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz",
-      "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz",
+      "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0"
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3194,9 +3176,9 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz",
-      "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz",
+      "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3208,16 +3190,16 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz",
-      "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz",
+      "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.46.0",
-        "@typescript-eslint/tsconfig-utils": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/visitor-keys": "8.46.0",
+        "@typescript-eslint/project-service": "8.44.1",
+        "@typescript-eslint/tsconfig-utils": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/visitor-keys": "8.44.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -3237,16 +3219,16 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.0.tgz",
-      "integrity": "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz",
+      "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.46.0",
-        "@typescript-eslint/types": "8.46.0",
-        "@typescript-eslint/typescript-estree": "8.46.0"
+        "@typescript-eslint/scope-manager": "8.44.1",
+        "@typescript-eslint/types": "8.44.1",
+        "@typescript-eslint/typescript-estree": "8.44.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3261,13 +3243,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.46.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz",
-      "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==",
+      "version": "8.44.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz",
+      "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.46.0",
+        "@typescript-eslint/types": "8.44.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -4218,9 +4200,7 @@
       "license": "MIT"
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.11",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
@@ -6985,30 +6965,6 @@
         "node": ">=0.1.90"
       }
     },
-    "node_modules/json-schema-to-typescript": {
-      "version": "15.0.4",
-      "resolved": "https://registry.npmjs.org/json-schema-to-typescript/-/json-schema-to-typescript-15.0.4.tgz",
-      "integrity": "sha512-Su9oK8DR4xCmDsLlyvadkXzX6+GGXJpbhwoLtOGArAG61dvbW4YQmSEno2y66ahpIdmLMg6YUf/QHLgiwvkrHQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@apidevtools/json-schema-ref-parser": "^11.5.5",
-        "@types/json-schema": "^7.0.15",
-        "@types/lodash": "^4.17.7",
-        "is-glob": "^4.0.3",
-        "js-yaml": "^4.1.0",
-        "lodash": "^4.17.21",
-        "minimist": "^1.2.8",
-        "prettier": "^3.2.5",
-        "tinyglobby": "^0.2.9"
-      },
-      "bin": {
-        "json2ts": "dist/src/cli.js"
-      },
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
     "node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "dev": true,
@@ -8267,10 +8223,9 @@
       "license": "ISC"
     },
     "node_modules/semver": {
-      "version": "7.7.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
-      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
-      "license": "ISC",
+      "version": "7.7.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
+      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
       "bin": {
         "semver": "bin/semver.js"
       },
@@ -9086,9 +9041,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
-      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "version": "5.9.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz",
+      "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "4.30.9",
+  "version": "3.30.6",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -12,8 +12,7 @@
     "ava": "npm run transpile && ava --serial --verbose",
     "test": "npm run ava -- src/",
     "test-debug": "npm run test -- --timeout=20m",
-    "transpile": "npm run generate:schemas && tsc --build --verbose",
-    "generate:schemas": "node json-schemas.mjs"
+    "transpile": "tsc --build --verbose"
   },
   "ava": {
     "typescript": {
@@ -36,7 +35,6 @@
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.2",
     "@octokit/plugin-retry": "^6.0.0",
-    "@octokit/request-error": "^7.0.1",
     "@schemastore/package": "0.0.10",
     "archiver": "^7.0.1",
     "check-disk-space": "^3.4.0",
@@ -50,14 +48,14 @@
     "long": "^5.3.2",
     "node-forge": "^1.3.1",
     "octokit": "^5.0.3",
-    "semver": "^7.7.3",
+    "semver": "^7.7.2",
     "uuid": "^13.0.0"
   },
   "devDependencies": {
     "@ava/typescript": "6.0.0",
     "@eslint/compat": "^1.4.0",
     "@eslint/eslintrc": "^3.3.1",
-    "@eslint/js": "^9.37.0",
+    "@eslint/js": "^9.36.0",
     "@microsoft/eslint-formatter-sarif": "^3.1.0",
     "@octokit/types": "^15.0.0",
     "@types/archiver": "^6.0.3",
@@ -68,7 +66,7 @@
     "@types/node-forge": "^1.3.14",
     "@types/semver": "^7.7.1",
     "@types/sinon": "^17.0.4",
-    "@typescript-eslint/eslint-plugin": "^8.46.0",
+    "@typescript-eslint/eslint-plugin": "^8.44.1",
     "@typescript-eslint/parser": "^8.41.0",
     "ava": "^6.4.1",
     "esbuild": "^0.25.10",
@@ -79,10 +77,9 @@
     "eslint-plugin-import": "2.29.1",
     "eslint-plugin-no-async-foreach": "^0.1.1",
     "glob": "^11.0.3",
-    "json-schema-to-typescript": "^15.0.4",
     "nock": "^14.0.10",
     "sinon": "^21.0.0",
-    "typescript": "^5.9.3"
+    "typescript": "^5.9.2"
   },
   "overrides": {
     "@actions/tool-cache": {

pr-checks/checks/analyze-ref-input.yml

@@ -2,7 +2,6 @@ name: "Analyze: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
 installGo: true
-installPython: true
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/bundle-from-toolcache.yml

@@ -1,31 +0,0 @@
-name: "Bundle: From toolcache"
-description: "The CodeQL bundle should be cached within the toolcache"
-versions:
-  - toolcache
-steps:
-  - name: Install @actions/tool-cache
-    run: npm install @actions/tool-cache
-  - name: Check toolcache contains CodeQL
-    continue-on-error: true
-    uses: actions/github-script@v8
-    with:
-      script: |
-        const toolcache = require('@actions/tool-cache');
-        const allCodeqlVersions = toolcache.findAllVersions('CodeQL');
-        if (allCodeqlVersions.length === 0) {
-          throw new Error(`CodeQL could not be found in the toolcache`);
-        }
-  - id: setup-codeql
-    uses: ./../action/setup-codeql
-    with:
-      tools: ${{ steps.prepare-test.outputs.tools-url }}
-  - name: Check CodeQL is installed within the toolcache
-    uses: actions/github-script@v8
-    with:
-      script: |
-        const toolcache = require('@actions/tool-cache');
-        const allCodeqlVersions = toolcache.findAllVersions('CodeQL');
-        console.log(`Found CodeQL versions: ${allCodeqlVersions}`);
-        if (allCodeqlVersions.length === 0) {
-          throw new Error('CodeQL not found in toolcache');
-        }

pr-checks/checks/local-bundle.yml

@@ -2,7 +2,6 @@ name: "Local CodeQL bundle"
 description: "Tests using a CodeQL bundle from a local file rather than a URL"
 versions: ["linked"]
 installGo: true
-installPython: true
 steps:
   - name: Fetch latest CodeQL bundle
     run: |

pr-checks/checks/multi-language-autodetect.yml

@@ -4,7 +4,6 @@ operatingSystems: ["macos", "ubuntu"]
 env:
   CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true
 installGo: true
-installPython: true
 steps:
   - name: Use Xcode 16
     if: runner.os == 'macOS' && matrix.version != 'nightly-latest'

pr-checks/checks/packaging-codescanning-config-inputs-js.yml

@@ -3,7 +3,6 @@ description: "Checks that specifying packages using a combination of a config fi
 versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
 installGo: true
 installNode: true
-installPython: true
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/remote-config.yml

@@ -6,7 +6,6 @@ versions:
   - linked
   - nightly-latest
 installGo: true
-installPython: true
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/rubocop-multi-language.yml

@@ -4,7 +4,7 @@ description: "Tests using RuboCop to analyze a multi-language repository and the
 versions: ["default"]
 steps:
   - name: Set up Ruby
-    uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0
+    uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0
     with:
       ruby-version: 2.6
   - name: Install Code Scanning integration

pr-checks/checks/unset-environment.yml

@@ -6,7 +6,6 @@ versions:
   - linked
   - nightly-latest
 installGo: true
-installPython: true
 steps:
   - uses: ./../action/init
     id: init

pr-checks/checks/upload-quality-sarif.yml

@@ -0,0 +1,26 @@
+name: "Upload-sarif: code quality endpoint"
+description: "Checks that uploading SARIFs to the code quality endpoint works"
+versions: ["default"]
+installGo: true
+steps:
+  - uses: ./../action/init
+    with:
+      tools: ${{ steps.prepare-test.outputs.tools-url }}
+      languages: csharp,java,javascript,python
+      analysis-kinds: code-quality
+  - name: Build code
+    run: ./build.sh
+  # Generate some SARIF we can upload with the upload-sarif step
+  - uses: ./../action/analyze
+    with:
+      ref: 'refs/heads/main'
+      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
+      upload: never
+  - uses: ./../action/upload-sarif
+    id: upload-sarif
+    with:
+      ref: 'refs/heads/main'
+      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
+  - name: "Check output from `upload-sarif` step"
+    if: fromJSON(steps.upload-sarif.outputs.sarif-ids)[0].analysis != 'code-quality'
+    run: exit 1

pr-checks/checks/upload-ref-sha-input.yml

@@ -2,7 +2,6 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs"
 description: "Checks that specifying 'ref' and 'sha' as inputs works"
 versions: ["default"]
 installGo: true
-installPython: true
 steps:
   - uses: ./../action/init
     with:

pr-checks/checks/upload-sarif.yml

@@ -1,82 +0,0 @@
-name: "Test different uses of `upload-sarif`"
-description: "Checks that uploading SARIFs to the code quality endpoint works"
-versions: ["default"]
-analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
-installGo: true
-installPython: true
-steps:
-  - uses: ./../action/init
-    with:
-      tools: ${{ steps.prepare-test.outputs.tools-url }}
-      languages: csharp,java,javascript,python
-      analysis-kinds: ${{ matrix.analysis-kinds }}
-  - name: Build code
-    run: ./build.sh
-  # Generate some SARIF we can upload with the upload-sarif step
-  - uses: ./../action/analyze
-    with:
-      ref: 'refs/heads/main'
-      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-      upload: never
-      output: ${{ runner.temp }}/results
-
-  - name: |
-      Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}`
-    uses: ./../action/upload-sarif
-    id: upload-sarif
-    with:
-      ref: 'refs/heads/main'
-      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-      sarif_file: ${{ runner.temp }}/results
-      category: |
-        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/
-  - name: "Fail for missing output from `upload-sarif` step for `code-scanning`"
-    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)"
-    run: exit 1
-  - name: "Fail for missing output from `upload-sarif` step for `code-quality`"
-    if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)"
-    run: exit 1
-
-  - name: Upload single SARIF file for Code Scanning
-    uses: ./../action/upload-sarif
-    id: upload-single-sarif-code-scanning
-    if: "contains(matrix.analysis-kinds, 'code-scanning')"
-    with:
-      ref: 'refs/heads/main'
-      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-      sarif_file: ${{ runner.temp }}/results/javascript.sarif
-      category: |
-        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/
-  - name: "Fail for missing output from `upload-single-sarif-code-scanning` step"
-    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)"
-    run: exit 1
-  - name: Upload single SARIF file for Code Quality
-    uses: ./../action/upload-sarif
-    id: upload-single-sarif-code-quality
-    if: "contains(matrix.analysis-kinds, 'code-quality')"
-    with:
-      ref: 'refs/heads/main'
-      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-      sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif
-      category: |
-        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/
-  - name: "Fail for missing output from `upload-single-sarif-code-quality` step"
-    if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)"
-    run: exit 1
-
-  - name: Change SARIF file extension
-    if: "contains(matrix.analysis-kinds, 'code-scanning')"
-    run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json
-  - name: Upload single non-`.sarif` file
-    uses: ./../action/upload-sarif
-    id: upload-single-non-sarif
-    if: "contains(matrix.analysis-kinds, 'code-scanning')"
-    with:
-      ref: 'refs/heads/main'
-      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
-      sarif_file: ${{ runner.temp }}/results/javascript.sarif.json
-      category: |
-        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/
-  - name: "Fail for missing output from `upload-single-non-sarif` step"
-    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)"
-    run: exit 1

pr-checks/checks/with-checkout-path.yml

@@ -2,7 +2,6 @@ name: "Use a custom `checkout_path`"
 description: "Checks that a custom `checkout_path` will find the proper commit_oid"
 versions: ["linked"]
 installGo: true
-installPython: true
 steps:
   # This ensures we don't accidentally use the original checkout for any part of the test.
   - name: Delete original checkout
@@ -38,29 +37,28 @@ steps:
 
   - name: Verify SARIF after upload
     run: |
-      PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json"
       EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
       EXPECTED_REF="v1.1.0"
       EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
 
-      ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)"
-      ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)"
-      ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)"
+      ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
+      ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
+      ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
 
       if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
         echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
-        echo "$PAYLOAD_FILE"
+        echo "$RUNNER_TEMP/payload.json"
         exit 1
       fi
 
       if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
         echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
-        echo "$PAYLOAD_FILE"
+        echo "$RUNNER_TEMP/payload.json"
         exit 1
       fi
 
       if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
         echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
-        echo "$PAYLOAD_FILE"
+        echo "$RUNNER_TEMP/payload.json"
         exit 1
       fi

pr-checks/sync.py

@@ -184,26 +184,6 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
             }
         })
 
-    installPython = is_truthy(checkSpecification.get('installPython', ''))
-
-    if installPython:
-        basePythonVersionExpr = '3.13'
-        workflowInputs['python-version'] = {
-            'type': 'string',
-            'description': 'The version of Python to install',
-            'required': False,
-            'default': basePythonVersionExpr,
-        }
-
-        steps.append({
-            'name': 'Install Python',
-            'if': 'matrix.version != \'nightly-latest\'',
-            'uses': 'actions/setup-python@v6',
-            'with': {
-                'python-version': '${{ inputs.python-version || \'' + basePythonVersionExpr + '\' }}'
-            }
-        })
-
     # If container initialisation steps are present in the check specification,
     # make sure to execute them first.
     if 'container' in checkSpecification and 'container-init-steps' in checkSpecification:

resolve-environment/action.yml

@@ -21,5 +21,5 @@ outputs:
   environment:
     description: The inferred build environment configuration.
 runs:
-  using: node24
+  using: node20
   main: '../lib/resolve-environment-action.js'

schemas/db-config-schema.json

@@ -1,145 +0,0 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "title": "UserConfig",
-  "description": "Format of the config file supplied by the user for CodeQL analysis",
-  "type": "object",
-  "properties": {
-    "name": {
-      "type": "string",
-      "description": "Name of the configuration"
-    },
-    "disable-default-queries": {
-      "type": "boolean",
-      "description": "Whether to disable default queries"
-    },
-    "queries": {
-      "type": "array",
-      "description": "List of additional queries to run",
-      "items": {
-        "$ref": "#/definitions/QuerySpec"
-      }
-    },
-    "paths-ignore": {
-      "type": "array",
-      "description": "Paths to ignore during analysis",
-      "items": {
-        "type": "string"
-      }
-    },
-    "paths": {
-      "type": "array",
-      "description": "Paths to include in analysis",
-      "items": {
-        "type": "string"
-      }
-    },
-    "packs": {
-      "description": "Query packs to include. Can be a simple array for single-language analysis or an object with language-specific arrays for multi-language analysis",
-      "oneOf": [
-        {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        {
-          "type": "object",
-          "additionalProperties": {
-            "type": "array",
-            "items": {
-              "type": "string"
-            }
-          }
-        }
-      ]
-    },
-    "query-filters": {
-      "type": "array",
-      "description": "Set of query filters to include and exclude extra queries based on CodeQL query suite include and exclude properties",
-      "items": {
-        "$ref": "#/definitions/QueryFilter"
-      }
-    }
-  },
-  "additionalProperties": true,
-  "definitions": {
-    "QuerySpec": {
-      "type": "object",
-      "description": "Detailed query specification object",
-      "properties": {
-        "name": {
-          "type": "string",
-          "description": "Optional name for the query"
-        },
-        "uses": {
-          "type": "string",
-          "description": "The query or query suite to use"
-        }
-      },
-      "required": ["uses"],
-      "additionalProperties": false
-    },
-    "QueryFilter": {
-      "description": "Query filter that can either include or exclude queries",
-      "oneOf": [
-        {
-          "$ref": "#/definitions/ExcludeQueryFilter"
-        },
-        {
-          "$ref": "#/definitions/IncludeQueryFilter"
-        },
-        {}
-      ]
-    },
-    "ExcludeQueryFilter": {
-      "type": "object",
-      "description": "Filter to exclude queries",
-      "properties": {
-        "exclude": {
-          "type": "object",
-          "description": "Queries to exclude",
-          "additionalProperties": {
-            "oneOf": [
-              {
-                "type": "array",
-                "items": {
-                  "type": "string"
-                }
-              },
-              {
-                "type": "string"
-              }
-            ]
-          }
-        }
-      },
-      "required": ["exclude"],
-      "additionalProperties": false
-    },
-    "IncludeQueryFilter": {
-      "type": "object",
-      "description": "Filter to include queries",
-      "properties": {
-        "include": {
-          "type": "object",
-          "description": "Queries to include",
-          "additionalProperties": {
-            "oneOf": [
-              {
-                "type": "array",
-                "items": {
-                  "type": "string"
-                }
-              },
-              {
-                "type": "string"
-              }
-            ]
-          }
-        }
-      },
-      "required": ["include"],
-      "additionalProperties": false
-    }
-  }
-}

setup-codeql/action.yml

@@ -1,39 +0,0 @@
-name: 'CodeQL: Setup'
-description: 'Installs the CodeQL CLI'
-author: 'GitHub'
-inputs:
-  tools:
-    description: >-
-      By default, the Action will use the recommended version of the CodeQL
-      Bundle to analyze your project. You can override this choice using this
-      input. One of:
-
-      - A local path to a CodeQL Bundle tarball, or
-      - The URL of a CodeQL Bundle tarball GitHub release asset, or
-      - A special value `linked` which uses the version of the CodeQL tools
-        that the Action has been bundled with.
-      - A special value `nightly` which uses the latest nightly version of the
-        CodeQL tools. Note that this is unstable and not recommended for
-        production use.
-
-      If not specified, the Action will check in several places until it finds
-      the CodeQL tools.
-    required: false
-  token:
-    description: GitHub token to use for authenticating with this instance of GitHub.
-    default: ${{ github.token }}
-    required: false
-  matrix:
-    default: ${{ toJson(matrix) }}
-    required: false
-  external-repository-token:
-    description: A token for fetching additional files from private repositories in the same GitHub instance that is running this action.
-    required: false
-outputs:
-  codeql-path:
-    description: The path of the CodeQL binary that was installed.
-  codeql-version:
-    description: The version of the CodeQL binary that was installed.
-runs:
-  using: node24
-  main: '../lib/setup-codeql-action.js'

src/actions-util.ts

@@ -247,14 +247,9 @@ export function isSelfHostedRunner() {
   return process.env.RUNNER_ENVIRONMENT === "self-hosted";
 }
 
-/** Determines whether the workflow trigger is `dynamic`. */
-export function isDynamicWorkflow(): boolean {
-  return getWorkflowEventName() === "dynamic";
-}
-
 /** Determines whether we are running in default setup. */
 export function isDefaultSetup(): boolean {
-  return isDynamicWorkflow();
+  return getWorkflowEventName() === "dynamic";
 }
 
 export function prettyPrintInvocation(cmd: string, args: string[]): string {

src/analyses.test.ts

@@ -1,19 +1,12 @@
 import test from "ava";
-import * as sinon from "sinon";
 
-import * as actionsUtil from "./actions-util";
 import {
   AnalysisKind,
-  getAnalysisKinds,
   parseAnalysisKinds,
   supportedAnalysisKinds,
 } from "./analyses";
-import { getRunnerLogger } from "./logging";
-import { setupTests } from "./testing-utils";
 import { ConfigurationError } from "./util";
 
-setupTests(test);
-
 test("All known analysis kinds can be parsed successfully", async (t) => {
   for (const analysisKind of supportedAnalysisKinds) {
     t.deepEqual(await parseAnalysisKinds(analysisKind), [analysisKind]);
@@ -41,29 +34,3 @@ test("Parsing analysis kinds requires at least one analysis kind", async (t) =>
     instanceOf: ConfigurationError,
   });
 });
-
-test("getAnalysisKinds - returns expected analysis kinds for `analysis-kinds` input", async (t) => {
-  const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-  requiredInputStub
-    .withArgs("analysis-kinds")
-    .returns("code-scanning,code-quality");
-  const result = await getAnalysisKinds(getRunnerLogger(true), true);
-  t.assert(result.includes(AnalysisKind.CodeScanning));
-  t.assert(result.includes(AnalysisKind.CodeQuality));
-});
-
-test("getAnalysisKinds - includes `code-quality` when deprecated `quality-queries` input is used", async (t) => {
-  const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-  requiredInputStub.withArgs("analysis-kinds").returns("code-scanning");
-  const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
-  optionalInputStub.withArgs("quality-queries").returns("code-quality");
-  const result = await getAnalysisKinds(getRunnerLogger(true), true);
-  t.assert(result.includes(AnalysisKind.CodeScanning));
-  t.assert(result.includes(AnalysisKind.CodeQuality));
-});
-
-test("getAnalysisKinds - throws if `analysis-kinds` input is invalid", async (t) => {
-  const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-  requiredInputStub.withArgs("analysis-kinds").returns("no-such-thing");
-  await t.throwsAsync(getAnalysisKinds(getRunnerLogger(true), true));
-});

src/analyses.ts

@@ -1,9 +1,3 @@
-import {
-  fixCodeQualityCategory,
-  getOptionalInput,
-  getRequiredInput,
-} from "./actions-util";
-import { Logger } from "./logging";
 import { ConfigurationError } from "./util";
 
 export enum AnalysisKind {
@@ -45,55 +39,6 @@ export async function parseAnalysisKinds(
   );
 }
 
-// Used to avoid re-parsing the input after we have done it once.
-let cachedAnalysisKinds: AnalysisKind[] | undefined;
-
-/**
- * Initialises the analysis kinds for the analysis based on the `analysis-kinds` input.
- * This function will also use the deprecated `quality-queries` input as an indicator to enable `code-quality`.
- * If the `analysis-kinds` input cannot be parsed, a `ConfigurationError` is thrown.
- *
- * @param logger The logger to use.
- * @param skipCache For testing, whether to ignore the cached values (default: false).
- *
- * @returns The array of enabled analysis kinds.
- * @throws A `ConfigurationError` if the `analysis-kinds` input cannot be parsed.
- */
-export async function getAnalysisKinds(
-  logger: Logger,
-  skipCache: boolean = false,
-): Promise<AnalysisKind[]> {
-  if (!skipCache && cachedAnalysisKinds !== undefined) {
-    return cachedAnalysisKinds;
-  }
-
-  cachedAnalysisKinds = await parseAnalysisKinds(
-    getRequiredInput("analysis-kinds"),
-  );
-
-  // Warn that `quality-queries` is deprecated if there is an argument for it.
-  const qualityQueriesInput = getOptionalInput("quality-queries");
-
-  if (qualityQueriesInput !== undefined) {
-    logger.warning(
-      "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. " +
-        "Use the `analysis-kinds` input to configure different analysis kinds instead.",
-    );
-  }
-
-  // For backwards compatibility, add Code Quality to the enabled analysis kinds
-  // if an input to `quality-queries` was specified. We should remove this once
-  // `quality-queries` is no longer used.
-  if (
-    !cachedAnalysisKinds.includes(AnalysisKind.CodeQuality) &&
-    qualityQueriesInput !== undefined
-  ) {
-    cachedAnalysisKinds.push(AnalysisKind.CodeQuality);
-  }
-
-  return cachedAnalysisKinds;
-}
-
 /** The queries to use for Code Quality analyses. */
 export const codeQualityQueries: string[] = ["code-quality"];
 
@@ -116,8 +61,6 @@ export interface AnalysisConfig {
   /** A predicate on filenames to decide whether a SARIF file
    * belongs to this kind of analysis. */
   sarifPredicate: (name: string) => boolean;
-  /** Analysis-specific adjustment of the category. */
-  fixCategory: (logger: Logger, category?: string) => string | undefined;
   /** A prefix for environment variables used to track the uniqueness of SARIF uploads. */
   sentinelPrefix: string;
 }
@@ -131,7 +74,6 @@ export const CodeScanning: AnalysisConfig = {
   sarifPredicate: (name) =>
     name.endsWith(CodeScanning.sarifExtension) &&
     !CodeQuality.sarifPredicate(name),
-  fixCategory: (_, category) => category,
   sentinelPrefix: "CODEQL_UPLOAD_SARIF_",
 };
 
@@ -142,29 +84,5 @@ export const CodeQuality: AnalysisConfig = {
   target: SARIF_UPLOAD_ENDPOINT.CODE_QUALITY,
   sarifExtension: ".quality.sarif",
   sarifPredicate: (name) => name.endsWith(CodeQuality.sarifExtension),
-  fixCategory: fixCodeQualityCategory,
   sentinelPrefix: "CODEQL_UPLOAD_QUALITY_SARIF_",
 };
-
-/**
- * Gets the `AnalysisConfig` corresponding to `kind`.
- * @param kind The analysis kind to get the `AnalysisConfig` for.
- * @returns The `AnalysisConfig` corresponding to `kind`.
- */
-export function getAnalysisConfig(kind: AnalysisKind): AnalysisConfig {
-  // Using a switch statement here accomplishes two things:
-  // 1. The type checker believes us that we have a case for every `AnalysisKind`.
-  // 2. If we ever add another member to `AnalysisKind`, the type checker will alert us that we have to add a case.
-  switch (kind) {
-    case AnalysisKind.CodeScanning:
-      return CodeScanning;
-    case AnalysisKind.CodeQuality:
-      return CodeQuality;
-  }
-}
-
-// Since we have overlapping extensions (i.e. ".sarif" includes ".quality.sarif"),
-// we want to scan a folder containing SARIF files in an order that finds the more
-// specific extensions first. This constant defines an array in the order of analyis
-// configurations with more specific extensions to less specific extensions.
-export const SarifScanOrder = [CodeQuality, CodeScanning];

src/analyze-action.ts

@@ -26,10 +26,7 @@ import {
   isCodeScanningEnabled,
 } from "./config-utils";
 import { uploadDatabases } from "./database-upload";
-import {
-  DependencyCacheUploadStatusReport,
-  uploadDependencyCaches,
-} from "./dependency-caching";
+import { uploadDependencyCaches } from "./dependency-caching";
 import { getDiffInformedAnalysisBranches } from "./diff-informed-analysis-utils";
 import { EnvVar } from "./environment";
 import { Feature, Features } from "./feature-flags";
@@ -58,15 +55,10 @@ interface AnalysisStatusReport
   extends uploadLib.UploadStatusReport,
     QueriesStatusReport {}
 
-interface DependencyCachingUploadStatusReport {
-  dependency_caching_upload_results?: DependencyCacheUploadStatusReport;
-}
-
 interface FinishStatusReport
   extends StatusReportBase,
     DatabaseCreationTimings,
-    AnalysisStatusReport,
-    DependencyCachingUploadStatusReport {}
+    AnalysisStatusReport {}
 
 interface FinishWithTrapUploadStatusReport extends FinishStatusReport {
   /** Size of TRAP caches that we uploaded, in bytes. */
@@ -84,7 +76,6 @@ async function sendStatusReport(
   dbCreationTimings: DatabaseCreationTimings | undefined,
   didUploadTrapCaches: boolean,
   trapCacheCleanup: TrapCacheCleanupStatusReport | undefined,
-  dependencyCacheResults: DependencyCacheUploadStatusReport | undefined,
   logger: Logger,
 ) {
   const status = getActionsStatus(error, stats?.analyze_failure_language);
@@ -104,7 +95,6 @@ async function sendStatusReport(
       ...(stats || {}),
       ...(dbCreationTimings || {}),
       ...(trapCacheCleanup || {}),
-      dependency_caching_upload_results: dependencyCacheResults,
     };
     if (config && didUploadTrapCaches) {
       const trapCacheUploadStatusReport: FinishWithTrapUploadStatusReport = {
@@ -219,7 +209,6 @@ async function run() {
   let trapCacheUploadTime: number | undefined = undefined;
   let dbCreationTimings: DatabaseCreationTimings | undefined = undefined;
   let didUploadTrapCaches = false;
-  let dependencyCacheResults: DependencyCacheUploadStatusReport | undefined;
   util.initializeEnvironment(actionsUtil.getActionVersion());
 
   // Make inputs accessible in the `post` step, details at
@@ -356,14 +345,16 @@ async function run() {
       }
 
       if (isCodeQualityEnabled(config)) {
-        const analysis = analyses.CodeQuality;
         const qualityUploadResult = await uploadLib.uploadFiles(
           outputDir,
           actionsUtil.getRequiredInput("checkout_path"),
-          actionsUtil.getOptionalInput("category"),
+          actionsUtil.fixCodeQualityCategory(
+            logger,
+            actionsUtil.getOptionalInput("category"),
+          ),
           features,
           logger,
-          analysis,
+          analyses.CodeQuality,
         );
         core.setOutput("quality-sarif-id", qualityUploadResult.sarifID);
       }
@@ -397,11 +388,7 @@ async function run() {
         Feature.JavaMinimizeDependencyJars,
         codeql,
       );
-      dependencyCacheResults = await uploadDependencyCaches(
-        config,
-        logger,
-        minimizeJavaJars,
-      );
+      await uploadDependencyCaches(config, logger, minimizeJavaJars);
     }
 
     // We don't upload results in test mode, so don't wait for processing
@@ -444,7 +431,6 @@ async function run() {
       dbCreationTimings,
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
-      dependencyCacheResults,
       logger,
     );
     return;
@@ -463,7 +449,6 @@ async function run() {
       dbCreationTimings,
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
-      dependencyCacheResults,
       logger,
     );
   } else if (runStats) {
@@ -476,7 +461,6 @@ async function run() {
       dbCreationTimings,
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
-      dependencyCacheResults,
       logger,
     );
   } else {
@@ -489,7 +473,6 @@ async function run() {
       dbCreationTimings,
       didUploadTrapCaches,
       trapCacheCleanupTelemetry,
-      dependencyCacheResults,
       logger,
     );
   }

src/analyze.test.ts

@@ -334,7 +334,7 @@ test("resolveQuerySuiteAlias", (t) => {
   for (const suite of defaultSuites) {
     const resolved = resolveQuerySuiteAlias(KnownLanguage.go, suite);
     t.assert(
-      path.extname(resolved) === ".qls",
+      resolved.endsWith(".qls"),
       "Resolved default suite doesn't end in .qls",
     );
     t.assert(

src/analyze.ts

@@ -7,6 +7,7 @@ import * as del from "del";
 import * as yaml from "js-yaml";
 
 import {
+  fixCodeQualityCategory,
   getRequiredInput,
   getTemporaryDirectory,
   PullRequestBranches,
@@ -780,7 +781,7 @@ export async function runQueries(
     // accepted by the Code Quality backend.
     let category = automationDetailsId;
     if (analysis.kind === analyses.AnalysisKind.CodeQuality) {
-      category = analysis.fixCategory(logger, automationDetailsId);
+      category = fixCodeQualityCategory(logger, automationDetailsId);
     }
 
     const sarifFile = path.join(

src/api-client.ts

@@ -245,7 +245,7 @@ export interface ActionsCacheItem {
 /** List all Actions cache entries matching the provided key and ref. */
 export async function listActionsCaches(
   key: string,
-  ref?: string,
+  ref: string,
 ): Promise<ActionsCacheItem[]> {
   const repositoryNwo = getRepositoryNwo();
 
@@ -260,6 +260,26 @@ export async function listActionsCaches(
   );
 }
 
+/**
+ * List the most recently created Actions cache entry across all refs that
+ * match the provided key.
+ */
+export async function getMostRecentActionsCacheEntry(
+  key: string,
+): Promise<ActionsCacheItem | undefined> {
+  const repositoryNwo = getRepositoryNwo();
+
+  const cacheItems = await getApiClient().rest.actions.getActionsCacheList({
+    owner: repositoryNwo.owner,
+    repo: repositoryNwo.repo,
+    key,
+    sort: "created_at",
+    direction: "desc",
+    per_page: 1,
+  });
+  return cacheItems.data.actions_caches[0];
+}
+
 /** Delete an Actions cache item by its ID. */
 export async function deleteActionsCache(id: number) {
   const repositoryNwo = getRepositoryNwo();

src/autobuild.ts

@@ -52,11 +52,11 @@ export async function determineAutobuildLanguages(
    * For example, consider a user with the following workflow file:
    *
    * ```yml
-   * - uses: github/codeql-action/init@v4
+   * - uses: github/codeql-action/init@v3
    *   with:
    *     languages: go, java
-   * - uses: github/codeql-action/autobuild@v4
-   * - uses: github/codeql-action/analyze@v4
+   * - uses: github/codeql-action/autobuild@v3
+   * - uses: github/codeql-action/analyze@v3
    * ```
    *
    * - With Go extraction disabled, we will run the Java autobuilder in the

src/cli-errors.test.ts

@@ -310,20 +310,6 @@ test("wrapCliConfigurationError - pack cannot be found", (t) => {
   t.true(wrappedError instanceof ConfigurationError);
 });
 
-test("wrapCliConfigurationError - unknown query file", (t) => {
-  const commandError = new CommandInvocationError(
-    "codeql",
-    ["database", "init"],
-    2,
-    "my-query-file is not a .ql file, .qls file, a directory, or a query pack specification. See the logs for more details.",
-  );
-  const cliError = new CliError(commandError);
-
-  const wrappedError = wrapCliConfigurationError(cliError);
-
-  t.true(wrappedError instanceof ConfigurationError);
-});
-
 test("wrapCliConfigurationError - pack missing auth", (t) => {
   const commandError = new CommandInvocationError(
     "codeql",

src/cli-errors.ts

@@ -264,9 +264,6 @@ export const cliErrorsConfig: Record<
       new RegExp(
         "Query pack .* cannot be found\\. Check the spelling of the pack\\.",
       ),
-      new RegExp(
-        "is not a .ql file, .qls file, a directory, or a query pack specification.",
-      ),
     ],
   },
   [CliConfigErrorCategory.PackMissingAuth]: {

src/codeql.test.ts

@@ -74,7 +74,6 @@ async function installIntoToolcache({
     cliVersion !== undefined
       ? { cliVersion, tagName }
       : SAMPLE_DEFAULT_CLI_VERSION,
-    createFeatures([]),
     getRunnerLogger(true),
     false,
   );
@@ -123,8 +122,6 @@ async function stubCodeql(): Promise<codeql.CodeQL> {
 }
 
 test("downloads and caches explicitly requested bundles that aren't in the toolcache", async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -143,7 +140,6 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc
         tmpDir,
         util.GitHubVariant.DOTCOM,
         SAMPLE_DEFAULT_CLI_VERSION,
-        features,
         getRunnerLogger(true),
         false,
       );
@@ -158,8 +154,6 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc
 });
 
 test("caches semantically versioned bundles using their semantic version number", async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
     const url = mockBundleDownloadApi({
@@ -172,7 +166,6 @@ test("caches semantically versioned bundles using their semantic version number"
       tmpDir,
       util.GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       getRunnerLogger(true),
       false,
     );
@@ -188,8 +181,6 @@ test("caches semantically versioned bundles using their semantic version number"
 });
 
 test("downloads an explicitly requested bundle even if a different version is cached", async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -208,7 +199,6 @@ test("downloads an explicitly requested bundle even if a different version is ca
       tmpDir,
       util.GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       getRunnerLogger(true),
       false,
     );
@@ -237,8 +227,6 @@ for (const {
   expectedToolcacheVersion,
 } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
   test(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => {
-    const features = createFeatures([]);
-
     await util.withTmpDir(async (tmpDir) => {
       setupActionsVars(tmpDir, tmpDir);
 
@@ -255,7 +243,6 @@ for (const {
         tmpDir,
         util.GitHubVariant.DOTCOM,
         SAMPLE_DEFAULT_CLI_VERSION,
-        features,
         getRunnerLogger(true),
         false,
       );
@@ -279,8 +266,6 @@ for (const toolcacheVersion of [
     `uses tools from toolcache when ${SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` +
       `${toolcacheVersion} is installed`,
     async (t) => {
-      const features = createFeatures([]);
-
       await util.withTmpDir(async (tmpDir) => {
         setupActionsVars(tmpDir, tmpDir);
 
@@ -296,7 +281,6 @@ for (const toolcacheVersion of [
           tmpDir,
           util.GitHubVariant.DOTCOM,
           SAMPLE_DEFAULT_CLI_VERSION,
-          features,
           getRunnerLogger(true),
           false,
         );
@@ -311,8 +295,6 @@ for (const toolcacheVersion of [
 }
 
 test(`uses a cached bundle when no tools input is given on GHES`, async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -331,7 +313,6 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => {
         cliVersion: defaults.cliVersion,
         tagName: defaults.bundleVersion,
       },
-      features,
       getRunnerLogger(true),
       false,
     );
@@ -347,8 +328,6 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => {
 });
 
 test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -370,7 +349,6 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t)
         cliVersion: defaults.cliVersion,
         tagName: defaults.bundleVersion,
       },
-      features,
       getRunnerLogger(true),
       false,
     );
@@ -386,8 +364,6 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t)
 });
 
 test('downloads bundle if "latest" tools specified but not cached', async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -406,7 +382,6 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) =>
       tmpDir,
       util.GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       getRunnerLogger(true),
       false,
     );
@@ -422,8 +397,6 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) =>
 });
 
 test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
-  const features = createFeatures([]);
-
   await util.withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
 
@@ -444,7 +417,6 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t)
       tmpDir,
       util.GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       getRunnerLogger(true),
       false,
     );

src/codeql.ts

@@ -3,7 +3,6 @@ import * as path from "path";
 
 import * as core from "@actions/core";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
-import { RequestError } from "@octokit/request-error";
 import * as yaml from "js-yaml";
 
 import {
@@ -309,7 +308,6 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
  * @param tempDir
  * @param variant
  * @param defaultCliVersion
- * @param features Information about the features that are enabled.
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
@@ -321,7 +319,6 @@ export async function setupCodeQL(
   tempDir: string,
   variant: util.GitHubVariant,
   defaultCliVersion: CodeQLDefaultVersionInfo,
-  features: FeatureEnablement,
   logger: Logger,
   checkVersion: boolean,
 ): Promise<{
@@ -344,7 +341,6 @@ export async function setupCodeQL(
       tempDir,
       variant,
       defaultCliVersion,
-      features,
       logger,
     );
 
@@ -374,8 +370,7 @@ export async function setupCodeQL(
   } catch (e) {
     const ErrorClass =
       e instanceof util.ConfigurationError ||
-      (e instanceof Error && e.message.includes("ENOSPC")) || // out of disk space
-      (e instanceof RequestError && e.status === 429) // rate limited
+      (e instanceof Error && e.message.includes("ENOSPC")) // out of disk space
         ? util.ConfigurationError
         : Error;
 

src/config-utils.test.ts

@@ -49,9 +49,10 @@ function createTestInitConfigInputs(
   return Object.assign(
     {},
     {
-      analysisKinds: [AnalysisKind.CodeScanning],
+      analysisKindsInput: "code-scanning",
       languagesInput: undefined,
       queriesInput: undefined,
+      qualityQueriesInput: undefined,
       packsInput: undefined,
       configFile: undefined,
       dbLocation: undefined,
@@ -64,16 +65,6 @@ function createTestInitConfigInputs(
       debugDatabaseName: "",
       repository: { owner: "github", repo: "example" },
       tempDir: "",
-      codeql: createStubCodeQL({
-        async betterResolveLanguages() {
-          return {
-            extractors: {
-              html: [{ extractor_root: "" }],
-              javascript: [{ extractor_root: "" }],
-            },
-          };
-        },
-      }),
       workspacePath: "",
       sourceRoot: "",
       githubVersion,
@@ -98,6 +89,20 @@ function createConfigFile(inputFileContents: string, tmpDir: string): string {
   return configFilePath;
 }
 
+// Returns a default CodeQL stub for tests
+function createDefaultTestCodeQL() {
+  return createStubCodeQL({
+    async betterResolveLanguages() {
+      return {
+        extractors: {
+          html: [{ extractor_root: "" }],
+          javascript: [{ extractor_root: "" }],
+        },
+      };
+    },
+  });
+}
+
 type GetContentsResponse = { content?: string } | object[];
 
 function mockGetContents(
@@ -148,24 +153,23 @@ test("load empty config", async (t) => {
     });
 
     const config = await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: languages,
         repository: { owner: "github", repo: "example" },
         tempDir,
-        codeql,
         logger,
       }),
+      codeql,
     );
 
     const expectedConfig = await configUtils.initActionState(
       createTestInitConfigInputs({
         languagesInput: languages,
         tempDir,
-        codeql,
         logger,
       }),
       {},
+      codeql,
     );
 
     t.deepEqual(config, expectedConfig);
@@ -188,15 +192,14 @@ test("load code quality config", async (t) => {
     });
 
     const config = await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
-        analysisKinds: [AnalysisKind.CodeQuality],
+        analysisKindsInput: "code-quality",
         languagesInput: languages,
         repository: { owner: "github", repo: "example" },
         tempDir,
-        codeql,
         logger,
       }),
+      codeql,
     );
 
     // And the config we expect it to result in
@@ -273,16 +276,15 @@ test("initActionState doesn't throw if there are queries configured in the repos
 
     await t.notThrowsAsync(async () => {
       const config = await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
-          analysisKinds: [AnalysisKind.CodeQuality],
+          analysisKindsInput: "code-quality",
           languagesInput: languages,
           repository: { owner: "github", repo: "example" },
           tempDir,
-          codeql,
           repositoryProperties,
           logger,
         }),
+        codeql,
       );
 
       t.deepEqual(config, expectedConfig);
@@ -312,14 +314,13 @@ test("loading a saved config produces the same config", async (t) => {
     t.deepEqual(await configUtils.getConfig(tempDir, logger), undefined);
 
     const config1 = await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: "javascript,python",
         tempDir,
-        codeql,
         workspacePath: tempDir,
         logger,
       }),
+      codeql,
     );
     await configUtils.saveConfig(config1, logger);
 
@@ -364,14 +365,13 @@ test("loading config with version mismatch throws", async (t) => {
       .returns("does-not-exist");
 
     const config = await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: "javascript,python",
         tempDir,
-        codeql,
         workspacePath: tempDir,
         logger,
       }),
+      codeql,
     );
     // initConfig does not save the config, so we do it here.
     await configUtils.saveConfig(config, logger);
@@ -393,12 +393,12 @@ test("load input outside of workspace", async (t) => {
   return await withTmpDir(async (tempDir) => {
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           configFile: "../input",
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -421,12 +421,12 @@ test("load non-local input with invalid repo syntax", async (t) => {
 
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           configFile,
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -450,13 +450,13 @@ test("load non-existent input", async (t) => {
 
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           languagesInput,
           configFile,
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -534,7 +534,6 @@ test("load non-empty input", async (t) => {
     const configFilePath = createConfigFile(inputFileContents, tempDir);
 
     const actualConfig = await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput,
         buildModeInput: "none",
@@ -542,9 +541,9 @@ test("load non-empty input", async (t) => {
         debugArtifactName: "my-artifact",
         debugDatabaseName: "my-db",
         tempDir,
-        codeql,
         workspacePath: tempDir,
       }),
+      codeql,
     );
 
     // Should exactly equal the object we constructed earlier
@@ -590,17 +589,15 @@ test("Using config input and file together, config input should be used.", async
     // Only JS, python packs will be ignored
     const languagesInput = "javascript";
 
-    const config = await configUtils.initConfig(
-      createFeatures([]),
-      createTestInitConfigInputs({
-        languagesInput,
-        configFile: configFilePath,
-        configInput,
-        tempDir,
-        codeql,
-        workspacePath: tempDir,
-      }),
-    );
+    const inputs = createTestInitConfigInputs({
+      languagesInput,
+      configFile: configFilePath,
+      configInput,
+      tempDir,
+      workspacePath: tempDir,
+    });
+    configUtils.amendInputConfigFile(inputs, inputs.logger);
+    const config = await configUtils.initConfig(inputs, codeql);
 
     t.deepEqual(config.originalUserInput, yaml.load(configInput));
   });
@@ -642,14 +639,13 @@ test("API client used when reading remote config", async (t) => {
     const languagesInput = "javascript";
 
     await configUtils.initConfig(
-      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput,
         configFile,
         tempDir,
-        codeql,
         workspacePath: tempDir,
       }),
+      codeql,
     );
     t.assert(spyGetContents.called);
   });
@@ -663,12 +659,12 @@ test("Remote config handles the case where a directory is provided", async (t) =
     const repoReference = "octo-org/codeql-config/config.yaml@main";
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           configFile: repoReference,
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -692,12 +688,12 @@ test("Invalid format of remote config handled correctly", async (t) => {
     const repoReference = "octo-org/codeql-config/config.yaml@main";
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           configFile: repoReference,
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -722,12 +718,11 @@ test("No detected languages", async (t) => {
 
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           tempDir,
-          codeql,
           workspacePath: tempDir,
         }),
+        codeql,
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -745,12 +740,12 @@ test("Unknown languages", async (t) => {
 
     try {
       await configUtils.initConfig(
-        createFeatures([]),
         createTestInitConfigInputs({
           languagesInput,
           tempDir,
           workspacePath: tempDir,
         }),
+        createDefaultTestCodeQL(),
       );
       throw new Error("initConfig did not throw error");
     } catch (err) {
@@ -1001,7 +996,7 @@ interface OverlayDatabaseModeTestSetup {
   isDefaultBranch: boolean;
   repositoryOwner: string;
   buildMode: BuildMode | undefined;
-  languages: Language[];
+  languages: string[];
   codeqlVersion: string;
   gitRoot: string | undefined;
   codeScanningConfig: configUtils.UserConfig;
@@ -1028,6 +1023,8 @@ const getOverlayDatabaseModeMacro = test.macro({
     expected: {
       overlayDatabaseMode: OverlayDatabaseMode;
       useOverlayDatabaseCaching: boolean;
+      preliminaryOverlayDatabaseMode?: OverlayDatabaseMode;
+      preliminaryUseOverlayDatabaseCaching?: boolean;
     },
   ) => {
     return await withTmpDir(async (tempDir) => {
@@ -1089,13 +1086,51 @@ const getOverlayDatabaseModeMacro = test.macro({
           repository,
           features,
           setup.languages,
+          setup.languages.join(","),
           tempDir, // sourceRoot
           setup.buildMode,
           setup.codeScanningConfig,
           logger,
         );
 
-        t.deepEqual(result, expected);
+        const expectedResult = {
+          overlayDatabaseMode: expected.overlayDatabaseMode,
+          useOverlayDatabaseCaching: expected.useOverlayDatabaseCaching,
+        };
+        t.deepEqual(result, expectedResult);
+
+        let configFile: string | undefined;
+        if (Object.keys(setup.codeScanningConfig).length > 0) {
+          configFile = createConfigFile(
+            yaml.dump(setup.codeScanningConfig),
+            tempDir,
+          );
+        }
+
+        // Test getPreliminaryOverlayDatabaseMode as well
+        const preliminaryResult =
+          await configUtils.getPreliminaryOverlayDatabaseMode(
+            createTestInitConfigInputs({
+              languagesInput: setup.languages.join(","),
+              configFile,
+              features,
+              tempDir,
+              workspacePath: tempDir,
+              sourceRoot: tempDir,
+              repository,
+              logger,
+            }),
+          );
+
+        const expectedPreliminaryResult = {
+          overlayDatabaseMode:
+            expected.preliminaryOverlayDatabaseMode ??
+            expected.overlayDatabaseMode,
+          useOverlayDatabaseCaching:
+            expected.preliminaryUseOverlayDatabaseCaching ??
+            expected.useOverlayDatabaseCaching,
+        };
+        t.deepEqual(preliminaryResult, expectedPreliminaryResult);
       } finally {
         // Restore the original environment
         process.env = originalEnv;
@@ -1350,6 +1385,20 @@ test(
   },
 );
 
+test(
+  getOverlayDatabaseModeMacro,
+  "Overlay analysis on PR when feature enabled via language alias",
+  {
+    languages: ["javascript-typescript"],
+    features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript],
+    isPullRequest: true,
+  },
+  {
+    overlayDatabaseMode: OverlayDatabaseMode.Overlay,
+    useOverlayDatabaseCaching: true,
+  },
+);
+
 test(
   getOverlayDatabaseModeMacro,
   "Overlay analysis on PR when feature enabled with custom analysis",
@@ -1506,6 +1555,20 @@ test(
   },
 );
 
+test(
+  getOverlayDatabaseModeMacro,
+  "No overlay analysis on PR when the language is unknown",
+  {
+    languages: ["cobol"],
+    features: [Feature.OverlayAnalysis],
+    isPullRequest: true,
+  },
+  {
+    overlayDatabaseMode: OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+  },
+);
+
 test(
   getOverlayDatabaseModeMacro,
   "Overlay PR analysis by env for dsp-testing",
@@ -1573,6 +1636,8 @@ test(
   {
     overlayDatabaseMode: OverlayDatabaseMode.None,
     useOverlayDatabaseCaching: false,
+    preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay,
+    preliminaryUseOverlayDatabaseCaching: false,
   },
 );
 
@@ -1587,6 +1652,8 @@ test(
   {
     overlayDatabaseMode: OverlayDatabaseMode.None,
     useOverlayDatabaseCaching: false,
+    preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay,
+    preliminaryUseOverlayDatabaseCaching: false,
   },
 );
 
@@ -1600,6 +1667,8 @@ test(
   {
     overlayDatabaseMode: OverlayDatabaseMode.None,
     useOverlayDatabaseCaching: false,
+    preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay,
+    preliminaryUseOverlayDatabaseCaching: false,
   },
 );
 

src/config-utils.ts

@@ -11,6 +11,7 @@ import {
   CodeQuality,
   codeQualityQueries,
   CodeScanning,
+  parseAnalysisKinds,
 } from "./analyses";
 import * as api from "./api-client";
 import { CachingKind, getCachingKind } from "./caching-utils";
@@ -19,7 +20,6 @@ import {
   calculateAugmentation,
   ExcludeQueryFilter,
   generateCodeScanningConfig,
-  parseUserConfig,
   UserConfig,
 } from "./config/db-config";
 import { shouldPerformDiffInformedAnalysis } from "./diff-informed-analysis-utils";
@@ -33,6 +33,7 @@ import {
   CODEQL_OVERLAY_MINIMUM_VERSION,
   OverlayDatabaseMode,
 } from "./overlay-database-utils";
+import * as overlayLanguageAliases from "./overlay-language-aliases.json";
 import { RepositoryNwo } from "./repository";
 import { downloadTrapCaches } from "./trap-caching";
 import {
@@ -331,6 +332,36 @@ export async function getLanguages(
   return languages;
 }
 
+/**
+ * Get the (unverified) languages for overlay analysis.
+ *
+ * This is a simplified version of `getLanguages` that only resolves language
+ * aliases but does not check if the languages are actually supported by the
+ * CodeQL CLI. It is intended to be used for overlay analysis preparations
+ * before the CodeQL CLI is available.
+ */
+async function getUnverifiedLanguagesForOverlay(
+  languagesInput: string | undefined,
+  repository: RepositoryNwo,
+  sourceRoot: string,
+  logger: Logger,
+): Promise<string[]> {
+  // Obtain languages without filtering them.
+  const { rawLanguages } = await getRawLanguages(
+    languagesInput,
+    repository,
+    sourceRoot,
+    logger,
+  );
+  const languageAliases = overlayLanguageAliases as Record<string, string>;
+
+  const languagesSet: string[] = [];
+  for (const language of rawLanguages) {
+    languagesSet.push(languageAliases[language] || language);
+  }
+  return languagesSet;
+}
+
 export function getRawLanguagesNoAutodetect(
   languagesInput: string | undefined,
 ): string[] {
@@ -373,8 +404,10 @@ export async function getRawLanguages(
 
 /** Inputs required to initialize a configuration. */
 export interface InitConfigInputs {
+  analysisKindsInput: string;
   languagesInput: string | undefined;
   queriesInput: string | undefined;
+  qualityQueriesInput: string | undefined;
   packsInput: string | undefined;
   configFile: string | undefined;
   dbLocation: string | undefined;
@@ -387,14 +420,12 @@ export interface InitConfigInputs {
   debugDatabaseName: string;
   repository: RepositoryNwo;
   tempDir: string;
-  codeql: CodeQL;
   workspacePath: string;
   sourceRoot: string;
   githubVersion: GitHubVersion;
   apiDetails: api.GitHubApiCombinedDetails;
   features: FeatureEnablement;
   repositoryProperties: RepositoryProperties;
-  analysisKinds: AnalysisKind[];
   logger: Logger;
 }
 
@@ -404,8 +435,10 @@ export interface InitConfigInputs {
  */
 export async function initActionState(
   {
+    analysisKindsInput,
     languagesInput,
     queriesInput,
+    qualityQueriesInput,
     packsInput,
     buildModeInput,
     dbLocation,
@@ -416,16 +449,27 @@ export async function initActionState(
     debugDatabaseName,
     repository,
     tempDir,
-    codeql,
     sourceRoot,
     githubVersion,
     features,
     repositoryProperties,
-    analysisKinds,
     logger,
   }: InitConfigInputs,
   userConfig: UserConfig,
+  codeql: CodeQL,
 ): Promise<Config> {
+  const analysisKinds = await parseAnalysisKinds(analysisKindsInput);
+
+  // For backwards compatibility, add Code Quality to the enabled analysis kinds
+  // if an input to `quality-queries` was specified. We should remove this once
+  // `quality-queries` is no longer used.
+  if (
+    !analysisKinds.includes(AnalysisKind.CodeQuality) &&
+    qualityQueriesInput !== undefined
+  ) {
+    analysisKinds.push(AnalysisKind.CodeQuality);
+  }
+
   const languages = await getLanguages(
     codeql,
     languagesInput,
@@ -525,14 +569,48 @@ async function downloadCacheWithTime(
   return { trapCaches, trapCacheDownloadTime };
 }
 
-async function loadUserConfig(
+/**
+ * Amends the input config file if configInput is provided.
+ * If configInput is set, it takes precedence over configFile.
+ *
+ * This function should be called only once on any specific `InitConfigInputs`
+ * object. Otherwise it could emit a false warning.
+ */
+export function amendInputConfigFile(
+  inputs: InitConfigInputs,
   logger: Logger,
-  configFile: string,
+): void {
+  // if configInput is set, it takes precedence over configFile
+  if (inputs.configInput) {
+    if (inputs.configFile) {
+      logger.warning(
+        `Both a config file and config input were provided. Ignoring config file.`,
+      );
+    }
+    inputs.configFile = userConfigFromActionPath(inputs.tempDir);
+    fs.writeFileSync(inputs.configFile, inputs.configInput);
+    logger.debug(`Using config from action input: ${inputs.configFile}`);
+  }
+}
+
+/**
+ * Load user configuration from a file or return an empty configuration
+ * if no config file is specified.
+ */
+async function loadUserConfig(
+  configFile: string | undefined,
   workspacePath: string,
   apiDetails: api.GitHubApiCombinedDetails,
   tempDir: string,
-  validateConfig: boolean,
+  logger: Logger,
 ): Promise<UserConfig> {
+  if (!configFile) {
+    logger.debug("No configuration file was provided");
+    return {};
+  }
+
+  logger.debug(`Using configuration file: ${configFile}`);
+
   if (isLocal(configFile)) {
     if (configFile !== userConfigFromActionPath(tempDir)) {
       // If the config file is not generated by the Action, it should be relative to the workspace.
@@ -544,14 +622,9 @@ async function loadUserConfig(
         );
       }
     }
-    return getLocalConfig(logger, configFile, validateConfig);
+    return getLocalConfig(configFile);
   } else {
-    return await getRemoteConfig(
-      logger,
-      configFile,
-      apiDetails,
-      validateConfig,
-    );
+    return await getRemoteConfig(configFile, apiDetails);
   }
 }
 
@@ -582,32 +655,38 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record<Language, Feature> = {
 };
 
 async function isOverlayAnalysisFeatureEnabled(
-  repository: RepositoryNwo,
-  features: FeatureEnablement,
-  codeql: CodeQL,
-  languages: Language[],
   codeScanningConfig: UserConfig,
+  languagesInput: string | undefined,
+  repository: RepositoryNwo,
+  sourceRoot: string,
+  features: FeatureEnablement,
+  logger: Logger,
 ): Promise<boolean> {
   // TODO: Remove the repository owner check once support for overlay analysis
   // stabilizes, and no more backward-incompatible changes are expected.
   if (!["github", "dsp-testing"].includes(repository.owner)) {
     return false;
   }
-  if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) {
+  if (!(await features.getValue(Feature.OverlayAnalysis))) {
     return false;
   }
+
+  const languages = await getUnverifiedLanguagesForOverlay(
+    languagesInput,
+    repository,
+    sourceRoot,
+    logger,
+  );
+
   let enableForCodeScanningOnly = false;
   for (const language of languages) {
     const feature = OVERLAY_ANALYSIS_FEATURES[language];
-    if (feature && (await features.getValue(feature, codeql))) {
+    if (feature && (await features.getValue(feature))) {
       continue;
     }
     const codeScanningFeature =
       OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES[language];
-    if (
-      codeScanningFeature &&
-      (await features.getValue(codeScanningFeature, codeql))
-    ) {
+    if (codeScanningFeature && (await features.getValue(codeScanningFeature))) {
       enableForCodeScanningOnly = true;
       continue;
     }
@@ -645,14 +724,18 @@ async function isOverlayAnalysisFeatureEnabled(
  * For `Overlay` and `OverlayBase`, the function performs further checks and
  * reverts to `None` if any check should fail.
  *
+ * If `codeql` or `languages` is undefined, the function will skip checks that
+ * depend on them.
+ *
  * @returns An object containing the overlay database mode and whether the
  * action should perform overlay-base database caching.
  */
 export async function getOverlayDatabaseMode(
-  codeql: CodeQL,
+  codeql: CodeQL | undefined,
   repository: RepositoryNwo,
   features: FeatureEnablement,
-  languages: Language[],
+  languages: Language[] | undefined,
+  languagesInput: string | undefined,
   sourceRoot: string,
   buildMode: BuildMode | undefined,
   codeScanningConfig: UserConfig,
@@ -679,11 +762,12 @@ export async function getOverlayDatabaseMode(
     );
   } else if (
     await isOverlayAnalysisFeatureEnabled(
-      repository,
-      features,
-      codeql,
-      languages,
       codeScanningConfig,
+      languagesInput,
+      repository,
+      sourceRoot,
+      features,
+      logger,
     )
   ) {
     if (isAnalyzingPullRequest()) {
@@ -713,17 +797,12 @@ export async function getOverlayDatabaseMode(
   }
 
   if (
+    codeql !== undefined &&
+    languages !== undefined &&
     buildMode !== BuildMode.None &&
     (
       await Promise.all(
-        languages.map(
-          async (l) =>
-            l !== KnownLanguage.go && // Workaround to allow overlay analysis for Go with any build
-            // mode, since it does not yet support BMN. The Go autobuilder and/or extractor will
-            // ensure that overlay-base databases are only created for supported Go build setups,
-            // and that we'll fall back to full databases in other cases.
-            (await codeql.isTracedLanguage(l)),
-        ),
+        languages.map(async (l) => await codeql.isTracedLanguage(l)),
       )
     ).some(Boolean)
   ) {
@@ -734,7 +813,10 @@ export async function getOverlayDatabaseMode(
     );
     return nonOverlayAnalysis;
   }
-  if (!(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION))) {
+  if (
+    codeql !== undefined &&
+    !(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION))
+  ) {
     logger.warning(
       `Cannot build an ${overlayDatabaseMode} database because ` +
         `the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. ` +
@@ -757,6 +839,62 @@ export async function getOverlayDatabaseMode(
   };
 }
 
+/**
+ * Get preliminary overlay database mode using only the information available
+ * in InitConfigInputs, without depending on CodeQL.
+ *
+ * This is a simplified version of getOverlayDatabaseMode that can be called
+ * before the CodeQL CLI is available.
+ *
+ * @param inputs The initialization configuration inputs.
+ * @returns An object containing the overlay database mode and whether the
+ * action should perform overlay-base database caching.
+ */
+export async function getPreliminaryOverlayDatabaseMode(
+  inputs: InitConfigInputs,
+): Promise<{
+  overlayDatabaseMode: OverlayDatabaseMode;
+  useOverlayDatabaseCaching: boolean;
+}> {
+  const userConfig = await loadUserConfig(
+    inputs.configFile,
+    inputs.workspacePath,
+    inputs.apiDetails,
+    inputs.tempDir,
+    inputs.logger,
+  );
+
+  const languages = await getUnverifiedLanguagesForOverlay(
+    inputs.languagesInput,
+    inputs.repository,
+    inputs.sourceRoot,
+    inputs.logger,
+  );
+  const augmentationProperties = await calculateAugmentation(
+    inputs.packsInput,
+    inputs.queriesInput,
+    inputs.repositoryProperties,
+    languages,
+  );
+  const computedConfig = generateCodeScanningConfig(
+    inputs.logger,
+    userConfig,
+    augmentationProperties,
+  );
+
+  return getOverlayDatabaseMode(
+    undefined, // codeql
+    inputs.repository,
+    inputs.features,
+    undefined, // languages
+    inputs.languagesInput,
+    inputs.sourceRoot,
+    undefined, // buildMode
+    computedConfig,
+    inputs.logger,
+  );
+}
+
 function dbLocationOrDefault(
   dbLocation: string | undefined,
   tempDir: string,
@@ -788,40 +926,19 @@ function hasQueryCustomisation(userConfig: UserConfig): boolean {
  * a default config. The parsed config is then stored to a known location.
  */
 export async function initConfig(
-  features: FeatureEnablement,
   inputs: InitConfigInputs,
+  codeql: CodeQL,
 ): Promise<Config> {
   const { logger, tempDir } = inputs;
 
-  // if configInput is set, it takes precedence over configFile
-  if (inputs.configInput) {
-    if (inputs.configFile) {
-      logger.warning(
-        `Both a config file and config input were provided. Ignoring config file.`,
-      );
-    }
-    inputs.configFile = userConfigFromActionPath(tempDir);
-    fs.writeFileSync(inputs.configFile, inputs.configInput);
-    logger.debug(`Using config from action input: ${inputs.configFile}`);
-  }
-
-  let userConfig: UserConfig = {};
-  if (!inputs.configFile) {
-    logger.debug("No configuration file was provided");
-  } else {
-    logger.debug(`Using configuration file: ${inputs.configFile}`);
-    const validateConfig = await features.getValue(Feature.ValidateDbConfig);
-    userConfig = await loadUserConfig(
-      logger,
-      inputs.configFile,
-      inputs.workspacePath,
-      inputs.apiDetails,
-      tempDir,
-      validateConfig,
-    );
-  }
-
-  const config = await initActionState(inputs, userConfig);
+  const userConfig = await loadUserConfig(
+    inputs.configFile,
+    inputs.workspacePath,
+    inputs.apiDetails,
+    tempDir,
+    logger,
+  );
+  const config = await initActionState(inputs, userConfig, codeql);
 
   // If Code Quality analysis is the only enabled analysis kind, then we will initialise
   // the database for Code Quality. That entails disabling the default queries and only
@@ -848,10 +965,11 @@ export async function initConfig(
   // rest of the config has been populated.
   const { overlayDatabaseMode, useOverlayDatabaseCaching } =
     await getOverlayDatabaseMode(
-      inputs.codeql,
+      codeql,
       inputs.repository,
       inputs.features,
       config.languages,
+      inputs.languagesInput,
       inputs.sourceRoot,
       config.buildMode,
       config.computedConfig,
@@ -866,11 +984,7 @@ export async function initConfig(
 
   if (
     overlayDatabaseMode === OverlayDatabaseMode.Overlay ||
-    (await shouldPerformDiffInformedAnalysis(
-      inputs.codeql,
-      inputs.features,
-      logger,
-    ))
+    (await shouldPerformDiffInformedAnalysis(codeql, inputs.features, logger))
   ) {
     config.extraQueryExclusions.push({
       exclude: { tags: "exclude-from-incremental" },
@@ -911,11 +1025,7 @@ function isLocal(configPath: string): boolean {
   return configPath.indexOf("@") === -1;
 }
 
-function getLocalConfig(
-  logger: Logger,
-  configFile: string,
-  validateConfig: boolean,
-): UserConfig {
+function getLocalConfig(configFile: string): UserConfig {
   // Error if the file does not exist
   if (!fs.existsSync(configFile)) {
     throw new ConfigurationError(
@@ -923,19 +1033,12 @@ function getLocalConfig(
     );
   }
 
-  return parseUserConfig(
-    logger,
-    configFile,
-    fs.readFileSync(configFile, "utf-8"),
-    validateConfig,
-  );
+  return yaml.load(fs.readFileSync(configFile, "utf8")) as UserConfig;
 }
 
 async function getRemoteConfig(
-  logger: Logger,
   configFile: string,
   apiDetails: api.GitHubApiCombinedDetails,
-  validateConfig: boolean,
 ): Promise<UserConfig> {
   // retrieve the various parts of the config location, and ensure they're present
   const format = new RegExp(
@@ -971,12 +1074,9 @@ async function getRemoteConfig(
     );
   }
 
-  return parseUserConfig(
-    logger,
-    configFile,
+  return yaml.load(
     Buffer.from(fileContents, "base64").toString("binary"),
-    validateConfig,
-  );
+  ) as UserConfig;
 }
 
 /**

src/config/db-config.test.ts

@@ -2,13 +2,7 @@ import test, { ExecutionContext } from "ava";
 
 import { RepositoryProperties } from "../feature-flags/properties";
 import { KnownLanguage, Language } from "../languages";
-import { getRunnerLogger } from "../logging";
-import {
-  checkExpectedLogMessages,
-  getRecordingLogger,
-  LoggedMessage,
-} from "../testing-utils";
-import { ConfigurationError, prettyPrintPack } from "../util";
+import { prettyPrintPack } from "../util";
 
 import * as dbConfig from "./db-config";
 
@@ -159,6 +153,7 @@ const packSpecPrettyPrintingMacro = test.macro({
   title: (
     _providedTitle: string | undefined,
     packStr: string,
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
     _packObj: dbConfig.Pack,
   ) => `Prettyprint pack spec: '${packStr}'`,
 });
@@ -397,111 +392,3 @@ test(
   {},
   /"a-pack-without-a-scope" is not a valid pack/,
 );
-
-test("parseUserConfig - successfully parses valid YAML", (t) => {
-  const result = dbConfig.parseUserConfig(
-    getRunnerLogger(true),
-    "test",
-    `
-    paths-ignore:
-      - "some/path"
-    queries:
-      - uses: foo
-    some-unknown-option: true
-    `,
-    true,
-  );
-  t.truthy(result);
-  if (t.truthy(result["paths-ignore"])) {
-    t.is(result["paths-ignore"].length, 1);
-    t.is(result["paths-ignore"][0], "some/path");
-  }
-  if (t.truthy(result["queries"])) {
-    t.is(result["queries"].length, 1);
-    t.deepEqual(result["queries"][0], { uses: "foo" });
-  }
-});
-
-test("parseUserConfig - throws a ConfigurationError if the file is not valid YAML", (t) => {
-  t.throws(
-    () =>
-      dbConfig.parseUserConfig(
-        getRunnerLogger(true),
-        "test",
-        `
-        paths-ignore:
-         - "some/path"
-         queries:
-         - foo
-        `,
-        true,
-      ),
-    {
-      instanceOf: ConfigurationError,
-    },
-  );
-});
-
-test("parseUserConfig - validation isn't picky about `query-filters`", (t) => {
-  const loggedMessages: LoggedMessage[] = [];
-  const logger = getRecordingLogger(loggedMessages);
-
-  t.notThrows(() =>
-    dbConfig.parseUserConfig(
-      logger,
-      "test",
-      `
-        query-filters:
-          - something
-          - include: foo
-          - exclude: bar
-        `,
-      true,
-    ),
-  );
-});
-
-test("parseUserConfig - throws a ConfigurationError if validation fails", (t) => {
-  const loggedMessages: LoggedMessage[] = [];
-  const logger = getRecordingLogger(loggedMessages);
-
-  t.throws(
-    () =>
-      dbConfig.parseUserConfig(
-        logger,
-        "test",
-        `
-        paths-ignore:
-         - "some/path"
-        queries: true
-        `,
-        true,
-      ),
-    {
-      instanceOf: ConfigurationError,
-      message:
-        'The configuration file "test" is invalid: instance.queries is not of a type(s) array.',
-    },
-  );
-
-  const expectedMessages = ["instance.queries is not of a type(s) array"];
-  checkExpectedLogMessages(t, loggedMessages, expectedMessages);
-});
-
-test("parseUserConfig - throws no ConfigurationError if validation should fail, but feature is disabled", (t) => {
-  const loggedMessages: LoggedMessage[] = [];
-  const logger = getRecordingLogger(loggedMessages);
-
-  t.notThrows(() =>
-    dbConfig.parseUserConfig(
-      logger,
-      "test",
-      `
-        paths-ignore:
-         - "some/path"
-        queries: true
-        `,
-      false,
-    ),
-  );
-});

src/config/db-config.ts

@@ -1,10 +1,7 @@
 import * as path from "path";
 
-import * as yaml from "js-yaml";
-import * as jsonschema from "jsonschema";
 import * as semver from "semver";
 
-import type { UserConfig as DbConfig, QuerySpec } from "../db-config-schema";
 import * as errorMessages from "../error-messages";
 import {
   RepositoryProperties,
@@ -14,8 +11,6 @@ import { Language } from "../languages";
 import { Logger } from "../logging";
 import { cloneObject, ConfigurationError, prettyPrintPack } from "../util";
 
-export type { QuerySpec } from "../db-config-schema";
-
 export interface ExcludeQueryFilter {
   exclude: Record<string, string[] | string>;
 }
@@ -26,14 +21,30 @@ export interface IncludeQueryFilter {
 
 export type QueryFilter = ExcludeQueryFilter | IncludeQueryFilter;
 
+export interface QuerySpec {
+  name?: string;
+  uses: string;
+}
+
 /**
  * Format of the config file supplied by the user.
  */
-export type UserConfig = DbConfig & {
+export interface UserConfig {
+  name?: string;
+  "disable-default-queries"?: boolean;
+  queries?: QuerySpec[];
+  "paths-ignore"?: string[];
+  paths?: string[];
+
+  // If this is a multi-language analysis, then the packages must be split by
+  // language. If this is a single language analysis, then no split by
+  // language is necessary.
+  packs?: Record<string, string[]> | string[];
+
   // Set of query filters to include and exclude extra queries based on
   // codeql query suite `include` and `exclude` properties
   "query-filters"?: QueryFilter[];
-};
+}
 
 /**
  * Represents additional configuration data from a source other than
@@ -463,53 +474,3 @@ export function generateCodeScanningConfig(
 
   return augmentedConfig;
 }
-
-/**
- * Attempts to parse `contents` into a `UserConfig` value.
- *
- * @param logger The logger to use.
- * @param pathInput The path to the file where `contents` was obtained from, for use in error messages.
- * @param contents The string contents of a YAML file to try and parse as a `UserConfig`.
- * @param validateConfig Whether to validate the configuration file against the schema.
- * @returns The `UserConfig` corresponding to `contents`, if parsing was successful.
- * @throws A `ConfigurationError` if parsing failed.
- */
-export function parseUserConfig(
-  logger: Logger,
-  pathInput: string,
-  contents: string,
-  validateConfig: boolean,
-): UserConfig {
-  try {
-    const schema =
-      // eslint-disable-next-line @typescript-eslint/no-require-imports
-      require("../../schemas/db-config-schema.json") as jsonschema.Schema;
-
-    const doc = yaml.load(contents);
-
-    if (validateConfig) {
-      const result = new jsonschema.Validator().validate(doc, schema);
-
-      if (result.errors.length > 0) {
-        for (const error of result.errors) {
-          logger.error(error.stack);
-        }
-        throw new ConfigurationError(
-          errorMessages.getInvalidConfigFileMessage(
-            pathInput,
-            result.errors.map((e) => e.stack),
-          ),
-        );
-      }
-    }
-
-    return doc as UserConfig;
-  } catch (error) {
-    if (error instanceof yaml.YAMLException) {
-      throw new ConfigurationError(
-        errorMessages.getConfigFileParseErrorMessage(pathInput, error.message),
-      );
-    }
-    throw error;
-  }
-}

src/db-config-schema.d.ts

@@ -1,53 +0,0 @@
-/* This file was automatically generated by `npm run generate:schemas`. Do not edit by hand. */
-
-/**
- * Format of the config file supplied by the user for CodeQL analysis
- */
-export interface UserConfig {
-  /**
-   * Name of the configuration
-   */
-  name?: string;
-  /**
-   * Whether to disable default queries
-   */
-  "disable-default-queries"?: boolean;
-  /**
-   * List of additional queries to run
-   */
-  queries?: QuerySpec[];
-  /**
-   * Paths to ignore during analysis
-   */
-  "paths-ignore"?: string[];
-  /**
-   * Paths to include in analysis
-   */
-  paths?: string[];
-  /**
-   * Query packs to include. Can be a simple array for single-language analysis or an object with language-specific arrays for multi-language analysis
-   */
-  packs?:
-    | string[]
-    | {
-        [k: string]: string[];
-      };
-  /**
-   * Set of query filters to include and exclude extra queries based on CodeQL query suite include and exclude properties
-   */
-  "query-filters"?: unknown[];
-  [k: string]: unknown;
-}
-/**
- * Detailed query specification object
- */
-export interface QuerySpec {
-  /**
-   * Optional name for the query
-   */
-  name?: string;
-  /**
-   * The query or query suite to use
-   */
-  uses: string;
-}

src/debug-artifacts.ts

@@ -59,7 +59,7 @@ export async function uploadCombinedSarifArtifacts(
         for (const outputDir of outputDirs) {
           const sarifFiles = fs
             .readdirSync(path.resolve(baseTempDir, outputDir))
-            .filter((f) => path.extname(f) === ".sarif");
+            .filter((f) => f.endsWith(".sarif"));
 
           for (const sarifFile of sarifFiles) {
             toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));

src/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.3",
-  "cliVersion": "2.23.3",
-  "priorBundleVersion": "codeql-bundle-v2.23.2",
-  "priorCliVersion": "2.23.2"
+  "bundleVersion": "codeql-bundle-v2.23.1",
+  "cliVersion": "2.23.1",
+  "priorBundleVersion": "codeql-bundle-v2.23.0",
+  "priorCliVersion": "2.23.0"
 }

src/dependency-caching.ts

@@ -5,13 +5,12 @@ import * as actionsCache from "@actions/cache";
 import * as glob from "@actions/glob";
 
 import { getTemporaryDirectory } from "./actions-util";
-import { listActionsCaches } from "./api-client";
 import { getTotalCacheSize } from "./caching-utils";
 import { Config } from "./config-utils";
 import { EnvVar } from "./environment";
 import { KnownLanguage, Language } from "./languages";
 import { Logger } from "./logging";
-import { getErrorMessage, getRequiredEnvParam } from "./util";
+import { getRequiredEnvParam } from "./util";
 
 /**
  * Caching configuration for a particular language.
@@ -85,42 +84,20 @@ async function makeGlobber(patterns: string[]): Promise<glob.Globber> {
   return glob.create(patterns.join("\n"));
 }
 
-/** Enumerates possible outcomes for cache hits. */
-export enum CacheHitKind {
-  /** We were unable to calculate a hash for the key. */
-  NoHash = "no-hash",
-  /** No cache was found. */
-  Miss = "miss",
-  /** The primary cache key matched. */
-  Exact = "exact",
-  /** A restore key matched. */
-  Partial = "partial",
-}
-
-/** Represents results of trying to restore a dependency cache for a language. */
-export interface DependencyCacheRestoreStatus {
-  language: Language;
-  hit_kind: CacheHitKind;
-  download_duration_ms?: number;
-}
-
-/** An array of `DependencyCacheRestoreStatus` objects for each analysed language with a caching configuration. */
-export type DependencyCacheRestoreStatusReport = DependencyCacheRestoreStatus[];
-
 /**
  * Attempts to restore dependency caches for the languages being analyzed.
  *
  * @param languages The languages being analyzed.
  * @param logger A logger to record some informational messages to.
  * @param minimizeJavaJars Whether the Java extractor should rewrite downloaded JARs to minimize their size.
- * @returns An array of `DependencyCacheRestoreStatus` objects for each analysed language with a caching configuration.
+ * @returns A list of languages for which dependency caches were restored.
  */
 export async function downloadDependencyCaches(
   languages: Language[],
   logger: Logger,
   minimizeJavaJars: boolean,
-): Promise<DependencyCacheRestoreStatusReport> {
-  const status: DependencyCacheRestoreStatusReport = [];
+): Promise<Language[]> {
+  const restoredCaches: Language[] = [];
 
   for (const language of languages) {
     const cacheConfig = getDefaultCacheConfig()[language];
@@ -137,7 +114,6 @@ export async function downloadDependencyCaches(
     const globber = await makeGlobber(cacheConfig.hash);
 
     if ((await globber.glob()).length === 0) {
-      status.push({ language, hit_kind: CacheHitKind.NoHash });
       logger.info(
         `Skipping download of dependency cache for ${language} as we cannot calculate a hash for the cache key.`,
       );
@@ -155,66 +131,35 @@ export async function downloadDependencyCaches(
       )}`,
     );
 
-    const start = performance.now();
     const hitKey = await actionsCache.restoreCache(
       cacheConfig.paths,
       primaryKey,
       restoreKeys,
     );
-    const download_duration_ms = Math.round(performance.now() - start);
 
     if (hitKey !== undefined) {
       logger.info(`Cache hit on key ${hitKey} for ${language}.`);
-      const hit_kind =
-        hitKey === primaryKey ? CacheHitKind.Exact : CacheHitKind.Partial;
-      status.push({ language, hit_kind, download_duration_ms });
+      restoredCaches.push(language);
     } else {
-      status.push({ language, hit_kind: CacheHitKind.Miss });
       logger.info(`No suitable cache found for ${language}.`);
     }
   }
 
-  return status;
+  return restoredCaches;
 }
 
-/** Enumerates possible outcomes for storing caches. */
-export enum CacheStoreResult {
-  /** We were unable to calculate a hash for the key. */
-  NoHash = "no-hash",
-  /** There is nothing to store in the cache. */
-  Empty = "empty",
-  /** There already exists a cache with the key we are trying to store. */
-  Duplicate = "duplicate",
-  /** The cache was stored successfully. */
-  Stored = "stored",
-}
-
-/** Represents results of trying to upload a dependency cache for a language. */
-export interface DependencyCacheUploadStatus {
-  language: Language;
-  result: CacheStoreResult;
-  upload_size_bytes?: number;
-  upload_duration_ms?: number;
-}
-
-/** An array of `DependencyCacheUploadStatus` objects for each analysed language with a caching configuration. */
-export type DependencyCacheUploadStatusReport = DependencyCacheUploadStatus[];
-
 /**
  * Attempts to store caches for the languages that were analyzed.
  *
  * @param config The configuration for this workflow.
  * @param logger A logger to record some informational messages to.
  * @param minimizeJavaJars Whether the Java extractor should rewrite downloaded JARs to minimize their size.
- *
- * @returns An array of `DependencyCacheUploadStatus` objects for each analysed language with a caching configuration.
  */
 export async function uploadDependencyCaches(
   config: Config,
   logger: Logger,
   minimizeJavaJars: boolean,
-): Promise<DependencyCacheUploadStatusReport> {
-  const status: DependencyCacheUploadStatusReport = [];
+): Promise<void> {
   for (const language of config.languages) {
     const cacheConfig = getDefaultCacheConfig()[language];
 
@@ -230,7 +175,6 @@ export async function uploadDependencyCaches(
     const globber = await makeGlobber(cacheConfig.hash);
 
     if ((await globber.glob()).length === 0) {
-      status.push({ language, result: CacheStoreResult.NoHash });
       logger.info(
         `Skipping upload of dependency cache for ${language} as we cannot calculate a hash for the cache key.`,
       );
@@ -251,7 +195,6 @@ export async function uploadDependencyCaches(
 
     // Skip uploading an empty cache.
     if (size === 0) {
-      status.push({ language, result: CacheStoreResult.Empty });
       logger.info(
         `Skipping upload of dependency cache for ${language} since it is empty.`,
       );
@@ -265,16 +208,7 @@ export async function uploadDependencyCaches(
     );
 
     try {
-      const start = performance.now();
       await actionsCache.saveCache(cacheConfig.paths, key);
-      const upload_duration_ms = Math.round(performance.now() - start);
-
-      status.push({
-        language,
-        result: CacheStoreResult.Stored,
-        upload_size_bytes: Math.round(size),
-        upload_duration_ms,
-      });
     } catch (error) {
       // `ReserveCacheError` indicates that the cache key is already in use, which means that a
       // cache with that key already exists or is in the process of being uploaded by another
@@ -284,16 +218,12 @@ export async function uploadDependencyCaches(
           `Not uploading cache for ${language}, because ${key} is already in use.`,
         );
         logger.debug(error.message);
-
-        status.push({ language, result: CacheStoreResult.Duplicate });
       } else {
         // Propagate other errors upwards.
         throw error;
       }
     }
   }
-
-  return status;
 }
 
 /**
@@ -340,34 +270,3 @@ async function cachePrefix(
 
   return `${prefix}-${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
 }
-
-/** Represents information about our overall cache usage for CodeQL dependency caches. */
-export interface DependencyCachingUsageReport {
-  count: number;
-  size_bytes: number;
-}
-
-/**
- * Tries to determine the overall cache usage for CodeQL dependencies caches.
- *
- * @param logger The logger to log errors to.
- * @returns Returns the overall cache usage for CodeQL dependencies caches, or `undefined` if we couldn't determine it.
- */
-export async function getDependencyCacheUsage(
-  logger: Logger,
-): Promise<DependencyCachingUsageReport | undefined> {
-  try {
-    const caches = await listActionsCaches(CODEQL_DEPENDENCY_CACHE_PREFIX);
-    const totalSize = caches.reduce(
-      (acc, cache) => acc + (cache.size_in_bytes ?? 0),
-      0,
-    );
-    return { count: caches.length, size_bytes: totalSize };
-  } catch (err) {
-    logger.warning(
-      `Unable to retrieve information about dependency cache usage: ${getErrorMessage(err)}`,
-    );
-  }
-
-  return undefined;
-}

src/environment.ts

@@ -47,9 +47,6 @@ export enum EnvVar {
   /** Whether the CodeQL Action has already warned the user about low disk space. */
   HAS_WARNED_ABOUT_DISK_SPACE = "CODEQL_ACTION_HAS_WARNED_ABOUT_DISK_SPACE",
 
-  /** Whether the `setup-codeql` action has been run. */
-  SETUP_CODEQL_ACTION_HAS_RUN = "CODEQL_ACTION_SETUP_CODEQL_HAS_RUN",
-
   /** Whether the init action has been run. */
   INIT_ACTION_HAS_RUN = "CODEQL_ACTION_INIT_HAS_RUN",
 
@@ -131,10 +128,4 @@ export enum EnvVar {
    * whether the upload is disabled. This is intended for testing and debugging purposes.
    */
   SARIF_DUMP_DIR = "CODEQL_ACTION_SARIF_DUMP_DIR",
-
-  /**
-   * Whether to skip uploading SARIF results to GitHub. Intended for testing purposes.
-   * This setting is more specific than `CODEQL_ACTION_TEST_MODE`, which implies this option.
-   */
-  SKIP_SARIF_UPLOAD = "CODEQL_ACTION_SKIP_SARIF_UPLOAD",
 }

src/error-messages.ts

@@ -14,22 +14,6 @@ export function getConfigFileDoesNotExistErrorMessage(
   return `The configuration file "${configFile}" does not exist`;
 }
 
-export function getConfigFileParseErrorMessage(
-  configFile: string,
-  message: string,
-): string {
-  return `Cannot parse "${configFile}": ${message}`;
-}
-
-export function getInvalidConfigFileMessage(
-  configFile: string,
-  messages: string[],
-): string {
-  const andMore =
-    messages.length > 10 ? `, and ${messages.length - 10} more.` : ".";
-  return `The configuration file "${configFile}" is invalid: ${messages.slice(0, 10).join(", ")}${andMore}`;
-}
-
 export function getConfigFileRepoFormatInvalidMessage(
   configFile: string,
 ): string {

src/feature-flags.ts

@@ -7,7 +7,6 @@ import { getApiClient } from "./api-client";
 import type { CodeQL } from "./codeql";
 import * as defaults from "./defaults.json";
 import { Logger } from "./logging";
-import { CODEQL_OVERLAY_MINIMUM_VERSION } from "./overlay-database-utils";
 import { RepositoryNwo } from "./repository";
 import { ToolsFeature } from "./tools-features";
 import * as util from "./util";
@@ -43,7 +42,6 @@ export interface FeatureEnablement {
  * Legacy features should end with `_enabled`.
  */
 export enum Feature {
-  AllowToolcacheInput = "allow_toolcache_input",
   CleanupTrapCaches = "cleanup_trap_caches",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   DiffInformedQueries = "diff_informed_queries",
@@ -74,10 +72,9 @@ export enum Feature {
   OverlayAnalysisRust = "overlay_analysis_rust",
   OverlayAnalysisSwift = "overlay_analysis_swift",
   PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib",
+  UseRepositoryProperties = "use_repository_properties",
   QaTelemetryEnabled = "qa_telemetry_enabled",
   ResolveSupportedLanguagesUsingCli = "resolve_supported_languages_using_cli",
-  UseRepositoryProperties = "use_repository_properties",
-  ValidateDbConfig = "validate_db_config",
 }
 
 export const featureConfig: Record<
@@ -111,11 +108,6 @@ export const featureConfig: Record<
     toolsFeature?: ToolsFeature;
   }
 > = {
-  [Feature.AllowToolcacheInput]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT",
-    minimumVersion: undefined,
-  },
   [Feature.CleanupTrapCaches]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",
@@ -164,7 +156,7 @@ export const featureConfig: Record<
   [Feature.OverlayAnalysis]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
-    minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION,
+    minimumVersion: undefined,
   },
   [Feature.OverlayAnalysisActions]: {
     defaultValue: false,
@@ -288,11 +280,6 @@ export const featureConfig: Record<
     envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
     minimumVersion: "2.23.0",
   },
-  [Feature.ValidateDbConfig]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
-    minimumVersion: undefined,
-  },
 };
 
 /**

src/init-action-post-helper.test.ts

@@ -2,7 +2,6 @@ import test, { ExecutionContext } from "ava";
 import * as sinon from "sinon";
 
 import * as actionsUtil from "./actions-util";
-import { AnalysisKind } from "./analyses";
 import * as codeql from "./codeql";
 import * as configUtils from "./config-utils";
 import { Feature } from "./feature-flags";
@@ -29,13 +28,12 @@ test("post: init action with debug mode off", async (t) => {
     const gitHubVersion: util.GitHubVersion = {
       type: util.GitHubVariant.DOTCOM,
     };
-    sinon.stub(configUtils, "getConfig").resolves(
-      createTestConfig({
-        debugMode: false,
-        gitHubVersion,
-        languages: [],
-      }),
-    );
+    sinon.stub(configUtils, "getConfig").resolves({
+      debugMode: false,
+      gitHubVersion,
+      languages: [],
+      packs: [],
+    } as unknown as configUtils.Config);
 
     const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
     const printDebugLogsSpy = sinon.spy();
@@ -86,14 +84,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off"
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v4",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v4",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -110,14 +108,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v4",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v4",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -137,14 +135,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v4",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v4",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -194,14 +192,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
       },
       {
         name: "Initialize CodeQL",
-        uses: "github/codeql-action/init@v4",
+        uses: "github/codeql-action/init@v3",
         with: {
           languages: "javascript",
         },
       },
       {
         name: "Perform CodeQL Analysis",
-        uses: "github/codeql-action/analyze@v4",
+        uses: "github/codeql-action/analyze@v3",
         with: {
           category: "my-category",
           upload: uploadInput,
@@ -229,14 +227,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v4",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v4",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "/language:${{ matrix.language }}",
       },
@@ -256,14 +254,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v4",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v4",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         upload: "${{ matrix.language != 'csharp' }}",
       },
@@ -297,17 +295,6 @@ test("uploading failed SARIF run fails when workflow does not reference github/c
   t.truthy(result.upload_failed_run_stack_trace);
 });
 
-test("not uploading failed SARIF when `code-scanning` is not an enabled analysis kind", async (t) => {
-  const result = await testFailedSarifUpload(t, createTestWorkflow([]), {
-    analysisKinds: [AnalysisKind.CodeQuality],
-    expectUpload: false,
-  });
-  t.is(
-    result.upload_failed_run_skipped_because,
-    "Code Scanning is not enabled.",
-  );
-});
-
 function createTestWorkflow(
   steps: workflow.WorkflowJobStep[],
 ): workflow.Workflow {
@@ -340,22 +327,20 @@ async function testFailedSarifUpload(
     expectUpload = true,
     exportDiagnosticsEnabled = false,
     matrix = {},
-    analysisKinds = [AnalysisKind.CodeScanning],
   }: {
     category?: string;
     databaseExists?: boolean;
     expectUpload?: boolean;
     exportDiagnosticsEnabled?: boolean;
     matrix?: { [key: string]: string };
-    analysisKinds?: AnalysisKind[];
   } = {},
 ): Promise<initActionPostHelper.UploadFailedSarifResult> {
-  const config = createTestConfig({
-    analysisKinds,
+  const config = {
     codeQLCmd: "codeql",
     debugMode: true,
     languages: [],
-  });
+    packs: [],
+  } as unknown as configUtils.Config;
   if (databaseExists) {
     config.dbLocation = "path/to/database";
   }

src/init-action-post-helper.ts

@@ -7,8 +7,7 @@ import * as actionsUtil from "./actions-util";
 import { CodeScanning } from "./analyses";
 import { getApiClient } from "./api-client";
 import { CodeQL, getCodeQL } from "./codeql";
-import { Config, isCodeScanningEnabled } from "./config-utils";
-import * as dependencyCaching from "./dependency-caching";
+import { Config } from "./config-utils";
 import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { Logger } from "./logging";
@@ -19,8 +18,8 @@ import {
   delay,
   getErrorMessage,
   getRequiredEnvParam,
+  isInTestMode,
   parseMatrixInput,
-  shouldSkipSarifUpload,
   wrapError,
 } from "./util";
 import {
@@ -46,10 +45,6 @@ export interface JobStatusReport {
   job_status: JobStatus;
 }
 
-export interface DependencyCachingUsageReport {
-  dependency_caching_usage?: dependencyCaching.DependencyCachingUsageReport;
-}
-
 function createFailedUploadFailedSarifResult(
   error: unknown,
 ): UploadFailedSarifResult {
@@ -81,7 +76,7 @@ async function maybeUploadFailedSarif(
     !["always", "failure-only"].includes(
       actionsUtil.getUploadValue(shouldUpload),
     ) ||
-    shouldSkipSarifUpload()
+    isInTestMode()
   ) {
     return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
   }
@@ -139,15 +134,6 @@ export async function tryUploadSarifIfRunFailed(
       EnvVar.JOB_STATUS,
       process.env[EnvVar.JOB_STATUS] ?? JobStatus.ConfigErrorStatus,
     );
-
-    // If the only enabled analysis kind is `code-quality`, then we shouldn't
-    // upload the failed SARIF to Code Scanning.
-    if (!isCodeScanningEnabled(config)) {
-      return {
-        upload_failed_run_skipped_because: "Code Scanning is not enabled.",
-      };
-    }
-
     try {
       return await maybeUploadFailedSarif(
         config,

src/init-action-post.ts

@@ -12,16 +12,10 @@ import {
   printDebugLogs,
 } from "./actions-util";
 import { getGitHubVersion } from "./api-client";
-import { CachingKind } from "./caching-utils";
 import { getCodeQL } from "./codeql";
 import { Config, getConfig } from "./config-utils";
 import * as debugArtifacts from "./debug-artifacts";
-import {
-  DependencyCachingUsageReport,
-  getDependencyCacheUsage,
-} from "./dependency-caching";
 import { Features } from "./feature-flags";
-import * as gitUtils from "./git-utils";
 import * as initActionPostHelper from "./init-action-post-helper";
 import { getActionsLogger } from "./logging";
 import { getRepositoryNwo } from "./repository";
@@ -38,8 +32,7 @@ import { checkDiskUsage, checkGitHubVersionInRange, wrapError } from "./util";
 interface InitPostStatusReport
   extends StatusReportBase,
     initActionPostHelper.UploadFailedSarifResult,
-    initActionPostHelper.JobStatusReport,
-    initActionPostHelper.DependencyCachingUsageReport {}
+    initActionPostHelper.JobStatusReport {}
 
 async function runWrapper() {
   const logger = getActionsLogger();
@@ -48,7 +41,6 @@ async function runWrapper() {
   let uploadFailedSarifResult:
     | initActionPostHelper.UploadFailedSarifResult
     | undefined;
-  let dependencyCachingUsage: DependencyCachingUsageReport | undefined;
   try {
     // Restore inputs from `init` Action.
     restoreInputs();
@@ -81,17 +73,6 @@ async function runWrapper() {
         features,
         logger,
       );
-
-      // If we are analysing the default branch and some kind of caching is enabled,
-      // then try to determine our overall cache usage for dependency caches. We only
-      // do this under these circumstances to avoid slowing down analyses for PRs
-      // and where caching may not be enabled.
-      if (
-        (await gitUtils.isAnalyzingDefaultBranch()) &&
-        config.dependencyCachingEnabled !== CachingKind.None
-      ) {
-        dependencyCachingUsage = await getDependencyCacheUsage(logger);
-      }
     }
   } catch (unwrappedError) {
     const error = wrapError(unwrappedError);
@@ -128,7 +109,6 @@ async function runWrapper() {
       ...statusReportBase,
       ...uploadFailedSarifResult,
       job_status: initActionPostHelper.getFinalJobStatus(),
-      dependency_caching_usage: dependencyCachingUsage,
     };
     logger.info("Sending status report for init-post step.");
     await sendStatusReport(statusReport);

src/init-action.ts

@@ -15,7 +15,6 @@ import {
   getTemporaryDirectory,
   persistInputs,
 } from "./actions-util";
-import { AnalysisKind, getAnalysisKinds } from "./analyses";
 import { getGitHubVersion } from "./api-client";
 import {
   getDependencyCachingEnabled,
@@ -24,10 +23,7 @@ import {
 } from "./caching-utils";
 import { CodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
-import {
-  DependencyCacheRestoreStatusReport,
-  downloadDependencyCaches,
-} from "./dependency-caching";
+import { downloadDependencyCaches } from "./dependency-caching";
 import {
   addDiagnostic,
   flushDiagnostics,
@@ -46,9 +42,10 @@ import {
   runDatabaseInitCluster,
 } from "./init";
 import { KnownLanguage } from "./languages";
-import { getActionsLogger, Logger } from "./logging";
+import { getActionsLogger, Logger, withGroupAsync } from "./logging";
 import {
   downloadOverlayBaseDatabaseFromCache,
+  getCodeQLVersionFromOverlayBaseDatabase,
   OverlayBaseDatabaseDownloadStats,
   OverlayDatabaseMode,
 } from "./overlay-database-utils";
@@ -57,7 +54,6 @@ import { ToolsSource } from "./setup-codeql";
 import {
   ActionName,
   InitStatusReport,
-  InitToolsDownloadFields,
   InitWithConfigStatusReport,
   createInitWithConfigStatusReport,
   createStatusReportBase,
@@ -88,29 +84,14 @@ import {
 } from "./util";
 import { validateWorkflow } from "./workflow";
 
-/**
- * Sends a status report indicating that the `init` Action is starting.
- *
- * @param startedAt
- * @param config
- * @param logger
- */
-async function sendStartingStatusReport(
-  startedAt: Date,
-  config: Partial<configUtils.Config> | undefined,
-  logger: Logger,
-) {
-  const statusReportBase = await createStatusReportBase(
-    ActionName.Init,
-    "starting",
-    startedAt,
-    config,
-    await checkDiskUsage(logger),
-    logger,
-  );
-  if (statusReportBase !== undefined) {
-    await sendStatusReport(statusReportBase);
-  }
+/** Fields of the init status report populated when the tools source is `download`. */
+interface InitToolsDownloadFields {
+  /** Time taken to download the bundle, in milliseconds. */
+  tools_download_duration_ms?: number;
+  /**
+   * Whether the relevant tools dotcom feature flags have been misconfigured.
+   * Only populated if we attempt to determine the default version based on the dotcom feature flags. */
+  tools_feature_flags_valid?: boolean;
 }
 
 async function sendCompletedStatusReport(
@@ -122,7 +103,6 @@ async function sendCompletedStatusReport(
   toolsSource: ToolsSource,
   toolsVersion: string,
   overlayBaseDatabaseStats: OverlayBaseDatabaseDownloadStats | undefined,
-  dependencyCachingResults: DependencyCacheRestoreStatusReport | undefined,
   logger: Logger,
   error?: Error,
 ) {
@@ -172,7 +152,6 @@ async function sendCompletedStatusReport(
           await getTotalCacheSize(Object.values(config.trapCaches), logger),
         ),
         overlayBaseDatabaseStats,
-        dependencyCachingResults,
       );
     await sendStatusReport({
       ...initWithConfigStatusReport,
@@ -227,7 +206,6 @@ async function run() {
     ? await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo)
     : {};
 
-  // Create a unique identifier for this run.
   const jobRunUuid = uuidV4();
   logger.info(`Job run UUID is ${jobRunUuid}.`);
   core.exportVariable(EnvVar.JOB_RUN_UUID, jobRunUuid);
@@ -245,33 +223,94 @@ async function run() {
   );
 
   try {
-    // Parsing the `analysis-kinds` input may throw a `ConfigurationError`, which we don't want before
-    // we have called `sendStartingStatusReport` below. However, we want the analysis kinds for that status
-    // report. To work around this, we ignore exceptions that are thrown here and then call `getAnalysisKinds`
-    // a second time later. The second call will then throw the exception again. If `getAnalysisKinds` is
-    // successful, the results are cached so that we don't duplicate the work in normal runs.
-    let analysisKinds: AnalysisKind[] | undefined;
-    try {
-      analysisKinds = await getAnalysisKinds(logger);
-    } catch (err) {
-      logger.debug(
-        `Failed to parse analysis kinds for 'starting' status report: ${getErrorMessage(err)}`,
-      );
+    const statusReportBase = await createStatusReportBase(
+      ActionName.Init,
+      "starting",
+      startedAt,
+      config,
+      await checkDiskUsage(logger),
+      logger,
+    );
+    if (statusReportBase !== undefined) {
+      await sendStatusReport(statusReportBase);
     }
 
-    // Send a status report indicating that an analysis is starting.
-    await sendStartingStatusReport(startedAt, { analysisKinds }, logger);
-
-    // Throw a `ConfigurationError` if the `setup-codeql` action has been run.
-    if (process.env[EnvVar.SETUP_CODEQL_ACTION_HAS_RUN] === "true") {
-      throw new ConfigurationError(
-        `The 'init' action should not be run in the same workflow as 'setup-codeql'.`,
-      );
-    }
+    const inputs: configUtils.InitConfigInputs = {
+      analysisKindsInput: getRequiredInput("analysis-kinds"),
+      languagesInput: getOptionalInput("languages"),
+      queriesInput: getOptionalInput("queries"),
+      qualityQueriesInput: getOptionalInput("quality-queries"),
+      packsInput: getOptionalInput("packs"),
+      buildModeInput: getOptionalInput("build-mode"),
+      configFile,
+      dbLocation: getOptionalInput("db-location"),
+      configInput: getOptionalInput("config"),
+      trapCachingEnabled: getTrapCachingEnabled(),
+      dependencyCachingEnabled: getDependencyCachingEnabled(),
+      // Debug mode is enabled if:
+      // - The `init` Action is passed `debug: true`.
+      // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
+      //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
+      debugMode: getOptionalInput("debug") === "true" || core.isDebug(),
+      debugArtifactName:
+        getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME,
+      debugDatabaseName:
+        getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME,
+      repository: repositoryNwo,
+      tempDir: getTemporaryDirectory(),
+      workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"),
+      sourceRoot,
+      githubVersion: gitHubVersion,
+      apiDetails,
+      features,
+      repositoryProperties,
+      logger,
+    };
+    configUtils.amendInputConfigFile(inputs, logger);
 
     const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(
       gitHubVersion.type,
     );
+
+    await withGroupAsync(
+      "Compute CodeQL version to use for overlay analysis",
+      async () => {
+        if (getOptionalInput("tools")) {
+          logger.info(
+            "Nothing to do here because the workflow specified a tools input.",
+          );
+          return;
+        }
+
+        const { overlayDatabaseMode, useOverlayDatabaseCaching } =
+          await configUtils.getPreliminaryOverlayDatabaseMode(inputs);
+        if (overlayDatabaseMode !== OverlayDatabaseMode.Overlay) {
+          logger.info(
+            "Nothing to do here because we are not performing overlay analysis",
+          );
+          return;
+        }
+        if (!useOverlayDatabaseCaching) {
+          logger.info(
+            `Nothing to do here because we are not using overlay database caching`,
+          );
+          return;
+        }
+
+        const codeQlVersionForOverlay =
+          await getCodeQLVersionFromOverlayBaseDatabase(logger);
+        if (codeQlVersionForOverlay === undefined) {
+          return;
+        }
+
+        logger.info(
+          `Using CodeQL version ${codeQlVersionForOverlay} for overlay analysis.`,
+        );
+        codeQLDefaultVersionInfo.cliVersion = codeQlVersionForOverlay;
+        codeQLDefaultVersionInfo.tagName = `codeql-bundle-v${codeQlVersionForOverlay}`;
+      },
+    );
+
     toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
     const initCodeQLResult = await initCodeQL(
       getOptionalInput("tools"),
@@ -279,7 +318,6 @@ async function run() {
       getTemporaryDirectory(),
       gitHubVersion.type,
       codeQLDefaultVersionInfo,
-      features,
       logger,
     );
     codeql = initCodeQLResult.codeql;
@@ -324,38 +362,15 @@ async function run() {
       }
     }
 
-    analysisKinds = await getAnalysisKinds(logger);
-    config = await initConfig(features, {
-      analysisKinds,
-      languagesInput: getOptionalInput("languages"),
-      queriesInput: getOptionalInput("queries"),
-      packsInput: getOptionalInput("packs"),
-      buildModeInput: getOptionalInput("build-mode"),
-      configFile,
-      dbLocation: getOptionalInput("db-location"),
-      configInput: getOptionalInput("config"),
-      trapCachingEnabled: getTrapCachingEnabled(),
-      dependencyCachingEnabled: getDependencyCachingEnabled(),
-      // Debug mode is enabled if:
-      // - The `init` Action is passed `debug: true`.
-      // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
-      //   or by setting the `ACTIONS_STEP_DEBUG` secret to `true`).
-      debugMode: getOptionalInput("debug") === "true" || core.isDebug(),
-      debugArtifactName:
-        getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME,
-      debugDatabaseName:
-        getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME,
-      repository: repositoryNwo,
-      tempDir: getTemporaryDirectory(),
-      codeql,
-      workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"),
-      sourceRoot,
-      githubVersion: gitHubVersion,
-      apiDetails,
-      features,
-      repositoryProperties,
-      logger,
-    });
+    // Warn that `quality-queries` is deprecated if there is an argument for it.
+    if (inputs.qualityQueriesInput !== undefined) {
+      logger.warning(
+        "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. " +
+          "Use the `analysis-kinds` input to configure different analysis kinds instead.",
+      );
+    }
+
+    config = await initConfig(inputs, codeql);
 
     await checkInstallPython311(config.languages, codeql);
   } catch (unwrappedError) {
@@ -378,7 +393,6 @@ async function run() {
   }
 
   let overlayBaseDatabaseStats: OverlayBaseDatabaseDownloadStats | undefined;
-  let dependencyCachingResults: DependencyCacheRestoreStatusReport | undefined;
   try {
     if (
       config.overlayDatabaseMode === OverlayDatabaseMode.Overlay &&
@@ -590,7 +604,7 @@ async function run() {
       codeql,
     );
     if (shouldRestoreCache(config.dependencyCachingEnabled)) {
-      dependencyCachingResults = await downloadDependencyCaches(
+      await downloadDependencyCaches(
         config.languages,
         logger,
         minimizeJavaJars,
@@ -742,7 +756,6 @@ async function run() {
       toolsSource,
       toolsVersion,
       overlayBaseDatabaseStats,
-      dependencyCachingResults,
       logger,
       error,
     );
@@ -765,7 +778,6 @@ async function run() {
     toolsSource,
     toolsVersion,
     overlayBaseDatabaseStats,
-    dependencyCachingResults,
     logger,
   );
 }

src/init.ts

@@ -9,7 +9,7 @@ import { getOptionalInput, isSelfHostedRunner } from "./actions-util";
 import { GitHubApiDetails } from "./api-client";
 import { CodeQL, setupCodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
-import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags";
+import { CodeQLDefaultVersionInfo } from "./feature-flags";
 import { KnownLanguage, Language } from "./languages";
 import { Logger, withGroupAsync } from "./logging";
 import { ToolsSource } from "./setup-codeql";
@@ -23,7 +23,6 @@ export async function initCodeQL(
   tempDir: string,
   variant: util.GitHubVariant,
   defaultCliVersion: CodeQLDefaultVersionInfo,
-  features: FeatureEnablement,
   logger: Logger,
 ): Promise<{
   codeql: CodeQL;
@@ -45,7 +44,6 @@ export async function initCodeQL(
     tempDir,
     variant,
     defaultCliVersion,
-    features,
     logger,
     true,
   );
@@ -61,11 +59,11 @@ export async function initCodeQL(
 }
 
 export async function initConfig(
-  features: FeatureEnablement,
   inputs: configUtils.InitConfigInputs,
+  codeql: CodeQL,
 ): Promise<configUtils.Config> {
   return await withGroupAsync("Load language configuration", async () => {
-    return await configUtils.initConfig(features, inputs);
+    return await configUtils.initConfig(inputs, codeql);
   });
 }
 

src/overlay-database-utils.test.ts

@@ -11,6 +11,10 @@ import * as gitUtils from "./git-utils";
 import { getRunnerLogger } from "./logging";
 import {
   downloadOverlayBaseDatabaseFromCache,
+  getCacheRestoreKeyPrefix,
+  getCacheSaveKey,
+  getCacheWorkflowKeyPrefix,
+  getCodeQLVersionFromOverlayBaseDatabase,
   OverlayDatabaseMode,
   writeBaseDatabaseOidsFile,
   writeOverlayChangesFile,
@@ -261,3 +265,197 @@ test(
   },
   false,
 );
+
+test("overlay-base database cache keys remain stable", async (t) => {
+  const config = createTestConfig({ languages: ["python", "javascript"] });
+  const codeQlVersion = "2.23.0";
+  const commitOid = "abc123def456";
+
+  sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
+  sinon.stub(gitUtils, "getCommitOid").resolves(commitOid);
+
+  const saveKey = await getCacheSaveKey(config, codeQlVersion, "checkout-path");
+  const expectedSaveKey =
+    "codeql-overlay-base-database-1-c5666c509a2d9895-javascript_python-2.23.0-abc123def456";
+  t.is(
+    saveKey,
+    expectedSaveKey,
+    "Cache save key changed unexpectedly. " +
+      "This may indicate breaking changes in the cache key generation logic.",
+  );
+
+  const restoreKeyPrefix = await getCacheRestoreKeyPrefix(
+    config,
+    codeQlVersion,
+  );
+  const expectedRestoreKeyPrefix =
+    "codeql-overlay-base-database-1-c5666c509a2d9895-javascript_python-2.23.0-";
+  t.is(
+    restoreKeyPrefix,
+    expectedRestoreKeyPrefix,
+    "Cache restore key prefix changed unexpectedly. " +
+      "This may indicate breaking changes in the cache key generation logic.",
+  );
+
+  const workflowKeyPrefix = await getCacheWorkflowKeyPrefix();
+  const expectedWorkflowKeyPrefix =
+    "codeql-overlay-base-database-1-c5666c509a2d9895-";
+  t.is(
+    workflowKeyPrefix,
+    expectedWorkflowKeyPrefix,
+    "Cache workflow key prefix changed unexpectedly. " +
+      "This may indicate breaking changes in the cache key generation logic.",
+  );
+
+  t.true(
+    saveKey.startsWith(restoreKeyPrefix),
+    `Expected save key "${saveKey}" to start with restore key prefix "${restoreKeyPrefix}"`,
+  );
+  t.true(
+    restoreKeyPrefix.startsWith(workflowKeyPrefix),
+    `Expected restore key prefix "${restoreKeyPrefix}" to start with workflow key prefix "${workflowKeyPrefix}"`,
+  );
+});
+
+/**
+ * Helper function to generate a cache save key for testing.
+ * Sets up the necessary sinon stubs and returns the generated cache key.
+ */
+async function generateTestCacheKey(codeQlVersion: string): Promise<string> {
+  const config = createTestConfig({ languages: ["python", "javascript"] });
+  const commitOid = "abc123def456";
+
+  sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
+  sinon.stub(gitUtils, "getCommitOid").resolves(commitOid);
+
+  return await getCacheSaveKey(config, codeQlVersion, "checkout-path");
+}
+
+/**
+ * Helper function to stub getMostRecentActionsCacheEntry with a given key and creation date.
+ * Returns the stubbed function for cleanup if needed.
+ */
+function stubMostRecentActionsCacheEntry(key?: string, createdAt?: Date) {
+  const cacheItem =
+    key !== undefined || createdAt !== undefined
+      ? {
+          key,
+          created_at: createdAt?.toISOString(),
+        }
+      : undefined;
+
+  return sinon
+    .stub(apiClient, "getMostRecentActionsCacheEntry")
+    .resolves(cacheItem);
+}
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns version when cache entry is valid", async (t) => {
+  const logger = getRunnerLogger(true);
+  const cacheKey = await generateTestCacheKey("2.23.0");
+
+  stubMostRecentActionsCacheEntry(cacheKey, new Date());
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(result, "2.23.0", "Should return the extracted CodeQL version");
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when no cache entries found", async (t) => {
+  const logger = getRunnerLogger(true);
+
+  sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
+  stubMostRecentActionsCacheEntry();
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when no cache entries found",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when cache entry is too old", async (t) => {
+  const logger = getRunnerLogger(true);
+  const cacheKey = await generateTestCacheKey("2.23.0");
+
+  const oldDate = new Date();
+  oldDate.setDate(oldDate.getDate() - 15); // 15 days ago (older than 14 day limit)
+
+  stubMostRecentActionsCacheEntry(cacheKey, oldDate);
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when cache entry is too old",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when cache key format is invalid", async (t) => {
+  const logger = getRunnerLogger(true);
+
+  sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
+  stubMostRecentActionsCacheEntry("invalid-key-format", new Date());
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when cache key format is invalid",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when CodeQL version is invalid semver", async (t) => {
+  const logger = getRunnerLogger(true);
+  const invalidCacheKey = await generateTestCacheKey("invalid.version");
+
+  stubMostRecentActionsCacheEntry(invalidCacheKey, new Date());
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when CodeQL version is invalid semver",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when CodeQL version is too old", async (t) => {
+  const logger = getRunnerLogger(true);
+  const cacheKey = await generateTestCacheKey("2.20.0"); // Older than minimum required version (2.22.4)
+
+  stubMostRecentActionsCacheEntry(cacheKey, new Date());
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when CodeQL version is older than minimum required version",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when cache entry has no key", async (t) => {
+  const logger = getRunnerLogger(true);
+
+  sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
+  stubMostRecentActionsCacheEntry(undefined, new Date());
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when cache entry has no key",
+  );
+});
+
+test("getCodeQLVersionFromOverlayBaseDatabase returns undefined when cache entry has no created_at", async (t) => {
+  const logger = getRunnerLogger(true);
+  const cacheKey = await generateTestCacheKey("2.23.0");
+
+  stubMostRecentActionsCacheEntry(cacheKey, undefined);
+
+  const result = await getCodeQLVersionFromOverlayBaseDatabase(logger);
+  t.is(
+    result,
+    undefined,
+    "Should return undefined when cache entry has no created_at",
+  );
+});

src/overlay-database-utils.ts

@@ -3,9 +3,10 @@ import * as fs from "fs";
 import * as path from "path";
 
 import * as actionsCache from "@actions/cache";
+import * as semver from "semver";
 
 import { getRequiredInput, getTemporaryDirectory } from "./actions-util";
-import { getAutomationID } from "./api-client";
+import { getAutomationID, getMostRecentActionsCacheEntry } from "./api-client";
 import { type CodeQL } from "./codeql";
 import { type Config } from "./config-utils";
 import { getCommitOid, getFileOidsUnderPath } from "./git-utils";
@@ -441,6 +442,64 @@ export async function downloadOverlayBaseDatabaseFromCache(
   };
 }
 
+const IGNORE_DATABASES_OLDER_THAN_N_DAYS = 14;
+
+export async function getCodeQLVersionFromOverlayBaseDatabase(
+  logger: Logger,
+): Promise<string | undefined> {
+  const keyPrefix = await getCacheWorkflowKeyPrefix();
+  const cacheItem = await getMostRecentActionsCacheEntry(keyPrefix);
+
+  if (cacheItem?.created_at === undefined || cacheItem.key === undefined) {
+    logger.info("No overlay-base database cache entries found");
+    return undefined;
+  }
+
+  const cutoffTime = new Date();
+  cutoffTime.setDate(cutoffTime.getDate() - IGNORE_DATABASES_OLDER_THAN_N_DAYS);
+
+  const cacheCreationTime = new Date(cacheItem.created_at);
+  if (cacheCreationTime < cutoffTime) {
+    logger.info(
+      `Not considering overlay-base database cache entry ${cacheItem.key} ` +
+        `because it is too old (created at ${cacheItem.created_at})`,
+    );
+    return undefined;
+  }
+
+  const keyParts = cacheItem.key.split("-");
+  if (keyParts.length < 9) {
+    logger.info(
+      `Overlay-base database cache entry ${cacheItem.key} has invalid key format`,
+    );
+    return undefined;
+  }
+  const codeQlVersion = keyParts[keyParts.length - 2];
+
+  if (!semver.valid(codeQlVersion)) {
+    logger.info(
+      `Overlay-base database cache entry ${cacheItem.key} has invalid ` +
+        `CodeQL version ${codeQlVersion}`,
+    );
+    return undefined;
+  }
+
+  if (semver.lt(codeQlVersion, CODEQL_OVERLAY_MINIMUM_VERSION)) {
+    logger.info(
+      `Overlay-base database cache entry ${cacheItem.key} has ` +
+        `CodeQL version ${codeQlVersion}, which is older than the ` +
+        `minimum required version ${CODEQL_OVERLAY_MINIMUM_VERSION}`,
+    );
+    return undefined;
+  }
+
+  logger.info(
+    `Found overlay-base database cache entry ${cacheItem.key} ` +
+      `created at ${cacheItem.created_at} with CodeQL version ${codeQlVersion}`,
+  );
+  return codeQlVersion;
+}
+
 /**
  * Computes the cache key for saving the overlay-base database to the GitHub
  * Actions cache.
@@ -448,7 +507,7 @@ export async function downloadOverlayBaseDatabaseFromCache(
  * The key consists of the restore key prefix (which does not include the
  * commit SHA) and the commit SHA of the current checkout.
  */
-async function getCacheSaveKey(
+export async function getCacheSaveKey(
   config: Config,
   codeQlVersion: string,
   checkoutPath: string,
@@ -475,31 +534,42 @@ async function getCacheSaveKey(
  * not include the commit SHA. This allows us to restore the most recent
  * compatible overlay-base database.
  */
-async function getCacheRestoreKeyPrefix(
+export async function getCacheRestoreKeyPrefix(
   config: Config,
   codeQlVersion: string,
 ): Promise<string> {
   const languages = [...config.languages].sort().join("_");
-
-  const cacheKeyComponents = {
-    automationID: await getAutomationID(),
-    // Add more components here as needed in the future
-  };
-  const componentsHash = createCacheKeyHash(cacheKeyComponents);
+  const workflowPrefix = await getCacheWorkflowKeyPrefix();
 
   // For a cached overlay-base database to be considered compatible for overlay
   // analysis, all components in the cache restore key must match:
   //
-  // CACHE_PREFIX: distinguishes overlay-base databases from other cache objects
-  // CACHE_VERSION: cache format version
-  // componentsHash: hash of additional components (see above for details)
+  // workflowPrefix contains components that depend only on the workflow:
+  //   CACHE_PREFIX: distinguishes overlay-base databases from other cache objects
+  //   CACHE_VERSION: cache format version
+  //   componentsHash: hash of additional components (see above for details)
   // languages: the languages included in the overlay-base database
   // codeQlVersion: CodeQL bundle version
   //
   // Technically we can also include languages and codeQlVersion in the
   // componentsHash, but including them explicitly in the cache key makes it
   // easier to debug and understand the cache key structure.
-  return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`;
+  return `${workflowPrefix}${languages}-${codeQlVersion}-`;
+}
+
+/**
+ * Computes the cache key prefix that depends only on the workflow.
+ *
+ * @returns A promise that resolves to the common cache key prefix in the format
+ * `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-`
+ */
+export async function getCacheWorkflowKeyPrefix(): Promise<string> {
+  const cacheKeyComponents = {
+    automationID: await getAutomationID(),
+    // Add more components here as needed in the future
+  };
+  const componentsHash = createCacheKeyHash(cacheKeyComponents);
+  return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-`;
 }
 
 /**

src/overlay-language-aliases.json

@@ -0,0 +1,11 @@
+{
+  "c": "cpp",
+  "c++": "cpp",
+  "c-c++": "cpp",
+  "c-cpp": "cpp",
+  "c#": "csharp",
+  "java-kotlin": "java",
+  "kotlin": "java",
+  "javascript-typescript": "javascript",
+  "typescript": "javascript"
+}

src/setup-codeql-action.ts

@@ -1,196 +0,0 @@
-import * as core from "@actions/core";
-import { v4 as uuidV4 } from "uuid";
-
-import {
-  getActionVersion,
-  getOptionalInput,
-  getRequiredInput,
-  getTemporaryDirectory,
-} from "./actions-util";
-import { getGitHubVersion } from "./api-client";
-import { CodeQL } from "./codeql";
-import { EnvVar } from "./environment";
-import { Features } from "./feature-flags";
-import { initCodeQL } from "./init";
-import { getActionsLogger, Logger } from "./logging";
-import { getRepositoryNwo } from "./repository";
-import { ToolsSource } from "./setup-codeql";
-import {
-  ActionName,
-  InitStatusReport,
-  InitToolsDownloadFields,
-  createStatusReportBase,
-  getActionsStatus,
-  sendStatusReport,
-} from "./status-report";
-import { ToolsDownloadStatusReport } from "./tools-download";
-import {
-  checkDiskUsage,
-  checkForTimeout,
-  checkGitHubVersionInRange,
-  getRequiredEnvParam,
-  initializeEnvironment,
-  ConfigurationError,
-  wrapError,
-  checkActionVersion,
-  getErrorMessage,
-} from "./util";
-
-/**
- * Helper function to send a full status report for this action.
- */
-async function sendCompletedStatusReport(
-  startedAt: Date,
-  toolsDownloadStatusReport: ToolsDownloadStatusReport | undefined,
-  toolsFeatureFlagsValid: boolean | undefined,
-  toolsSource: ToolsSource,
-  toolsVersion: string,
-  logger: Logger,
-  error?: Error,
-): Promise<void> {
-  const statusReportBase = await createStatusReportBase(
-    ActionName.SetupCodeQL,
-    getActionsStatus(error),
-    startedAt,
-    undefined,
-    await checkDiskUsage(logger),
-    logger,
-    error?.message,
-    error?.stack,
-  );
-
-  if (statusReportBase === undefined) {
-    return;
-  }
-
-  const initStatusReport: InitStatusReport = {
-    ...statusReportBase,
-    tools_input: getOptionalInput("tools") || "",
-    tools_resolved_version: toolsVersion,
-    tools_source: toolsSource || ToolsSource.Unknown,
-    workflow_languages: "",
-  };
-
-  const initToolsDownloadFields: InitToolsDownloadFields = {};
-
-  if (toolsDownloadStatusReport?.downloadDurationMs !== undefined) {
-    initToolsDownloadFields.tools_download_duration_ms =
-      toolsDownloadStatusReport.downloadDurationMs;
-  }
-  if (toolsFeatureFlagsValid !== undefined) {
-    initToolsDownloadFields.tools_feature_flags_valid = toolsFeatureFlagsValid;
-  }
-
-  await sendStatusReport({ ...initStatusReport, ...initToolsDownloadFields });
-}
-
-/** The main behaviour of this action. */
-async function run(): Promise<void> {
-  const startedAt = new Date();
-  const logger = getActionsLogger();
-  initializeEnvironment(getActionVersion());
-
-  let codeql: CodeQL;
-  let toolsDownloadStatusReport: ToolsDownloadStatusReport | undefined;
-  let toolsFeatureFlagsValid: boolean | undefined;
-  let toolsSource: ToolsSource;
-  let toolsVersion: string;
-
-  const apiDetails = {
-    auth: getRequiredInput("token"),
-    externalRepoAuth: getOptionalInput("external-repository-token"),
-    url: getRequiredEnvParam("GITHUB_SERVER_URL"),
-    apiURL: getRequiredEnvParam("GITHUB_API_URL"),
-  };
-
-  const gitHubVersion = await getGitHubVersion();
-  checkGitHubVersionInRange(gitHubVersion, logger);
-  checkActionVersion(getActionVersion(), gitHubVersion);
-
-  const repositoryNwo = getRepositoryNwo();
-
-  const features = new Features(
-    gitHubVersion,
-    repositoryNwo,
-    getTemporaryDirectory(),
-    logger,
-  );
-
-  const jobRunUuid = uuidV4();
-  logger.info(`Job run UUID is ${jobRunUuid}.`);
-  core.exportVariable(EnvVar.JOB_RUN_UUID, jobRunUuid);
-
-  try {
-    const statusReportBase = await createStatusReportBase(
-      ActionName.SetupCodeQL,
-      "starting",
-      startedAt,
-      undefined,
-      await checkDiskUsage(logger),
-      logger,
-    );
-    if (statusReportBase !== undefined) {
-      await sendStatusReport(statusReportBase);
-    }
-    const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(
-      gitHubVersion.type,
-    );
-    toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
-    const initCodeQLResult = await initCodeQL(
-      getOptionalInput("tools"),
-      apiDetails,
-      getTemporaryDirectory(),
-      gitHubVersion.type,
-      codeQLDefaultVersionInfo,
-      features,
-      logger,
-    );
-    codeql = initCodeQLResult.codeql;
-    toolsDownloadStatusReport = initCodeQLResult.toolsDownloadStatusReport;
-    toolsVersion = initCodeQLResult.toolsVersion;
-    toolsSource = initCodeQLResult.toolsSource;
-
-    core.setOutput("codeql-path", codeql.getPath());
-    core.setOutput("codeql-version", (await codeql.getVersion()).version);
-
-    core.exportVariable(EnvVar.SETUP_CODEQL_ACTION_HAS_RUN, "true");
-  } catch (unwrappedError) {
-    const error = wrapError(unwrappedError);
-    core.setFailed(error.message);
-    const statusReportBase = await createStatusReportBase(
-      ActionName.SetupCodeQL,
-      error instanceof ConfigurationError ? "user-error" : "failure",
-      startedAt,
-      undefined,
-      await checkDiskUsage(logger),
-      logger,
-      error.message,
-      error.stack,
-    );
-    if (statusReportBase !== undefined) {
-      await sendStatusReport(statusReportBase);
-    }
-    return;
-  }
-
-  await sendCompletedStatusReport(
-    startedAt,
-    toolsDownloadStatusReport,
-    toolsFeatureFlagsValid,
-    toolsSource,
-    toolsVersion,
-    logger,
-  );
-}
-
-/** Run the action and catch any unhandled errors. */
-async function runWrapper(): Promise<void> {
-  try {
-    await run();
-  } catch (error) {
-    core.setFailed(`setup-codeql action failed: ${getErrorMessage(error)}`);
-  }
-  await checkForTimeout();
-}
-
-void runWrapper();

src/setup-codeql.test.ts

@@ -1,7 +1,6 @@
 import * as path from "path";
 
-import * as toolcache from "@actions/tool-cache";
-import test, { ExecutionContext } from "ava";
+import test from "ava";
 import * as sinon from "sinon";
 
 import * as actionsUtil from "./actions-util";
@@ -13,7 +12,6 @@ import {
   LoggedMessage,
   SAMPLE_DEFAULT_CLI_VERSION,
   SAMPLE_DOTCOM_API_DETAILS,
-  createFeatures,
   getRecordingLogger,
   initializeFeatures,
   mockBundleDownloadApi,
@@ -92,8 +90,6 @@ test("getCodeQLActionRepository", (t) => {
 });
 
 test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => {
-  const features = createFeatures([]);
-
   await withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
     const tagName = "codeql-bundle-v1.2.3";
@@ -104,7 +100,6 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) =>
       SAMPLE_DOTCOM_API_DETAILS,
       GitHubVariant.DOTCOM,
       false,
-      features,
       getRunnerLogger(true),
     );
 
@@ -114,8 +109,6 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) =>
 });
 
 test("getCodeQLSource correctly returns bundled CLI version when tools == linked", async (t) => {
-  const features = createFeatures([]);
-
   await withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
     const source = await setupCodeql.getCodeQLSource(
@@ -124,7 +117,6 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked
       SAMPLE_DOTCOM_API_DETAILS,
       GitHubVariant.DOTCOM,
       false,
-      features,
       getRunnerLogger(true),
     );
 
@@ -136,7 +128,6 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked
 test("getCodeQLSource correctly returns bundled CLI version when tools == latest", async (t) => {
   const loggedMessages: LoggedMessage[] = [];
   const logger = getRecordingLogger(loggedMessages);
-  const features = createFeatures([]);
 
   await withTmpDir(async (tmpDir) => {
     setupActionsVars(tmpDir, tmpDir);
@@ -146,7 +137,6 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest
       SAMPLE_DOTCOM_API_DETAILS,
       GitHubVariant.DOTCOM,
       false,
-      features,
       logger,
     );
 
@@ -171,7 +161,6 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest
 test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use linked tools", async (t) => {
   const loggedMessages: LoggedMessage[] = [];
   const logger = getRecordingLogger(loggedMessages);
-  const features = createFeatures([]);
 
   // Stub the downloadCodeQL function to prevent downloading artefacts
   // during testing from being called.
@@ -196,7 +185,6 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use
       "tmp/codeql_action_test/",
       GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       logger,
     );
 
@@ -219,7 +207,6 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use
 test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to download a non-default bundle", async (t) => {
   const loggedMessages: LoggedMessage[] = [];
   const logger = getRecordingLogger(loggedMessages);
-  const features = createFeatures([]);
 
   const bundleUrl =
     "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.16.0/codeql-bundle-linux64.tar.gz";
@@ -248,7 +235,6 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow
       "tmp/codeql_action_test/",
       GitHubVariant.DOTCOM,
       SAMPLE_DEFAULT_CLI_VERSION,
-      features,
       logger,
     );
 
@@ -268,160 +254,6 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow
   });
 });
 
-test("getCodeQLSource correctly returns latest version from toolcache when tools == toolcache", async (t) => {
-  const loggedMessages: LoggedMessage[] = [];
-  const logger = getRecordingLogger(loggedMessages);
-  const features = createFeatures([Feature.AllowToolcacheInput]);
-
-  process.env["GITHUB_EVENT_NAME"] = "dynamic";
-
-  const latestToolcacheVersion = "3.2.1";
-  const latestVersionPath = "/path/to/latest";
-  const testVersions = ["2.3.1", latestToolcacheVersion, "1.2.3"];
-  const findAllVersionsStub = sinon
-    .stub(toolcache, "findAllVersions")
-    .returns(testVersions);
-  const findStub = sinon.stub(toolcache, "find");
-  findStub
-    .withArgs("CodeQL", latestToolcacheVersion)
-    .returns(latestVersionPath);
-
-  await withTmpDir(async (tmpDir) => {
-    setupActionsVars(tmpDir, tmpDir);
-    const source = await setupCodeql.getCodeQLSource(
-      "toolcache",
-      SAMPLE_DEFAULT_CLI_VERSION,
-      SAMPLE_DOTCOM_API_DETAILS,
-      GitHubVariant.DOTCOM,
-      false,
-      features,
-      logger,
-    );
-
-    // Check that the toolcache functions were called with the expected arguments
-    t.assert(
-      findAllVersionsStub.calledOnceWith("CodeQL"),
-      `toolcache.findAllVersions("CodeQL") wasn't called`,
-    );
-    t.assert(
-      findStub.calledOnceWith("CodeQL", latestToolcacheVersion),
-      `toolcache.find("CodeQL", ${latestToolcacheVersion}) wasn't called`,
-    );
-
-    // Check that `sourceType` and `toolsVersion` match expectations.
-    t.is(source.sourceType, "toolcache");
-    t.is(source.toolsVersion, latestToolcacheVersion);
-
-    // Check that key messages we would expect to find in the log are present.
-    const expectedMessages: string[] = [
-      `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`,
-      `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.`,
-      `Using CodeQL CLI version ${latestToolcacheVersion} from toolcache at ${latestVersionPath}`,
-    ];
-    for (const expectedMessage of expectedMessages) {
-      t.assert(
-        loggedMessages.some(
-          (msg) =>
-            typeof msg.message === "string" &&
-            msg.message.includes(expectedMessage),
-        ),
-        `Expected '${expectedMessage}' in the logger output, but didn't find it in:\n ${loggedMessages.map((m) => ` - '${m.message}'`).join("\n")}`,
-      );
-    }
-  });
-});
-
-const toolcacheInputFallbackMacro = test.macro({
-  exec: async (
-    t: ExecutionContext<unknown>,
-    featureList: Feature[],
-    environment: Record<string, string>,
-    testVersions: string[],
-    expectedMessages: string[],
-  ) => {
-    const loggedMessages: LoggedMessage[] = [];
-    const logger = getRecordingLogger(loggedMessages);
-    const features = createFeatures(featureList);
-
-    for (const [k, v] of Object.entries(environment)) {
-      process.env[k] = v;
-    }
-
-    const findAllVersionsStub = sinon
-      .stub(toolcache, "findAllVersions")
-      .returns(testVersions);
-
-    await withTmpDir(async (tmpDir) => {
-      setupActionsVars(tmpDir, tmpDir);
-      const source = await setupCodeql.getCodeQLSource(
-        "toolcache",
-        SAMPLE_DEFAULT_CLI_VERSION,
-        SAMPLE_DOTCOM_API_DETAILS,
-        GitHubVariant.DOTCOM,
-        false,
-        features,
-        logger,
-      );
-
-      // Check that the toolcache functions were called with the expected arguments
-      t.assert(
-        findAllVersionsStub.calledWith("CodeQL"),
-        `toolcache.findAllVersions("CodeQL") wasn't called`,
-      );
-
-      // Check that `sourceType` and `toolsVersion` match expectations.
-      t.is(source.sourceType, "download");
-      t.is(source.toolsVersion, SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
-
-      // Check that key messages we would expect to find in the log are present.
-      for (const expectedMessage of expectedMessages) {
-        t.assert(
-          loggedMessages.some(
-            (msg) =>
-              typeof msg.message === "string" &&
-              msg.message.includes(expectedMessage),
-          ),
-          `Expected '${expectedMessage}' in the logger output, but didn't find it in:\n ${loggedMessages.map((m) => ` - '${m.message}'`).join("\n")}`,
-        );
-      }
-    });
-  },
-  title: (providedTitle = "") =>
-    `getCodeQLSource falls back to downloading the CLI if ${providedTitle}`,
-});
-
-test(
-  "the toolcache doesn't have a CodeQL CLI when tools == toolcache",
-  toolcacheInputFallbackMacro,
-  [Feature.AllowToolcacheInput],
-  { GITHUB_EVENT_NAME: "dynamic" },
-  [],
-  [
-    `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`,
-    `Found no CodeQL CLI in the toolcache, ignoring 'tools: toolcache'...`,
-  ],
-);
-
-test(
-  "the workflow trigger is not `dynamic`",
-  toolcacheInputFallbackMacro,
-  [Feature.AllowToolcacheInput],
-  { GITHUB_EVENT_NAME: "pull_request" },
-  [],
-  [
-    `Ignoring 'tools: toolcache' because the workflow was not triggered dynamically.`,
-  ],
-);
-
-test(
-  "the feature flag is not enabled",
-  toolcacheInputFallbackMacro,
-  [],
-  { GITHUB_EVENT_NAME: "dynamic" },
-  [],
-  [`Ignoring 'tools: toolcache' because the feature is not enabled.`],
-);
-
 test('tryGetTagNameFromUrl extracts the right tag name for a repo name containing "codeql-bundle"', (t) => {
   t.is(
     setupCodeql.tryGetTagNameFromUrl(
@@ -431,15 +263,3 @@ test('tryGetTagNameFromUrl extracts the right tag name for a repo name containin
     "codeql-bundle-v2.19.0",
   );
 });
-
-test("getLatestToolcacheVersion returns undefined if there are no CodeQL CLIs in the toolcache", (t) => {
-  sinon.stub(toolcache, "findAllVersions").returns([]);
-  t.is(setupCodeql.getLatestToolcacheVersion(getRunnerLogger(true)), undefined);
-});
-
-test("getLatestToolcacheVersion returns latest version in the toolcache", (t) => {
-  const testVersions = ["2.3.1", "3.2.1", "1.2.3"];
-  sinon.stub(toolcache, "findAllVersions").returns(testVersions);
-
-  t.is(setupCodeql.getLatestToolcacheVersion(getRunnerLogger(true)), "3.2.1");
-});

src/setup-codeql.ts

@@ -7,14 +7,12 @@ import { default as deepEqual } from "fast-deep-equal";
 import * as semver from "semver";
 import { v4 as uuidV4 } from "uuid";
 
-import { isDynamicWorkflow, isRunningLocalAction } from "./actions-util";
+import { isRunningLocalAction } from "./actions-util";
 import * as api from "./api-client";
 import * as defaults from "./defaults.json";
 import {
   CODEQL_VERSION_ZSTD_BUNDLE,
   CodeQLDefaultVersionInfo,
-  Feature,
-  FeatureEnablement,
 } from "./feature-flags";
 import { Logger } from "./logging";
 import * as tar from "./tar";
@@ -40,7 +38,6 @@ const CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies";
 
 const CODEQL_BUNDLE_VERSION_ALIAS: string[] = ["linked", "latest"];
 const CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"];
-const CODEQL_TOOLCACHE_INPUT = "toolcache";
 
 function getCodeQLBundleExtension(
   compressionMethod: tar.CompressionMethod,
@@ -278,7 +275,6 @@ export async function getCodeQLSource(
   apiDetails: api.GitHubApiDetails,
   variant: util.GitHubVariant,
   tarSupportsZstd: boolean,
-  features: FeatureEnablement,
   logger: Logger,
 ): Promise<CodeQLToolsSource> {
   if (
@@ -350,54 +346,6 @@ export async function getCodeQLSource(
         "`tools: latest` has been renamed to `tools: linked`, but the old name is still supported. No action is required.",
       );
     }
-  } else if (
-    toolsInput !== undefined &&
-    toolsInput === CODEQL_TOOLCACHE_INPUT
-  ) {
-    let latestToolcacheVersion: string | undefined;
-
-    // We only allow `toolsInput === "toolcache"` for `dynamic` events. In general, using `toolsInput === "toolcache"`
-    // can lead to alert wobble and so it shouldn't be used for an analysis where results are intended to be uploaded.
-    // We also allow this in test mode.
-    const allowToolcacheValueFF = await features.getValue(
-      Feature.AllowToolcacheInput,
-    );
-    const allowToolcacheValue =
-      allowToolcacheValueFF && (isDynamicWorkflow() || util.isInTestMode());
-    if (allowToolcacheValue) {
-      // If `toolsInput === "toolcache"`, try to find the latest version of the CLI that's available in the toolcache
-      // and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to
-      // the linked version.
-      logger.info(
-        `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`,
-      );
-
-      latestToolcacheVersion = getLatestToolcacheVersion(logger);
-      if (latestToolcacheVersion) {
-        cliVersion = latestToolcacheVersion;
-      }
-    }
-
-    if (latestToolcacheVersion === undefined) {
-      if (allowToolcacheValue) {
-        logger.info(
-          `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`,
-        );
-      } else {
-        if (allowToolcacheValueFF) {
-          logger.warning(
-            `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`,
-          );
-        } else {
-          logger.info(
-            `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`,
-          );
-        }
-      }
-
-      cliVersion = defaultCliVersion.cliVersion;
-      tagName = defaultCliVersion.tagName;
-    }
   } else if (toolsInput !== undefined) {
     // If a tools URL was provided, then use that.
     tagName = tryGetTagNameFromUrl(toolsInput, logger);
@@ -748,7 +696,6 @@ export async function setupCodeQLBundle(
   tempDir: string,
   variant: util.GitHubVariant,
   defaultCliVersion: CodeQLDefaultVersionInfo,
-  features: FeatureEnablement,
   logger: Logger,
 ) {
   if (!(await util.isBinaryAccessible("tar", logger))) {
@@ -764,7 +711,6 @@ export async function setupCodeQLBundle(
     apiDetails,
     variant,
     zstdAvailability.available,
-    features,
     logger,
   );
 
@@ -870,38 +816,9 @@ async function getNightlyToolsUrl(logger: Logger) {
   }
 }
 
-/**
- * Gets the latest version of the CodeQL CLI that is available in the toolcache, or `undefined`
- * if no CodeQL CLI is available in the toolcache.
- *
- * @param logger The logger to use.
- * @returns The latest version of the CodeQL CLI that is available in the toolcache, or `undefined` if there is none.
- */
-export function getLatestToolcacheVersion(logger: Logger): string | undefined {
-  const allVersions = toolcache
-    .findAllVersions("CodeQL")
-    .sort((a, b) => semver.compare(b, a));
-  logger.debug(
-    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
-      allVersions,
-    )}.`,
-  );
-
-  if (allVersions.length > 0) {
-    const latestToolcacheVersion = allVersions[0];
-    logger.info(
-      `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.`,
-    );
-    return latestToolcacheVersion;
-  }
-
-  return undefined;
-}
-
 function isReservedToolsValue(tools: string): boolean {
   return (
     CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) ||
-    CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) ||
-    tools === CODEQL_TOOLCACHE_INPUT
+    CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools)
   );
 }

src/start-proxy-action.ts

@@ -7,23 +7,13 @@ import { pki } from "node-forge";
 
 import * as actionsUtil from "./actions-util";
 import { getApiDetails, getAuthorizationHeaderFor } from "./api-client";
-import { Config } from "./config-utils";
-import { KnownLanguage } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import {
   Credential,
   getCredentials,
   getDownloadUrl,
-  parseLanguage,
   UPDATEJOB_PROXY,
 } from "./start-proxy";
-import {
-  ActionName,
-  createStatusReportBase,
-  getActionsStatus,
-  sendStatusReport,
-  StatusReportBase,
-} from "./status-report";
 import * as util from "./util";
 
 const KEY_SIZE = 2048;
@@ -93,111 +83,46 @@ function generateCertificateAuthority(): CertificateAuthority {
   return { cert: pem, key };
 }
 
-interface StartProxyStatus extends StatusReportBase {
-  // A comma-separated list of registry types which are configured for CodeQL.
-  // This only includes registry types we support, not all that are configured.
-  registry_types: string;
-}
-
-async function sendSuccessStatusReport(
-  startedAt: Date,
-  config: Partial<Config>,
-  registry_types: string[],
-  logger: Logger,
-) {
-  const statusReportBase = await createStatusReportBase(
-    ActionName.StartProxy,
-    "success",
-    startedAt,
-    config,
-    await util.checkDiskUsage(logger),
-    logger,
-  );
-  if (statusReportBase !== undefined) {
-    const statusReport: StartProxyStatus = {
-      ...statusReportBase,
-      registry_types: registry_types.join(","),
-    };
-    await sendStatusReport(statusReport);
-  }
-}
-
 async function runWrapper() {
-  const startedAt = new Date();
-
   // Make inputs accessible in the `post` step.
   actionsUtil.persistInputs();
 
   const logger = getActionsLogger();
-  let language: KnownLanguage | undefined;
 
-  try {
-    // Setup logging for the proxy
-    const tempDir = actionsUtil.getTemporaryDirectory();
-    const proxyLogFilePath = path.resolve(tempDir, "proxy.log");
-    core.saveState("proxy-log-file", proxyLogFilePath);
+  // Setup logging for the proxy
+  const tempDir = actionsUtil.getTemporaryDirectory();
+  const proxyLogFilePath = path.resolve(tempDir, "proxy.log");
+  core.saveState("proxy-log-file", proxyLogFilePath);
 
-    // Get the configuration options
-    const languageInput = actionsUtil.getOptionalInput("language");
-    language = languageInput ? parseLanguage(languageInput) : undefined;
-    const credentials = getCredentials(
-      logger,
-      actionsUtil.getOptionalInput("registry_secrets"),
-      actionsUtil.getOptionalInput("registries_credentials"),
-      language,
-    );
+  // Get the configuration options
+  const credentials = getCredentials(
+    logger,
+    actionsUtil.getOptionalInput("registry_secrets"),
+    actionsUtil.getOptionalInput("registries_credentials"),
+    actionsUtil.getOptionalInput("language"),
+  );
 
-    if (credentials.length === 0) {
-      logger.info("No credentials found, skipping proxy setup.");
-      return;
-    }
-
-    logger.info(
-      `Credentials loaded for the following registries:\n ${credentials
-        .map((c) => credentialToStr(c))
-        .join("\n")}`,
-    );
-
-    const ca = generateCertificateAuthority();
-
-    const proxyConfig: ProxyConfig = {
-      all_credentials: credentials,
-      ca,
-    };
-
-    // Start the Proxy
-    const proxyBin = await getProxyBinaryPath(logger);
-    await startProxy(proxyBin, proxyConfig, proxyLogFilePath, logger);
-
-    // Report success if we have reached this point.
-    await sendSuccessStatusReport(
-      startedAt,
-      {
-        languages: language && [language],
-      },
-      proxyConfig.all_credentials.map((c) => c.type),
-      logger,
-    );
-  } catch (unwrappedError) {
-    const error = util.wrapError(unwrappedError);
-    core.setFailed(`start-proxy action failed: ${error.message}`);
-
-    // We skip sending the error message and stack trace here to avoid the possibility
-    // of leaking any sensitive information into the telemetry.
-    const errorStatusReportBase = await createStatusReportBase(
-      ActionName.StartProxy,
-      getActionsStatus(error),
-      startedAt,
-      {
-        languages: language && [language],
-      },
-      await util.checkDiskUsage(logger),
-      logger,
-    );
-    if (errorStatusReportBase !== undefined) {
-      await sendStatusReport(errorStatusReportBase);
-    }
+  if (credentials.length === 0) {
+    logger.info("No credentials found, skipping proxy setup.");
+    return;
   }
+
+  logger.info(
+    `Credentials loaded for the following registries:\n ${credentials
+      .map((c) => credentialToStr(c))
+      .join("\n")}`,
+  );
+
+  const ca = generateCertificateAuthority();
+
+  const proxyConfig: ProxyConfig = {
+    all_credentials: credentials,
+    ca,
+  };
+
+  // Start the Proxy
+  const proxyBin = await getProxyBinaryPath(logger);
+  await startProxy(proxyBin, proxyConfig, proxyLogFilePath, logger);
 }
 
 async function startProxy(
@@ -208,53 +133,57 @@ async function startProxy(
 ) {
   const host = "127.0.0.1";
   let port = 49152;
-  let subprocess: ChildProcess | undefined = undefined;
-  let tries = 5;
-  let subprocessError: Error | undefined = undefined;
-  while (tries-- > 0 && !subprocess && !subprocessError) {
-    subprocess = spawn(
-      binPath,
-      ["-addr", `${host}:${port}`, "-config", "-", "-logfile", logFilePath],
-      {
-        detached: true,
-        stdio: ["pipe", "ignore", "ignore"],
-      },
-    );
-    subprocess.unref();
-    if (subprocess.pid) {
-      core.saveState("proxy-process-pid", `${subprocess.pid}`);
-    }
-    subprocess.on("error", (error) => {
-      subprocessError = error;
-    });
-    subprocess.on("exit", (code) => {
-      if (code !== 0) {
-        // If the proxy failed to start, try a different port from the ephemeral range [49152, 65535]
-        port = Math.floor(Math.random() * (65535 - 49152) + 49152);
-        subprocess = undefined;
+  try {
+    let subprocess: ChildProcess | undefined = undefined;
+    let tries = 5;
+    let subprocessError: Error | undefined = undefined;
+    while (tries-- > 0 && !subprocess && !subprocessError) {
+      subprocess = spawn(
+        binPath,
+        ["-addr", `${host}:${port}`, "-config", "-", "-logfile", logFilePath],
+        {
+          detached: true,
+          stdio: ["pipe", "ignore", "ignore"],
+        },
+      );
+      subprocess.unref();
+      if (subprocess.pid) {
+        core.saveState("proxy-process-pid", `${subprocess.pid}`);
       }
-    });
-    subprocess.stdin?.write(JSON.stringify(config));
-    subprocess.stdin?.end();
-    // Wait a little to allow the proxy to start
-    await util.delay(1000);
-  }
-  if (subprocessError) {
-    // eslint-disable-next-line @typescript-eslint/only-throw-error
-    throw subprocessError;
-  }
-  logger.info(`Proxy started on ${host}:${port}`);
-  core.setOutput("proxy_host", host);
-  core.setOutput("proxy_port", port.toString());
-  core.setOutput("proxy_ca_certificate", config.ca.cert);
+      subprocess.on("error", (error) => {
+        subprocessError = error;
+      });
+      subprocess.on("exit", (code) => {
+        if (code !== 0) {
+          // If the proxy failed to start, try a different port from the ephemeral range [49152, 65535]
+          port = Math.floor(Math.random() * (65535 - 49152) + 49152);
+          subprocess = undefined;
+        }
+      });
+      subprocess.stdin?.write(JSON.stringify(config));
+      subprocess.stdin?.end();
+      // Wait a little to allow the proxy to start
+      await util.delay(1000);
+    }
+    if (subprocessError) {
+      // eslint-disable-next-line @typescript-eslint/only-throw-error
+      throw subprocessError;
+    }
+    logger.info(`Proxy started on ${host}:${port}`);
+    core.setOutput("proxy_host", host);
+    core.setOutput("proxy_port", port.toString());
+    core.setOutput("proxy_ca_certificate", config.ca.cert);
 
-  const registry_urls = config.all_credentials
-    .filter((credential) => credential.url !== undefined)
-    .map((credential) => ({
-      type: credential.type,
-      url: credential.url,
-    }));
-  core.setOutput("proxy_urls", JSON.stringify(registry_urls));
+    const registry_urls = config.all_credentials
+      .filter((credential) => credential.url !== undefined)
+      .map((credential) => ({
+        type: credential.type,
+        url: credential.url,
+      }));
+    core.setOutput("proxy_urls", JSON.stringify(registry_urls));
+  } catch (error) {
+    core.setFailed(`start-proxy action failed: ${util.getErrorMessage(error)}`);
+  }
 }
 
 async function getProxyBinaryPath(logger: Logger): Promise<string> {

src/start-proxy.test.ts

@@ -109,7 +109,7 @@ test("getCredentials filters by language when specified", async (t) => {
     getRunnerLogger(true),
     undefined,
     toEncodedJSON(mixedCredentials),
-    KnownLanguage.java,
+    "java",
   );
   t.is(credentials.length, 1);
   t.is(credentials[0].type, "maven_repository");
@@ -120,7 +120,7 @@ test("getCredentials returns all for a language when specified", async (t) => {
     getRunnerLogger(true),
     undefined,
     toEncodedJSON(mixedCredentials),
-    KnownLanguage.go,
+    "go",
   );
   t.is(credentials.length, 2);
 

src/start-proxy.ts

@@ -79,8 +79,9 @@ export function getCredentials(
   logger: Logger,
   registrySecrets: string | undefined,
   registriesCredentials: string | undefined,
-  language: KnownLanguage | undefined,
+  languageString: string | undefined,
 ): Credential[] {
+  const language = languageString ? parseLanguage(languageString) : undefined;
   const registryTypeForLanguage = language
     ? LANGUAGE_TO_REGISTRY_TYPE[language]
     : undefined;

src/status-report.test.ts

@@ -92,49 +92,6 @@ test("createStatusReportBase", async (t) => {
   });
 });
 
-test("createStatusReportBase - empty configuration", async (t) => {
-  await withTmpDir(async (tmpDir: string) => {
-    setupEnvironmentAndStub(tmpDir);
-
-    const statusReport = await createStatusReportBase(
-      ActionName.StartProxy,
-      "success",
-      new Date("May 19, 2023 05:19:00"),
-      {},
-      { numAvailableBytes: 100, numTotalBytes: 500 },
-      getRunnerLogger(false),
-    );
-
-    if (t.truthy(statusReport)) {
-      t.is(statusReport.action_name, ActionName.StartProxy);
-      t.is(statusReport.status, "success");
-    }
-  });
-});
-
-test("createStatusReportBase - partial configuration", async (t) => {
-  await withTmpDir(async (tmpDir: string) => {
-    setupEnvironmentAndStub(tmpDir);
-
-    const statusReport = await createStatusReportBase(
-      ActionName.StartProxy,
-      "success",
-      new Date("May 19, 2023 05:19:00"),
-      {
-        languages: ["go"],
-      },
-      { numAvailableBytes: 100, numTotalBytes: 500 },
-      getRunnerLogger(false),
-    );
-
-    if (t.truthy(statusReport)) {
-      t.is(statusReport.action_name, ActionName.StartProxy);
-      t.is(statusReport.status, "success");
-      t.is(statusReport.languages, "go");
-    }
-  });
-});
-
 test("createStatusReportBase_firstParty", async (t) => {
   await withTmpDir(async (tmpDir: string) => {
     setupEnvironmentAndStub(tmpDir);
@@ -329,7 +286,6 @@ const testCreateInitWithConfigStatusReport = test.macro({
             undefined,
             1024,
             undefined,
-            undefined,
           );
 
         if (t.truthy(initWithConfigStatusReport)) {

src/status-report.ts

@@ -13,7 +13,6 @@ import {
 } from "./actions-util";
 import { getAnalysisKey, getApiClient } from "./api-client";
 import { parseRegistriesWithoutCredentials, type Config } from "./config-utils";
-import { DependencyCacheRestoreStatusReport } from "./dependency-caching";
 import { DocUrl } from "./doc-url";
 import { EnvVar } from "./environment";
 import { getRef } from "./git-utils";
@@ -36,13 +35,11 @@ import {
 } from "./util";
 
 export enum ActionName {
-  Analyze = "finish",
   Autobuild = "autobuild",
+  Analyze = "finish",
   Init = "init",
   InitPost = "init-post",
   ResolveEnvironment = "resolve-environment",
-  SetupCodeQL = "setup-codeql",
-  StartProxy = "start-proxy",
   UploadSarif = "upload-sarif",
 }
 
@@ -261,7 +258,7 @@ export async function createStatusReportBase(
   actionName: ActionName,
   status: ActionStatus,
   actionStartedAt: Date,
-  config: Partial<Config> | undefined,
+  config: Config | undefined,
   diskInfo: DiskUsage | undefined,
   logger: Logger,
   cause?: string,
@@ -300,7 +297,7 @@ export async function createStatusReportBase(
       action_ref: actionRef,
       action_started_at: actionStartedAt.toISOString(),
       action_version: getActionVersion(),
-      analysis_kinds: config?.analysisKinds?.join(","),
+      analysis_kinds: config?.analysisKinds.join(","),
       analysis_key,
       build_mode: config?.buildMode,
       commit_oid: commitOid,
@@ -325,7 +322,7 @@ export async function createStatusReportBase(
     }
 
     if (config) {
-      statusReport.languages = config.languages?.join(",");
+      statusReport.languages = config.languages.join(",");
     }
 
     if (diskInfo) {
@@ -376,12 +373,6 @@ export async function createStatusReportBase(
     logger.warning(
       `Caught an exception while gathering information for telemetry: ${e}. Will skip sending status report.`,
     );
-
-    // Re-throw the exception in test mode. While testing, we want to know if something goes wrong here.
-    if (isInTestMode()) {
-      throw e;
-    }
-
     return undefined;
   }
 }
@@ -506,8 +497,6 @@ export interface InitWithConfigStatusReport extends InitStatusReport {
   overlay_base_database_download_size_bytes?: number;
   /** Time taken to download the overlay-base database, in milliseconds. */
   overlay_base_database_download_duration_ms?: number;
-  /** Stringified JSON object representing information about the results of restoring dependency caches. */
-  dependency_caching_restore_results?: DependencyCacheRestoreStatusReport;
   /** Stringified JSON array of registry configuration objects, from the 'registries' config field
   or workflow input. **/
   registries: string;
@@ -517,16 +506,6 @@ export interface InitWithConfigStatusReport extends InitStatusReport {
   config_file: string;
 }
 
-/** Fields of the init status report populated when the tools source is `download`. */
-export interface InitToolsDownloadFields {
-  /** Time taken to download the bundle, in milliseconds. */
-  tools_download_duration_ms?: number;
-  /**
-   * Whether the relevant tools dotcom feature flags have been misconfigured.
-   * Only populated if we attempt to determine the default version based on the dotcom feature flags. */
-  tools_feature_flags_valid?: boolean;
-}
-
 /**
  * Composes a `InitWithConfigStatusReport` from the given values.
  *
@@ -543,7 +522,6 @@ export async function createInitWithConfigStatusReport(
   configFile: string | undefined,
   totalCacheSize: number,
   overlayBaseDatabaseStats: OverlayBaseDatabaseDownloadStats | undefined,
-  dependencyCachingResults: DependencyCacheRestoreStatusReport | undefined,
 ): Promise<InitWithConfigStatusReport> {
   const languages = config.languages.join(",");
   const paths = (config.originalUserInput.paths || []).join(",");
@@ -592,7 +570,6 @@ export async function createInitWithConfigStatusReport(
       overlayBaseDatabaseStats?.databaseSizeBytes,
     overlay_base_database_download_duration_ms:
       overlayBaseDatabaseStats?.databaseDownloadDurationMs,
-    dependency_caching_restore_results: dependencyCachingResults,
     query_filters: JSON.stringify(
       config.originalUserInput["query-filters"] ?? [],
     ),