Merge pull request #1214 from github/update-v1.1.21-c7f292ea4

Merge releases/v2 into releases/v1

.github/check-codescanning-config/action.yml

@@ -0,0 +1,60 @@
+name: Check Code-Scanning Config
+description: |
+    Checks the code scanning configuration file generated by the
+    action to ensure it contains the expected contents
+inputs:
+  languages:
+    required: false
+    description: The languages field passed to the init action.
+
+  packs:
+    required: false
+    description: The packs field passed to the init action.
+
+  queries:
+    required: false
+    description: The queries field passed to the init action.
+
+  config-file-test:
+    required: false
+    description: |
+      The location of the config file to use. If empty,
+      then no config file is used.
+
+  expected-config-file-contents:
+    required: true
+    description: |
+      A JSON string containing the exact contents of the config file.
+
+  tools:
+    required: true
+    description: |
+      The url of codeql to use.
+
+runs:
+  using: composite
+  steps:
+    - uses: ./../action/init
+      with:
+        languages: ${{ inputs.languages }}
+        config-file: ${{ inputs.config-file-test }}
+        queries: ${{ inputs.queries }}
+        packs: ${{ inputs.packs }}
+        tools: ${{ inputs.tools }}
+        db-location: ${{ runner.temp }}/codescanning-config-cli-test
+
+    - name: Install dependencies
+      shell: bash
+      run: npm install --location=global ts-node js-yaml
+
+    - name: Check config
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '${{ inputs.expected-config-file-contents }}'
+
+    - name: Clean up
+      shell: bash
+      if: always()
+      run: |
+        rm -rf ${{ runner.temp }}/codescanning-config-cli-test
+        rm -rf ${{ runner.temp }}/user-config.yaml

.github/check-codescanning-config/index.ts

@@ -0,0 +1,39 @@
+
+import * as core from '@actions/core'
+import * as yaml from 'js-yaml'
+import * as fs from 'fs'
+import * as assert from 'assert'
+
+const actualConfig = loadActualConfig()
+
+const rawExpectedConfig = process.argv[3].trim()
+if (!rawExpectedConfig) {
+  core.info('No expected configuration provided')
+} else {
+  core.startGroup('Expected generated user config')
+  core.info(yaml.dump(JSON.parse(rawExpectedConfig)))
+  core.endGroup()
+}
+
+const expectedConfig = rawExpectedConfig ? JSON.parse(rawExpectedConfig) : undefined;
+
+assert.deepStrictEqual(
+  actualConfig,
+  expectedConfig,
+  'Expected configuration does not match actual configuration'
+);
+
+
+function loadActualConfig() {
+  if (!fs.existsSync(process.argv[2])) {
+    core.info('No configuration file found')
+    return undefined
+  } else {
+    const rawActualConfig = fs.readFileSync(process.argv[2], 'utf8')
+    core.startGroup('Actual generated user config')
+    core.info(rawActualConfig)
+    core.endGroup()
+
+    return yaml.load(rawActualConfig)
+  }
+}

.github/query-filter-test/action.yml

@@ -1,5 +1,5 @@
 name: Query Filter Test
-description: Runs a test of query filters using the check sarif action
+description: Runs a test of query filters using the check SARIF action
 inputs:
   sarif-file:
     required: true
@@ -34,6 +34,8 @@ runs:
         config-file: ${{ inputs.config-file }}
         tools: ${{ inputs.tools }}
         db-location: ${{ runner.temp }}/query-filter-test
+      env:
+        TEST_MODE: "true"
     - uses: ./../action/analyze
       with:
         output: ${{ runner.temp }}/results
@@ -49,4 +51,4 @@ runs:
         queries-not-run: ${{ inputs.queries-not-run}}
     - name: Cleanup after test
       shell: bash
-      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"
+      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP/query-filter-test"

.github/update-release-branch.py

@@ -88,6 +88,7 @@ def open_pr(
   body.append('')
   body.append('Please review the following:')
   if len(conflicted_files) > 0:
+    body.append(' - [ ] The `package.json` file contains the correct version.')
     body.append(' - [ ] You have added commits to this branch that resolve the merge conflicts ' +
       'in the following files:')
     body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
@@ -296,15 +297,15 @@ def main():
 
     # Migrate the package version number from a v2 version number to a v1 version number
     print(f'Setting version number to {version}')
-    subprocess.run(['npm', 'version', version, '--no-git-tag-version'])
+    subprocess.check_output(['npm', 'version', version, '--no-git-tag-version'])
     run_git('add', 'package.json', 'package-lock.json')
 
     # Migrate the changelog notes from v2 version numbers to v1 version numbers
     print('Migrating changelog notes from v2 to v1')
-    subprocess.run(['sed', '-i', 's/^## 2\./## 1./g', 'CHANGELOG.md'])
+    subprocess.check_output(['sed', '-i', 's/^## 2\./## 1./g', 'CHANGELOG.md'])
 
     # Remove changelog notes from v2 that don't apply to v1
-    subprocess.run(['sed', '-i', '/^- \[v2+ only\]/d', 'CHANGELOG.md'])
+    subprocess.check_output(['sed', '-i', '/^- \[v2+ only\]/d', 'CHANGELOG.md'])
 
     # Amend the commit generated by `npm version` to update the CHANGELOG
     run_git('add', 'CHANGELOG.md')

.github/workflows/__analyze-ref-input.yml

@@ -82,6 +82,8 @@ jobs:
         languages: cpp,csharp,java,javascript,python
         config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
           github.sha }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__autobuild-action.yml

@@ -0,0 +1,74 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - autobuild-action
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  autobuild-action:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+    name: autobuild-action
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        languages: csharp
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
+    - uses: ./../action/autobuild
+      env:
+      # Explicitly disable the CLR tracer.
+        COR_ENABLE_PROFILING: ''
+        COR_PROFILER: ''
+        COR_PROFILER_PATH_64: ''
+        CORECLR_ENABLE_PROFILING: ''
+        CORECLR_PROFILER: ''
+        CORECLR_PROFILER_PATH_64: ''
+    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
+    - name: Check database
+      shell: bash
+      run: |
+        cd "$RUNNER_TEMP/codeql_databases"
+        if [[ ! -d csharp ]]; then
+          echo "Did not find a C# database"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__debug-artifacts.yml

@@ -1,96 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
-# to regenerate this file.
-
-name: PR Check - Debug artifact upload
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-    - main
-    - releases/v1
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  debug-artifacts:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: stable-20210308
-        - os: macos-latest
-          version: stable-20210308
-        - os: ubuntu-latest
-          version: stable-20210319
-        - os: macos-latest
-          version: stable-20210319
-        - os: ubuntu-latest
-          version: stable-20210809
-        - os: macos-latest
-          version: stable-20210809
-        - os: ubuntu-latest
-          version: cached
-        - os: macos-latest
-          version: cached
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
-    name: Debug artifact upload
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: ${{ matrix.version }}
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        debug: true
-        debug-artifact-name: my-debug-artifacts
-        debug-database-name: my-db
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-    - uses: ./../action/analyze
-      id: analysis
-    - uses: actions/download-artifact@v3
-      with:
-        name: my-debug-artifacts-${{ matrix.os }}-${{ matrix.version }}
-    - shell: bash
-      run: |
-        LANGUAGES="cpp csharp go java javascript python"
-        for language in $LANGUAGES; do
-          echo "Checking $language"
-          if [[ ! -f "$language.sarif" ]] ; then
-            echo "Missing a SARIF file for $language"
-            exit 1
-          fi
-          if [[ ! -f "my-db-$language.zip" ]] ; then
-            echo "Missing a database bundle for $language"
-            exit 1
-          fi
-          if [[ ! -d "$language/log" ]] ; then
-            echo "Missing logs for $language"
-            exit 1
-          fi
-        done
-    env:
-      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__extractor-ram-threads.yml

@@ -43,6 +43,8 @@ jobs:
         languages: java
         ram: 230
         threads: 1
+      env:
+        TEST_MODE: true
     - name: Assert Results
       shell: bash
       run: |

.github/workflows/__go-custom-queries.yml

@@ -84,6 +84,8 @@ jobs:
         languages: go
         config-file: ./.github/codeql/custom-queries.yml
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__go-custom-tracing-autobuild.yml

@@ -67,6 +67,8 @@ jobs:
       with:
         languages: go
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/autobuild
     - uses: ./../action/analyze
       env:
@@ -79,5 +81,6 @@ jobs:
           exit 1
         fi
     env:
-      CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'true'
+      CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
+      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
       INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__go-custom-tracing.yml

@@ -83,6 +83,8 @@ jobs:
       with:
         languages: go
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: go build main.go
@@ -90,5 +92,5 @@ jobs:
       env:
         TEST_MODE: true
     env:
-      CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'true'
+      CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
       INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__javascript-source-root.yml

@@ -52,6 +52,8 @@ jobs:
         languages: javascript
         source-root: ../new-source-root
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/analyze
       with:
         skip-queries: true

.github/workflows/__ml-powered-queries.yml

@@ -66,6 +66,8 @@ jobs:
         queries: security-extended
         source-root: ./../action/tests/ml-powered-queries-repo
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
 
     - uses: ./../action/analyze
       with:
@@ -81,6 +83,15 @@ jobs:
         path: ${{ runner.temp }}/results/javascript.sarif
         retention-days: 7
 
+    - name: Check sarif
+      uses: ./../action/.github/check-sarif
+      if: matrix.os != 'windows-latest' || matrix.version == 'latest' || matrix.version
+        == 'nightly-latest'
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
+        queries-not-run: foo,bar
+
     - name: Check results
     # Running ML-powered queries on Windows requires CodeQL CLI 2.9.0+. We don't run these checks
     # against Windows and `cached` while CodeQL CLI 2.9.0 makes its way into `cached` to avoid the

.github/workflows/__multi-language-autodetect.yml

@@ -64,6 +64,8 @@ jobs:
       with:
         db-location: ${{ runner.temp }}/customDbLocation
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -0,0 +1,102 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: 'PR Check - Packaging: Config and input passed to the CLI'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  packaging-codescanning-config-inputs-js:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
+    name: 'Packaging: Config and input passed to the CLI'
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        config-file: .github/codeql/codeql-config-packaging3.yml
+        packs: +dsp-testing/codeql-pack1@1.0.0
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
+    - name: Build code
+      shell: bash
+      run: ./build.sh
+    - uses: ./../action/analyze
+      with:
+        output: ${{ runner.temp }}/results
+      env:
+        TEST_MODE: true
+
+    - name: Check results
+      uses: ./../action/.github/check-sarif
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-not-run: foo,bar
+
+    - name: Assert Results
+      shell: bash
+      run: |
+        cd "$RUNNER_TEMP/results"
+        # We should have 4 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
+
+        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
+        echo "Found matching rules '$RULES'"
+        if [ "$RULES" != "$EXPECTED_RULES" ]; then
+          echo "Did not match expected rules '$EXPECTED_RULES'."
+          exit 1
+        fi
+    env:
+      CODEQL_PASS_CONFIG_TO_CLI: true
+
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__packaging-config-inputs-js.yml

@@ -64,6 +64,8 @@ jobs:
         packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -72,6 +74,14 @@ jobs:
         output: ${{ runner.temp }}/results
       env:
         TEST_MODE: true
+
+    - name: Check results
+      uses: ./../action/.github/check-sarif
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-not-run: foo,bar
+
     - name: Assert Results
       shell: bash
       run: |

.github/workflows/__packaging-config-js.yml

@@ -63,6 +63,8 @@ jobs:
         config-file: .github/codeql/codeql-config-packaging.yml
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -71,6 +73,14 @@ jobs:
         output: ${{ runner.temp }}/results
       env:
         TEST_MODE: true
+
+    - name: Check results
+      uses: ./../action/.github/check-sarif
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-not-run: foo,bar
+
     - name: Assert Results
       shell: bash
       run: |

.github/workflows/__packaging-inputs-js.yml

@@ -64,6 +64,8 @@ jobs:
         languages: javascript
         packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -72,6 +74,14 @@ jobs:
         output: ${{ runner.temp }}/results
       env:
         TEST_MODE: true
+
+    - name: Check results
+      uses: ./../action/.github/check-sarif
+      with:
+        sarif-file: ${{ runner.temp }}/results/javascript.sarif
+        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+        queries-not-run: foo,bar
+
     - name: Assert Results
       shell: bash
       run: |

.github/workflows/__remote-config.yml

@@ -82,6 +82,8 @@ jobs:
         languages: cpp,csharp,java,javascript,python
         config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
           github.sha }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__split-workflow.yml

@@ -54,6 +54,8 @@ jobs:
         packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -63,6 +65,7 @@ jobs:
         output: ${{ runner.temp }}/results
       env:
         TEST_MODE: true
+
     - name: Assert No Results
       shell: bash
       run: |

.github/workflows/__test-autobuild-working-dir.yml

@@ -49,6 +49,8 @@ jobs:
       with:
         languages: java
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/autobuild
       with:
         working-directory: autobuild-dir

.github/workflows/__test-local-codeql.yml

@@ -47,6 +47,8 @@ jobs:
     - uses: ./../action/init
       with:
         tools: ./codeql-bundle.tar.gz
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__test-proxy.yml

@@ -42,6 +42,8 @@ jobs:
       with:
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/analyze
       env:
         TEST_MODE: true

.github/workflows/__test-ruby.yml

@@ -52,6 +52,8 @@ jobs:
       with:
         languages: ruby
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/analyze
       id: analysis
       env:

.github/workflows/__unset-environment.yml

@@ -52,6 +52,8 @@ jobs:
       with:
         db-location: ${{ runner.temp }}/customDbLocation
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: env -i PATH="$PATH" HOME="$HOME" ./build.sh

.github/workflows/__upload-ref-sha-input.yml

@@ -82,6 +82,8 @@ jobs:
         languages: cpp,csharp,java,javascript,python
         config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
           github.sha }}
+      env:
+        TEST_MODE: true
     - name: Build code
       shell: bash
       run: ./build.sh

.github/workflows/__with-checkout-path.yml

@@ -87,6 +87,8 @@ jobs:
         languages: csharp,javascript
         source-path: x/y/z/some-path/tests/multi-language-repo
         debug: true
+      env:
+        TEST_MODE: true
     - name: Build code (non-windows)
       shell: bash
       if: ${{ runner.os != 'Windows' }}

.github/workflows/check-for-conflicts.yml

@@ -1,31 +0,0 @@
-# Checks for any conflict markers created by git. This check is primarily intended to validate that
-# any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.
-name: Check for conflicts
-
-on:
-  pull_request:
-    branches: [main, releases/v1, releases/v2]
-    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
-    # by other workflows.
-    types: [opened, synchronize, reopened, ready_for_review]
-
-jobs:
-  check-for-conflicts:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Check for conflicts
-        run: |
-          # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want
-          # this to fail the workflow.
-          FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \
-            '^(<<<<<<<|>>>>>>>)' . || true)
-          if [[ "${FILES_WITH_CONFLICTS}" ]]; then
-            echo "Fail: Found merge conflict markers in the following files:"
-            echo ""
-            echo "${FILES_WITH_CONFLICTS}"
-            exit 1
-          else
-            echo "Success: Found no merge conflict markers."
-          fi

.github/workflows/codescanning-config-cli.yml

@@ -0,0 +1,220 @@
+# Tests that the generated code scanning config file contains the expected contents
+
+name: Code-Scanning config CLI tests
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CODEQL_PASS_CONFIG_TO_CLI: true
+
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+
+jobs:
+  code-scanning-config-tests:
+    continue-on-error: true
+
+    strategy:
+      fail-fast: true
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+
+    # Code-Scanning config not created because environment variable is not set
+    name: Code Scanning Configuration tests
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+
+    - name: Empty file
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: "{}"
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Packs from input
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Packs from input with +
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries from input
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }]
+          }
+        languages: javascript
+        queries: ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries from input with +
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }]
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from input with +
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
+            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }],
+            "packs": {
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            }
+          }
+        languages: javascript
+        config-file-test: .github/codeql/queries-and-packs-config.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config overriden by input
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
+            "packs": ["codeql/javascript-queries"]
+          }
+        languages: javascript
+        queries: ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: codeql/javascript-queries
+        config-file-test: .github/codeql/queries-and-packs-config.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config merging with input
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [
+              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" },
+              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }
+            ],
+            "packs": {
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
+            }
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: + codeql/javascript-queries
+        config-file-test: .github/codeql/queries-and-packs-config.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Multi-language packs from config
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": {
+              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ],
+              "ruby": ["codeql/ruby-queries"]
+            },
+            "queries": [
+              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }
+            ]
+          }
+        languages: javascript,ruby
+        config-file-test: .github/codeql/multi-language-packs-config.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Other config properties
+      if: success() || failure()
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "name": "Config using all properties",
+            "packs": ["codeql/javascript-queries" ],
+            "disable-default-queries": true,
+            "paths-ignore": ["xxx"],
+            "paths": ["yyy"]
+          }
+        languages: javascript
+        packs: + codeql/javascript-queries
+        config-file-test: .github/codeql/other-config-properties.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Config not generated when env var is not set
+      if: success() || failure()
+      env:
+        CODEQL_PASS_CONFIG_TO_CLI: false
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: ""
+        languages: javascript
+        packs: + codeql/javascript-queries
+        config-file-test: .github/codeql/other-config-properties.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/debug-artifacts-failure.yml

@@ -0,0 +1,90 @@
+# Checks logs, SARIF, and database bundle debug artifacts exist
+# when the analyze step fails.
+name: PR Check - Debug artifacts after failure
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  upload-artifacts:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    name: Upload debug artifacts after failure in analyze
+    continue-on-error: true
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Dump GitHub event
+        run: cat "${GITHUB_EVENT_PATH}"
+      - name: Check out repository
+        uses: actions/checkout@v3
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/prepare-test
+        with:
+          version: latest
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          debug: true
+          debug-artifact-name: my-debug-artifacts
+          debug-database-name: my-db
+        env:
+          TEST_MODE: true
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        id: analysis  
+        with:
+          expect-error: true
+          ram: 1
+        env:
+          TEST_MODE: true
+  download-and-check-artifacts:
+    name: Download and check debug artifacts after failure in analyze
+    needs: upload-artifacts
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v3
+      - name: Check expected artifacts exist
+        shell: bash
+        run: |
+          OPERATING_SYSTEMS="ubuntu-latest macos-latest"
+          LANGUAGES="cpp csharp go java javascript python"
+          for os in $OPERATING_SYSTEMS; do
+            pushd "./my-debug-artifacts-$os"
+            echo "Artifacts from run on $os:"
+            for language in $LANGUAGES; do
+              echo "- Checking $language"
+              if [[ ! -f "my-db-$language-partial.zip" ]] ; then
+                echo "Missing a partial database bundle for $language"
+                exit 1
+              fi
+              if [[ ! -d "log" ]] ; then
+                echo "Missing database initialization logs"
+                exit 1
+              fi
+              if [[ ! -d "$language/log" ]] ; then
+                echo "Missing logs for $language"
+                exit 1
+              fi
+            done
+            popd
+          done
+        env:
+          INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/debug-artifacts.yml

@@ -0,0 +1,87 @@
+# Checks logs, SARIF, and database bundle debug artifacts exist.
+name: PR Check - Debug artifact upload
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  upload-artifacts:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+        version: [stable-20210308, stable-20210319, stable-20210809, cached, latest, nightly-latest]
+    name: Upload debug artifacts
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v3
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/prepare-test
+        with:
+          version: ${{ matrix.version }}
+      - uses: ./../action/init
+        with:
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          debug: true
+          debug-artifact-name: my-debug-artifacts
+          debug-database-name: my-db
+        env:
+          TEST_MODE: true
+      - name: Build code
+        shell: bash
+        run: ./build.sh
+      - uses: ./../action/analyze
+        id: analysis  
+        env:
+          TEST_MODE: true
+  download-and-check-artifacts:
+    name: Download and check debug artifacts
+    needs: upload-artifacts
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v3
+      - name: Check expected artifacts exist
+        shell: bash
+        run: |
+          OPERATING_SYSTEMS="ubuntu-latest macos-latest"
+          VERSIONS="stable-20210308 stable-20210319 stable-20210809 cached latest nightly-latest"
+          LANGUAGES="cpp csharp go java javascript python"
+          for os in $OPERATING_SYSTEMS; do
+            for version in $VERSIONS; do
+              pushd "./my-debug-artifacts-$os-$version"
+              echo "Artifacts from version $version on $os:"
+              for language in $LANGUAGES; do
+                echo "- Checking $language"
+                if [[ ! -f "$language.sarif" ]] ; then
+                  echo "Missing a SARIF file for $language"
+                  exit 1
+                fi
+                if [[ ! -f "my-db-$language.zip" ]] ; then
+                  echo "Missing a database bundle for $language"
+                  exit 1
+                fi
+                if [[ ! -d "$language/log" ]] ; then
+                  echo "Missing logs for $language"
+                  exit 1
+                fi
+              done
+              popd
+            done
+          done
+        env:
+          INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/expected-queries-runs.yml

@@ -1,6 +1,4 @@
-name: Expected queries runs
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+name: Check queries that ran
 
 on:
   push:
@@ -33,6 +31,8 @@ jobs:
       with:
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+      env:
+        TEST_MODE: true
     - uses: ./../action/analyze
       with:
         output: ${{ runner.temp }}/results

.github/workflows/pr-checks.yml

@@ -1,4 +1,4 @@
-name: PR Checks (Basic Checks and Runner)
+name: PR Checks
 
 on:
   push:
@@ -10,17 +10,8 @@ on:
   workflow_dispatch:
 
 jobs:
-  lint-js:
-    name: Lint
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Run Lint
-        run: npm run-script lint
-
   check-js:
+    name: Check JS
     runs-on: ubuntu-latest
     timeout-minutes: 45
 
@@ -30,7 +21,11 @@ jobs:
         node-types-version: [12.12, current]
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Lint
+        run: npm run-script lint
 
       - name: Update version of @types/node
         if: matrix.node-types-version != 'current'
@@ -67,21 +62,43 @@ jobs:
       - name: Check node modules up to date
         run: .github/workflows/script/check-node-modules.sh
 
-  verify-pr-checks:
-    name: Verify PR checks up to date
+  check-file-contents:
+    name: Check file contents
     runs-on: ubuntu-latest
     timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      # Checks for any conflict markers created by git. This check is primarily intended to validate that
+      # any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.
+      - name: Check for merge conflicts
+        run: |
+          # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want
+          # this to fail the workflow.
+          FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \
+            '^(<<<<<<<|>>>>>>>)' . || true)
+          if [[ "${FILES_WITH_CONFLICTS}" ]]; then
+            echo "Fail: Found merge conflict markers in the following files:"
+            echo ""
+            echo "${FILES_WITH_CONFLICTS}"
+            exit 1
+          else
+            echo "Success: Found no merge conflict markers."
+          fi
+
       - name: Set up Python
         uses: actions/setup-python@v3
         with:
           python-version: 3.8
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install ruamel.yaml
+
+      # Ensure the generated PR check workflows are up to date.
       - name: Verify PR checks up to date
         run: .github/workflows/script/verify-pr-checks.sh
 
@@ -90,393 +107,15 @@ jobs:
     needs: [check-js, check-node-modules]
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: [ubuntu-latest, macos-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     timeout-minutes: 45
 
     steps:
       - uses: actions/checkout@v3
-      - name: npm run-script test
-        run: npm run-script test
-
-  runner-analyze-javascript-ubuntu:
-    name: Runner ubuntu JS analyze
-    needs: [check-js, check-node-modules]
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build runner
+      - name: npm test
         run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          # Pass --config-file here, but not for other jobs in this workflow.
-          # This means we're testing the config file parsing in the runner
-          # but not slowing down all jobs unnecessarily as it doesn't add much
-          # testing the parsing on different operating systems and languages.
-          runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Run analyze
-        run: |
-          runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-javascript-windows:
-    name: Runner windows JS analyze
-    needs: [check-js, check-node-modules]
-    timeout-minutes: 45
-    runs-on: windows-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Run analyze
-        run: |
-          runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-javascript-macos:
-    name: Runner macos JS analyze
-    needs: [check-js, check-node-modules]
-    timeout-minutes: 45
-    runs-on: macos-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Run analyze
-        run: |
-          runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-ubuntu:
-    name: Runner ubuntu C# analyze
-    needs: [check-js, check-node-modules]
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        run: |
-          . ./codeql-runner/codeql-env.sh
-          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-windows:
-    name: Runner windows C# analyze
-    needs: [check-js, check-node-modules]
-    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
-    # `windows-latest`.
-    timeout-minutes: 45
-    runs-on: windows-2019
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        shell: powershell
-        run: |
-          cat ./codeql-runner/codeql-env.sh | Invoke-Expression
-          $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this
-          & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
-
-      - name: Upload tracer logs
-        uses: actions/upload-artifact@v3
-        with:
-          name: tracer-logs
-          path: ./codeql-runner/compound-build-tracer.log
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-macos:
-    name: Runner macos C# analyze
-    timeout-minutes: 45
-    needs: [check-js, check-node-modules]
-    runs-on: macos-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        shell: bash
-        run: |
-          . ./codeql-runner/codeql-env.sh
-          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-autobuild-ubuntu:
-    name: Runner ubuntu autobuild C# analyze
-    timeout-minutes: 45
-    needs: [check-js, check-node-modules]
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        run: |
-          ../action/runner/dist/codeql-runner-linux autobuild
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-autobuild-windows:
-    timeout-minutes: 45
-    name: Runner windows autobuild C# analyze
-    needs: [check-js, check-node-modules]
-    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
-    # `windows-latest`.
-    runs-on: windows-2019
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        shell: powershell
-        run: |
-          ../action/runner/dist/codeql-runner-win.exe autobuild
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-analyze-csharp-autobuild-macos:
-    name: Runner macos autobuild C# analyze
-    needs: [check-js, check-node-modules]
-    runs-on: macos-latest
-    timeout-minutes: 45
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Move codeql-action
-        shell: bash
-        run: |
-          mkdir ../action
-          mv * .github ../action/
-          mv ../action/tests/multi-language-repo/{*,.github} .
-          mv ../action/.github/workflows .github
-
-      - name: Build runner
-        run: |
-          cd ../action/runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Build code
-        shell: bash
-        run: |
-          ../action/runner/dist/codeql-runner-macos autobuild
-
-      - name: Run analyze
-        run: |
-          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-        env:
-          TEST_MODE: true
-
-  runner-upload-sarif:
-    name: Runner upload sarif
-    needs: [check-js, check-node-modules]
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-
-    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - name: Upload with runner
-        run: |
-          # Deliberately don't use TEST_MODE here. This is specifically testing
-          # the compatibility with the API.
-          runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-  runner-extractor-ram-threads-options:
-    name: Runner ubuntu extractor RAM and threads options
-    needs: [check-js, check-node-modules]
-    runs-on: ubuntu-latest
-    timeout-minutes: 45
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - name: Run init
-        run: |
-          runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
-
-      - name: Assert Results
-        shell: bash
-        run: |
-          . ./codeql-runner/codeql-env.sh
-          if [ "${CODEQL_RAM}" != "230" ]; then
-            echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
-            exit 1
-          fi
-          if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
-            echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
-            exit 1
-          fi
-          if [ "${CODEQL_THREADS}" != "1" ]; then
-            echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
-            exit 1
-          fi
-          if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
-            echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
-            exit 1
-          fi
+          # Run any commands referenced in package.json using Bash, otherwise
+          # we won't be able to find them on Windows.
+          npm config set script-shell bash
+          npm test

.github/workflows/python-deps.yml

@@ -7,6 +7,17 @@ on:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
+    paths:
+      # Changes to this workflow.
+      - '.github/workflows/python-deps.yml'
+      # Changes to the Python package installation scripts and their tests.
+      - 'python-setup/**'
+      # Changes to the default CodeQL bundle version.
+      - '**/defaults.json'
+  schedule:
+    # Weekly on Monday.
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
 
 jobs:
   test-setup-python-scripts:
@@ -18,6 +29,14 @@ jobs:
           os: [ubuntu-latest, macos-latest]
           python_deps_type: [pipenv, poetry, requirements, setup_py]
           python_version: [2, 3]
+          exclude:
+            # Python2 and poetry are not supported. See https://github.com/actions/setup-python/issues/374
+            - python_version: 2
+              python_deps_type: poetry
+            # Python2 and pipenv are not supported since pipenv v2021.11.5
+            - python_version: 2
+              python_deps_type: pipenv
+
 
     env:
       PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
@@ -115,6 +134,13 @@ jobs:
         matrix:
           python_deps_type: [pipenv, poetry, requirements, setup_py]
           python_version: [2, 3]
+          exclude:
+            # Python2 and poetry are not supported. See https://github.com/actions/setup-python/issues/374
+            - python_version: 2
+              python_deps_type: poetry
+            # Python2 and pipenv are not supported since pipenv v2021.11.5
+            - python_version: 2
+              python_deps_type: pipenv
 
     env:
       PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
@@ -134,6 +160,8 @@ jobs:
         tools: latest
         languages: python
         setup-python-dependencies: false
+      env:
+        TEST_MODE: true
 
     - name: Test Auto Package Installation
       run: |

.github/workflows/query-filters.yml

@@ -0,0 +1,56 @@
+name: Query filters tests
+
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+
+jobs:
+  query-filters:
+    name: Query Filters Tests
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: latest
+
+    - name: Check SARIF for default queries with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip
+        queries-not-run: js/path-injection
+        config-file: ./.github/codeql/codeql-config-query-filters1.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Check SARIF for query packs with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip,javascript/example/empty-or-one-block
+        queries-not-run: js/path-injection
+        config-file: ./.github/codeql/codeql-config-query-filters2.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Check SARIF for query packs and local queries with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
+        queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
+        config-file: ./.github/codeql/codeql-config-query-filters3.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/runner-checks.yml

@@ -0,0 +1,413 @@
+name: CodeQL Runner Checks
+
+on:
+  push:
+    branches: [main, releases/v1, releases/v2]
+  pull_request:
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
+  workflow_dispatch:
+
+jobs:
+  runner-analyze-javascript-ubuntu:
+    name: Runner ubuntu JS analyze
+
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          # Pass --config-file here, but not for other jobs in this workflow.
+          # This means we're testing the config file parsing in the runner
+          # but not slowing down all jobs unnecessarily as it doesn't add much
+          # testing the parsing on different operating systems and languages.
+          runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-javascript-windows:
+    name: Runner windows JS analyze
+    timeout-minutes: 45
+    runs-on: windows-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-javascript-macos:
+    name: Runner macos JS analyze
+    timeout-minutes: 45
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Run analyze
+        run: |
+          runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-ubuntu:
+    name: Runner ubuntu C# analyze
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-windows:
+    name: Runner windows C# analyze
+
+    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
+    # `windows-latest`.
+    timeout-minutes: 45
+    runs-on: windows-2019
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: powershell
+        run: |
+          cat ./codeql-runner/codeql-env.sh | Invoke-Expression
+          $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this
+          & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Upload tracer logs
+        uses: actions/upload-artifact@v3
+        with:
+          name: tracer-logs
+          path: ./codeql-runner/compound-build-tracer.log
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-macos:
+    name: Runner macos C# analyze
+    timeout-minutes: 45
+
+    runs-on: macos-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: bash
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-ubuntu:
+    name: Runner ubuntu autobuild C# analyze
+    timeout-minutes: 45
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        run: |
+          ../action/runner/dist/codeql-runner-linux autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-windows:
+    timeout-minutes: 45
+    name: Runner windows autobuild C# analyze
+
+    # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
+    # `windows-latest`.
+    runs-on: windows-2019
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: powershell
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-macos:
+    name: Runner macos autobuild C# analyze
+
+    runs-on: macos-latest
+    timeout-minutes: 45
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Move codeql-action
+        shell: bash
+        run: |
+          mkdir ../action
+          mv * .github ../action/
+          mv ../action/tests/multi-language-repo/{*,.github} .
+          mv ../action/.github/workflows .github
+
+      - name: Build runner
+        run: |
+          cd ../action/runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Build code
+        shell: bash
+        run: |
+          . codeql-runner/codeql-env.sh
+          CODEQL_RUNNER="$(cat codeql-runner/codeql-env.json | jq -r '.CODEQL_RUNNER')"
+          echo "$CODEQL_RUNNER"
+          $CODEQL_RUNNER ../action/runner/dist/codeql-runner-macos autobuild
+
+      - name: Run analyze
+        run: |
+          ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+  runner-upload-sarif:
+    name: Runner upload sarif
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Upload with runner
+        run: |
+          # Deliberately don't use TEST_MODE here. This is specifically testing
+          # the compatibility with the API.
+          runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+  runner-extractor-ram-threads-options:
+    name: Runner ubuntu extractor RAM and threads options
+
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - name: Run init
+        run: |
+          runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+        env:
+          TEST_MODE: true
+
+      - name: Assert Results
+        shell: bash
+        run: |
+          . ./codeql-runner/codeql-env.sh
+          if [ "${CODEQL_RAM}" != "230" ]; then
+            echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
+            exit 1
+          fi
+          if [ "${CODEQL_THREADS}" != "1" ]; then
+            echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
+            exit 1
+          fi
+          if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
+            echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
+            exit 1
+          fi

.github/workflows/script/check-js.sh

@@ -14,8 +14,8 @@ npm run-script build
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then
     # If we get a fail here then the PR needs attention
-    >&2 echo "Failed: JavaScript files are not up to date. Run 'npm run-script build' to update"
+    >&2 echo "Failed: JavaScript files are not up to date. Run 'rm -rf lib && npm run-script build' to update"
     git status
     exit 1
 fi
-echo "Success: JavaScript files are up to date"
+echo "Success: JavaScript files are up to date"

.github/workflows/script/update-required-checks.sh

@@ -2,17 +2,19 @@
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 
-if [ -z "$GITHUB_TOKEN" ]; then
-  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
+if ! gh auth status 2>/dev/null; then
+  gh auth status
+  echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
   exit 1
 fi
 
 if [ "$#" -eq 1 ]; then
-  # If we were passed an argument, pass it as a query to fzf
-  GITHUB_SHA="$@"
+  # If we were passed an argument, use that as the SHA
+  GITHUB_SHA="$0"
 elif [ "$#" -gt 1 ]; then
   echo "Usage: $0 [SHA]"
   echo "Update the required checks based on the SHA, or main."
+  exit 1
 elif [ -z "$GITHUB_SHA" ]; then
   # If we don't have a SHA, use main
   GITHUB_SHA="$(git rev-parse main)"
@@ -21,7 +23,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

CHANGELOG.md

@@ -1,5 +1,40 @@
 # CodeQL Action Changelog
 
+## 1.1.21 - 25 Aug 2022
+
+- Improve error messages when the code scanning configuration file includes an invalid `queries` block or an invalid `query-filters` block. [#1208](https://github.com/github/codeql-action/pull/1208)
+- Fix a bug where Go build tracing could fail on Windows. [#1209](https://github.com/github/codeql-action/pull/1209)
+
+## 1.1.20 - 22 Aug 2022
+
+No user facing changes.
+
+## 1.1.19 - 17 Aug 2022
+
+- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
+- In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. [#1159](https://github.com/github/codeql-action/pull/1159)
+- Update default CodeQL bundle version to 2.10.3. [#1178](https://github.com/github/codeql-action/pull/1178)
+- The combination of python2 and Pipenv is no longer supported. [#1181](https://github.com/github/codeql-action/pull/1181)
+
+## 1.1.18 - 03 Aug 2022
+
+- Update default CodeQL bundle version to 2.10.2.  [#1156](https://github.com/github/codeql-action/pull/1156)
+
+## 1.1.17 - 28 Jul 2022
+
+- Update default CodeQL bundle version to 2.10.1.  [#1143](https://github.com/github/codeql-action/pull/1143)
+
+## 1.1.16 - 13 Jul 2022
+
+- You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. [#1132](https://github.com/github/codeql-action/pull/1132)
+- You can now see diagnostic messages produced by the analysis in the logs of the `analyze` Action by enabling debug mode. To enable debug mode, pass `debug: true` to the `init` Action, or [enable step debug logging](https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging). This feature is available for CodeQL CLI version 2.10.0 and later. [#1133](https://github.com/github/codeql-action/pull/1133)
+
+## 1.1.15 - 28 Jun 2022
+
+- CodeQL query packs listed in the `packs` configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. [#1116](https://github.com/github/codeql-action/pull/1116)
+- The combination of python2 and poetry is no longer supported. See https://github.com/actions/setup-python/issues/374 for more details. [#1124](https://github.com/github/codeql-action/pull/1124)
+- Update default CodeQL bundle version to 2.10.0. [#1123](https://github.com/github/codeql-action/pull/1123)
+
 ## 1.1.14 - 22 Jun 2022
 
 No user facing changes.

analyze/action.yml

@@ -66,6 +66,10 @@ inputs:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
+  expect-error:
+    description: "[Internal] It is an error to use this input outside of integration testing of the codeql-action."
+    required: false
+    default: "false"
 outputs:
   db-locations:
     description: A map from language to absolute path for each database created by CodeQL.
@@ -74,3 +78,4 @@ outputs:
 runs:
   using: "node12"
   main: "../lib/analyze-action.js"
+  post: "../lib/analyze-action-post.js"

init/action.yml

@@ -56,7 +56,10 @@ inputs:
       This input also sets the number of threads that can later be used by the "analyze" action.
     required: false
   debug:
-    description: Enable debugging mode. This will result in more output being produced which may be useful when debugging certain issues.
+    description: >-
+      Enable debugging mode.
+      This will result in more output being produced which may be useful when debugging certain issues.
+      Debugging mode is enabled automatically when step debug logging is turned on.
     required: false
     default: 'false'
   debug-artifact-name:
@@ -69,9 +72,14 @@ inputs:
       The name of the database uploaded to the debugging artifact.
       This is only used when debug mode is enabled.
     required: false
+  trap-caching:
+    description: >-
+      Explicitly enable or disable TRAP caching rather than respecting the feature flag for it.
+    required: false
 outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
   using: 'node12'
   main: '../lib/init-action.js'
+  post: '../lib/init-action-post.js'

lib/actions-util.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sanitizeArifactName = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRunID = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getToolCacheDirectory = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRunID = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -66,13 +66,6 @@ function getTemporaryDirectory() {
         : (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
 }
 exports.getTemporaryDirectory = getTemporaryDirectory;
-function getToolCacheDirectory() {
-    const value = process.env["CODEQL_ACTION_TOOL_CACHE"];
-    return value !== undefined && value !== ""
-        ? value
-        : (0, util_1.getRequiredEnvParam)("RUNNER_TOOL_CACHE");
-}
-exports.getToolCacheDirectory = getToolCacheDirectory;
 /**
  * Gets the SHA of the commit that is currently checked out.
  */
@@ -508,11 +501,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
     }
     const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
     const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
-    // If running locally then the GITHUB_ACTION_REF cannot be trusted as it may be for the previous action
-    // See https://github.com/actions/runner/issues/803
-    const actionRef = isRunningLocalAction()
-        ? undefined
-        : process.env["GITHUB_ACTION_REF"];
+    const actionRef = process.env["GITHUB_ACTION_REF"];
     const statusReport = {
         workflow_run_id: workflowRunID,
         workflow_name: workflowName,
@@ -670,22 +659,51 @@ function getWorkflowEvent() {
         throw new Error(`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`);
     }
 }
+function removeRefsHeadsPrefix(ref) {
+    return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
+}
 // Is the version of the repository we are currently analyzing from the default branch,
 // or alternatively from another branch or a pull request.
 async function isAnalyzingDefaultBranch() {
     var _a;
     // Get the current ref and trim and refs/heads/ prefix
     let currentRef = await getRef();
-    currentRef = currentRef.startsWith("refs/heads/")
-        ? currentRef.slice("refs/heads/".length)
-        : currentRef;
+    currentRef = removeRefsHeadsPrefix(currentRef);
     const event = getWorkflowEvent();
-    const defaultBranch = (_a = event === null || event === void 0 ? void 0 : event.repository) === null || _a === void 0 ? void 0 : _a.default_branch;
+    let defaultBranch = (_a = event === null || event === void 0 ? void 0 : event.repository) === null || _a === void 0 ? void 0 : _a.default_branch;
+    if (process.env.GITHUB_EVENT_NAME === "schedule") {
+        defaultBranch = removeRefsHeadsPrefix((0, util_1.getRequiredEnvParam)("GITHUB_REF"));
+    }
     return currentRef === defaultBranch;
 }
 exports.isAnalyzingDefaultBranch = isAnalyzingDefaultBranch;
-function sanitizeArifactName(name) {
-    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
+async function printDebugLogs(config) {
+    for (const language of config.languages) {
+        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
+        const logsDirectory = path.join(databaseDirectory, "log");
+        if (!(0, util_1.doesDirectoryExist)(logsDirectory)) {
+            core.info(`Directory ${logsDirectory} does not exist.`);
+            continue; // Skip this language database.
+        }
+        const walkLogFiles = (dir) => {
+            const entries = fs.readdirSync(dir, { withFileTypes: true });
+            if (entries.length === 0) {
+                core.info(`No debug logs found at directory ${logsDirectory}.`);
+            }
+            for (const entry of entries) {
+                if (entry.isFile()) {
+                    const absolutePath = path.resolve(dir, entry.name);
+                    core.startGroup(`CodeQL Debug Logs - ${language} - ${entry.name} from file at path ${absolutePath}`);
+                    process.stdout.write(fs.readFileSync(absolutePath));
+                    core.endGroup();
+                }
+                else if (entry.isDirectory()) {
+                    walkLogFiles(path.resolve(dir, entry.name));
+                }
+            }
+        };
+        walkLogFiles(logsDirectory);
+    }
 }
-exports.sanitizeArifactName = sanitizeArifactName;
+exports.printDebugLogs = printDebugLogs;
 //# sourceMappingURL=actions-util.js.map

lib/actions-util.test.js

@@ -495,12 +495,23 @@ on: ["push"]
         t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
         process.env["GITHUB_REF"] = "feature";
         t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), false);
+        fs.writeFileSync(envFile, JSON.stringify({
+            schedule: "0 0 * * *",
+        }));
+        process.env["GITHUB_EVENT_NAME"] = "schedule";
+        process.env["GITHUB_REF"] = "refs/heads/main";
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+        getAdditionalInputStub
+            .withArgs("ref")
+            .resolves("refs/heads/something-else");
+        getAdditionalInputStub
+            .withArgs("sha")
+            .resolves("0000000000000000000000000000000000000000");
+        process.env["GITHUB_EVENT_NAME"] = "schedule";
+        process.env["GITHUB_REF"] = "refs/heads/main";
+        t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), false);
+        getAdditionalInputStub.restore();
     });
 });
-(0, ava_1.default)("sanitizeArifactName", (t) => {
-    t.deepEqual(actionsutil.sanitizeArifactName("hello-world_"), "hello-world_");
-    t.deepEqual(actionsutil.sanitizeArifactName("hello`world`"), "helloworld");
-    t.deepEqual(actionsutil.sanitizeArifactName("hello===123"), "hello123");
-    t.deepEqual(actionsutil.sanitizeArifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
-});
 //# sourceMappingURL=actions-util.test.js.map

lib/analysis-paths.js

@@ -58,14 +58,11 @@ function includeAndExcludeAnalysisPaths(config) {
     }
     // If the temporary or tools directory is in the working directory ignore that too.
     const tempRelativeToWorking = path.relative(process.cwd(), config.tempDir);
-    const toolsRelativeToWorking = path.relative(process.cwd(), config.toolCacheDir);
     let pathsIgnore = config.pathsIgnore;
-    if (!tempRelativeToWorking.startsWith("..")) {
+    if (!tempRelativeToWorking.startsWith("..") &&
+        !path.isAbsolute(tempRelativeToWorking)) {
         pathsIgnore = pathsIgnore.concat(tempRelativeToWorking);
     }
-    if (!toolsRelativeToWorking.startsWith("..")) {
-        pathsIgnore = pathsIgnore.concat(toolsRelativeToWorking);
-    }
     if (pathsIgnore.length !== 0) {
         process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(pathsIgnore);
     }

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,MAAM,sBAAsB,GAAG,IAAI,CAAC,QAAQ,CAC1C,OAAO,CAAC,GAAG,EAAE,EACb,MAAM,CAAC,YAAY,CACpB,CAAC;IACF,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC3C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACzD;IACD,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;QAC5C,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;KAC1D;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;KAC5E;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AArCD,wEAqCC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IACE,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC;QACvC,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACvC;QACA,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;KACzD;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QAC5B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;KAC5E;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AAjCD,wEAiCC"}

lib/analysis-paths.test.js

@@ -37,7 +37,6 @@ const util = __importStar(require("./util"));
             paths: [],
             originalUserInput: {},
             tempDir: tmpDir,
-            toolCacheDir: tmpDir,
             codeQLCmd: "",
             gitHubVersion: { type: util.GitHubVariant.DOTCOM },
             dbLocation: path.resolve(tmpDir, "codeql_databases"),
@@ -45,7 +44,13 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            injectedMlQueries: false,
+            augmentationProperties: {
+                injectedMlQueries: false,
+                packsInputCombines: false,
+                queriesInputCombines: false,
+            },
+            trapCaches: {},
+            trapCacheDownloadTime: 0,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@@ -62,7 +67,6 @@ const util = __importStar(require("./util"));
             pathsIgnore: ["path4", "path5", "path6/**"],
             originalUserInput: {},
             tempDir: tmpDir,
-            toolCacheDir: tmpDir,
             codeQLCmd: "",
             gitHubVersion: { type: util.GitHubVariant.DOTCOM },
             dbLocation: path.resolve(tmpDir, "codeql_databases"),
@@ -70,7 +74,13 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            injectedMlQueries: false,
+            augmentationProperties: {
+                injectedMlQueries: false,
+                packsInputCombines: false,
+                queriesInputCombines: false,
+            },
+            trapCaches: {},
+            trapCacheDownloadTime: 0,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@@ -79,29 +89,32 @@ const util = __importStar(require("./util"));
     });
 });
 (0, ava_1.default)("exclude temp dir", async (t) => {
-    return await util.withTmpDir(async (toolCacheDir) => {
-        const tempDir = path.join(process.cwd(), "codeql-runner-temp");
-        const config = {
-            languages: [],
-            queries: {},
-            pathsIgnore: [],
-            paths: [],
-            originalUserInput: {},
-            tempDir,
-            toolCacheDir,
-            codeQLCmd: "",
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
-            dbLocation: path.resolve(tempDir, "codeql_databases"),
-            packs: {},
-            debugMode: false,
-            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+    const tempDir = path.join(process.cwd(), "codeql-runner-temp");
+    const config = {
+        languages: [],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir,
+        codeQLCmd: "",
+        gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+        dbLocation: path.resolve(tempDir, "codeql_databases"),
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
             injectedMlQueries: false,
-        };
-        analysisPaths.includeAndExcludeAnalysisPaths(config);
-        t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
-        t.is(process.env["LGTM_INDEX_EXCLUDE"], "codeql-runner-temp");
-        t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
-    });
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
+    t.is(process.env["LGTM_INDEX_EXCLUDE"], "codeql-runner-temp");
+    t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
 });
 //# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,OAAO;QACP,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;QACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;QACrD,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,KAAK;QAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,sBAAsB,EAAE;YACtB,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,KAAK;YACzB,oBAAoB,EAAE,KAAK;SAC5B;QACD,UAAU,EAAE,EAAE;QACd,qBAAqB,EAAE,CAAC;KACzB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -40,6 +40,7 @@ const util = __importStar(require("./util"));
     await util.withTmpDir(async (tmpDir) => {
         process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
         process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
+        process.env["GITHUB_API_URL"] = "https://api.github.com";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
@@ -57,6 +58,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        optionalInputStub.withArgs("expect-error").returns("false");
         sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -40,6 +40,7 @@ const util = __importStar(require("./util"));
     await util.withTmpDir(async (tmpDir) => {
         process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
         process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
+        process.env["GITHUB_API_URL"] = "https://api.github.com";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
@@ -57,6 +58,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        optionalInputStub.withArgs("expect-error").returns("false");
         sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-post-helper.js

@@ -0,0 +1,41 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.run = void 0;
+const core = __importStar(require("@actions/core"));
+const actionsUtil = __importStar(require("./actions-util"));
+const config_utils_1 = require("./config-utils");
+const logging_1 = require("./logging");
+async function run(uploadSarifDebugArtifact) {
+    const logger = (0, logging_1.getActionsLogger)();
+    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
+    if (config === undefined) {
+        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
+    }
+    // Upload Actions SARIF artifacts for debugging
+    if (config === null || config === void 0 ? void 0 : config.debugMode) {
+        core.info("Debug mode is on. Uploading available SARIF files as Actions debugging artifact...");
+        const outputDir = actionsUtil.getRequiredInput("output");
+        await uploadSarifDebugArtifact(config, outputDir);
+    }
+}
+exports.run = run;
+//# sourceMappingURL=analyze-action-post-helper.js.map

lib/analyze-action-post-helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,+CAA+C;IAC/C,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;KACnD;AACH,CAAC;AAlBD,kBAkBC"}

lib/analyze-action-post-helper.test.js

@@ -0,0 +1,69 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const actionsUtil = __importStar(require("./actions-util"));
+const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
+const configUtils = __importStar(require("./config-utils"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+(0, testing_utils_1.setupTests)(ava_1.default);
+(0, ava_1.default)("post: analyze action with debug mode off", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: false,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.notCalled);
+    });
+});
+(0, ava_1.default)("post: analyze action with debug mode on", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: true,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
+        requiredInputStub.withArgs("output").returns("fake-output-dir");
+        const uploadSarifSpy = sinon.spy();
+        await analyzeActionPostHelper.run(uploadSarifSpy);
+        t.assert(uploadSarifSpy.called);
+    });
+});
+//# sourceMappingURL=analyze-action-post-helper.test.js.map

lib/analyze-action-post-helper.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-post.js

@@ -0,0 +1,40 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * This file is the entry point for the `post:` hook of `analyze-action.yml`.
+ * It will run after the all steps in this job, in reverse order in relation to
+ * other `post:` hooks.
+ */
+const core = __importStar(require("@actions/core"));
+const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
+const debugArtifacts = __importStar(require("./debug-artifacts"));
+async function runWrapper() {
+    try {
+        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
+    }
+    catch (error) {
+        core.setFailed(`analyze post-action step failed: ${error}`);
+        console.log(error);
+    }
+}
+void runWrapper();
+//# sourceMappingURL=analyze-action-post.js.map

lib/analyze-action-post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AAEpD,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -20,23 +20,24 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runPromise = exports.sendStatusReport = void 0;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const artifact = __importStar(require("@actions/artifact"));
+// We need to import `performance` on Node 12
+const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze_1 = require("./analyze");
+const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
+const trap_caching_1 = require("./trap-caching");
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
-async function sendStatusReport(startedAt, config, stats, error) {
+async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
     const status = actionsUtil.getActionsStatus(error, stats === null || stats === void 0 ? void 0 : stats.analyze_failure_language);
     const statusReportBase = await actionsUtil.createStatusReportBase("finish", status, startedAt, error === null || error === void 0 ? void 0 : error.message, error === null || error === void 0 ? void 0 : error.stack);
     const statusReport = {
@@ -47,59 +48,63 @@ async function sendStatusReport(startedAt, config, stats, error) {
             }
             : {}),
         ...(stats || {}),
+        ...(dbCreationTimings || {}),
     };
-    await actionsUtil.sendStatusReport(statusReport);
+    if (config && didUploadTrapCaches) {
+        const trapCacheUploadStatusReport = {
+            ...statusReport,
+            trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
+            trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
+        };
+        await actionsUtil.sendStatusReport(trapCacheUploadStatusReport);
+    }
+    else {
+        await actionsUtil.sendStatusReport(statusReport);
+    }
 }
 exports.sendStatusReport = sendStatusReport;
+// `expect-error` should only be set to a non-false value by the CodeQL Action PR checks.
+function hasBadExpectErrorInput() {
+    return (actionsUtil.getOptionalInput("expect-error") !== "false" &&
+        !util.isInTestMode());
+}
 async function run() {
     const startedAt = new Date();
     let uploadResult = undefined;
     let runStats = undefined;
     let config = undefined;
+    let trapCacheUploadTime = undefined;
+    let dbCreationTimings = undefined;
+    let didUploadTrapCaches = false;
     util.initializeEnvironment(util.Mode.actions, pkg.version);
     await util.checkActionVersion(pkg.version);
+    const logger = (0, logging_1.getActionsLogger)();
     try {
         if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("finish", "starting", startedAt)))) {
             return;
         }
-        const logger = (0, logging_1.getActionsLogger)();
         config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
+        if (hasBadExpectErrorInput()) {
+            throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
+        }
         await util.enrichEnvironment(util.Mode.actions, await (0, codeql_1.getCodeQL)(config.codeQLCmd));
         const apiDetails = {
             auth: actionsUtil.getRequiredInput("token"),
             url: util.getRequiredEnvParam("GITHUB_SERVER_URL"),
+            apiURL: util.getRequiredEnvParam("GITHUB_API_URL"),
         };
         const outputDir = actionsUtil.getRequiredInput("output");
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"]);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
-        await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger);
+        const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
+        const featureFlags = new feature_flags_1.GitHubFeatureFlags(gitHubVersion, apiDetails, repositoryNwo, logger);
+        dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, featureFlags);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
             runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger);
-            if (config.debugMode) {
-                // Upload the SARIF files as an Actions artifact for debugging
-                await uploadDebugArtifacts(config.languages.map((lang) => path.resolve(outputDir, `${lang}.sarif`)), outputDir, config.debugArtifactName);
-            }
-        }
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-        if (config.debugMode) {
-            // Upload the logs as an Actions artifact for debugging
-            const toUpload = [];
-            for (const language of config.languages) {
-                toUpload.push(...listFolder(path.resolve(util.getCodeQLDatabasePath(config, language), "log")));
-            }
-            if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-                // Multilanguage tracing: there are additional logs in the root of the cluster
-                toUpload.push(...listFolder(path.resolve(config.dbLocation, "log")));
-            }
-            await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-            if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-                // Before multi-language tracing, we wrote a compound-build-tracer.log in the temp dir
-                await uploadDebugArtifacts([path.resolve(config.tempDir, "compound-build-tracer.log")], config.tempDir, config.debugArtifactName);
-            }
         }
         if (actionsUtil.getOptionalInput("cleanup-level") !== "none") {
             await (0, analyze_1.runCleanup)(config, actionsUtil.getOptionalInput("cleanup-level") || "brutal", logger);
@@ -118,6 +123,11 @@ async function run() {
         }
         // Possibly upload the database bundles for remote queries
         await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
+        // Possibly upload the TRAP caches for later re-use
+        const trapCacheUploadStartTime = perf_hooks_1.performance.now();
+        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);
+        trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
         // We don't upload results in test mode, so don't wait for processing
         if (util.isInTestMode()) {
             core.debug("In test mode. Waiting for processing is disabled.");
@@ -126,91 +136,40 @@ async function run() {
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
         }
+        // If we did not throw an error yet here, but we expect one, throw it.
+        if (actionsUtil.getOptionalInput("expect-error") === "true") {
+            core.setFailed(`expect-error input was set to true but no error was thrown.`);
+        }
     }
     catch (origError) {
         const error = origError instanceof Error ? origError : new Error(String(origError));
-        core.setFailed(error.message);
+        if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
+            hasBadExpectErrorInput()) {
+            core.setFailed(error.message);
+        }
         console.log(error);
         if (error instanceof analyze_1.CodeQLAnalysisError) {
             const stats = { ...error.queriesStatusReport };
-            await sendStatusReport(startedAt, config, stats, error);
+            await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
         }
         else {
-            await sendStatusReport(startedAt, config, undefined, error);
+            await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
         }
         return;
     }
-    finally {
-        if (config !== undefined && config.debugMode) {
-            try {
-                // Upload the database bundles as an Actions artifact for debugging
-                const toUpload = [];
-                for (const language of config.languages) {
-                    toUpload.push(await (0, util_1.bundleDb)(config, language, await (0, codeql_1.getCodeQL)(config.codeQLCmd), `${config.debugDatabaseName}-${language}`));
-                }
-                await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-            }
-            catch (error) {
-                console.log(`Failed to upload database debug bundles: ${error}`);
-            }
-        }
-        if (core.isDebug() && config !== undefined) {
-            core.info("Debug mode is on. Printing CodeQL debug logs...");
-            for (const language of config.languages) {
-                const databaseDirectory = util.getCodeQLDatabasePath(config, language);
-                const logsDirectory = path.join(databaseDirectory, "log");
-                const walkLogFiles = (dir) => {
-                    const entries = fs.readdirSync(dir, { withFileTypes: true });
-                    for (const entry of entries) {
-                        if (entry.isFile()) {
-                            core.startGroup(`CodeQL Debug Logs - ${language} - ${entry.name}`);
-                            process.stdout.write(fs.readFileSync(path.resolve(dir, entry.name)));
-                            core.endGroup();
-                        }
-                        else if (entry.isDirectory()) {
-                            walkLogFiles(path.resolve(dir, entry.name));
-                        }
-                    }
-                };
-                walkLogFiles(logsDirectory);
-            }
-        }
-    }
     if (runStats && uploadResult) {
         await sendStatusReport(startedAt, config, {
             ...runStats,
             ...uploadResult.statusReport,
-        });
+        }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
     }
     else if (runStats) {
-        await sendStatusReport(startedAt, config, { ...runStats });
+        await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
     }
     else {
-        await sendStatusReport(startedAt, config, undefined);
+        await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
     }
 }
-async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
-    let suffix = "";
-    const matrix = actionsUtil.getRequiredInput("matrix");
-    if (matrix !== undefined && matrix !== "null") {
-        for (const entry of Object.entries(JSON.parse(matrix)).sort())
-            suffix += `-${entry[1]}`;
-    }
-    await artifact.create().uploadArtifact(actionsUtil.sanitizeArifactName(`${artifactName}${suffix}`), toUpload.map((file) => path.normalize(file)), path.normalize(rootDir));
-}
-function listFolder(dir) {
-    const entries = fs.readdirSync(dir, { withFileTypes: true });
-    const files = [];
-    for (const entry of entries) {
-        if (entry.isFile()) {
-            files.push(path.resolve(dir, entry.name));
-        }
-        else if (entry.isDirectory()) {
-            files.push(...listFolder(path.resolve(dir, entry.name)));
-        }
-    }
-    return files;
-}
 exports.runPromise = run();
 async function runWrapper() {
     try {

lib/analyze.js

@@ -22,14 +22,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runCleanup = exports.runFinalize = exports.runQueries = exports.CodeQLAnalysisError = void 0;
+exports.validateQueryFilters = exports.runCleanup = exports.runFinalize = exports.createQuerySuiteContents = exports.convertPackToQuerySuiteEntry = exports.runQueries = exports.dbIsFinalized = exports.createdDBForScannedLanguages = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const perf_hooks_1 = require("perf_hooks"); // We need to import `performance` on Node 12
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
+const configUtils = __importStar(require("./config-utils"));
 const count_loc_1 = require("./count-loc");
 const languages_1 = require("./languages");
 const sharedEnv = __importStar(require("./shared-environment"));
@@ -68,23 +70,23 @@ async function setupPythonExtractor(logger) {
     logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
     process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
 }
-async function createdDBForScannedLanguages(config, logger) {
+async function createdDBForScannedLanguages(codeql, config, logger, featureFlags) {
     // Insert the LGTM_INDEX_X env vars at this point so they are set when
     // we extract any scanned languages.
     analysisPaths.includeAndExcludeAnalysisPaths(config);
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     for (const language of config.languages) {
-        if ((0, languages_1.isScannedLanguage)(language) &&
+        if ((0, languages_1.isScannedLanguage)(language, logger) &&
             !dbIsFinalized(config, language, logger)) {
             logger.startGroup(`Extracting ${language}`);
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger);
             }
-            await codeql.extractScannedLanguage(util.getCodeQLDatabasePath(config, language), language);
+            await codeql.extractScannedLanguage(config, language, featureFlags);
             logger.endGroup();
         }
     }
 }
+exports.createdDBForScannedLanguages = createdDBForScannedLanguages;
 function dbIsFinalized(config, language, logger) {
     const dbPath = util.getCodeQLDatabasePath(config, language);
     try {
@@ -96,9 +98,13 @@ function dbIsFinalized(config, language, logger) {
         return false;
     }
 }
-async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger) {
-    await createdDBForScannedLanguages(config, logger);
+exports.dbIsFinalized = dbIsFinalized;
+async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, featureFlags) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    const extractionStart = perf_hooks_1.performance.now();
+    await createdDBForScannedLanguages(codeql, config, logger, featureFlags);
+    const extractionTime = perf_hooks_1.performance.now() - extractionStart;
+    const trapImportStart = perf_hooks_1.performance.now();
     for (const language of config.languages) {
         if (dbIsFinalized(config, language, logger)) {
             logger.info(`There is already a finalized database for ${language} at the location where the CodeQL Action places databases, so we did not create one.`);
@@ -109,16 +115,19 @@ async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger)
             logger.endGroup();
         }
     }
+    const trapImportTime = perf_hooks_1.performance.now() - trapImportStart;
+    return {
+        scanned_language_extraction_duration_ms: Math.round(extractionTime),
+        trap_import_duration_ms: Math.round(trapImportTime),
+    };
 }
 // Runs queries and creates sarif files in the given folder
 async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger) {
     const statusReport = {};
     let locPromise = Promise.resolve({});
     const cliCanCountBaseline = await cliCanCountLoC();
-    const debugMode = process.env["INTERNAL_CODEQL_ACTION_DEBUG_LOC"] ||
-        process.env["ACTIONS_RUNNER_DEBUG"] ||
-        process.env["ACTIONS_STEP_DEBUG"];
-    if (!cliCanCountBaseline || debugMode) {
+    const countLocDebugMode = process.env["INTERNAL_CODEQL_ACTION_DEBUG_LOC"] || config.debugMode;
+    if (!cliCanCountBaseline || countLocDebugMode) {
         // count the number of lines in the background
         locPromise = (0, count_loc_1.countLoc)(path.resolve(), 
         // config.paths specifies external directories. the current
@@ -126,8 +135,10 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         // that here.
         config.paths, config.pathsIgnore, config.languages, logger);
     }
+    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     for (const language of config.languages) {
         const queries = config.queries[language];
+        const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
         const packsWithVersion = config.packs[language] || [];
         const hasBuiltinQueries = (queries === null || queries === void 0 ? void 0 : queries.builtin.length) > 0;
         const hasCustomQueries = (queries === null || queries === void 0 ? void 0 : queries.custom.length) > 0;
@@ -135,56 +146,82 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         if (!hasBuiltinQueries && !hasCustomQueries && !hasPackWithCustomQueries) {
             throw new Error(`Unable to analyse ${language} as no queries were selected for this language`);
         }
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
         try {
-            if (hasPackWithCustomQueries) {
-                logger.info("Performing analysis with custom CodeQL Packs.");
-                logger.startGroup(`Downloading custom packs for ${language}`);
-                const results = await codeql.packDownload(packsWithVersion);
-                logger.info(`Downloaded packs: ${results.packs
-                    .map((r) => `${r.name}@${r.version || "latest"}`)
-                    .join(", ")}`);
-                logger.endGroup();
-            }
-            logger.startGroup(`Running queries for ${language}`);
-            const querySuitePaths = [];
-            if (queries["builtin"].length > 0) {
+            if (await util.useCodeScanningConfigInCli(codeql)) {
+                // If we are using the codescanning config in the CLI,
+                // much of the work needed to generate the query suites
+                // is done in the CLI. We just need to make a single
+                // call to run all the queries for each language and
+                // another to interpret the results.
+                logger.startGroup(`Running queries for ${language}`);
                 const startTimeBuiltIn = new Date().getTime();
-                querySuitePaths.push(await runQueryGroup(language, "builtin", createQuerySuiteContents(queries["builtin"]), undefined));
+                await runQueryGroup(language, "all", undefined, undefined);
+                // TODO should not be using `builtin` here. We should be using `all` instead.
+                // The status report does not support `all` yet.
                 statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
                     new Date().getTime() - startTimeBuiltIn;
+                logger.startGroup(`Interpreting results for ${language}`);
+                const startTimeInterpretResults = new Date().getTime();
+                const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+                const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+                statusReport[`interpret_results_${language}_duration_ms`] =
+                    new Date().getTime() - startTimeInterpretResults;
+                logger.endGroup();
+                logger.info(analysisSummary);
             }
-            const startTimeCustom = new Date().getTime();
-            let ranCustom = false;
-            for (let i = 0; i < queries["custom"].length; ++i) {
-                if (queries["custom"][i].queries.length > 0) {
-                    querySuitePaths.push(await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries["custom"][i].queries), queries["custom"][i].searchPath));
+            else {
+                if (hasPackWithCustomQueries) {
+                    logger.info("Performing analysis with custom CodeQL Packs.");
+                    logger.startGroup(`Downloading custom packs for ${language}`);
+                    const results = await codeql.packDownload(packsWithVersion);
+                    logger.info(`Downloaded packs: ${results.packs
+                        .map((r) => `${r.name}@${r.version || "latest"}`)
+                        .join(", ")}`);
+                    logger.endGroup();
+                }
+                logger.startGroup(`Running queries for ${language}`);
+                const querySuitePaths = [];
+                if (queries["builtin"].length > 0) {
+                    const startTimeBuiltIn = new Date().getTime();
+                    querySuitePaths.push((await runQueryGroup(language, "builtin", createQuerySuiteContents(queries["builtin"], queryFilters), undefined)));
+                    statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
+                        new Date().getTime() - startTimeBuiltIn;
+                }
+                const startTimeCustom = new Date().getTime();
+                let ranCustom = false;
+                for (let i = 0; i < queries["custom"].length; ++i) {
+                    if (queries["custom"][i].queries.length > 0) {
+                        querySuitePaths.push((await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries["custom"][i].queries, queryFilters), queries["custom"][i].searchPath)));
+                        ranCustom = true;
+                    }
+                }
+                if (packsWithVersion.length > 0) {
+                    querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters));
                     ranCustom = true;
                 }
+                if (ranCustom) {
+                    statusReport[`analyze_custom_queries_${language}_duration_ms`] =
+                        new Date().getTime() - startTimeCustom;
+                }
+                logger.endGroup();
+                logger.startGroup(`Interpreting results for ${language}`);
+                const startTimeInterpretResults = new Date().getTime();
+                const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+                const analysisSummary = await runInterpretResults(language, querySuitePaths, sarifFile, config.debugMode);
+                if (!cliCanCountBaseline) {
+                    await injectLinesOfCode(sarifFile, language, locPromise);
+                }
+                statusReport[`interpret_results_${language}_duration_ms`] =
+                    new Date().getTime() - startTimeInterpretResults;
+                logger.endGroup();
+                logger.info(analysisSummary);
             }
-            if (packsWithVersion.length > 0) {
-                querySuitePaths.push(...(await runQueryPacks(language, "packs", packsWithVersion, undefined)));
-                ranCustom = true;
-            }
-            if (ranCustom) {
-                statusReport[`analyze_custom_queries_${language}_duration_ms`] =
-                    new Date().getTime() - startTimeCustom;
-            }
-            logger.endGroup();
-            logger.startGroup(`Interpreting results for ${language}`);
-            const startTimeInterpretResults = new Date().getTime();
-            const sarifFile = path.join(sarifFolder, `${language}.sarif`);
-            const analysisSummary = await runInterpretResults(language, querySuitePaths, sarifFile);
-            if (!cliCanCountBaseline)
-                await injectLinesOfCode(sarifFile, language, locPromise);
-            statusReport[`interpret_results_${language}_duration_ms`] =
-                new Date().getTime() - startTimeInterpretResults;
-            logger.endGroup();
-            logger.info(analysisSummary);
-            if (!cliCanCountBaseline || debugMode)
+            if (!cliCanCountBaseline || countLocDebugMode) {
                 printLinesOfCodeSummary(logger, language, await locPromise);
-            if (cliCanCountBaseline)
+            }
+            if (cliCanCountBaseline) {
                 logger.info(await runPrintLinesOfCode(language));
+            }
         }
         catch (e) {
             logger.info(String(e));
@@ -196,58 +233,67 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         }
     }
     return statusReport;
-    async function runInterpretResults(language, queries, sarifFile) {
+    async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, automationDetailsId);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId);
     }
     async function cliCanCountLoC() {
         return await util.codeQlVersionAbove(await (0, codeql_1.getCodeQL)(config.codeQLCmd), codeql_1.CODEQL_VERSION_COUNTS_LINES);
     }
     async function runPrintLinesOfCode(language) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
         return await codeql.databasePrintBaseline(databasePath);
     }
     async function runQueryGroup(language, type, querySuiteContents, searchPath) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
         // Pass the queries to codeql using a file instead of using the command
         // line to avoid command line length restrictions, particularly on windows.
-        const querySuitePath = `${databasePath}-queries-${type}.qls`;
-        fs.writeFileSync(querySuitePath, querySuiteContents);
-        logger.debug(`Query suite file for ${language}-${type}...\n${querySuiteContents}`);
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        const querySuitePath = querySuiteContents
+            ? `${databasePath}-queries-${type}.qls`
+            : undefined;
+        if (querySuiteContents && querySuitePath) {
+            fs.writeFileSync(querySuitePath, querySuiteContents);
+            logger.debug(`Query suite file for ${language}-${type}...\n${querySuiteContents}`);
+        }
         await codeql.databaseRunQueries(databasePath, searchPath, querySuitePath, memoryFlag, threadsFlag);
         logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         return querySuitePath;
     }
-    async function runQueryPacks(language, type, packs, searchPath) {
+    async function runQueryPacks(language, type, packs, queryFilters) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        // Run the queries individually instead of all at once to avoid command
-        // line length restrictions, particularly on windows.
         for (const pack of packs) {
             logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
-            const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-            await codeql.databaseRunQueries(databasePath, searchPath, pack, memoryFlag, threadsFlag);
-            logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         }
-        return packs;
+        // combine the list of packs into a query suite in order to run them all simultaneously.
+        const querySuite = packs.map(convertPackToQuerySuiteEntry).concat(queryFilters);
+        const querySuitePath = `${databasePath}-queries-${type}.qls`;
+        fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
+        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
+        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, memoryFlag, threadsFlag);
+        return querySuitePath;
     }
 }
 exports.runQueries = runQueries;
-function createQuerySuiteContents(queries) {
-    return queries.map((q) => `- query: ${q}`).join("\n");
+function convertPackToQuerySuiteEntry(packStr) {
+    var _a, _b, _c, _d;
+    const pack = configUtils.parsePacksSpecification(packStr);
+    return {
+        qlpack: !pack.path ? pack.name : undefined,
+        from: pack.path ? pack.name : undefined,
+        version: pack.version,
+        query: ((_a = pack.path) === null || _a === void 0 ? void 0 : _a.endsWith(".ql")) ? pack.path : undefined,
+        queries: !((_b = pack.path) === null || _b === void 0 ? void 0 : _b.endsWith(".ql")) && !((_c = pack.path) === null || _c === void 0 ? void 0 : _c.endsWith(".qls"))
+            ? pack.path
+            : undefined,
+        apply: ((_d = pack.path) === null || _d === void 0 ? void 0 : _d.endsWith(".qls")) ? pack.path : undefined,
+    };
 }
-async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Delete variables as specified by the end-tracing script
-        await (0, tracer_config_1.endTracingForCluster)(config);
-    }
-    else {
-        // Delete the tracer config env var to avoid tracing ourselves
-        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-    }
+exports.convertPackToQuerySuiteEntry = convertPackToQuerySuiteEntry;
+function createQuerySuiteContents(queries, queryFilters) {
+    return yaml.dump(queries.map((q) => ({ query: q })).concat(queryFilters));
+}
+exports.createQuerySuiteContents = createQuerySuiteContents;
+async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, featureFlags) {
     try {
         await (0, del_1.default)(outputDir, { force: true });
     }
@@ -257,7 +303,22 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
         }
     }
     await fs.promises.mkdir(outputDir, { recursive: true });
-    await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger);
+    const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, featureFlags);
+    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    // WARNING: This does not _really_ end tracing, as the tracer will restore its
+    // critical environment variables and it'll still be active for all processes
+    // launched from this build step.
+    // However, it will stop tracing for all steps past the codeql-action/analyze
+    // step.
+    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
+        // Delete variables as specified by the end-tracing script
+        await (0, tracer_config_1.endTracingForCluster)(config, logger);
+    }
+    else {
+        // Delete the tracer config env var to avoid tracing ourselves
+        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+    }
+    return timings;
 }
 exports.runFinalize = runFinalize;
 async function runCleanup(config, cleanupLevel, logger) {
@@ -298,4 +359,28 @@ function printLinesOfCodeSummary(logger, language, lineCounts) {
         logger.info(`Counted a baseline of ${lineCounts[language]} lines of code for ${language}.`);
     }
 }
+// exported for testing
+function validateQueryFilters(queryFilters) {
+    if (!queryFilters) {
+        return [];
+    }
+    if (!Array.isArray(queryFilters)) {
+        throw new Error(`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`);
+    }
+    const errors = [];
+    for (const qf of queryFilters) {
+        const keys = Object.keys(qf);
+        if (keys.length !== 1) {
+            errors.push(`Query filter must have exactly one key: ${JSON.stringify(qf)}`);
+        }
+        if (!["exclude", "include"].includes(keys[0])) {
+            errors.push(`Only "include" or "exclude" filters are allowed:\n${JSON.stringify(qf)}`);
+        }
+    }
+    if (errors.length) {
+        throw new Error(`Invalid query filter.\n${errors.join("\n")}`);
+    }
+    return queryFilters;
+}
+exports.validateQueryFilters = validateQueryFilters;
 //# sourceMappingURL=analyze.js.map

lib/analyze.test.js

@@ -29,7 +29,9 @@ const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
+const codeql_test_1 = require("./codeql.test");
 const count = __importStar(require("./count-loc"));
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
@@ -107,7 +109,6 @@ const util = __importStar(require("./util"));
                 paths: [],
                 originalUserInput: {},
                 tempDir: tmpDir,
-                toolCacheDir: tmpDir,
                 codeQLCmd: "",
                 gitHubVersion: {
                     type: util.GitHubVariant.DOTCOM,
@@ -117,7 +118,13 @@ const util = __importStar(require("./util"));
                 debugMode: false,
                 debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                 debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-                injectedMlQueries: false,
+                augmentationProperties: {
+                    injectedMlQueries: false,
+                    packsInputCombines: false,
+                    queriesInputCombines: false,
+                },
+                trapCaches: {},
+                trapCacheDownloadTime: 0,
             };
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
@@ -210,4 +217,214 @@ const util = __importStar(require("./util"));
         }
     }
 });
+(0, ava_1.default)("validateQueryFilters", (t) => {
+    t.notThrows(() => (0, analyze_1.validateQueryFilters)([]));
+    t.notThrows(() => (0, analyze_1.validateQueryFilters)(undefined));
+    t.notThrows(() => {
+        return (0, analyze_1.validateQueryFilters)([
+            {
+                exclude: {
+                    "problem.severity": "recommendation",
+                },
+            },
+            {
+                exclude: {
+                    "tags contain": ["foo", "bar"],
+                },
+            },
+            {
+                include: {
+                    "problem.severity": "something-to-think-about",
+                },
+            },
+            {
+                include: {
+                    "tags contain": ["baz", "bop"],
+                },
+            },
+        ]);
+    });
+    t.throws(() => {
+        return (0, analyze_1.validateQueryFilters)([
+            {
+                exclude: {
+                    "tags contain": ["foo", "bar"],
+                },
+                include: {
+                    "tags contain": ["baz", "bop"],
+                },
+            },
+        ]);
+    }, { message: /Query filter must have exactly one key/ });
+    t.throws(() => {
+        return (0, analyze_1.validateQueryFilters)([{ xxx: "foo" }]);
+    }, { message: /Only "include" or "exclude" filters are allowed/ });
+    t.throws(() => {
+        return (0, analyze_1.validateQueryFilters)({ exclude: "foo" });
+    }, {
+        message: /Query filters must be an array of "include" or "exclude" entries/,
+    });
+});
+const convertPackToQuerySuiteEntryMacro = ava_1.default.macro({
+    exec: (t, packSpec, suiteEntry) => t.deepEqual((0, analyze_1.convertPackToQuerySuiteEntry)(packSpec), suiteEntry),
+    title: (_providedTitle, packSpec) => `Query Suite Entry: ${packSpec}`,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b", {
+    qlpack: "a/b",
+    from: undefined,
+    version: undefined,
+    query: undefined,
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3", {
+    qlpack: "a/b",
+    from: undefined,
+    version: "~1.2.3",
+    query: undefined,
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: undefined,
+    queries: "my/path",
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: undefined,
+    queries: "my/path",
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/query.ql", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: "my/path/query.ql",
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/query.ql", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: "my/path/query.ql",
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/suite.qls", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: undefined,
+    queries: undefined,
+    apply: "my/path/suite.qls",
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/suite.qls", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: undefined,
+    queries: undefined,
+    apply: "my/path/suite.qls",
+});
+(0, ava_1.default)("convertPackToQuerySuiteEntry Failure", (t) => {
+    t.throws(() => (0, analyze_1.convertPackToQuerySuiteEntry)("this-is-not-a-pack"));
+});
+(0, ava_1.default)("createQuerySuiteContents", (t) => {
+    const yamlResult = (0, analyze_1.createQuerySuiteContents)(["query1.ql", "query2.ql"], [
+        {
+            exclude: { "problem.severity": "recommendation" },
+        },
+        {
+            include: { "problem.severity": "recommendation" },
+        },
+    ]);
+    const expected = `- query: query1.ql
+- query: query2.ql
+- exclude:
+    problem.severity: recommendation
+- include:
+    problem.severity: recommendation
+`;
+    t.deepEqual(yamlResult, expected);
+});
+const stubConfig = {
+    languages: [languages_1.Language.cpp, languages_1.Language.go],
+    queries: {},
+    pathsIgnore: [],
+    paths: [],
+    originalUserInput: {},
+    tempDir: "",
+    codeQLCmd: "",
+    gitHubVersion: {
+        type: util.GitHubVariant.DOTCOM,
+    },
+    dbLocation: "",
+    packs: {},
+    debugMode: false,
+    debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+    debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+    augmentationProperties: {
+        injectedMlQueries: false,
+        packsInputCombines: false,
+        queriesInputCombines: false,
+    },
+    trapCaches: {},
+    trapCacheDownloadTime: 0,
+};
+for (const options of [
+    {
+        name: "Lua feature flag enabled, but old CLI",
+        version: "2.9.0",
+        featureFlags: [feature_flags_1.FeatureFlag.LuaTracerConfigEnabled],
+        yesFlagSet: false,
+        noFlagSet: false,
+    },
+    {
+        name: "Lua feature flag disabled, with old CLI",
+        version: "2.9.0",
+        featureFlags: [],
+        yesFlagSet: false,
+        noFlagSet: false,
+    },
+    {
+        name: "Lua feature flag enabled, with new CLI",
+        version: "2.10.0",
+        featureFlags: [feature_flags_1.FeatureFlag.LuaTracerConfigEnabled],
+        yesFlagSet: true,
+        noFlagSet: false,
+    },
+    {
+        name: "Lua feature flag disabled, with new CLI",
+        version: "2.10.0",
+        featureFlags: [],
+        yesFlagSet: false,
+        noFlagSet: true,
+    },
+]) {
+    (0, ava_1.default)(`createdDBForScannedLanguages() ${options.name}`, async (t) => {
+        const runnerConstructorStub = (0, codeql_test_1.stubToolRunnerConstructor)();
+        const codeqlObject = await (0, codeql_1.getCodeQLForTesting)("codeql/for-testing");
+        sinon.stub(codeqlObject, "getVersion").resolves(options.version);
+        const promise = (0, analyze_1.createdDBForScannedLanguages)(codeqlObject, stubConfig, (0, logging_1.getRunnerLogger)(true), (0, feature_flags_1.createFeatureFlags)(options.featureFlags));
+        // call listener on `codeql resolve extractor`
+        const mockToolRunner = runnerConstructorStub.getCall(0);
+        mockToolRunner.args[2].listeners.stdout('"/path/to/extractor"');
+        await promise;
+        if (options.yesFlagSet)
+            t.true(runnerConstructorStub.secondCall.args[1].includes("--internal-use-lua-tracing"), "--internal-use-lua-tracing should be present, but it is absent");
+        else
+            t.false(runnerConstructorStub.secondCall.args[1].includes("--internal-use-lua-tracing"), "--internal-use-lua-tracing should be absent, but it is present");
+        if (options.noFlagSet)
+            t.true(runnerConstructorStub.secondCall.args[1].includes("--no-internal-use-lua-tracing"), "--no-internal-use-lua-tracing should be present, but it is absent");
+        else
+            t.false(runnerConstructorStub.secondCall.args[1].includes("--no-internal-use-lua-tracing"), "--no-internal-use-lua-tracing should be absent, but it is present");
+    });
+}
 //# sourceMappingURL=analyze.test.js.map

lib/api-client.js

@@ -40,14 +40,16 @@ var DisallowedAPIVersionReason;
 const getApiClient = function (apiDetails, { allowExternal = false } = {}) {
     const auth = (allowExternal && apiDetails.externalRepoAuth) || apiDetails.auth;
     const retryingOctokit = githubUtils.GitHub.plugin(retry.retry);
+    const apiURL = apiDetails.apiURL || deriveApiUrl(apiDetails.url);
     return new retryingOctokit(githubUtils.getOctokitOptions(auth, {
-        baseUrl: getApiUrl(apiDetails.url),
+        baseUrl: apiURL,
         userAgent: `CodeQL-${(0, util_1.getMode)()}/${pkg.version}`,
         log: (0, console_log_level_1.default)({ level: "debug" }),
     }));
 };
 exports.getApiClient = getApiClient;
-function getApiUrl(githubUrl) {
+// Once the runner is deleted, this can also be removed since the GitHub API URL is always available in an environment variable on Actions.
+function deriveApiUrl(githubUrl) {
     const url = new URL(githubUrl);
     // If we detect this is trying to connect to github.com
     // then return with a fixed canonical URL.
@@ -62,6 +64,7 @@ function getApiDetails() {
     return {
         auth: (0, actions_util_1.getRequiredInput)("token"),
         url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
+        apiURL: (0, util_1.getRequiredEnvParam)("GITHUB_API_URL"),
     };
 }
 // Temporary function to aid in the transition to running on and off of github actions.

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,6CAA+B;AAC/B,iCAAqE;AAErE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAeM,MAAM,YAAY,GAAG,UAC1B,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;QAClC,SAAS,EAAE,UAAU,IAAA,cAAO,GAAE,IAAI,GAAG,CAAC,OAAO,EAAE;QAC/C,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAdW,QAAA,YAAY,gBAcvB;AAEF,SAAS,SAAS,CAAC,SAAiB;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,uDAAuD;IACvD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,aAAa;IACpB,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,uFAAuF;AACvF,qFAAqF;AACrF,+CAA+C;AAC/C,SAAgB,mBAAmB;IACjC,OAAO,IAAA,oBAAY,EAAC,aAAa,EAAE,CAAC,CAAC;AACvC,CAAC;AAFD,kDAEC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAE/D;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B;IAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE;QACrB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;KAC1E;IACD,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CAAC;KACpE;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,kEAQC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,6CAA+B;AAC/B,iCAAqE;AAErE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAiBM,MAAM,YAAY,GAAG,UAC1B,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,IAAI,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACjE,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,UAAU,IAAA,cAAO,GAAE,IAAI,GAAG,CAAC,OAAO,EAAE;QAC/C,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAfW,QAAA,YAAY,gBAevB;AAEF,2IAA2I;AAC3I,SAAS,YAAY,CAAC,SAAiB;IACrC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,uDAAuD;IACvD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,aAAa;IACpB,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,uFAAuF;AACvF,qFAAqF;AACrF,+CAA+C;AAC/C,SAAgB,mBAAmB;IACjC,OAAO,IAAA,oBAAY,EAAC,aAAa,EAAE,CAAC,CAAC;AACvC,CAAC;AAFD,kDAEC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAE/D;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B;IAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE;QACrB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;KAC1E;IACD,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CAAC;KACpE;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,kEAQC"}

lib/api-client.test.js

@@ -81,6 +81,17 @@ ava_1.default.beforeEach(() => {
         userAgent: `CodeQL-Action/${pkg.version}`,
     });
 });
+(0, ava_1.default)("Get the API with an API URL directly", async (t) => {
+    doTest(t, {
+        auth: "xyz",
+        url: "http://github.localhost",
+        apiURL: "http://api.github.localhost",
+    }, undefined, {
+        auth: "token xyz",
+        baseUrl: "http://api.github.localhost",
+        userAgent: `CodeQL-Action/${pkg.version}`,
+    });
+});
 function doTest(t, clientArgs, clientOptions, expected) {
     (0, api_client_1.getApiClient)(clientArgs, clientOptions);
     const firstCallArgs = githubStub.args[0];

lib/api-client.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uEAAyD;AACzD,8CAA6C;AAC7C,6CAA+B;AAE/B,6CAA4C;AAC5C,mDAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAI,UAA2B,CAAC;AAChC,IAAI,UAA2B,CAAC;AAEhC,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACtD,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrC,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oCAAoC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrD,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,qCAAqC;KAC3C,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,wBAAwB;QACjC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,MAAM,CACb,CAA4B,EAC5B,UAAe,EACf,aAAkB,EAClB,QAAa;IAEb,IAAA,yBAAY,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAExC,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,iEAAiE;IACjE,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC5B,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzC,CAAC"}
+{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uEAAyD;AACzD,8CAA6C;AAC7C,6CAA+B;AAE/B,6CAA4C;AAC5C,mDAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAI,UAA2B,CAAC;AAChC,IAAI,UAA2B,CAAC;AAEhC,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACtD,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1B,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC/B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oBAAoB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrC,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,gBAAgB,EAAE,KAAK;QACvB,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,gBAAgB;KACtB,EACD,EAAE,aAAa,EAAE,IAAI,EAAE,EACvB;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oCAAoC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrD,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,qCAAqC;KAC3C,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,wBAAwB;QACjC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sCAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvD,MAAM,CACJ,CAAC,EACD;QACE,IAAI,EAAE,KAAK;QACX,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,6BAA6B;KACtC,EACD,SAAS,EACT;QACE,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,SAAS,EAAE,iBAAiB,GAAG,CAAC,OAAO,EAAE;KAC1C,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,MAAM,CACb,CAA4B,EAC5B,UAAe,EACf,aAAkB,EAClB,QAAa;IAEb,IAAA,yBAAY,EAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAExC,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzC,iEAAiE;IACjE,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IAC5B,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzC,CAAC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.6", "minimumVersion": "3.2" }
+{ "maximumVersion": "3.7", "minimumVersion": "3.2" }

lib/autobuild.js

@@ -8,7 +8,7 @@ function determineAutobuildLanguage(config, logger) {
     // We want pick the dominant language in the repo from the ones we're able to build
     // The languages are sorted in order specified by user or by lines of code if we got
     // them from the GitHub API, so try to build the first language on the list.
-    const autobuildLanguages = config.languages.filter(languages_1.isTracedLanguage);
+    const autobuildLanguages = config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l, logger));
     const language = autobuildLanguages[0];
     if (!language) {
         logger.info("None of the languages in this project require extra build steps");

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,2CAAyD;AAGzD,SAAgB,0BAA0B,CACxC,MAA2B,EAC3B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,4BAAgB,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;KAClB;IAED,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IAE/D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;QACjC,MAAM,CAAC,OAAO,CACZ,oCAAoC,QAAQ,8BAA8B,kBAAkB;aACzF,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CAAC,OAAO,CAAC,uDAAuD,CACxE,CAAC;KACH;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AA7BD,gEA6BC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AATD,oCASC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AAErC,2CAAyD;AAGzD,SAAgB,0BAA0B,CACxC,MAA2B,EAC3B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,EAAE,MAAM,CAAC,CAC5B,CAAC;IACF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;KAClB;IAED,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IAE/D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;QACjC,MAAM,CAAC,OAAO,CACZ,oCAAoC,QAAQ,8BAA8B,kBAAkB;aACzF,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CAAC,OAAO,CAAC,uDAAuD,CACxE,CAAC;KACH;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AA/BD,gEA+BC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AATD,oCASC"}

lib/codeql.js

@@ -22,21 +22,24 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
+const toolcache = __importStar(require("@actions/tool-cache"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
+const yaml = __importStar(require("js-yaml"));
 const query_string_1 = __importDefault(require("query-string"));
 const semver = __importStar(require("semver"));
+const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
 const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
 const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
-const toolcache = __importStar(require("./toolcache"));
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
+const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 class CommandInvocationError extends Error {
@@ -53,7 +56,7 @@ exports.CommandInvocationError = CommandInvocationError;
  */
 let cachedCodeQL = undefined;
 const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
-const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
+exports.CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
 /**
  * The oldest version of CodeQL that the Action will run with. This should be
  * at least three minor versions behind the current version. The version flags
@@ -78,6 +81,7 @@ exports.CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
+exports.CODEQL_VERSION_CONFIG_FILES = "2.10.1";
 /**
  * This variable controls using the new style of tracing from the CodeQL
  * CLI. In particular, with versions above this we will use both indirect
@@ -94,6 +98,11 @@ exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
  * some of their files being greater than MAX_PATH (260 characters).
  */
 exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
+/**
+ * Previous versions had the option already, but were missing the
+ * --extractor-options-verbosity that we need.
+ */
+exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
 function getCodeQLBundleName() {
     let platform;
     if (process.platform === "win32") {
@@ -112,7 +121,7 @@ function getCodeQLBundleName() {
 }
 function getCodeQLActionRepository(logger) {
     if (!util.isActions()) {
-        return CODEQL_DEFAULT_ACTION_REPOSITORY;
+        return exports.CODEQL_DEFAULT_ACTION_REPOSITORY;
     }
     else {
         return getActionsCodeQLActionRepository(logger);
@@ -129,7 +138,7 @@ function getActionsCodeQLActionRepository(logger) {
         // This handles the case where the Action does not come from an Action repository,
         // e.g. our integration tests which use the Action code from the current checkout.
         logger.info("The CodeQL Action is checked out locally. Using the default CodeQL Action repository.");
-        return CODEQL_DEFAULT_ACTION_REPOSITORY;
+        return exports.CODEQL_DEFAULT_ACTION_REPOSITORY;
     }
     logger.info("GITHUB_ACTION_REPOSITORY environment variable was not set. Falling back to legacy method of finding the GitHub Action.");
     const relativeScriptPathParts = (0, actions_util_1.getRelativeScriptPath)().split(path.sep);
@@ -141,9 +150,9 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
         // This GitHub instance, and this Action.
         [apiDetails.url, codeQLActionRepository],
         // This GitHub instance, and the canonical Action.
-        [apiDetails.url, CODEQL_DEFAULT_ACTION_REPOSITORY],
+        [apiDetails.url, exports.CODEQL_DEFAULT_ACTION_REPOSITORY],
         // GitHub.com, and the canonical Action.
-        [util.GITHUB_DOTCOM_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
+        [util.GITHUB_DOTCOM_URL, exports.CODEQL_DEFAULT_ACTION_REPOSITORY],
     ];
     // We now filter out any duplicates.
     // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
@@ -179,7 +188,7 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
         const [apiURL, repository] = downloadSource;
         // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
         if (apiURL === util.GITHUB_DOTCOM_URL &&
-            repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
+            repository === exports.CODEQL_DEFAULT_ACTION_REPOSITORY) {
             break;
         }
         const [repositoryOwner, repositoryName] = repository.split("/");
@@ -200,7 +209,7 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
             logger.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`);
         }
     }
-    return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
+    return `https://github.com/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
 }
 /**
  * Set up CodeQL CLI access.
@@ -208,39 +217,51 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
  * @param codeqlURL
  * @param apiDetails
  * @param tempDir
- * @param toolCacheDir
  * @param variant
+ * @param featureFlags
  * @param logger
  * @param checkVersion Whether to check that CodeQL CLI meets the minimum
  *        version requirement. Must be set to true outside tests.
  * @returns
  */
-async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolCacheDir, variant, logger, checkVersion) {
+async function setupCodeQL(codeqlURL, apiDetails, tempDir, variant, featureFlags, logger, checkVersion) {
     try {
+        const forceLatestReason = 
         // We use the special value of 'latest' to prioritize the version in the
         // defaults over any pinned cached version.
-        const forceLatest = codeqlURL === "latest";
+        codeqlURL === "latest"
+            ? '"tools: latest" was requested'
+            : // If the user hasn't requested a particular CodeQL version, then bypass
+                // the toolcache when the appropriate feature flag is enabled. This
+                // allows us to quickly rollback a broken bundle that has made its way
+                // into the toolcache.
+                codeqlURL === undefined &&
+                    (await featureFlags.getValue(feature_flags_1.FeatureFlag.BypassToolcacheEnabled))
+                    ? "a specific version of CodeQL was not requested and the bypass toolcache feature flag is enabled"
+                    : undefined;
+        const forceLatest = forceLatestReason !== undefined;
         if (forceLatest) {
+            logger.debug(`Forcing the latest version of the CodeQL tools since ${forceLatestReason}.`);
             codeqlURL = undefined;
         }
         let codeqlFolder;
         let codeqlURLVersion;
         if (codeqlURL && !codeqlURL.startsWith("http")) {
-            codeqlFolder = await toolcache.extractTar(codeqlURL, tempDir, logger);
+            codeqlFolder = await toolcache.extractTar(codeqlURL);
             codeqlURLVersion = "local";
         }
         else {
             codeqlURLVersion = getCodeQLURLVersion(codeqlURL || `/${CODEQL_BUNDLE_VERSION}/`);
             const codeqlURLSemVer = convertToSemVer(codeqlURLVersion, logger);
             // If we find the specified version, we always use that.
-            codeqlFolder = toolcache.find("CodeQL", codeqlURLSemVer, toolCacheDir, logger);
+            codeqlFolder = toolcache.find("CodeQL", codeqlURLSemVer);
             // If we don't find the requested version, in some cases we may allow a
             // different version to save download time if the version hasn't been
             // specified explicitly (in which case we always honor it).
             if (!codeqlFolder && !codeqlURL && !forceLatest) {
-                const codeqlVersions = toolcache.findAllVersions("CodeQL", toolCacheDir, logger);
+                const codeqlVersions = toolcache.findAllVersions("CodeQL");
                 if (codeqlVersions.length === 1 && (0, util_1.isGoodVersion)(codeqlVersions[0])) {
-                    const tmpCodeqlFolder = toolcache.find("CodeQL", codeqlVersions[0], toolCacheDir, logger);
+                    const tmpCodeqlFolder = toolcache.find("CodeQL", codeqlVersions[0]);
                     if (fs.existsSync(path.join(tmpCodeqlFolder, "pinned-version"))) {
                         logger.debug(`CodeQL in cache overriding the default ${CODEQL_BUNDLE_VERSION}`);
                         codeqlFolder = tmpCodeqlFolder;
@@ -272,10 +293,12 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolCacheDir, variant
                     logger.debug("Downloading CodeQL bundle without token.");
                 }
                 logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`);
-                const codeqlPath = await toolcache.downloadTool(codeqlURL, tempDir, headers);
+                const dest = path.join(tempDir, (0, uuid_1.v4)());
+                const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
+                const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders);
                 logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
-                const codeqlExtracted = await toolcache.extractTar(codeqlPath, tempDir, logger);
-                codeqlFolder = await toolcache.cacheDir(codeqlExtracted, "CodeQL", codeqlURLSemVer, toolCacheDir, logger);
+                const codeqlExtracted = await toolcache.extractTar(codeqlPath);
+                codeqlFolder = await toolcache.cacheDir(codeqlExtracted, "CodeQL", codeqlURLSemVer);
             }
         }
         let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
@@ -354,6 +377,7 @@ function setCodeQL(partialCodeql) {
         extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
+        betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
         resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
         packDownload: resolveFunction(partialCodeql, "packDownload"),
         databaseCleanup: resolveFunction(partialCodeql, "databaseCleanup"),
@@ -384,8 +408,8 @@ exports.getCachedCodeQL = getCachedCodeQL;
  * a non-existent placeholder codeql command, so tests that use this function
  * should also stub the toolrunner.ToolRunner constructor.
  */
-async function getCodeQLForTesting() {
-    return getCodeQLForCmd("codeql-for-testing", false);
+async function getCodeQLForTesting(cmd = "codeql-for-testing") {
+    return getCodeQLForCmd(cmd, false);
 }
 exports.getCodeQLForTesting = getCodeQLForTesting;
 /**
@@ -462,10 +486,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["database", "init"]),
             ]);
         },
-        async databaseInitCluster(config, sourceRoot, processName, processLevel, featureFlags) {
+        async databaseInitCluster(config, sourceRoot, processName, processLevel, featureFlags, logger) {
             const extraArgs = config.languages.map((language) => `--language=${language}`);
-            if (config.languages.filter(languages_1.isTracedLanguage).length > 0) {
+            if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l, logger)).length > 0) {
                 extraArgs.push("--begin-tracing");
+                extraArgs.push(...(await (0, trap_caching_1.getTrapCachingExtractorConfigArgs)(config)));
                 if (processName !== undefined) {
                     extraArgs.push(`--trace-process-name=${processName}`);
                 }
@@ -476,7 +501,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     extraArgs.push(`--trace-process-level=${processLevel || 3}`);
                 }
                 if (await util.codeQlVersionAbove(this, CODEQL_VERSION_LUA_TRACER_CONFIG)) {
-                    if (await featureFlags.getValue(feature_flags_1.FeatureFlag.LuaTracerConfigEnabled)) {
+                    if ((await featureFlags.getValue(feature_flags_1.FeatureFlag.LuaTracerConfigEnabled)) &&
+                        // There's a bug in Lua tracing for Go on Windows in versions 2.10.3 and earlier,
+                        // so don't use Lua tracing when tracing Go on Windows.
+                        // Once we've released a fix, we should add a version gate based on the fixed version.
+                        !(config.languages.includes(languages_1.Language.go) &&
+                            (0, languages_1.isTracedLanguage)(languages_1.Language.go, logger) &&
+                            process.platform === "win32")) {
                         extraArgs.push("--internal-use-lua-tracing");
                     }
                     else {
@@ -484,6 +515,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     }
                 }
             }
+            const configLocation = await generateCodescanningConfig(codeql, config);
+            if (configLocation) {
+                extraArgs.push(`--codescanning-config=${configLocation}`);
+            }
             await runTool(cmd, [
                 "database",
                 "init",
@@ -508,9 +543,23 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "-Dhttp.keepAlive=false",
                 "-Dmaven.wagon.http.pool=false",
             ].join(" ");
+            // On macOS, System Integrity Protection (SIP) typically interferes with
+            // CodeQL build tracing of protected binaries.
+            // The usual workaround is to prefix `$CODEQL_RUNNER` to build commands:
+            // `$CODEQL_RUNNER` (not to be confused with the deprecated CodeQL Runner tool)
+            // points to a simple wrapper binary included with the CLI, and the extra layer of
+            // process indirection helps the tracer bypass SIP.
+            // The above SIP workaround is *not* needed here.
+            // At the `autobuild` step in the Actions workflow, we assume the `init` step
+            // has successfully run, and will have exported `DYLD_INSERT_LIBRARIES`
+            // into the environment of subsequent steps, to activate the tracer.
+            // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
+            // the Actions runtime introduces its own workaround for SIP
+            // (https://github.com/actions/runner/pull/416).
             await runTool(autobuildCmd);
         },
-        async extractScannedLanguage(databasePath, language) {
+        async extractScannedLanguage(config, language, featureFlags) {
+            const databasePath = util.getCodeQLDatabasePath(config, language);
             // Get extractor location
             let extractorPath = "";
             await new toolrunner.ToolRunner(cmd, [
@@ -533,10 +582,21 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             // Set trace command
             const ext = process.platform === "win32" ? ".cmd" : ".sh";
             const traceCommand = path.resolve(JSON.parse(extractorPath), "tools", `autobuild${ext}`);
+            const extraArgs = [];
+            if (await util.codeQlVersionAbove(this, CODEQL_VERSION_LUA_TRACER_CONFIG)) {
+                if (await featureFlags.getValue(feature_flags_1.FeatureFlag.LuaTracerConfigEnabled)) {
+                    extraArgs.push("--internal-use-lua-tracing");
+                }
+                else {
+                    extraArgs.push("--no-internal-use-lua-tracing");
+                }
+            }
             // Run trace command
             await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, [
                 "database",
                 "trace-command",
+                ...extraArgs,
+                ...(await (0, trap_caching_1.getTrapCachingExtractorConfigArgsForLang)(config, language)),
                 ...getExtraOptionsFromEnv(["database", "trace-command"]),
                 databasePath,
                 "--",
@@ -571,6 +631,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve languages: ${e}`);
             }
         },
+        async betterResolveLanguages() {
+            const codeqlArgs = [
+                "resolve",
+                "languages",
+                "--format=betterjson",
+                "--extractor-options-verbosity=4",
+                ...getExtraOptionsFromEnv(["resolve", "languages"]),
+            ];
+            const output = await runTool(cmd, codeqlArgs);
+            try {
+                return JSON.parse(output);
+            }
+            catch (e) {
+                throw new Error(`Unexpected output from codeql resolve languages with --format=betterjson: ${e}`);
+            }
+        },
         async resolveQueries(queries, extraSearchPath) {
             const codeqlArgs = [
                 "resolve",
@@ -604,16 +680,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (extraSearchPath !== undefined) {
                 codeqlArgs.push("--additional-packs", extraSearchPath);
             }
-            codeqlArgs.push(querySuitePath);
+            if (querySuitePath) {
+                codeqlArgs.push(querySuitePath);
+            }
             await runTool(cmd, codeqlArgs);
         },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, automationDetailsId) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId) {
             const codeqlArgs = [
                 "database",
                 "interpret-results",
                 threadsFlag,
                 "--format=sarif-latest",
-                "-v",
+                verbosityFlag,
                 `--output=${sarifFile}`,
                 addSnippetsFlag,
                 ...getExtraOptionsFromEnv(["database", "interpret-results"]),
@@ -631,7 +709,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
             codeqlArgs.push(databasePath);
-            codeqlArgs.push(...querySuitePaths);
+            if (querySuitePaths) {
+                codeqlArgs.push(...querySuitePaths);
+            }
             // capture stdout, which contains analysis summaries
             return await runTool(cmd, codeqlArgs);
         },
@@ -790,4 +870,77 @@ async function runTool(cmd, args = []) {
         throw new CommandInvocationError(cmd, args, exitCode, error);
     return output;
 }
+/**
+ * If appropriate, generates a code scanning configuration that is to be used for a scan.
+ * If the configuration is not to be generated, returns undefined.
+ *
+ * @param codeql The CodeQL object to use.
+ * @param config The configuration to use.
+ * @returns the path to the generated user configuration file.
+ */
+async function generateCodescanningConfig(codeql, config) {
+    var _a;
+    if (!(await util.useCodeScanningConfigInCli(codeql))) {
+        return;
+    }
+    const configLocation = path.resolve(config.tempDir, "user-config.yaml");
+    // make a copy so we can modify it
+    const augmentedConfig = cloneObject(config.originalUserInput);
+    // Inject the queries from the input
+    if (config.augmentationProperties.queriesInput) {
+        if (config.augmentationProperties.queriesInputCombines) {
+            augmentedConfig.queries = (augmentedConfig.queries || []).concat(config.augmentationProperties.queriesInput);
+        }
+        else {
+            augmentedConfig.queries = config.augmentationProperties.queriesInput;
+        }
+    }
+    if (((_a = augmentedConfig.queries) === null || _a === void 0 ? void 0 : _a.length) === 0) {
+        delete augmentedConfig.queries;
+    }
+    // Inject the packs from the input
+    if (config.augmentationProperties.packsInput) {
+        if (config.augmentationProperties.packsInputCombines) {
+            // At this point, we already know that this is a single-language analysis
+            if (Array.isArray(augmentedConfig.packs)) {
+                augmentedConfig.packs = (augmentedConfig.packs || []).concat(config.augmentationProperties.packsInput);
+            }
+            else if (!augmentedConfig.packs) {
+                augmentedConfig.packs = config.augmentationProperties.packsInput;
+            }
+            else {
+                // At this point, we know there is only one language.
+                // If there were more than one language, an error would already have been thrown.
+                const language = Object.keys(augmentedConfig.packs)[0];
+                augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(config.augmentationProperties.packsInput);
+            }
+        }
+        else {
+            augmentedConfig.packs = config.augmentationProperties.packsInput;
+        }
+    }
+    if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) {
+        delete augmentedConfig.packs;
+    }
+    if (config.augmentationProperties.injectedMlQueries) {
+        // We need to inject the ML queries into the original user input before
+        // we pass this on to the CLI, to make sure these get run.
+        const packString = await util.getMlPoweredJsQueriesPack(codeql);
+        if (augmentedConfig.packs === undefined)
+            augmentedConfig.packs = [];
+        if (Array.isArray(augmentedConfig.packs)) {
+            augmentedConfig.packs.push(packString);
+        }
+        else {
+            if (!augmentedConfig.packs.javascript)
+                augmentedConfig.packs["javascript"] = [];
+            augmentedConfig.packs["javascript"].push(packString);
+        }
+    }
+    fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
+    return configLocation;
+}
+function cloneObject(obj) {
+    return JSON.parse(JSON.stringify(obj));
+}
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -22,10 +22,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.stubToolRunnerConstructor = void 0;
+const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const ava_1 = __importDefault(require("ava"));
+const del_1 = __importDefault(require("del"));
+const yaml = __importStar(require("js-yaml"));
 const nock_1 = __importDefault(require("nock"));
 const sinon = __importStar(require("sinon"));
 const codeql = __importStar(require("./codeql"));
@@ -40,54 +44,92 @@ const util_1 = require("./util");
 const sampleApiDetails = {
     auth: "token",
     url: "https://github.com",
+    apiURL: undefined,
 };
 const sampleGHAEApiDetails = {
     auth: "token",
     url: "https://example.githubenterprise.com",
+    apiURL: undefined,
 };
+let stubConfig;
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)(util_1.Mode.actions, "1.2.3");
+    stubConfig = {
+        languages: [languages_1.Language.cpp],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: "",
+        codeQLCmd: "",
+        gitHubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
+        dbLocation: "",
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
+            injectedMlQueries: false,
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
 });
+async function mockApiAndSetupCodeQL({ apiDetails, featureFlags, isPinned, tmpDir, toolsInput, version, }) {
+    var _a;
+    const platform = process.platform === "win32"
+        ? "win64"
+        : process.platform === "linux"
+            ? "linux64"
+            : "osx64";
+    const baseUrl = (_a = apiDetails === null || apiDetails === void 0 ? void 0 : apiDetails.url) !== null && _a !== void 0 ? _a : "https://example.com";
+    const relativeUrl = apiDetails
+        ? `/github/codeql-action/releases/download/${version}/codeql-bundle-${platform}.tar.gz`
+        : `/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
+    (0, nock_1.default)(baseUrl)
+        .get(relativeUrl)
+        .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle${isPinned ? "-pinned" : ""}.tar.gz`));
+    await codeql.setupCodeQL(toolsInput ? toolsInput.input : `${baseUrl}${relativeUrl}`, apiDetails !== null && apiDetails !== void 0 ? apiDetails : sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, featureFlags !== null && featureFlags !== void 0 ? featureFlags : (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
+}
 (0, ava_1.default)("download codeql bundle cache", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const versions = ["20200601", "20200610"];
         for (let i = 0; i < versions.length; i++) {
             const version = versions[i];
-            (0, nock_1.default)("https://example.com")
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            await codeql.setupCodeQL(`https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`, sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+            await mockApiAndSetupCodeQL({ version, tmpDir });
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
         }
-        const cachedVersions = toolcache.findAllVersions("CodeQL");
-        t.is(cachedVersions.length, 2);
+        t.is(toolcache.findAllVersions("CodeQL").length, 2);
     });
 });
 (0, ava_1.default)("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        (0, nock_1.default)("https://example.com")
-            .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        await codeql.setupCodeQL("https://example.com/download/codeql-bundle-20200601/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({
+            version: "20200601",
+            isPinned: true,
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        (0, nock_1.default)("https://example.com")
-            .get(`/download/codeql-bundle-20200610/codeql-bundle.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-        await codeql.setupCodeQL("https://example.com/download/codeql-bundle-20200610/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({ version: "20200610", tmpDir });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
     });
 });
 (0, ava_1.default)("don't download codeql bundle cache with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        (0, nock_1.default)("https://example.com")
-            .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        await codeql.setupCodeQL("https://example.com/download/codeql-bundle-20200601/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({
+            version: "20200601",
+            isPinned: true,
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
     });
@@ -95,20 +137,14 @@ ava_1.default.beforeEach(() => {
 (0, ava_1.default)("download codeql bundle cache with different version cached (not pinned)", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        (0, nock_1.default)("https://example.com")
-            .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-        await codeql.setupCodeQL("https://example.com/download/codeql-bundle-20200601/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({ version: "20200601", tmpDir });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        const platform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "linux"
-                ? "linux64"
-                : "osx64";
-        (0, nock_1.default)("https://github.com")
-            .get(`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle-${platform}.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-        await codeql.setupCodeQL(undefined, sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({
+            version: defaults.bundleVersion,
+            tmpDir,
+            apiDetails: sampleApiDetails,
+            toolsInput: { input: undefined },
+        });
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
@@ -116,24 +152,54 @@ ava_1.default.beforeEach(() => {
 (0, ava_1.default)('download codeql bundle cache with pinned different version cached if "latest" tools specified', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        (0, nock_1.default)("https://example.com")
-            .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        await codeql.setupCodeQL("https://example.com/download/codeql-bundle-20200601/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({
+            version: "20200601",
+            isPinned: true,
+            tmpDir,
+        });
         t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
-        const platform = process.platform === "win32"
-            ? "win64"
-            : process.platform === "linux"
-                ? "linux64"
-                : "osx64";
-        (0, nock_1.default)("https://github.com")
-            .get(`/github/codeql-action/releases/download/${defaults.bundleVersion}/codeql-bundle-${platform}.tar.gz`)
-            .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-        await codeql.setupCodeQL("latest", sampleApiDetails, tmpDir, tmpDir, util.GitHubVariant.DOTCOM, (0, logging_1.getRunnerLogger)(true), false);
+        await mockApiAndSetupCodeQL({
+            version: defaults.bundleVersion,
+            apiDetails: sampleApiDetails,
+            toolsInput: { input: "latest" },
+            tmpDir,
+        });
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 2);
     });
 });
+const TOOLCACHE_BYPASS_TEST_CASES = [
+    [true, undefined, true],
+    [false, undefined, false],
+    [
+        true,
+        "https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz",
+        false,
+    ],
+];
+for (const [isFeatureFlagEnabled, toolsInput, shouldToolcacheBeBypassed,] of TOOLCACHE_BYPASS_TEST_CASES) {
+    (0, ava_1.default)(`download codeql bundle ${shouldToolcacheBeBypassed ? "bypasses" : "does not bypass"} toolcache when feature flag ${isFeatureFlagEnabled ? "enabled" : "disabled"} and tools: ${toolsInput} passed`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            await mockApiAndSetupCodeQL({
+                version: "codeql-bundle-20200601",
+                apiDetails: sampleApiDetails,
+                isPinned: true,
+                tmpDir,
+            });
+            t.assert(toolcache.find("CodeQL", "0.0.0-20200601"));
+            await mockApiAndSetupCodeQL({
+                version: defaults.bundleVersion,
+                apiDetails: sampleApiDetails,
+                featureFlags: (0, feature_flags_1.createFeatureFlags)(isFeatureFlagEnabled ? [feature_flags_1.FeatureFlag.BypassToolcacheEnabled] : []),
+                toolsInput: { input: toolsInput },
+                tmpDir,
+            });
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, shouldToolcacheBeBypassed ? 2 : 1);
+        });
+    });
+}
 (0, ava_1.default)("download codeql bundle from github ae endpoint", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -157,7 +223,7 @@ ava_1.default.beforeEach(() => {
         (0, nock_1.default)("https://example.githubenterprise.com")
             .get(`/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`)
             .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
-        await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, tmpDir, util.GitHubVariant.GHAE, (0, logging_1.getRunnerLogger)(true), false);
+        await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true), false);
         const cachedVersions = toolcache.findAllVersions("CodeQL");
         t.is(cachedVersions.length, 1);
     });
@@ -225,40 +291,21 @@ ava_1.default.beforeEach(() => {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
 });
-const stubConfig = {
-    languages: [languages_1.Language.cpp],
-    queries: {},
-    pathsIgnore: [],
-    paths: [],
-    originalUserInput: {},
-    tempDir: "",
-    toolCacheDir: "",
-    codeQLCmd: "",
-    gitHubVersion: {
-        type: util.GitHubVariant.DOTCOM,
-    },
-    dbLocation: "",
-    packs: {},
-    debugMode: false,
-    debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
-    debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-    injectedMlQueries: false,
-};
 (0, ava_1.default)("databaseInitCluster() Lua feature flag enabled, but old CLI", async (t) => {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.9.0");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.LuaTracerConfigEnabled]));
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.LuaTracerConfigEnabled]), (0, logging_1.getRunnerLogger)(true));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--internal-use-lua-tracing"), "--internal-use-lua-tracing should be absent, but it is present");
     t.false(runnerConstructorStub.firstCall.args[1].includes("--no-internal-use-lua-tracing"), "--no-internal-use-lua-tracing should be absent, but it is present");
 });
@@ -266,7 +313,7 @@ const stubConfig = {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.9.0");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]));
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--internal-use-lua-tracing"), "--internal-use-lua-tracing should be absent, but it is present");
     t.false(runnerConstructorStub.firstCall.args[1].includes("--no-internal-use-lua-tracing"), "--no-internal-use-lua-tracing should be absent, but it is present");
 });
@@ -274,16 +321,269 @@ const stubConfig = {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.10.0");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.LuaTracerConfigEnabled]));
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([feature_flags_1.FeatureFlag.LuaTracerConfigEnabled]), (0, logging_1.getRunnerLogger)(true));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--internal-use-lua-tracing"), "--internal-use-lua-tracing should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInitCluster() Lua feature flag disabled, compatible CLI", async (t) => {
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.10.0");
-    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]));
+    await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--no-internal-use-lua-tracing"), "--no-internal-use-lua-tracing should be present, but it is absent");
 });
+(0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon.stub(codeqlObject, "getVersion").resolves("2.8.1");
+        const thisStubConfig = {
+            ...stubConfig,
+            tempDir,
+            augmentationProperties: {
+                injectedMlQueries: false,
+                queriesInputCombines: false,
+                packsInputCombines: false,
+            },
+        };
+        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should NOT have used an config file
+        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
+        t.falsy(configArg, "Should have injected a codescanning config");
+    });
+});
+// Test macro for ensuring different variants of injected augmented configurations
+const injectedConfigMacro = ava_1.default.macro({
+    exec: async (t, augmentationProperties, configOverride, expectedConfig) => {
+        const origCODEQL_PASS_CONFIG_TO_CLI = process.env.CODEQL_PASS_CONFIG_TO_CLI;
+        process.env["CODEQL_PASS_CONFIG_TO_CLI"] = "true";
+        try {
+            await util.withTmpDir(async (tempDir) => {
+                const runnerConstructorStub = stubToolRunnerConstructor();
+                const codeqlObject = await codeql.getCodeQLForTesting();
+                sinon
+                    .stub(codeqlObject, "getVersion")
+                    .resolves(codeql.CODEQL_VERSION_CONFIG_FILES);
+                const thisStubConfig = {
+                    ...stubConfig,
+                    ...configOverride,
+                    tempDir,
+                    augmentationProperties,
+                };
+                await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+                const args = runnerConstructorStub.firstCall.args[1];
+                // should have used an config file
+                const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
+                t.truthy(configArg, "Should have injected a codescanning config");
+                const configFile = configArg.split("=")[1];
+                const augmentedConfig = yaml.load(fs.readFileSync(configFile, "utf8"));
+                t.deepEqual(augmentedConfig, expectedConfig);
+                await (0, del_1.default)(configFile, { force: true });
+            });
+        }
+        finally {
+            process.env["CODEQL_PASS_CONFIG_TO_CLI"] = origCODEQL_PASS_CONFIG_TO_CLI;
+        }
+    },
+    title: (providedTitle = "") => `databaseInitCluster() injected config: ${providedTitle}`,
+});
+(0, ava_1.default)("basic", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+}, {}, {});
+(0, ava_1.default)("injected ML queries", injectedConfigMacro, {
+    injectedMlQueries: true,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+}, {}, {
+    packs: ["codeql/javascript-experimental-atm-queries@~0.3.0"],
+});
+(0, ava_1.default)("injected ML queries with existing packs", injectedConfigMacro, {
+    injectedMlQueries: true,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+}, {
+    originalUserInput: {
+        packs: { javascript: ["codeql/something-else"] },
+    },
+}, {
+    packs: {
+        javascript: [
+            "codeql/something-else",
+            "codeql/javascript-experimental-atm-queries@~0.3.0",
+        ],
+    },
+});
+(0, ava_1.default)("injected ML queries with existing packs of different language", injectedConfigMacro, {
+    injectedMlQueries: true,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+}, {
+    originalUserInput: {
+        packs: { cpp: ["codeql/something-else"] },
+    },
+}, {
+    packs: {
+        cpp: ["codeql/something-else"],
+        javascript: ["codeql/javascript-experimental-atm-queries@~0.3.0"],
+    },
+});
+(0, ava_1.default)("injected packs from input", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    packsInput: ["xxx", "yyy"],
+}, {}, {
+    packs: ["xxx", "yyy"],
+});
+(0, ava_1.default)("injected packs from input with existing packs combines", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: true,
+    packsInput: ["xxx", "yyy"],
+}, {
+    originalUserInput: {
+        packs: {
+            cpp: ["codeql/something-else"],
+        },
+    },
+}, {
+    packs: {
+        cpp: ["codeql/something-else", "xxx", "yyy"],
+    },
+});
+(0, ava_1.default)("injected packs from input with existing packs overrides", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    packsInput: ["xxx", "yyy"],
+}, {
+    originalUserInput: {
+        packs: {
+            cpp: ["codeql/something-else"],
+        },
+    },
+}, {
+    packs: ["xxx", "yyy"],
+});
+(0, ava_1.default)("injected packs from input with existing packs overrides and ML model inject", injectedConfigMacro, {
+    injectedMlQueries: true,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    packsInput: ["xxx", "yyy"],
+}, {
+    originalUserInput: {
+        packs: {
+            cpp: ["codeql/something-else"],
+        },
+    },
+}, {
+    packs: ["xxx", "yyy", "codeql/javascript-experimental-atm-queries@~0.3.0"],
+});
+// similar, but with queries
+(0, ava_1.default)("injected queries from input", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
+}, {}, {
+    queries: [
+        {
+            uses: "xxx",
+        },
+        {
+            uses: "yyy",
+        },
+    ],
+});
+(0, ava_1.default)("injected queries from input overrides", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
+}, {
+    originalUserInput: {
+        queries: [{ uses: "zzz" }],
+    },
+}, {
+    queries: [
+        {
+            uses: "xxx",
+        },
+        {
+            uses: "yyy",
+        },
+    ],
+});
+(0, ava_1.default)("injected queries from input combines", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: false,
+    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
+}, {
+    originalUserInput: {
+        queries: [{ uses: "zzz" }],
+    },
+}, {
+    queries: [
+        {
+            uses: "zzz",
+        },
+        {
+            uses: "xxx",
+        },
+        {
+            uses: "yyy",
+        },
+    ],
+});
+(0, ava_1.default)("injected queries from input combines 2", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: true,
+    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
+}, {}, {
+    queries: [
+        {
+            uses: "xxx",
+        },
+        {
+            uses: "yyy",
+        },
+    ],
+});
+(0, ava_1.default)("injected queries and packs, but empty", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: true,
+    queriesInput: [],
+    packsInput: [],
+}, {
+    originalUserInput: {
+        packs: [],
+        queries: [],
+    },
+}, {});
+(0, ava_1.default)("does not use injected config", async (t) => {
+    const origCODEQL_PASS_CONFIG_TO_CLI = process.env.CODEQL_PASS_CONFIG_TO_CLI;
+    process.env["CODEQL_PASS_CONFIG_TO_CLI"] = "false";
+    try {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon
+            .stub(codeqlObject, "getVersion")
+            .resolves(codeql.CODEQL_VERSION_CONFIG_FILES);
+        await codeqlObject.databaseInitCluster(stubConfig, "", undefined, undefined, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should have used an config file
+        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
+        t.falsy(configArg, "Should NOT have injected a codescanning config");
+    }
+    finally {
+        process.env["CODEQL_PASS_CONFIG_TO_CLI"] = origCODEQL_PASS_CONFIG_TO_CLI;
+    }
+});
 function stubToolRunnerConstructor() {
     const runnerObjectStub = sinon.createStubInstance(toolrunner.ToolRunner);
     runnerObjectStub.exec.resolves(0);
@@ -291,4 +591,5 @@ function stubToolRunnerConstructor() {
     runnerConstructorStub.returns(runnerObjectStub);
     return runnerConstructorStub;
 }
+exports.stubToolRunnerConstructor = stubToolRunnerConstructor;
 //# sourceMappingURL=codeql.test.js.map

lib/config-utils.js

@@ -19,9 +19,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
+exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+// We need to import `performance` on Node 12
+const perf_hooks_1 = require("perf_hooks");
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
@@ -29,6 +31,7 @@ const codeql_1 = require("./codeql");
 const externalQueries = __importStar(require("./external-queries"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
+const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 // Property names from the user-supplied config file.
 const NAME_PROPERTY = "name";
@@ -38,6 +41,17 @@ const QUERIES_USES_PROPERTY = "uses";
 const PATHS_IGNORE_PROPERTY = "paths-ignore";
 const PATHS_PROPERTY = "paths";
 const PACKS_PROPERTY = "packs";
+/**
+ * The default, empty augmentation properties. This is most useeful
+ * for tests.
+ */
+exports.defaultAugmentationProperties = {
+    queriesInputCombines: false,
+    packsInputCombines: false,
+    injectedMlQueries: false,
+    packsInput: undefined,
+    queriesInput: undefined,
+};
 /**
  * A list of queries from https://github.com/github/codeql that
  * we don't want to run. Disabling them here is a quicker alternative to
@@ -150,9 +164,7 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
     return injectedMlQueries;
 }
 function isMlPoweredJsQueriesPack(pack) {
-    return (pack === util_1.ML_POWERED_JS_QUERIES_PACK_NAME ||
-        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
-        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}:`));
+    return parsePacksSpecification(pack).name === util_1.ML_POWERED_JS_QUERIES_PACK_NAME;
 }
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
@@ -293,6 +305,10 @@ function getQueriesInvalid(configFile) {
     return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, "must be an array");
 }
 exports.getQueriesInvalid = getQueriesInvalid;
+function getQueriesMissingUses(configFile) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, "must be an array, with each entry having a 'uses' property");
+}
+exports.getQueriesMissingUses = getQueriesMissingUses;
 function getQueryUsesInvalid(configFile, queryUses) {
     return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `must be a built-in suite (${builtinSuites.join(" or ")}), a relative path, or be of the form "owner/repo[/path]@ref"${queryUses !== undefined ? `\n Found: ${queryUses}` : ""}`);
 }
@@ -306,9 +322,8 @@ function getPathsInvalid(configFile) {
 }
 exports.getPathsInvalid = getPathsInvalid;
 function getPacksRequireLanguage(lang, configFile) {
-    return getConfigFilePropertyError(configFile, PACKS_PROPERTY, `has "${lang}", but it is not one of the languages to analyze`);
+    return getConfigFilePropertyError(configFile, PACKS_PROPERTY, `has "${lang}", but it is not a valid language.`);
 }
-exports.getPacksRequireLanguage = getPacksRequireLanguage;
 function getPacksInvalidSplit(configFile) {
     return getConfigFilePropertyError(configFile, PACKS_PROPERTY, "must split packages by language");
 }
@@ -463,8 +478,7 @@ function shouldAddConfigFileQueries(queriesInput) {
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
-    var _a;
+async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
     const languages = await getLanguages(codeQL, languagesInput, repository, apiDetails, logger);
     const queries = {};
     for (const language of languages) {
@@ -474,11 +488,17 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
         };
     }
     await addDefaultQueries(codeQL, languages, queries);
-    const packs = (_a = parsePacksFromInput(packsInput, languages)) !== null && _a !== void 0 ? _a : {};
-    let injectedMlQueries = false;
-    if (queriesInput) {
-        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const packs = augmentationProperties.packsInput
+        ? {
+            [languages[0]]: augmentationProperties.packsInput,
+        }
+        : {};
+    if (rawQueriesInput) {
+        augmentationProperties.injectedMlQueries =
+            await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
+    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
     return {
         languages,
         queries,
@@ -487,21 +507,32 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
         packs,
         originalUserInput: {},
         tempDir,
-        toolCacheDir,
         codeQLCmd: codeQL.getPath(),
         gitHubVersion,
         dbLocation: dbLocationOrDefault(dbLocation, tempDir),
         debugMode,
         debugArtifactName,
         debugDatabaseName,
-        injectedMlQueries,
+        augmentationProperties,
+        trapCaches,
+        trapCacheDownloadTime,
     };
 }
 exports.getDefaultConfig = getDefaultConfig;
+async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger) {
+    let trapCaches = {};
+    let trapCacheDownloadTime = 0;
+    if (trapCachingEnabled) {
+        const start = perf_hooks_1.performance.now();
+        trapCaches = await (0, trap_caching_1.downloadTrapCaches)(codeQL, languages, logger);
+        trapCacheDownloadTime = perf_hooks_1.performance.now() - start;
+    }
+    return { trapCaches, trapCacheDownloadTime };
+}
 /**
  * Load the config from the given file.
  */
-async function loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
+async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
     var _a;
     let parsedYAML;
     if (isLocal(configFile)) {
@@ -542,25 +573,25 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
     if (!disableDefaultQueries) {
         await addDefaultQueries(codeQL, languages, queries);
     }
-    const packs = parsePacks((_a = parsedYAML[PACKS_PROPERTY]) !== null && _a !== void 0 ? _a : {}, packsInput, languages, configFile);
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const packs = parsePacks((_a = parsedYAML[PACKS_PROPERTY]) !== null && _a !== void 0 ? _a : {}, rawPacksInput, augmentationProperties.packsInputCombines, languages, configFile, logger);
     // If queries were provided using `with` in the action configuration,
     // they should take precedence over the queries in the config file
     // unless they're prefixed with "+", in which case they supplement those
     // in the config file.
-    let injectedMlQueries = false;
-    if (queriesInput) {
-        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+    if (rawQueriesInput) {
+        augmentationProperties.injectedMlQueries =
+            await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
-    if (shouldAddConfigFileQueries(queriesInput) &&
+    if (shouldAddConfigFileQueries(rawQueriesInput) &&
         QUERIES_PROPERTY in parsedYAML) {
         const queriesArr = parsedYAML[QUERIES_PROPERTY];
         if (!Array.isArray(queriesArr)) {
             throw new Error(getQueriesInvalid(configFile));
         }
         for (const query of queriesArr) {
-            if (!(QUERIES_USES_PROPERTY in query) ||
-                typeof query[QUERIES_USES_PROPERTY] !== "string") {
-                throw new Error(getQueryUsesInvalid(configFile));
+            if (typeof query[QUERIES_USES_PROPERTY] !== "string") {
+                throw new Error(getQueriesMissingUses(configFile));
             }
             await parseQueryUses(languages, codeQL, queries, packs, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, featureFlags, logger, configFile);
         }
@@ -587,6 +618,7 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
             paths.push(validateAndSanitisePath(includePath, PATHS_PROPERTY, configFile, logger));
         }
     }
+    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
     return {
         languages,
         queries,
@@ -595,16 +627,62 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
         packs,
         originalUserInput: parsedYAML,
         tempDir,
-        toolCacheDir,
         codeQLCmd: codeQL.getPath(),
         gitHubVersion,
         dbLocation: dbLocationOrDefault(dbLocation, tempDir),
         debugMode,
         debugArtifactName,
         debugDatabaseName,
-        injectedMlQueries,
+        augmentationProperties,
+        trapCaches,
+        trapCacheDownloadTime,
     };
 }
+/**
+ * Calculates how the codeql config file needs to be augmented before passing
+ * it to the CLI. The reason this is necessary is the codeql-action can be called
+ * with extra inputs from the workflow. These inputs are not part of the config
+ * and the CLI does not know about these inputs so we need to inject them into
+ * the config file sent to the CLI.
+ *
+ * @param rawPacksInput The packs input from the action configuration.
+ * @param rawQueriesInput The queries input from the action configuration.
+ * @param languages The languages that the config file is for. If the packs input
+ *    is non-empty, then there must be exactly one language. Otherwise, an
+ *    error is thrown.
+ *
+ * @returns The properties that need to be augmented in the config file.
+ *
+ * @throws An error if the packs input is non-empty and the languages input does
+ *     not have exactly one language.
+ */
+// exported for testing.
+function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
+    const packsInputCombines = shouldCombine(rawPacksInput);
+    const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
+    const queriesInputCombines = shouldCombine(rawQueriesInput);
+    const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
+    return {
+        injectedMlQueries: false,
+        packsInputCombines,
+        packsInput: packsInput === null || packsInput === void 0 ? void 0 : packsInput[languages[0]],
+        queriesInput,
+        queriesInputCombines,
+    };
+}
+exports.calculateAugmentation = calculateAugmentation;
+function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
+    if (!rawQueriesInput) {
+        return undefined;
+    }
+    const trimmedInput = queriesInputCombines
+        ? rawQueriesInput.trim().slice(1).trim()
+        : rawQueriesInput === null || rawQueriesInput === void 0 ? void 0 : rawQueriesInput.trim();
+    if (queriesInputCombines && trimmedInput.length === 0) {
+        throw new Error(getConfigFilePropertyError(undefined, "queries", "A '+' was used in the 'queries' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
+    }
+    return trimmedInput.split(",").map((query) => ({ uses: query.trim() }));
+}
 /**
  * Pack names must be in the form of `scope/name`, with only alpha-numeric characters,
  * and `-` allowed as long as not the first or last char.
@@ -616,7 +694,7 @@ const PACK_IDENTIFIER_PATTERN = (function () {
     return new RegExp(`^${component}/${component}$`);
 })();
 // Exported for testing
-function parsePacksFromConfig(packsByLanguage, languages, configFile) {
+function parsePacksFromConfig(packsByLanguage, languages, configFile, logger) {
     const packs = {};
     if (Array.isArray(packsByLanguage)) {
         if (languages.length === 1) {
@@ -636,18 +714,23 @@ function parsePacksFromConfig(packsByLanguage, languages, configFile) {
             throw new Error(getPacksInvalid(configFile));
         }
         if (!languages.includes(lang)) {
-            throw new Error(getPacksRequireLanguage(lang, configFile));
-        }
-        packs[lang] = [];
-        for (const packStr of packsArr) {
-            packs[lang].push(validatePacksSpecification(packStr, configFile));
+            // This particular language is not being analyzed in this run.
+            if (languages_1.Language[lang]) {
+                logger.info(`Ignoring packs for ${lang} since this language is not being analyzed in this run.`);
+                continue;
+            }
+            else {
+                // This language is invalid, probably a misspelling
+                throw new Error(getPacksRequireLanguage(configFile, lang));
+            }
         }
+        packs[lang] = packsArr.map((packStr) => validatePackSpecification(packStr, configFile));
     }
     return packs;
 }
 exports.parsePacksFromConfig = parsePacksFromConfig;
-function parsePacksFromInput(packsInput, languages) {
-    if (!(packsInput === null || packsInput === void 0 ? void 0 : packsInput.trim())) {
+function parsePacksFromInput(rawPacksInput, languages, packsInputCombines) {
+    if (!(rawPacksInput === null || rawPacksInput === void 0 ? void 0 : rawPacksInput.trim())) {
         return undefined;
     }
     if (languages.length > 1) {
@@ -656,16 +739,16 @@ function parsePacksFromInput(packsInput, languages) {
     else if (languages.length === 0) {
         throw new Error("No languages specified. Cannot process the packs input.");
     }
-    packsInput = packsInput.trim();
-    if (packsInput.startsWith("+")) {
-        packsInput = packsInput.substring(1).trim();
-        if (!packsInput) {
-            throw new Error("A '+' was used in the 'packs' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs.");
+    rawPacksInput = rawPacksInput.trim();
+    if (packsInputCombines) {
+        rawPacksInput = rawPacksInput.trim().substring(1).trim();
+        if (!rawPacksInput) {
+            throw new Error(getConfigFilePropertyError(undefined, "packs", "A '+' was used in the 'packs' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
         }
     }
     return {
-        [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-            packs.push(validatePacksSpecification(pack, ""));
+        [languages[0]]: rawPacksInput.split(",").reduce((packs, pack) => {
+            packs.push(validatePackSpecification(pack, ""));
             return packs;
         }, []),
     };
@@ -688,7 +771,7 @@ function parsePacksFromInput(packsInput, languages) {
  * @param packStr the package specification to verify.
  * @param configFile Config file to use for error reporting
  */
-function validatePacksSpecification(packStr, configFile) {
+function parsePacksSpecification(packStr, configFile) {
     if (typeof packStr !== "string") {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
@@ -723,31 +806,61 @@ function validatePacksSpecification(packStr, configFile) {
         }
     }
     if (packPath &&
-        (path.isAbsolute(packPath) || path.normalize(packPath) !== packPath)) {
+        (path.isAbsolute(packPath) ||
+            // Permit using "/" instead of "\" on Windows
+            // Use `x.split(y).join(z)` as a polyfill for `x.replaceAll(y, z)` since
+            // if we used a regex we'd need to escape the path separator on Windows
+            // which seems more awkward.
+            path.normalize(packPath).split(path.sep).join("/") !==
+                packPath.split(path.sep).join("/"))) {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
     if (!packPath && pathStart) {
         // 0 length path
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    return (packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : ""));
+    return {
+        name: packName,
+        version,
+        path: packPath,
+    };
 }
-exports.validatePacksSpecification = validatePacksSpecification;
+exports.parsePacksSpecification = parsePacksSpecification;
+function prettyPrintPack(pack) {
+    return `${pack.name}${pack.version ? `@${pack.version}` : ""}${pack.path ? `:${pack.path}` : ""}`;
+}
+exports.prettyPrintPack = prettyPrintPack;
+function validatePackSpecification(pack, configFile) {
+    return prettyPrintPack(parsePacksSpecification(pack, configFile));
+}
+exports.validatePackSpecification = validatePackSpecification;
 // exported for testing
-function parsePacks(rawPacksFromConfig, rawPacksInput, languages, configFile) {
-    const packsFromInput = parsePacksFromInput(rawPacksInput, languages);
-    const packsFomConfig = parsePacksFromConfig(rawPacksFromConfig, languages, configFile);
+function parsePacks(rawPacksFromConfig, rawPacksFromInput, packsInputCombines, languages, configFile, logger) {
+    const packsFomConfig = parsePacksFromConfig(rawPacksFromConfig, languages, configFile, logger);
+    const packsFromInput = parsePacksFromInput(rawPacksFromInput, languages, packsInputCombines);
     if (!packsFromInput) {
         return packsFomConfig;
     }
-    if (!shouldCombinePacks(rawPacksInput)) {
+    if (!packsInputCombines) {
+        if (!packsFromInput) {
+            throw new Error(getPacksInvalid(configFile));
+        }
         return packsFromInput;
     }
     return combinePacks(packsFromInput, packsFomConfig);
 }
 exports.parsePacks = parsePacks;
-function shouldCombinePacks(packsInput) {
-    return !!(packsInput === null || packsInput === void 0 ? void 0 : packsInput.trim().startsWith("+"));
+/**
+ * The convention in this action is that an input value that is prefixed with a '+' will
+ * be combined with the corresponding value in the config file.
+ *
+ * Without a '+', an input value will override the corresponding value in the config file.
+ *
+ * @param inputValue The input value to process.
+ * @returns true if the input value should replace the corresponding value in the config file, false if it should be appended.
+ */
+function shouldCombine(inputValue) {
+    return !!(inputValue === null || inputValue === void 0 ? void 0 : inputValue.trim().startsWith("+"));
 }
 function combinePacks(packs1, packs2) {
     const packs = {};
@@ -770,16 +883,16 @@ function dbLocationOrDefault(dbLocation, tempDir) {
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-async function initConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
+async function initConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger) {
     var _a, _b, _c;
     let config;
     // If no config file was provided create an empty one
     if (!configFile) {
         logger.debug("No configuration file was provided");
-        config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger);
+        config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger);
     }
     else {
-        config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, toolCacheDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger);
+        config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureFlags, logger);
     }
     // The list of queries should not be empty for any language. If it is then
     // it is a user configuration error.

lib/config-utils.test.js

@@ -40,6 +40,7 @@ const sampleApiDetails = {
     auth: "token",
     externalRepoAuth: "token",
     url: "https://github.example.com",
+    apiURL: undefined,
 };
 const gitHubVersion = { type: util.GitHubVariant.DOTCOM };
 // Returns the filepath of the newly-created file
@@ -88,8 +89,8 @@ function mockListLanguages(languages) {
                 };
             },
         });
-        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger);
-        t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger));
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger);
+        t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger));
     });
 });
 (0, ava_1.default)("loading config saves config", async (t) => {
@@ -111,21 +112,23 @@ function mockListLanguages(languages) {
         t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // Sanity check that getConfig returns undefined before we have called initConfig
         t.deepEqual(await configUtils.getConfig(tmpDir, logger), undefined);
-        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger);
+        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), logger);
         // The saved config file should now exist
         t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // And that same newly-initialised config should now be returned by getConfig
         const config2 = await configUtils.getConfig(tmpDir, logger);
         t.not(config2, undefined);
         if (config2 !== undefined) {
-            t.deepEqual(config1, config2);
+            // removes properties assigned to undefined.
+            const expectedConfig = JSON.parse(JSON.stringify(config1));
+            t.deepEqual(expectedConfig, config2);
         }
     });
 });
 (0, ava_1.default)("load input outside of workspace", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, "../input", undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, "../input", undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -138,7 +141,7 @@ function mockListLanguages(languages) {
         // no filename given, just a repo
         const configFile = "octo-org/codeql-config@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -152,7 +155,7 @@ function mockListLanguages(languages) {
         const configFile = "input";
         t.false(fs.existsSync(path.join(tmpDir, configFile)));
         try {
-            await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -212,7 +215,6 @@ function mockListLanguages(languages) {
                 paths: ["c/d"],
             },
             tempDir: tmpDir,
-            toolCacheDir: tmpDir,
             codeQLCmd: codeQL.getPath(),
             gitHubVersion,
             dbLocation: path.resolve(tmpDir, "codeql_databases"),
@@ -220,11 +222,13 @@ function mockListLanguages(languages) {
             debugMode: false,
             debugArtifactName: "my-artifact",
             debugDatabaseName: "my-db",
-            injectedMlQueries: false,
+            augmentationProperties: configUtils.defaultAugmentationProperties,
+            trapCaches: {},
+            trapCacheDownloadTime: 0,
         };
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, "my-artifact", "my-db", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, false, "my-artifact", "my-db", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Should exactly equal the object we constructed earlier
         t.deepEqual(actualConfig, expectedConfig);
     });
@@ -260,7 +264,7 @@ function mockListLanguages(languages) {
         fs.mkdirSync(path.join(tmpDir, "foo"));
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolve queries was called correctly
         t.deepEqual(resolveQueriesArgs.length, 1);
         t.deepEqual(resolveQueriesArgs[0].queries, [
@@ -303,18 +307,18 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries
         // and once for `./foo` from the config file.
         t.deepEqual(resolveQueriesArgs.length, 2);
         t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
-        t.regex(resolveQueriesArgs[1].queries[0], /.*\/foo$/);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}foo`));
         // Now check that the end result contains the default queries and the query from config
         t.deepEqual(config.queries["javascript"].builtin.length, 1);
         t.deepEqual(config.queries["javascript"].custom.length, 1);
-        t.regex(config.queries["javascript"].builtin[0], /javascript-code-scanning.qls$/);
-        t.regex(config.queries["javascript"].custom[0].queries[0], /.*\/foo$/);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}foo`));
     });
 });
 (0, ava_1.default)("Queries from config file can be overridden in workflow file", async (t) => {
@@ -336,18 +340,18 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries and once for `./override`,
         // but won't be called for './foo' from the config file.
         t.deepEqual(resolveQueriesArgs.length, 2);
         t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
-        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override$/);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}override`));
         // Now check that the end result contains only the default queries and the override query
         t.deepEqual(config.queries["javascript"].builtin.length, 1);
         t.deepEqual(config.queries["javascript"].custom.length, 1);
-        t.regex(config.queries["javascript"].builtin[0], /javascript-code-scanning.qls$/);
-        t.regex(config.queries["javascript"].custom[0].queries[0], /.*\/override$/);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}override`));
     });
 });
 (0, ava_1.default)("Queries in workflow file can be used in tandem with the 'disable default queries' option", async (t) => {
@@ -368,17 +372,17 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for `./workflow-query`,
         // but won't be called for the default one since that was disabled
         t.deepEqual(resolveQueriesArgs.length, 1);
         t.deepEqual(resolveQueriesArgs[0].queries.length, 1);
-        t.regex(resolveQueriesArgs[0].queries[0], /.*\/workflow-query$/);
+        t.true(resolveQueriesArgs[0].queries[0].endsWith(`${path.sep}workflow-query`));
         // Now check that the end result contains only the workflow query, and not the default one
         t.deepEqual(config.queries["javascript"].builtin.length, 0);
         t.deepEqual(config.queries["javascript"].custom.length, 1);
-        t.regex(config.queries["javascript"].custom[0].queries[0], /.*\/workflow-query$/);
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}workflow-query`));
     });
 });
 (0, ava_1.default)("Multiple queries can be specified in workflow file, no config file required", async (t) => {
@@ -394,21 +398,21 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly:
         // It'll be called once for the default queries,
         // and then once for each of the two queries from the workflow
         t.deepEqual(resolveQueriesArgs.length, 3);
         t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
         t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
-        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override1$/);
-        t.regex(resolveQueriesArgs[2].queries[0], /.*\/override2$/);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}override1`));
+        t.true(resolveQueriesArgs[2].queries[0].endsWith(`${path.sep}override2`));
         // Now check that the end result contains both the queries from the workflow, as well as the defaults
         t.deepEqual(config.queries["javascript"].builtin.length, 1);
         t.deepEqual(config.queries["javascript"].custom.length, 2);
-        t.regex(config.queries["javascript"].builtin[0], /javascript-code-scanning.qls$/);
-        t.regex(config.queries["javascript"].custom[0].queries[0], /.*\/override1$/);
-        t.regex(config.queries["javascript"].custom[1].queries[0], /.*\/override2$/);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}override1`));
+        t.true(config.queries["javascript"].custom[1].queries[0].endsWith(`${path.sep}override2`));
     });
 });
 (0, ava_1.default)("Queries in workflow file can be added to the set of queries without overriding config file", async (t) => {
@@ -433,25 +437,25 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         // Check resolveQueries was called correctly
         // It'll be called once for the default queries,
         // once for each of additional1 and additional2,
         // and once for './foo' from the config file
         t.deepEqual(resolveQueriesArgs.length, 4);
         t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
-        t.regex(resolveQueriesArgs[1].queries[0], /.*\/additional1$/);
+        t.true(resolveQueriesArgs[1].queries[0].endsWith(`${path.sep}additional1`));
         t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
-        t.regex(resolveQueriesArgs[2].queries[0], /.*\/additional2$/);
+        t.true(resolveQueriesArgs[2].queries[0].endsWith(`${path.sep}additional2`));
         t.deepEqual(resolveQueriesArgs[3].queries.length, 1);
-        t.regex(resolveQueriesArgs[3].queries[0], /.*\/foo$/);
+        t.true(resolveQueriesArgs[3].queries[0].endsWith(`${path.sep}foo`));
         // Now check that the end result contains all the queries
         t.deepEqual(config.queries["javascript"].builtin.length, 1);
         t.deepEqual(config.queries["javascript"].custom.length, 3);
-        t.regex(config.queries["javascript"].builtin[0], /javascript-code-scanning.qls$/);
-        t.regex(config.queries["javascript"].custom[0].queries[0], /.*\/additional1$/);
-        t.regex(config.queries["javascript"].custom[1].queries[0], /.*\/additional2$/);
-        t.regex(config.queries["javascript"].custom[2].queries[0], /.*\/foo$/);
+        t.true(config.queries["javascript"].builtin[0].endsWith("javascript-code-scanning.qls"));
+        t.true(config.queries["javascript"].custom[0].queries[0].endsWith(`${path.sep}additional1`));
+        t.true(config.queries["javascript"].custom[1].queries[0].endsWith(`${path.sep}additional2`));
+        t.true(config.queries["javascript"].custom[2].queries[0].endsWith(`${path.sep}foo`));
     });
 });
 (0, ava_1.default)("Invalid queries in workflow file handled correctly", async (t) => {
@@ -472,7 +476,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         try {
-            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             t.fail("initConfig did not throw error");
         }
         catch (err) {
@@ -515,7 +519,7 @@ function queriesToResolvedQueryForm(queries) {
         fs.mkdirSync(path.join(tmpDir, "foo/bar/dev"), { recursive: true });
         const configFile = "octo-org/codeql-config/config.yaml@main";
         const languages = "javascript";
-        await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.assert(spyGetContents.called);
     });
 });
@@ -525,7 +529,7 @@ function queriesToResolvedQueryForm(queries) {
         mockGetContents(dummyResponse);
         const repoReference = "octo-org/codeql-config/config.yaml@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, repoReference, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -541,7 +545,7 @@ function queriesToResolvedQueryForm(queries) {
         mockGetContents(dummyResponse);
         const repoReference = "octo-org/codeql-config/config.yaml@main";
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, repoReference, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -558,7 +562,7 @@ function queriesToResolvedQueryForm(queries) {
             },
         });
         try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -570,7 +574,7 @@ function queriesToResolvedQueryForm(queries) {
     return await util.withTmpDir(async (tmpDir) => {
         const languages = "rubbish,english";
         try {
-            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
             throw new Error("initConfig did not throw error");
         }
         catch (err) {
@@ -598,7 +602,7 @@ function queriesToResolvedQueryForm(queries) {
         const configFile = path.join(tmpDir, "codeql-config.yaml");
         fs.writeFileSync(configFile, inputFileContents);
         const languages = "javascript";
-        const { packs } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
             [languages_1.Language.javascript]: ["a/b@1.2.3"],
         });
@@ -632,7 +636,7 @@ function queriesToResolvedQueryForm(queries) {
         fs.writeFileSync(configFile, inputFileContents);
         fs.mkdirSync(path.join(tmpDir, "foo"));
         const languages = "javascript,python,cpp";
-        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example" }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
             [languages_1.Language.javascript]: ["a/b@1.2.3"],
             [languages_1.Language.python]: ["c/d@1.2.3"],
@@ -675,7 +679,7 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
             const inputFile = path.join(tmpDir, configFile);
             fs.writeFileSync(inputFile, inputFileContents, "utf8");
             try {
-                await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
+                await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
                 throw new Error("initConfig did not throw error");
             }
             catch (err) {
@@ -694,7 +698,7 @@ doInvalidInputTest("paths invalid type", `paths: 17`, configUtils.getPathsInvali
 doInvalidInputTest("queries uses invalid type", `
   queries:
   - uses:
-      - hello: world`, configUtils.getQueryUsesInvalid);
+      - hello: world`, configUtils.getQueriesMissingUses);
 function doInvalidQueryUsesTest(input, expectedErrorMessageGenerator) {
     // Invalid contents of a "queries.uses" field.
     // Should fail with the expected error message
@@ -749,14 +753,14 @@ const invalidPaths = ["a/***/b", "a/**b", "a/b**", "**"];
  * Test macro for ensuring the packs block is valid
  */
 const parsePacksMacro = ava_1.default.macro({
-    exec: (t, packsByLanguage, languages, expected) => t.deepEqual(configUtils.parsePacksFromConfig(packsByLanguage, languages, "/a/b"), expected),
+    exec: (t, packsByLanguage, languages, expected) => t.deepEqual(configUtils.parsePacksFromConfig(packsByLanguage, languages, "/a/b", mockLogger), expected),
     title: (providedTitle = "") => `Parse Packs: ${providedTitle}`,
 });
 /**
  * Test macro for testing when the packs block is invalid
  */
 const parsePacksErrorMacro = ava_1.default.macro({
-    exec: (t, packsByLanguage, languages, expected) => t.throws(() => configUtils.parsePacksFromConfig(packsByLanguage, languages, "/a/b"), {
+    exec: (t, packsByLanguage, languages, expected) => t.throws(() => configUtils.parsePacksFromConfig(packsByLanguage, languages, "/a/b", {}), {
         message: expected,
     }),
     title: (providedTitle = "") => `Parse Packs Error: ${providedTitle}`,
@@ -782,6 +786,12 @@ const invalidPackNameMacro = ava_1.default.macro({
     [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
     [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
 });
+(0, ava_1.default)("two packs with unused language in config", parsePacksMacro, {
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
+    [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
+}, [languages_1.Language.cpp, languages_1.Language.csharp], {
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
+});
 (0, ava_1.default)("packs with other valid names", parsePacksMacro, [
     // ranges are ok
     "c/d@1.0",
@@ -814,7 +824,6 @@ const invalidPackNameMacro = ava_1.default.macro({
     ],
 });
 (0, ava_1.default)("no language", parsePacksErrorMacro, ["a/b@1.2.3"], [languages_1.Language.java, languages_1.Language.python], /The configuration file "\/a\/b" is invalid: property "packs" must split packages by language/);
-(0, ava_1.default)("invalid language", parsePacksErrorMacro, { [languages_1.Language.java]: ["c/d"] }, [languages_1.Language.cpp], /The configuration file "\/a\/b" is invalid: property "packs" has "java", but it is not one of the languages to analyze/);
 (0, ava_1.default)("not an array", parsePacksErrorMacro, { [languages_1.Language.cpp]: "c/d" }, [languages_1.Language.cpp], /The configuration file "\/a\/b" is invalid: property "packs" must be an array of non-empty strings/);
 (0, ava_1.default)(invalidPackNameMacro, "c"); // all packs require at least a scope and a name
 (0, ava_1.default)(invalidPackNameMacro, "c-/d");
@@ -828,16 +837,62 @@ const invalidPackNameMacro = ava_1.default.macro({
 (0, ava_1.default)(invalidPackNameMacro, "c/d@../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d@b/../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d:z@1");
+/**
+ * Test macro for pretty printing pack specs
+ */
+const packSpecPrettyPrintingMacro = ava_1.default.macro({
+    exec: (t, packStr, packObj) => {
+        const parsed = configUtils.parsePacksSpecification(packStr);
+        t.deepEqual(parsed, packObj, "parsed pack spec is correct");
+        const stringified = configUtils.prettyPrintPack(packObj);
+        t.deepEqual(stringified, packStr.trim(), "pretty-printed pack spec is correct");
+        t.deepEqual(configUtils.validatePackSpecification(packStr), packStr.trim(), "pack spec is valid");
+    },
+    title: (_providedTitle, packStr, 
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    _packObj) => `Prettyprint pack spec: '${packStr}'`,
+});
+(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b", {
+    name: "a/b",
+    version: undefined,
+    path: undefined,
+});
+(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b@~1.2.3", {
+    name: "a/b",
+    version: "~1.2.3",
+    path: undefined,
+});
+(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b@~1.2.3:abc/def", {
+    name: "a/b",
+    version: "~1.2.3",
+    path: "abc/def",
+});
+(0, ava_1.default)(packSpecPrettyPrintingMacro, "a/b:abc/def", {
+    name: "a/b",
+    version: undefined,
+    path: "abc/def",
+});
+(0, ava_1.default)(packSpecPrettyPrintingMacro, "    a/b:abc/def    ", {
+    name: "a/b",
+    version: undefined,
+    path: "abc/def",
+});
 /**
  * Test macro for testing the packs block and the packs input
  */
 function parseInputAndConfigMacro(t, packsFromConfig, packsFromInput, languages, expected) {
-    t.deepEqual(configUtils.parsePacks(packsFromConfig, packsFromInput, languages, "/a/b"), expected);
+    t.deepEqual(configUtils.parsePacks(packsFromConfig, packsFromInput, !!(packsFromInput === null || packsFromInput === void 0 ? void 0 : packsFromInput.trim().startsWith("+")), // coerce to boolean
+    languages, "/a/b", mockLogger), expected);
 }
 parseInputAndConfigMacro.title = (providedTitle) => `Parse Packs input and config: ${providedTitle}`;
-function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, languages, expected) {
+const mockLogger = {
+    info: (message) => {
+        console.log(message);
+    },
+};
+function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, languages, packsFromInputOverride, expected) {
     t.throws(() => {
-        configUtils.parsePacks(packsFromConfig, packsFromInput, languages, "/a/b");
+        configUtils.parsePacks(packsFromConfig, packsFromInput, packsFromInputOverride, languages, "/a/b", mockLogger);
     }, {
         message: expected,
     });
@@ -861,10 +916,10 @@ parseInputAndConfigErrorMacro.title = (providedTitle) => `Parse Packs input and
 (0, ava_1.default)("input and config", parseInputAndConfigMacro, ["a/b", "c/d"], " +e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
     [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3", "a/b", "c/d"],
 });
-(0, ava_1.default)("input with no language", parseInputAndConfigErrorMacro, {}, "c/d", [], /No languages specified/);
-(0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], /multi-language analysis/);
-(0, ava_1.default)("input with + only", parseInputAndConfigErrorMacro, {}, " + ", [languages_1.Language.cpp], /remove the '\+'/);
-(0, ava_1.default)("input with invalid pack name", parseInputAndConfigErrorMacro, {}, " xxx", [languages_1.Language.cpp], /"xxx" is not a valid pack/);
+(0, ava_1.default)("input with no language", parseInputAndConfigErrorMacro, {}, "c/d", [], false, /No languages specified/);
+(0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], false, /multi-language analysis/);
+(0, ava_1.default)("input with + only", parseInputAndConfigErrorMacro, {}, " + ", [languages_1.Language.cpp], true, /remove the '\+'/);
+(0, ava_1.default)("input with invalid pack name", parseInputAndConfigErrorMacro, {}, " xxx", [languages_1.Language.cpp], false, /"xxx" is not a valid pack/);
 const mlPoweredQueriesMacro = ava_1.default.macro({
     exec: async (t, codeQLVersion, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, expectedVersionString) => {
         return await util.withTmpDir(async (tmpDir) => {
@@ -882,7 +937,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
                     };
                 },
             });
-            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)(isMlPoweredQueriesFlagEnabled
+            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)(isMlPoweredQueriesFlagEnabled
                 ? [feature_flags_1.FeatureFlag.MlPoweredQueriesEnabled]
                 : []), (0, logging_1.getRunnerLogger)(true));
             if (expectedVersionString !== undefined) {
@@ -931,4 +986,57 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 // Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
 // CLI 2.9.3+.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.3", true, undefined, "security-and-quality", "~0.3.0");
+const calculateAugmentationMacro = ava_1.default.macro({
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+        t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
+    },
+    title: (_, title) => `Calculate Augmentation: ${title}`,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    packsInputCombines: false,
+    packsInput: undefined,
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    packsInputCombines: false,
+    packsInput: undefined,
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+    queriesInputCombines: true,
+    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
+    packsInputCombines: false,
+    packsInput: undefined,
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    packsInputCombines: false,
+    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    packsInputCombines: true,
+    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
+    injectedMlQueries: false,
+});
+const calculateAugmentationErrorMacro = ava_1.default.macro({
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
+        t.throws(() => configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages), { message: expectedError });
+    },
+    title: (_, title) => `Calculate Augmentation Error: ${title}`,
+});
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
 //# sourceMappingURL=config-utils.test.js.map

lib/database-upload.test.js

@@ -29,6 +29,7 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const apiClient = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
 const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
@@ -41,6 +42,7 @@ const testRepoName = { owner: "github", repo: "example" };
 const testApiDetails = {
     auth: "1234",
     url: "https://github.com",
+    apiURL: undefined,
 };
 function getTestConfig(tmpDir) {
     return {
@@ -50,7 +52,6 @@ function getTestConfig(tmpDir) {
         paths: [],
         originalUserInput: {},
         tempDir: tmpDir,
-        toolCacheDir: tmpDir,
         codeQLCmd: "foo",
         gitHubVersion: { type: util_1.GitHubVariant.DOTCOM },
         dbLocation: tmpDir,
@@ -58,7 +59,9 @@ function getTestConfig(tmpDir) {
         debugMode: false,
         debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
         debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME,
-        injectedMlQueries: false,
+        augmentationProperties: config_utils_1.defaultAugmentationProperties,
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
     };
 }
 async function mockHttpRequests(databaseUploadStatusCode) {

lib/debug-artifacts.js

@@ -0,0 +1,143 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.uploadDatabaseBundleDebugArtifact = exports.uploadLogsDebugArtifact = exports.uploadSarifDebugArtifact = exports.uploadDebugArtifacts = exports.sanitizeArifactName = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const artifact = __importStar(require("@actions/artifact"));
+const core = __importStar(require("@actions/core"));
+const adm_zip_1 = __importDefault(require("adm-zip"));
+const del_1 = __importDefault(require("del"));
+const actions_util_1 = require("./actions-util");
+const analyze_1 = require("./analyze");
+const codeql_1 = require("./codeql");
+const util_1 = require("./util");
+function sanitizeArifactName(name) {
+    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
+}
+exports.sanitizeArifactName = sanitizeArifactName;
+async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
+    if (toUpload.length === 0) {
+        return;
+    }
+    let suffix = "";
+    const matrix = (0, actions_util_1.getRequiredInput)("matrix");
+    if (matrix) {
+        try {
+            for (const [, matrixVal] of Object.entries(JSON.parse(matrix)).sort())
+                suffix += `-${matrixVal}`;
+        }
+        catch (e) {
+            core.info("Could not parse user-specified `matrix` input into JSON. The debug artifact will not be named with the user's `matrix` input.");
+        }
+    }
+    await artifact.create().uploadArtifact(sanitizeArifactName(`${artifactName}${suffix}`), toUpload.map((file) => path.normalize(file)), path.normalize(rootDir));
+}
+exports.uploadDebugArtifacts = uploadDebugArtifacts;
+async function uploadSarifDebugArtifact(config, outputDir) {
+    if (!(0, util_1.doesDirectoryExist)(outputDir)) {
+        return;
+    }
+    let toUpload = [];
+    for (const lang of config.languages) {
+        const sarifFile = path.resolve(outputDir, `${lang}.sarif`);
+        if (fs.existsSync(sarifFile)) {
+            toUpload = toUpload.concat(sarifFile);
+        }
+    }
+    await uploadDebugArtifacts(toUpload, outputDir, config.debugArtifactName);
+}
+exports.uploadSarifDebugArtifact = uploadSarifDebugArtifact;
+async function uploadLogsDebugArtifact(config) {
+    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    let toUpload = [];
+    for (const language of config.languages) {
+        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
+        const logsDirectory = path.resolve(databaseDirectory, "log");
+        if ((0, util_1.doesDirectoryExist)(logsDirectory)) {
+            toUpload = toUpload.concat((0, util_1.listFolder)(logsDirectory));
+        }
+    }
+    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
+        // Multilanguage tracing: there are additional logs in the root of the cluster
+        const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
+        if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
+            toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
+        }
+    }
+    await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
+    // Before multi-language tracing, we wrote a compound-build-tracer.log in the temp dir
+    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
+        const compoundBuildTracerLogDirectory = path.resolve(config.tempDir, "compound-build-tracer.log");
+        if ((0, util_1.doesDirectoryExist)(compoundBuildTracerLogDirectory)) {
+            await uploadDebugArtifacts([compoundBuildTracerLogDirectory], config.tempDir, config.debugArtifactName);
+        }
+    }
+}
+exports.uploadLogsDebugArtifact = uploadLogsDebugArtifact;
+/**
+ * If a database has not been finalized, we cannot run the `codeql database bundle`
+ * command in the CLI because it will return an error. Instead we directly zip
+ * all files in the database folder and return the path.
+ */
+async function createPartialDatabaseBundle(config, language) {
+    const databasePath = (0, util_1.getCodeQLDatabasePath)(config, language);
+    const databaseBundlePath = path.resolve(config.dbLocation, `${config.debugDatabaseName}-${language}-partial.zip`);
+    core.info(`${config.debugDatabaseName}-${language} is not finalized. Uploading partial database bundle at ${databaseBundlePath}...`);
+    // See `bundleDb` for explanation behind deleting existing db bundle.
+    if (fs.existsSync(databaseBundlePath)) {
+        await (0, del_1.default)(databaseBundlePath, { force: true });
+    }
+    const zip = new adm_zip_1.default();
+    zip.addLocalFolder(databasePath);
+    zip.writeZip(databaseBundlePath);
+    return databaseBundlePath;
+}
+/**
+ * Runs `codeql database bundle` command and returns the path.
+ */
+async function createDatabaseBundleCli(config, language) {
+    // Otherwise run `codeql database bundle` command.
+    const databaseBundlePath = await (0, util_1.bundleDb)(config, language, await (0, codeql_1.getCodeQL)(config.codeQLCmd), `${config.debugDatabaseName}-${language}`);
+    return databaseBundlePath;
+}
+async function uploadDatabaseBundleDebugArtifact(config, logger) {
+    for (const language of config.languages) {
+        try {
+            let databaseBundlePath;
+            if (!(0, analyze_1.dbIsFinalized)(config, language, logger)) {
+                databaseBundlePath = await createPartialDatabaseBundle(config, language);
+            }
+            else {
+                databaseBundlePath = await createDatabaseBundleCli(config, language);
+            }
+            await uploadDebugArtifacts([databaseBundlePath], config.dbLocation, config.debugArtifactName);
+        }
+        catch (error) {
+            core.info(`Failed to upload database debug bundle for ${config.debugDatabaseName}-${language}: ${error}`);
+        }
+    }
+}
+exports.uploadDatabaseBundleDebugArtifact = uploadDatabaseBundleDebugArtifact;
+//# sourceMappingURL=debug-artifacts.js.map

lib/debug-artifacts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAiE;AAIjE,iCAMgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE;gBACnE,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AAzBD,oDAyBC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;QAChE,8EAA8E;QAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;YACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;SAC3E;KACF;IACD,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,sFAAsF;IACtF,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,CAAC,EAAE;QACnE,MAAM,+BAA+B,GAAG,IAAI,CAAC,OAAO,CAClD,MAAM,CAAC,OAAO,EACd,2BAA2B,CAC5B,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,+BAA+B,CAAC,EAAE;YACvD,MAAM,oBAAoB,CACxB,CAAC,+BAA+B,CAAC,EACjC,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;KACF;AACH,CAAC;AA1CD,0DA0CC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAAkB,CAAC;YACvB,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}

lib/debug-artifacts.test.js

@@ -0,0 +1,37 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const debugArtifacts = __importStar(require("./debug-artifacts"));
+(0, ava_1.default)("sanitizeArifactName", (t) => {
+    t.deepEqual(debugArtifacts.sanitizeArifactName("hello-world_"), "hello-world_");
+    t.deepEqual(debugArtifacts.sanitizeArifactName("hello`world`"), "helloworld");
+    t.deepEqual(debugArtifacts.sanitizeArifactName("hello===123"), "hello123");
+    t.deepEqual(debugArtifacts.sanitizeArifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
+});
+(0, ava_1.default)("uploadDebugArtifacts", async (t) => {
+    // Test that no error is thrown if artifacts list is empty.
+    await t.notThrowsAsync(debugArtifacts.uploadDebugArtifacts([], "rootDir", "artifactName"));
+});
+//# sourceMappingURL=debug-artifacts.test.js.map

lib/debug-artifacts.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AAEpD,IAAA,aAAI,EAAC,qBAAqB,EAAE,CAAC,CAAC,EAAE,EAAE;IAChC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAClD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9E,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC3E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,mBAAmB,CAAC,yBAAyB,CAAC,EAC7D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,2DAA2D;IAC3D,MAAM,CAAC,CAAC,cAAc,CACpB,cAAc,CAAC,oBAAoB,CAAC,EAAE,EAAE,SAAS,EAAE,cAAc,CAAC,CACnE,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220615"
+    "bundleVersion": "codeql-bundle-20220811"
 }

lib/external-queries.test.js

@@ -93,14 +93,22 @@ const util = __importStar(require("./util"));
         const commit2Sha = await runGit(["rev-parse", "HEAD"]);
         // Checkout the first commit, which should contain 'a' and 'b'
         t.false(fs.existsSync(path.join(tmpDir, repoName)));
-        await externalQueries.checkoutExternalRepository(repoName, commit1Sha, { url: `file://${testRepoBaseDir}`, externalRepoAuth: "" }, tmpDir, (0, logging_1.getRunnerLogger)(true));
+        await externalQueries.checkoutExternalRepository(repoName, commit1Sha, {
+            url: `file://${testRepoBaseDir}`,
+            externalRepoAuth: "",
+            apiURL: undefined,
+        }, tmpDir, (0, logging_1.getRunnerLogger)(true));
         t.true(fs.existsSync(path.join(tmpDir, repoName)));
         t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha)));
         t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, "a")));
         t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, "b")));
         // Checkout the second commit as well, which should only contain 'a'
         t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
-        await externalQueries.checkoutExternalRepository(repoName, commit2Sha, { url: `file://${testRepoBaseDir}`, externalRepoAuth: "" }, tmpDir, (0, logging_1.getRunnerLogger)(true));
+        await externalQueries.checkoutExternalRepository(repoName, commit2Sha, {
+            url: `file://${testRepoBaseDir}`,
+            externalRepoAuth: "",
+            apiURL: undefined,
+        }, tmpDir, (0, logging_1.getRunnerLogger)(true));
         t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
         t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, "a")));
         t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, "b")));
@@ -110,18 +118,22 @@ const util = __importStar(require("./util"));
     t.deepEqual(externalQueries.buildCheckoutURL("foo/bar", {
         url: "https://github.com",
         externalRepoAuth: undefined,
+        apiURL: undefined,
     }), "https://github.com/foo/bar");
     t.deepEqual(externalQueries.buildCheckoutURL("foo/bar", {
         url: "https://github.example.com/",
         externalRepoAuth: undefined,
+        apiURL: undefined,
     }), "https://github.example.com/foo/bar");
     t.deepEqual(externalQueries.buildCheckoutURL("foo/bar", {
         url: "https://github.com",
         externalRepoAuth: "abc",
+        apiURL: undefined,
     }), "https://x-access-token:abc@github.com/foo/bar");
     t.deepEqual(externalQueries.buildCheckoutURL("foo/bar", {
         url: "https://github.example.com/",
         externalRepoAuth: "abc",
+        apiURL: undefined,
     }), "https://x-access-token:abc@github.example.com/foo/bar");
 });
 //# sourceMappingURL=external-queries.test.js.map

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AACpD,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,OAAO,EACP;oBACE,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CACF,CAAC,IAAI,EAAE,CAAC;aACV;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,EAAE,GAAG,EAAE,UAAU,eAAe,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,EAC1D,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,EAAE,GAAG,EAAE,UAAU,eAAe,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,EAC1D,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC7B,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,SAAS;KAC5B,CAAC,EACF,4BAA4B,CAC7B,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,SAAS;KAC5B,CAAC,EACF,oCAAoC,CACrC,CAAC;IAEF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,KAAK;KACxB,CAAC,EACF,+CAA+C,CAChD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,KAAK;KACxB,CAAC,EACF,uDAAuD,CACxD,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AACpD,8CAAuB;AAEvB,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,EAChC,OAAO,EACP;oBACE,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CACF,CAAC,IAAI,EAAE,CAAC;aACV;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QACnD,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;QAEpD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV;YACE,GAAG,EAAE,UAAU,eAAe,EAAE;YAChC,gBAAgB,EAAE,EAAE;YACpB,MAAM,EAAE,SAAS;SAClB,EACD,MAAM,EACN,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC7B,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,4BAA4B,CAC7B,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,oCAAoC,CACrC,CAAC;IAEF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,oBAAoB;QACzB,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,+CAA+C,CAChD,CAAC;IACF,CAAC,CAAC,SAAS,CACT,eAAe,CAAC,gBAAgB,CAAC,SAAS,EAAE;QAC1C,GAAG,EAAE,6BAA6B;QAClC,gBAAgB,EAAE,KAAK;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC,EACF,uDAAuD,CACxD,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/feature-flags.js

@@ -24,8 +24,10 @@ const api_client_1 = require("./api-client");
 const util = __importStar(require("./util"));
 var FeatureFlag;
 (function (FeatureFlag) {
-    FeatureFlag["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
+    FeatureFlag["BypassToolcacheEnabled"] = "bypass_toolcache_enabled";
     FeatureFlag["LuaTracerConfigEnabled"] = "lua_tracer_config_enabled";
+    FeatureFlag["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
+    FeatureFlag["TrapCachingEnabled"] = "trap_caching_enabled";
 })(FeatureFlag = exports.FeatureFlag || (exports.FeatureFlag = {}));
 class GitHubFeatureFlags {
     constructor(gitHubVersion, apiDetails, repositoryNwo, logger) {
@@ -35,12 +37,21 @@ class GitHubFeatureFlags {
         this.logger = logger;
     }
     async getValue(flag) {
-        const response = (await this.getApiResponse())[flag];
+        // Bypassing the toolcache is disabled in test mode.
+        if (flag === FeatureFlag.BypassToolcacheEnabled && util.isInTestMode()) {
+            return false;
+        }
+        const response = await this.getApiResponse();
         if (response === undefined) {
+            this.logger.debug(`No feature flags API response for ${flag}, considering it disabled.`);
+            return false;
+        }
+        const flagValue = response[flag];
+        if (flagValue === undefined) {
             this.logger.debug(`Feature flag '${flag}' undefined in API response, considering it disabled.`);
             return false;
         }
-        return response;
+        return flagValue;
     }
     async getApiResponse() {
         const loadApiResponse = async () => {

lib/feature-flags.js.map

@@ -1 +1 @@
-{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,6CAA8D;AAG9D,6CAA+B;AAM/B,IAAY,WAGX;AAHD,WAAY,WAAW;IACrB,qEAAsD,CAAA;IACtD,mEAAoD,CAAA;AACtD,CAAC,EAHW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAGtB;AAUD,MAAa,kBAAkB;IAG7B,YACU,aAAiC,EACjC,UAA4B,EAC5B,aAA4B,EAC5B,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,eAAU,GAAV,UAAU,CAAkB;QAC5B,kBAAa,GAAb,aAAa,CAAe;QAC5B,WAAM,GAAN,MAAM,CAAQ;IACrB,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,IAAiB;QAC9B,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iBAAiB,IAAI,uDAAuD,CAC7E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,iDAAiD;YACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8DAA8D,CAC/D,CAAC;gBACF,OAAO,EAAE,CAAC;aACX;YACD,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7C,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,8DAA8D,EAC9D;oBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;oBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;iBAC9B,CACF,CAAC;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC;aACtB;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;oBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;wBAC9F,oEAAoE;wBACpE,qFAAqF;wBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;iBACH;qBAAM;oBACL,uFAAuF;oBACvF,mFAAmF;oBACnF,2FAA2F;oBAC3F,qBAAqB;oBACrB,MAAM,IAAI,KAAK,CACb,4DAA4D,CAAC,EAAE,CAChE,CAAC;iBACH;aACF;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,eAAe,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QACrC,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAhED,gDAgEC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,YAA2B;IAC5D,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC;AAND,gDAMC"}
+{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,6CAA8D;AAG9D,6CAA+B;AAM/B,IAAY,WAKX;AALD,WAAY,WAAW;IACrB,kEAAmD,CAAA;IACnD,mEAAoD,CAAA;IACpD,qEAAsD,CAAA;IACtD,0DAA2C,CAAA;AAC7C,CAAC,EALW,WAAW,GAAX,mBAAW,KAAX,mBAAW,QAKtB;AAUD,MAAa,kBAAkB;IAG7B,YACU,aAAiC,EACjC,UAA4B,EAC5B,aAA4B,EAC5B,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,eAAU,GAAV,UAAU,CAAkB;QAC5B,kBAAa,GAAb,aAAa,CAAe;QAC5B,WAAM,GAAN,MAAM,CAAQ;IACrB,CAAC;IAEJ,KAAK,CAAC,QAAQ,CAAC,IAAiB;QAC9B,oDAAoD;QACpD,IAAI,IAAI,KAAK,WAAW,CAAC,sBAAsB,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;YACtE,OAAO,KAAK,CAAC;SACd;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,IAAI,4BAA4B,CACtE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,iBAAiB,IAAI,uDAAuD,CAC7E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,eAAe,GAAG,KAAK,IAAI,EAAE;YACjC,iDAAiD;YACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;gBACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8DAA8D,CAC/D,CAAC;gBACF,OAAO,EAAE,CAAC;aACX;YACD,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC7C,IAAI;gBACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,8DAA8D,EAC9D;oBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;oBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;iBAC9B,CACF,CAAC;gBACF,OAAO,QAAQ,CAAC,IAAI,CAAC;aACtB;YAAC,OAAO,CAAC,EAAE;gBACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;oBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;wBAC9F,oEAAoE;wBACpE,qFAAqF;wBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;iBACH;qBAAM;oBACL,uFAAuF;oBACvF,mFAAmF;oBACnF,2FAA2F;oBAC3F,qBAAqB;oBACrB,MAAM,IAAI,KAAK,CACb,4DAA4D,CAAC,EAAE,CAChE,CAAC;iBACH;aACF;QACH,CAAC,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,eAAe,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QACrC,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AA5ED,gDA4EC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAC,YAA2B;IAC5D,OAAO;QACL,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;YACvB,OAAO,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC;AAND,gDAMC"}

lib/feature-flags.test.js

@@ -16,6 +16,7 @@ ava_1.default.beforeEach(() => {
 const testApiDetails = {
     auth: "1234",
     url: "https://github.com",
+    apiURL: undefined,
 };
 const testRepositoryNwo = (0, repository_1.parseRepositoryNwo)("github/example");
 const ALL_FEATURE_FLAGS_DISABLED_VARIANTS = [
@@ -40,6 +41,22 @@ for (const variant of ALL_FEATURE_FLAGS_DISABLED_VARIANTS) {
         });
     });
 }
+(0, ava_1.default)("API response missing", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const loggedMessages = [];
+        const featureFlags = new feature_flags_1.GitHubFeatureFlags({ type: util_1.GitHubVariant.DOTCOM }, testApiDetails, testRepositoryNwo, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
+        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(403, {});
+        for (const flag of Object.values(feature_flags_1.FeatureFlag)) {
+            t.assert((await featureFlags.getValue(flag)) === false);
+        }
+        for (const featureFlag of ["ml_powered_queries_enabled"]) {
+            t.assert(loggedMessages.find((v) => v.type === "debug" &&
+                v.message ===
+                    `No feature flags API response for ${featureFlag}, considering it disabled.`) !== undefined);
+        }
+    });
+});
 (0, ava_1.default)("Feature flags are disabled if they're not returned in API response", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);

lib/feature-flags.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"feature-flags.test.js","sourceRoot":"","sources":["../src/feature-flags.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAGvB,mDAAkE;AAClE,uCAA4C;AAC5C,6CAAkD;AAClD,mDAMyB;AAEzB,iCAAgF;AAEhF,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,MAAM;IACZ,GAAG,EAAE,oBAAoB;CAC1B,CAAC;AAEF,MAAM,iBAAiB,GAAG,IAAA,+BAAkB,EAAC,gBAAgB,CAAC,CAAC;AAE/D,MAAM,mCAAmC,GAGpC;IACH;QACE,WAAW,EAAE,MAAM;QACnB,aAAa,EAAE,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;KAC9D;IACD,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,EAAE;CACrE,CAAC;AAEF,KAAK,MAAM,OAAO,IAAI,mCAAmC,EAAE;IACzD,IAAA,aAAI,EAAC,qDAAqD,OAAO,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3F,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,cAAc,GAAG,EAAE,CAAC;YAC1B,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,OAAO,CAAC,aAAa,EACrB,cAAc,EACd,iBAAiB,EACjB,IAAA,kCAAkB,EAAC,cAAc,CAAC,CACnC,CAAC;YAEF,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAW,CAAC,EAAE;gBAC7C,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;aACzD;YAED,CAAC,CAAC,MAAM,CACN,cAAc,CAAC,IAAI,CACjB,CAAC,CAAgB,EAAE,EAAE,CACnB,CAAC,CAAC,IAAI,KAAK,OAAO;gBAClB,CAAC,CAAC,OAAO;oBACP,8DAA8D,CACnE,KAAK,SAAS,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;CACJ;AAED,IAAA,aAAI,EAAC,oEAAoE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrF,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,kCAAkB,EAAC,cAAc,CAAC,CACnC,CAAC;QAEF,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAW,CAAC,EAAE;YAC7C,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;SACzD;QAED,KAAK,MAAM,WAAW,IAAI,CAAC,4BAA4B,CAAC,EAAE;YACxD,CAAC,CAAC,MAAM,CACN,cAAc,CAAC,IAAI,CACjB,CAAC,CAAgB,EAAE,EAAE,CACnB,CAAC,CAAC,IAAI,KAAK,OAAO;gBAClB,CAAC,CAAC,OAAO;oBACP,iBAAiB,WAAW,uDAAuD,CACxF,KAAK,SAAS,CAChB,CAAC;SACH;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iEAAiE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClF,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QAEF,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,2BAAW,CAAC,uBAAuB,CAAC,EACtE;YACE,OAAO,EACL,oFAAoF;SACvF,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG;IACpB,4BAA4B;IAC5B,2BAA2B;CAC5B,CAAC;AAEF,KAAK,MAAM,WAAW,IAAI,aAAa,EAAE;IACvC,IAAA,aAAI,EAAC,iBAAiB,WAAW,6CAA6C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1F,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YAEF,MAAM,oBAAoB,GAAgC,EAAE,CAAC;YAC7D,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE;gBAC7B,oBAAoB,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;aACjC;YACD,oBAAoB,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;YACzC,IAAA,0CAA0B,EAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAEtD,MAAM,kBAAkB,GAAgC;gBACtD,0BAA0B,EAAE,MAAM,YAAY,CAAC,QAAQ,CACrD,2BAAW,CAAC,uBAAuB,CACpC;gBACD,yBAAyB,EAAE,MAAM,YAAY,CAAC,QAAQ,CACpD,2BAAW,CAAC,sBAAsB,CACnC;aACF,CAAC;YAEF,CAAC,CAAC,SAAS,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;CACJ"}
+{"version":3,"file":"feature-flags.test.js","sourceRoot":"","sources":["../src/feature-flags.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAGvB,mDAAkE;AAClE,uCAA4C;AAC5C,6CAAkD;AAClD,mDAMyB;AAEzB,iCAAgF;AAEhF,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC;AAEH,MAAM,cAAc,GAAqB;IACvC,IAAI,EAAE,MAAM;IACZ,GAAG,EAAE,oBAAoB;IACzB,MAAM,EAAE,SAAS;CAClB,CAAC;AAEF,MAAM,iBAAiB,GAAG,IAAA,+BAAkB,EAAC,gBAAgB,CAAC,CAAC;AAE/D,MAAM,mCAAmC,GAGpC;IACH;QACE,WAAW,EAAE,MAAM;QACnB,aAAa,EAAE,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE;KAC9D;IACD,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,EAAE;CACrE,CAAC;AAEF,KAAK,MAAM,OAAO,IAAI,mCAAmC,EAAE;IACzD,IAAA,aAAI,EAAC,qDAAqD,OAAO,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3F,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,cAAc,GAAG,EAAE,CAAC;YAC1B,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,OAAO,CAAC,aAAa,EACrB,cAAc,EACd,iBAAiB,EACjB,IAAA,kCAAkB,EAAC,cAAc,CAAC,CACnC,CAAC;YAEF,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAW,CAAC,EAAE;gBAC7C,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;aACzD;YAED,CAAC,CAAC,MAAM,CACN,cAAc,CAAC,IAAI,CACjB,CAAC,CAAgB,EAAE,EAAE,CACnB,CAAC,CAAC,IAAI,KAAK,OAAO;gBAClB,CAAC,CAAC,OAAO;oBACP,8DAA8D,CACnE,KAAK,SAAS,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;CACJ;AAED,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,kCAAkB,EAAC,cAAc,CAAC,CACnC,CAAC;QAEF,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAW,CAAC,EAAE;YAC7C,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;SACzD;QAED,KAAK,MAAM,WAAW,IAAI,CAAC,4BAA4B,CAAC,EAAE;YACxD,CAAC,CAAC,MAAM,CACN,cAAc,CAAC,IAAI,CACjB,CAAC,CAAgB,EAAE,EAAE,CACnB,CAAC,CAAC,IAAI,KAAK,OAAO;gBAClB,CAAC,CAAC,OAAO;oBACP,qCAAqC,WAAW,4BAA4B,CACjF,KAAK,SAAS,CAChB,CAAC;SACH;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oEAAoE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrF,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,kCAAkB,EAAC,cAAc,CAAC,CACnC,CAAC;QAEF,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,2BAAW,CAAC,EAAE;YAC7C,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC;SACzD;QAED,KAAK,MAAM,WAAW,IAAI,CAAC,4BAA4B,CAAC,EAAE;YACxD,CAAC,CAAC,MAAM,CACN,cAAc,CAAC,IAAI,CACjB,CAAC,CAAgB,EAAE,EAAE,CACnB,CAAC,CAAC,IAAI,KAAK,OAAO;gBAClB,CAAC,CAAC,OAAO;oBACP,iBAAiB,WAAW,uDAAuD,CACxF,KAAK,SAAS,CAChB,CAAC;SACH;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iEAAiE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClF,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEjC,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QAEF,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,2BAAW,CAAC,uBAAuB,CAAC,EACtE;YACE,OAAO,EACL,oFAAoF;SACvF,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG;IACpB,4BAA4B;IAC5B,2BAA2B;CAC5B,CAAC;AAEF,KAAK,MAAM,WAAW,IAAI,aAAa,EAAE;IACvC,IAAA,aAAI,EAAC,iBAAiB,WAAW,6CAA6C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1F,MAAM,IAAA,iBAAU,EAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAChC,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAEjC,MAAM,YAAY,GAAG,IAAI,kCAAkB,CACzC,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,EAC9B,cAAc,EACd,iBAAiB,EACjB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YAEF,MAAM,oBAAoB,GAAgC,EAAE,CAAC;YAC7D,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE;gBAC7B,oBAAoB,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;aACjC;YACD,oBAAoB,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC;YACzC,IAAA,0CAA0B,EAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;YAEtD,MAAM,kBAAkB,GAAgC;gBACtD,0BAA0B,EAAE,MAAM,YAAY,CAAC,QAAQ,CACrD,2BAAW,CAAC,uBAAuB,CACpC;gBACD,yBAAyB,EAAE,MAAM,YAAY,CAAC,QAAQ,CACpD,2BAAW,CAAC,sBAAsB,CACnC;aACF,CAAC;YAEF,CAAC,CAAC,SAAS,CAAC,kBAAkB,EAAE,oBAAoB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;CACJ"}

lib/fingerprints.js

@@ -24,6 +24,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.addFingerprints = exports.resolveUriToFile = exports.hash = void 0;
 const fs = __importStar(require("fs"));
+const path_1 = __importDefault(require("path"));
 const long_1 = __importDefault(require("long"));
 const tab = "\t".charCodeAt(0);
 const space = " ".charCodeAt(0);
@@ -209,7 +210,7 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
     // Just assume a relative path is relative to the src root.
     // This is not necessarily true but should be a good approximation
     // and here we likely want to err on the side of handling more cases.
-    if (!uri.startsWith("/")) {
+    if (!path_1.default.isAbsolute(uri)) {
         uri = srcRootPrefix + uri;
     }
     // Check the file exists

lib/fingerprints.test.js

@@ -131,20 +131,22 @@ function testResolveUriToFile(uri, index, artifactsURIs) {
     return fingerprints.resolveUriToFile(location, artifacts, process.cwd(), (0, logging_1.getRunnerLogger)(true));
 }
 (0, ava_1.default)("resolveUriToFile", (t) => {
+    var _a, _b;
     // The resolveUriToFile method checks that the file exists and is in the right directory
     // so we need to give it real files to look at. We will use this file as an example.
     // For this to work we require the current working directory to be a parent, but this
     // should generally always be the case so this is fine.
-    const cwd = process.cwd();
-    const filepath = __filename;
-    t.true(filepath.startsWith(`${cwd}/`));
-    const relativeFilepath = filepath.substring(cwd.length + 1);
+    const filepath = __filename.split(path.sep).join("/");
+    const relativeFilepath = path
+        .relative(process.cwd(), __filename)
+        .split(path.sep)
+        .join("/");
     // Absolute paths are unmodified
     t.is(testResolveUriToFile(filepath, undefined, []), filepath);
     t.is(testResolveUriToFile(`file://${filepath}`, undefined, []), filepath);
     // Relative paths are made absolute
-    t.is(testResolveUriToFile(relativeFilepath, undefined, []), filepath);
-    t.is(testResolveUriToFile(`file://${relativeFilepath}`, undefined, []), filepath);
+    t.is((_a = testResolveUriToFile(relativeFilepath, undefined, [])) === null || _a === void 0 ? void 0 : _a.split(path.sep).join("/"), filepath);
+    t.is((_b = testResolveUriToFile(`file://${relativeFilepath}`, undefined, [])) === null || _b === void 0 ? void 0 : _b.split(path.sep).join("/"), filepath);
     // Absolute paths outside the src root are discarded
     t.is(testResolveUriToFile("/src/foo/bar.js", undefined, []), undefined);
     t.is(testResolveUriToFile("file:///src/foo/bar.js", undefined, []), undefined);

lib/init-action-post-helper.js

@@ -0,0 +1,42 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.run = void 0;
+const core = __importStar(require("@actions/core"));
+const actionsUtil = __importStar(require("./actions-util"));
+const config_utils_1 = require("./config-utils");
+const logging_1 = require("./logging");
+async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs) {
+    const logger = (0, logging_1.getActionsLogger)();
+    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
+    if (config === undefined) {
+        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
+    }
+    // Upload appropriate Actions artifacts for debugging
+    if (config === null || config === void 0 ? void 0 : config.debugMode) {
+        core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
+        await uploadDatabaseBundleDebugArtifact(config, logger);
+        await uploadLogsDebugArtifact(config);
+        await printDebugLogs(config);
+    }
+}
+exports.run = run;
+//# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post-helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB;IAExB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;AACH,CAAC;AAxBD,kBAwBC"}

lib/init-action-post-helper.test.js

@@ -0,0 +1,74 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const configUtils = __importStar(require("./config-utils"));
+const initActionPostHelper = __importStar(require("./init-action-post-helper"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+(0, testing_utils_1.setupTests)(ava_1.default);
+(0, ava_1.default)("post: init action with debug mode off", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: false,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const uploadDatabaseBundleSpy = sinon.spy();
+        const uploadLogsSpy = sinon.spy();
+        const printDebugLogsSpy = sinon.spy();
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
+        t.assert(uploadDatabaseBundleSpy.notCalled);
+        t.assert(uploadLogsSpy.notCalled);
+        t.assert(printDebugLogsSpy.notCalled);
+    });
+});
+(0, ava_1.default)("post: init action with debug mode on", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
+        sinon.stub(configUtils, "getConfig").resolves({
+            debugMode: true,
+            gitHubVersion,
+            languages: [],
+            packs: [],
+        });
+        const uploadDatabaseBundleSpy = sinon.spy();
+        const uploadLogsSpy = sinon.spy();
+        const printDebugLogsSpy = sinon.spy();
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
+        t.assert(uploadDatabaseBundleSpy.called);
+        t.assert(uploadLogsSpy.called);
+        t.assert(printDebugLogsSpy.called);
+    });
+});
+//# sourceMappingURL=init-action-post-helper.test.js.map