Merge pull request #1071 from github/update-v1.1.10-2f58583a

Merge releases/v2 into releases/v1

.github/update-release-branch.py

@@ -1,12 +1,9 @@
+import argparse
 import datetime
 from github import Github
-import random
-import requests
-import subprocess
-import sys
 import json
-import datetime
 import os
+import subprocess
 
 EMPTY_CHANGELOG = """# CodeQL Action and CodeQL Runner Changelog
 
@@ -16,21 +13,25 @@ No user facing changes.
 
 """
 
-# The branch being merged from.
+# Value of the mode flag for a v1 release
-# This is the one that contains day-to-day development work.
+V1_MODE = 'v1-release'
-MAIN_BRANCH = 'main'
+
-# The branch being merged into.
+# Value of the mode flag for a v2 release
-# This is the release branch that users reference.
+V2_MODE = 'v2-release'
-LATEST_RELEASE_BRANCH = 'v1'
+
+SOURCE_BRANCH_FOR_MODE = { V1_MODE: 'releases/v2', V2_MODE: 'main' }
+TARGET_BRANCH_FOR_MODE = { V1_MODE: 'releases/v1', V2_MODE: 'releases/v2' }
+
 # Name of the remote
 ORIGIN = 'origin'
 
 # Runs git with the given args and returns the stdout.
-# Raises an error if git does not exit successfully.
+# Raises an error if git does not exit successfully (unless passed
-def run_git(*args):
+# allow_non_zero_exit_code=True).
+def run_git(*args, allow_non_zero_exit_code=False):
   cmd = ['git', *args]
   p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-  if (p.returncode != 0):
+  if not allow_non_zero_exit_code and p.returncode != 0:
     raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii'))
   return p.stdout.decode('ascii')
 
@@ -38,8 +39,10 @@ def run_git(*args):
 def branch_exists_on_remote(branch_name):
   return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
 
-# Opens a PR from the given branch to the release branch
+# Opens a PR from the given branch to the target branch
-def open_pr(repo, all_commits, short_main_sha, branch_name):
+def open_pr(
+  repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch,
+  conductor, is_v2_release, labels, conflicted_files):
   # Sort the commits into the pull requests that introduced them,
   # and any commits that don't have a pull request
   pull_requests = []
@@ -61,9 +64,8 @@ def open_pr(repo, all_commits, short_main_sha, branch_name):
 
   # Start constructing the body text
   body = []
-  body.append('Merging ' + short_main_sha + ' into ' + LATEST_RELEASE_BRANCH)
+  body.append('Merging ' + source_branch_short_sha + ' into ' + target_branch)
 
-  conductor = get_conductor(repo, pull_requests, commits_without_pull_requests)
   body.append('')
   body.append('Conductor for this PR is @' + conductor)
 
@@ -80,43 +82,46 @@ def open_pr(repo, all_commits, short_main_sha, branch_name):
     body.append('')
     body.append('Contains the following commits not from a pull request:')
     for commit in commits_without_pull_requests:
-      body.append('- ' + commit.sha + ' - ' + get_truncated_commit_message(commit) + ' (@' + commit.author.login + ')')
+      author_description = ' (@' + commit.author.login + ')' if commit.author is not None else ''
+      body.append('- ' + commit.sha + ' - ' + get_truncated_commit_message(commit) + author_description)
 
   body.append('')
   body.append('Please review the following:')
+  if len(conflicted_files) > 0:
+    body.append(' - [ ] You have added commits to this branch that resolve the merge conflicts ' +
+      'in the following files:')
+    body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
+    body.append(' - [ ] Another maintainer has reviewed the additional commits you added to this ' +
+      'branch to resolve the merge conflicts.')
   body.append(' - [ ] The CHANGELOG displays the correct version and date.')
   body.append(' - [ ] The CHANGELOG includes all relevant, user-facing changes since the last release.')
-  body.append(' - [ ] There are no unexpected commits being merged into the ' + LATEST_RELEASE_BRANCH + ' branch.')
+  body.append(' - [ ] There are no unexpected commits being merged into the ' + target_branch + ' branch.')
   body.append(' - [ ] The docs team is aware of any documentation changes that need to be released.')
-  body.append(' - [ ] The mergeback PR is merged back into ' + MAIN_BRANCH + ' after this PR is merged.')
+  if is_v2_release:
+    body.append(' - [ ] The mergeback PR is merged back into ' + source_branch + ' after this PR is merged.')
+    body.append(' - [ ] The v1 release PR is merged after this PR is merged.')
 
-  title = 'Merge ' + MAIN_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
+  title = 'Merge ' + source_branch + ' into ' + target_branch
 
   # Create the pull request
   # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
   # a maintainer can take the PR out of draft, thereby triggering the PR checks.
-  pr = repo.create_pull(title=title, body='\n'.join(body), head=branch_name, base=LATEST_RELEASE_BRANCH, draft=True)
+  pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True)
+  pr.add_to_labels(*labels)
   print('Created PR #' + str(pr.number))
 
   # Assign the conductor
   pr.add_to_assignees(conductor)
   print('Assigned PR to ' + conductor)
 
-# Gets the person who should be in charge of the mergeback PR
+# Gets a list of the SHAs of all commits that have happened on the source branch
-def get_conductor(repo, pull_requests, other_commits):
+# since the last release to the target branch.
-  # If there are any PRs then use whoever merged the last one
+# This will not include any commits that exist on the target branch
-  if len(pull_requests) > 0:
+# that aren't on the source branch.
-    return get_merger_of_pr(repo, pull_requests[-1])
+def get_commit_difference(repo, source_branch, target_branch):
-
+  # Passing split nothing means that the empty string splits to nothing: compare `''.split() == []`
-  # Otherwise take the author of the latest commit
+  # to `''.split('\n') == ['']`.
-  return other_commits[-1].author.login
+  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + target_branch + '..' + ORIGIN + '/' + source_branch).strip().split()
-
-# Gets a list of the SHAs of all commits that have happened on main
-# since the release branched off.
-# This will not include any commits that exist on the release branch
-# that aren't on main.
-def get_commit_difference(repo):
-  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '..' + ORIGIN + '/' + MAIN_BRANCH).strip().split('\n')
 
   # Convert to full-fledged commit objects
   commits = [repo.get_commit(c) for c in commits]
@@ -136,7 +141,7 @@ def get_truncated_commit_message(commit):
   else:
     return message
 
-# Converts a commit into the PR that introduced it to the main branch.
+# Converts a commit into the PR that introduced it to the source branch.
 # Returns the PR object, or None if no PR could be found.
 def get_pr_for_commit(repo, commit):
   prs = commit.get_pulls()
@@ -179,29 +184,65 @@ def update_changelog(version):
 
 
 def main():
-  if len(sys.argv) != 3:
+  parser = argparse.ArgumentParser('update-release-branch.py')
-    raise Exception('Usage: update-release.branch.py <github token> <repository nwo>')
-  github_token = sys.argv[1]
-  repository_nwo = sys.argv[2]
 
-  repo = Github(github_token).get_repo(repository_nwo)
+  parser.add_argument(
+    '--github-token',
+    type=str,
+    required=True,
+    help='GitHub token, typically from GitHub Actions.'
+  )
+  parser.add_argument(
+    '--repository-nwo',
+    type=str,
+    required=True,
+    help='The nwo of the repository, for example github/codeql-action.'
+  )
+  parser.add_argument(
+    '--mode',
+    type=str,
+    required=True,
+    choices=[V2_MODE, V1_MODE],
+    help=f"Which release to perform. '{V2_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V2_MODE]} as the source " +
+      f"branch and {TARGET_BRANCH_FOR_MODE[V2_MODE]} as the target branch. " +
+      f"'{V1_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V1_MODE]} as the source branch and " +
+      f"{TARGET_BRANCH_FOR_MODE[V1_MODE]} as the target branch."
+  )
+  parser.add_argument(
+    '--conductor',
+    type=str,
+    required=True,
+    help='The GitHub handle of the person who is conducting the release process.'
+  )
+
+  args = parser.parse_args()
+
+  source_branch = SOURCE_BRANCH_FOR_MODE[args.mode]
+  target_branch = TARGET_BRANCH_FOR_MODE[args.mode]
+
+  repo = Github(args.github_token).get_repo(args.repository_nwo)
   version = get_current_version()
 
+  if args.mode == V1_MODE:
+    # Change the version number to a v1 equivalent
+    version = get_current_version()
+    version = f'1{version[1:]}'
+
   # Print what we intend to go
-  print('Considering difference between ' + MAIN_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
+  print('Considering difference between ' + source_branch + ' and ' + target_branch)
-  short_main_sha = run_git('rev-parse', '--short', ORIGIN + '/' + MAIN_BRANCH).strip()
+  source_branch_short_sha = run_git('rev-parse', '--short', ORIGIN + '/' + source_branch).strip()
-  print('Current head of ' + MAIN_BRANCH + ' is ' + short_main_sha)
+  print('Current head of ' + source_branch + ' is ' + source_branch_short_sha)
 
   # See if there are any commits to merge in
-  commits = get_commit_difference(repo)
+  commits = get_commit_difference(repo=repo, source_branch=source_branch, target_branch=target_branch)
   if len(commits) == 0:
-    print('No commits to merge from ' + MAIN_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
+    print('No commits to merge from ' + source_branch + ' to ' + target_branch)
     return
 
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = 'update-v' + version + '-' + short_main_sha
+  new_branch_name = 'update-v' + version + '-' + source_branch_short_sha
   print('Branch name is ' + new_branch_name)
 
   # Check if the branch already exists. If so we can abort as this script
@@ -212,19 +253,90 @@ def main():
 
   # Create the new branch and push it to the remote
   print('Creating branch ' + new_branch_name)
-  run_git('checkout', '-b', new_branch_name, ORIGIN + '/' + MAIN_BRANCH)
 
-  print('Updating changelog')
+  # The process of creating the v1 release can run into merge conflicts. We commit the unresolved
-  update_changelog(version)
+  # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to
+  # reconstruct the release manually)
+  conflicted_files = []
 
-  # Create a commit that updates the CHANGELOG
+  if args.mode == V1_MODE:
-  run_git('add', 'CHANGELOG.md')
+    # If we're performing a backport, start from the target branch
-  run_git('commit', '-m', version)
+    print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch')
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}')
+
+    # Revert the commit that we made as part of the last release that updated the version number and
+    # changelog to refer to 1.x.x variants. This avoids merge conflicts in the changelog and
+    # package.json files when we merge in the v2 branch.
+    # This commit will not exist the first time we release the v1 branch from the v2 branch, so we
+    # use `git log --grep` to conditionally revert the commit.
+    print('Reverting the 1.x.x version number and changelog updates from the last release to avoid conflicts')
+    v1_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split()
+
+    if len(v1_update_commits) > 0:
+      print(f'  Reverting {v1_update_commits[0]}')
+      # Only revert the newest commit as older ones will already have been reverted in previous
+      # releases.
+      run_git('revert', v1_update_commits[0], '--no-edit')
+
+      # Also revert the "Update checked-in dependencies" commit created by Actions.
+      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
+      print(f'  Reverting {update_dependencies_commit}')
+      run_git('revert', update_dependencies_commit, '--no-edit')
+
+    else:
+      print('  Nothing to revert.')
+
+    print(f'Merging {ORIGIN}/{source_branch} into the release prep branch')
+    # Commit any conflicts (see the comment for `conflicted_files`)
+    run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True)
+    conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines()
+    if len(conflicted_files) > 0:
+      run_git('add', '.')
+      run_git('commit', '--no-edit')
+
+    # Migrate the package version number from a v2 version number to a v1 version number
+    print(f'Setting version number to {version}')
+    subprocess.run(['npm', 'version', version, '--no-git-tag-version'])
+    run_git('add', 'package.json', 'package-lock.json')
+
+    # Migrate the changelog notes from v2 version numbers to v1 version numbers
+    print('Migrating changelog notes from v2 to v1')
+    subprocess.run(['sed', '-i', 's/^## 2\./## 1./g', 'CHANGELOG.md'])
+
+    # Remove changelog notes from v2 that don't apply to v1
+    subprocess.run(['sed', '-i', '/^- \[v2+ only\]/d', 'CHANGELOG.md'])
+
+    # Amend the commit generated by `npm version` to update the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'Update version and changelog for v{version}')
+  else:
+    # If we're performing a standard release, there won't be any new commits on the target branch,
+    # as these will have already been merged back into the source branch. Therefore we can just
+    # start from the source branch.
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{source_branch}')
+
+    print('Updating changelog')
+    update_changelog(version)
+
+    # Create a commit that updates the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'Update changelog for v{version}')
 
   run_git('push', ORIGIN, new_branch_name)
 
   # Open a PR to update the branch
-  open_pr(repo, commits, short_main_sha, new_branch_name)
+  open_pr(
+    repo,
+    commits,
+    source_branch_short_sha,
+    new_branch_name,
+    source_branch=source_branch,
+    target_branch=target_branch,
+    conductor=args.conductor,
+    is_v2_release=args.mode == V2_MODE,
+    labels=['Update dependencies'] if args.mode == V1_MODE else [],
+    conflicted_files=conflicted_files
+  )
 
 if __name__ == '__main__':
   main()

.github/workflows/__analyze-ref-input.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,53 @@ jobs:
   analyze-ref-input:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: windows-2019
-        - nightly-latest
+          version: stable-20210308
-        os: [ubuntu-latest, macos-latest, windows-2019]
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: "Analyze: 'ref' and 'sha' from inputs"
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__debug-artifacts.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,37 @@ jobs:
   debug-artifacts:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: ubuntu-latest
-        - nightly-latest
+          version: stable-20210319
-        os: [ubuntu-latest, macos-latest]
+        - os: macos-latest
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: Debug artifact upload
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -52,7 +71,7 @@ jobs:
       run: ./build.sh
     - uses: ./../action/analyze
       id: analysis
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: my-debug-artifacts-${{ matrix.os }}-${{ matrix.version }}
     - shell: bash

.github/workflows/__extractor-ram-threads.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,15 @@ jobs:
   extractor-ram-threads:
     strategy:
       matrix:
-        version: [latest]
+        include:
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: latest
     name: Extractor ram and threads options test
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__go-custom-queries.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,25 +24,59 @@ jobs:
   go-custom-queries:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: windows-2019
-        - nightly-latest
+          version: stable-20210308
-        os: [ubuntu-latest, macos-latest, windows-2019]
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Go: Custom queries'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-custom-tracing-autobuild.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,25 +24,43 @@ jobs:
   go-custom-tracing-autobuild:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: ubuntu-latest
-        - nightly-latest
+          version: stable-20210319
-        os: [ubuntu-latest, macos-latest]
+        - os: macos-latest
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: 'Go: Autobuild custom tracing'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-custom-tracing.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,25 +24,59 @@ jobs:
   go-custom-tracing:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: windows-2019
-        - nightly-latest
+          version: stable-20210308
-        os: [ubuntu-latest, macos-latest, windows-2019]
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Go: Custom tracing'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__javascript-source-root.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,19 @@ jobs:
   javascript-source-root:
     strategy:
       matrix:
-        version: [latest, cached, nightly-latest] # This feature is not compatible with old CLIs
+        include:
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
     name: Custom source root
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__ml-powered-queries.yml

@@ -0,0 +1,119 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - ML-powered queries
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  ml-powered-queries:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20220120
+        - os: macos-latest
+          version: stable-20220120
+        - os: windows-latest
+          version: stable-20220120
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-latest
+          version: nightly-latest
+    name: ML-powered queries
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        languages: javascript
+        queries: security-extended
+        source-root: ./../action/tests/ml-powered-queries-repo
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - uses: ./../action/analyze
+      with:
+        output: ${{ runner.temp }}/results
+        upload-database: false
+      env:
+        TEST_MODE: true
+
+    - name: Upload SARIF
+      uses: actions/upload-artifact@v3
+      with:
+        name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+        path: ${{ runner.temp }}/results/javascript.sarif
+        retention-days: 7
+
+    - name: Check results
+      env:
+        IS_WINDOWS: ${{ matrix.os == 'windows-latest' }}
+      shell: bash
+      run: |
+        cd "$RUNNER_TEMP/results"
+        # We should run at least the ML-powered queries in `expected_rules`.
+        expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
+
+        for rule in ${expected_rules}; do
+          found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
+            flatten | .[].id] | any(. == $rule)' javascript.sarif)
+          echo "Did find rule '${rule}': ${found_rule}"
+          if [[ "${found_rule}" != "true" && "${IS_WINDOWS}" != "true" ]]; then
+            echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
+            exit 1
+          elif [[ "${found_rule}" == "true" && "${IS_WINDOWS}" == "true" ]]; then
+            echo "Found rule '${rule}' in the SARIF output which shouldn't have been part of the analysis."
+            exit 1
+          fi
+        done
+
+        # We should have at least one alert from an ML-powered query.
+        num_alerts=$(jq '[.runs[0].results[] |
+          select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
+          javascript.sarif)
+        echo "Found ${num_alerts} alerts from ML-powered queries.";
+        if [[ "${num_alerts}" -eq 0 && "${IS_WINDOWS}" != "true" ]]; then
+          echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
+          exit 1
+        elif [[ "${num_alerts}" -ne 0 && "${IS_WINDOWS}" == "true" ]]; then
+          echo "Expected not to find any alerts from an ML-powered query but found ${num_alerts}."
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__multi-language-autodetect.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,37 @@ jobs:
   multi-language-autodetect:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: ubuntu-latest
-        - nightly-latest
+          version: stable-20210319
-        os: [ubuntu-latest, macos-latest]
+        - os: macos-latest
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: Multi-language repository
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__packaging-config-inputs-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,35 @@ jobs:
   packaging-config-inputs-js:
     strategy:
       matrix:
-        version: [nightly-20210831] # This CLI version is known to work with package used in this test
+        include:
-        os: [ubuntu-latest, macos-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Config and input'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -38,7 +61,7 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -53,11 +76,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__packaging-config-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,35 @@ jobs:
   packaging-config-js:
     strategy:
       matrix:
-        version: [nightly-20210831] # This CLI version is known to work with package used in this test
+        include:
-        os: [ubuntu-latest, macos-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Config file'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -52,11 +75,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__packaging-inputs-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,35 @@ jobs:
   packaging-inputs-js:
     strategy:
       matrix:
-        version: [nightly-20210831] # This CLI version is known to work with package used in this test
+        include:
-        os: [ubuntu-latest, macos-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Action input'
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -39,7 +62,7 @@ jobs:
       with:
         config-file: .github/codeql/codeql-config-packaging2.yml
         languages: javascript
-        packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
       shell: bash
@@ -53,11 +76,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__remote-config.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,53 @@ jobs:
   remote-config:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: windows-2019
-        - nightly-latest
+          version: stable-20210308
-        os: [ubuntu-latest, macos-latest, windows-2019]
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: Remote config file
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__rubocop-multi-language.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,25 @@ jobs:
   rubocop-multi-language:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: ubuntu-latest
-        - cached
+          version: stable-20210319
-        - latest
+        - os: ubuntu-latest
-        - nightly-latest
+          version: stable-20210809
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
     name: RuboCop multi-language
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__split-workflow.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,25 @@ jobs:
   split-workflow:
     strategy:
       matrix:
-        version: [nightly-20210831] # This CLI version is known to work with package used in this test
+        include:
-        os: [ubuntu-latest, macos-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: Split workflow
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -38,7 +51,7 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -67,11 +80,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__test-autobuild-working-dir.yml

@@ -0,0 +1,67 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Autobuild working directory
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  test-autobuild-working-dir:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+    name: Autobuild working directory
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - name: Test setup
+      shell: bash
+      run: |
+        # Make sure that Gradle build succeeds in autobuild-dir ...
+        cp -a ../action/tests/java-repo autobuild-dir
+        # ... and fails if attempted in the current directory
+        echo > build.gradle
+    - uses: ./../action/init
+      with:
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/autobuild
+      with:
+        working-directory: autobuild-dir
+    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
+    - name: Check database
+      shell: bash
+      run: |
+        cd "$RUNNER_TEMP/codeql_databases"
+        if [[ ! -d java ]]; then
+          echo "Did not find a Java database"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__test-local-codeql.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,15 @@ jobs:
   test-local-codeql:
     strategy:
       matrix:
-        version: [nightly-latest]
+        include:
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: nightly-latest
     name: Local CodeQL bundle
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__test-proxy.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,15 @@ jobs:
   test-proxy:
     strategy:
       matrix:
-        version: [latest]
+        include:
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: latest
     name: Proxy test
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__test-ruby.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,13 +24,25 @@ jobs:
   test-ruby:
     strategy:
       matrix:
-        version: [latest, cached, nightly-latest]
+        include:
-        os: [ubuntu-latest, macos-latest]
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: Ruby analysis
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__unset-environment.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,25 @@ jobs:
   unset-environment:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: ubuntu-latest
-        - cached
+          version: stable-20210319
-        - latest
+        - os: ubuntu-latest
-        - nightly-latest
+          version: stable-20210809
-        os: [ubuntu-latest]
+        - os: ubuntu-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
     name: Test unsetting environment variables
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__upload-ref-sha-input.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -23,19 +24,53 @@ jobs:
   upload-ref-sha-input:
     strategy:
       matrix:
-        version:
+        include:
-        - stable-20210308
+        - os: ubuntu-latest
-        - stable-20210319
+          version: stable-20210308
-        - stable-20210809
+        - os: macos-latest
-        - cached
+          version: stable-20210308
-        - latest
+        - os: windows-2019
-        - nightly-latest
+          version: stable-20210308
-        os: [ubuntu-latest, macos-latest, windows-2019]
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: "Upload-sarif: 'ref' and 'sha' from inputs"
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__with-checkout-path.yml

@@ -0,0 +1,146 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Use a custom `checkout_path`
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  with-checkout-path:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20210308
+        - os: macos-latest
+          version: stable-20210308
+        - os: windows-2019
+          version: stable-20210308
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
+    name: Use a custom `checkout_path`
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: actions/checkout@v3
+      with:
+        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        path: x/y/z/some-path
+    - uses: ./../action/init
+      with:
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      # it's enough to test one compiled language and one interpreted language
+        languages: csharp,javascript
+        source-path: x/y/z/some-path/tests/multi-language-repo
+        debug: true
+    - name: Build code (non-windows)
+      shell: bash
+      if: ${{ runner.os != 'Windows' }}
+      run: |
+        $CODEQL_RUNNER x/y/z/some-path/tests/multi-language-repo/build.sh
+    - name: Build code (windows)
+      shell: bash
+      if: ${{ runner.os == 'Windows' }}
+      run: |
+        x/y/z/some-path/tests/multi-language-repo/build.sh
+    - uses: ./../action/analyze
+      with:
+        checkout_path: x/y/z/some-path/tests/multi-language-repo
+        ref: v1.1.0
+        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        upload: false
+      env:
+        TEST_MODE: true
+
+    - uses: ./../action/upload-sarif
+      with:
+        ref: v1.1.0
+        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        checkout_path: x/y/z/some-path/tests/multi-language-repo
+      env:
+        TEST_MODE: true
+
+    - name: Verify SARIF after upload
+      shell: bash
+      run: |
+        EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
+        EXPECTED_REF="v1.1.0"
+        EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
+
+        ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
+        ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
+        ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
+
+        if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
+          echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+
+        if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
+          echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+
+        if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
+          echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/check-expected-release-files.yml

@@ -15,11 +15,11 @@ jobs:
 
     steps:
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Check Expected Release Files
         run: |
           bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
           set -x
-          for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz" "codeql-runner-linux" "codeql-runner-macos" "codeql-runner-win.exe"; do
+          for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz"; do
             curl --location --fail --head --request GET "https://github.com/github/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null
           done

.github/workflows/check-for-conflicts.yml

@@ -0,0 +1,31 @@
+# Checks for any conflict markers created by git. This check is primarily intended to validate that
+# any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.
+name: Check for conflicts
+
+on:
+  pull_request:
+    branches: [main, v1, v2]
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  check-for-conflicts:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Check for conflicts
+        run: |
+          # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want
+          # this to fail the workflow.
+          FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \
+            '^(<<<<<<<|>>>>>>>)' . || true)
+          if [[ "${FILES_WITH_CONFLICTS}" ]]; then
+            echo "Fail: Found merge conflict markers in the following files:"
+            echo ""
+            echo "${FILES_WITH_CONFLICTS}"
+            exit 1
+          else
+            echo "Success: Found no merge conflict markers."
+          fi

.github/workflows/codeql.yml

@@ -2,9 +2,9 @@ name: "CodeQL action"
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
@@ -20,7 +20,7 @@ jobs:
       security-events: write
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Init with default CodeQL bundle from the VM image
       id: init-default
       uses: ./init
@@ -75,7 +75,7 @@ jobs:
       security-events: write
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: ./init
       id: init
       with:

.github/workflows/post-release-mergeback.yml

@@ -1,7 +1,8 @@
-# This workflow runs after a release of the action.
+# This workflow runs after a release of the action. For v2 releases, it merges any changes from the
-# It merges any changes from the release back into the
+# release back into the main branch. Typically, this is just a single commit that updates the
-# main branch. Typically, this is just a single commit
+# changelog. For v2 and v1 releases, it then (a) tags the merge commit on the release branch that
-# that updates the changelog.
+# represents the new release with an `vx.y.z` tag and (b) updates the `vx` tag to refer to this
+# commit.
 name: Tag release and merge back
 
 on:
@@ -14,7 +15,8 @@ on:
 
   push:
     branches:
-      - v1
+      - releases/v1
+      - releases/v2
 
 jobs:
   merge-back:
@@ -25,13 +27,16 @@ jobs:
       HEAD_BRANCH: "${{ github.head_ref || github.ref }}"
 
     steps:
-      - name: Dump GitHub Event context
+      - name: Dump environment
-        env:
+        run: env
-          GITHUB_EVENT_CONTEXT: "${{ toJson(github.event) }}"
-        run: echo "$GITHUB_EVENT_CONTEXT"
 
-      - uses: actions/checkout@v2
+      - name: Dump GitHub context
-      - uses: actions/setup-node@v2
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github) }}'
+        run: echo "${GITHUB_CONTEXT}"
+
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
 
       - name: Update git config
         run: |
@@ -42,25 +47,25 @@ jobs:
         id: getVersion
         run: |
           VERSION="v$(jq '.version' -r 'package.json')"
-          SHORT_SHA="${GITHUB_SHA:0:8}"
+          echo "::set-output name=version::${VERSION}"
-          echo "::set-output name=version::$VERSION"
+          short_sha="${GITHUB_SHA:0:8}"
-          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}"
+          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
-          echo "::set-output name=newBranch::$NEW_BRANCH"
+          echo "::set-output name=newBranch::${NEW_BRANCH}"
 
 
       - name: Dump branches
         env:
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
         run: |
-          echo "BASE_BRANCH $BASE_BRANCH"
+          echo "BASE_BRANCH ${BASE_BRANCH}"
-          echo "HEAD_BRANCH $HEAD_BRANCH"
+          echo "HEAD_BRANCH ${HEAD_BRANCH}"
-          echo "NEW_BRANCH $NEW_BRANCH"
+          echo "NEW_BRANCH ${NEW_BRANCH}"
 
       - name: Create mergeback branch
         env:
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
         run: |
-          git checkout -b "$NEW_BRANCH"
+          git checkout -b "${NEW_BRANCH}"
 
       - name: Check for tag
         id: check
@@ -68,13 +73,13 @@ jobs:
           VERSION: "${{ steps.getVersion.outputs.version }}"
         run: |
           set +e # don't fail on an errored command
-          git ls-remote --tags origin | grep "$VERSION"
+          git ls-remote --tags origin | grep "${VERSION}"
-          EXISTS="$?"
+          exists="$?"
-          if [ "$EXISTS" -eq 0 ]; then
+          if [ "${exists}" -eq 0 ]; then
-            echo "Tag $TAG exists. Not going to re-release."
+            echo "Tag ${VERSION} exists. Not going to re-release."
             echo "::set-output name=exists::true"
           else
-            echo "Tag $TAG does not exist yet."
+            echo "Tag ${VERSION} does not exist yet."
           fi
 
       # we didn't tag the release during the update-release-branch workflow because the
@@ -85,35 +90,48 @@ jobs:
         env:
           VERSION: ${{ steps.getVersion.outputs.version }}
         run: |
-          git tag -a "$VERSION" -m "$VERSION"
+          # Unshallow the repo in order to allow pushes
-          git fetch --unshallow  # unshallow the repo in order to allow pushes
+          git fetch --unshallow
-          git push origin --follow-tags "$VERSION"
+          # Create the `vx.y.z` tag
+          git tag --annotate "${VERSION}" --message "${VERSION}"
+          # Update the `vx` tag
+          major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}")
+          # Use `--force` to overwrite the major version tag
+          git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force
+          # Push the tags, using:
+          # - `--atomic` to make sure we either update both tags or neither (an intermediate state,
+          #   e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in
+          #   unwanted Dependabot updates, e.g. from v2 to v2.x.y)
+          # - `--force` since we're overwriting the `vx` tag
+          git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
 
       - name: Create mergeback branch
-        if: steps.check.outputs.exists != 'true'
+        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'releases/v2')
         env:
           VERSION: "${{ steps.getVersion.outputs.version }}"
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         run: |
           set -exu
-          PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH"
+          pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          PR_BODY="Updates version and changelog."
+          pr_body="Updates version and changelog."
+
+          # Update the version number ready for the next release
+          npm version patch --no-git-tag-version
 
           # Update the changelog
           perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md
           git add .
-          git commit -m "Update changelog and version after $VERSION"
+          git commit -m "Update changelog and version after ${VERSION}"
-          npm version patch
 
-          git push origin "$NEW_BRANCH"
+          git push origin "${NEW_BRANCH}"
 
           # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft
           # so that a maintainer can take the PR out of draft, thereby triggering the PR checks.
           gh pr create \
-            --head "$NEW_BRANCH" \
+            --head "${NEW_BRANCH}" \
-            --base "$BASE_BRANCH" \
+            --base "${BASE_BRANCH}" \
-            --title "$PR_TITLE" \
+            --title "${pr_title}" \
             --label "Update dependencies" \
-            --body "$PR_BODY" \
+            --body "${pr_body}" \
             --draft

.github/workflows/pr-checks.yml

@@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner)
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -13,37 +13,69 @@ jobs:
   lint-js:
     name: Lint
     runs-on: ubuntu-latest
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Run Lint
         run: npm run-script lint
 
   check-js:
     runs-on: ubuntu-latest
+    timeout-minutes: 45
+
+    strategy:
+      fail-fast: true
+      matrix:
+        node-types-version: [12.12, current]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
+
+      - name: Update version of @types/node
+        if: matrix.node-types-version != 'current'
+        env:
+          NODE_TYPES_VERSION: ${{ matrix.node-types-version }}
+        run: |
+          # Export `NODE_TYPES_VERSION` so it's available to jq
+          export NODE_TYPES_VERSION="${NODE_TYPES_VERSION}"
+          contents=$(jq '.devDependencies."@types/node" = env.NODE_TYPES_VERSION' package.json)
+          echo "${contents}" > package.json
+          # Usually we run `npm install` on macOS to ensure that we pick up macOS-only dependencies.
+          # However we're not checking in the updated lockfile here, so it's fine to run
+          # `npm install` on Linux.
+          npm install
+
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git config --global user.email "github-actions@github.com"
+            git config --global user.name "github-actions[bot]"
+            # The period in `git add --all .` ensures that we stage deleted files too.
+            git add --all .
+            git commit -m "Use @types/node=${NODE_TYPES_VERSION}"
+          fi
+
       - name: Check generated JS
         run: .github/workflows/script/check-js.sh
 
   check-node-modules:
     name: Check modules up to date
     runs-on: macos-latest
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Check node modules up to date
         run: .github/workflows/script/check-node-modules.sh
 
   verify-pr-checks:
     name: Verify PR checks up to date
     runs-on: ubuntu-latest
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
           python-version: 3.8
       - name: Install dependencies
@@ -60,19 +92,21 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: npm run-script test
         run: npm run-script test
 
   runner-analyze-javascript-ubuntu:
     name: Runner ubuntu JS analyze
     needs: [check-js, check-node-modules]
+    timeout-minutes: 45
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -97,10 +131,11 @@ jobs:
   runner-analyze-javascript-windows:
     name: Runner windows JS analyze
     needs: [check-js, check-node-modules]
+    timeout-minutes: 45
     runs-on: windows-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -121,10 +156,11 @@ jobs:
   runner-analyze-javascript-macos:
     name: Runner macos JS analyze
     needs: [check-js, check-node-modules]
+    timeout-minutes: 45
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -145,10 +181,11 @@ jobs:
   runner-analyze-csharp-ubuntu:
     name: Runner ubuntu C# analyze
     needs: [check-js, check-node-modules]
+    timeout-minutes: 45
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -184,10 +221,11 @@ jobs:
     needs: [check-js, check-node-modules]
     # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
     # `windows-latest`.
+    timeout-minutes: 45
     runs-on: windows-2019
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -215,7 +253,7 @@ jobs:
           & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
 
       - name: Upload tracer logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: tracer-logs
           path: ./codeql-runner/compound-build-tracer.log
@@ -228,11 +266,12 @@ jobs:
 
   runner-analyze-csharp-macos:
     name: Runner macos C# analyze
+    timeout-minutes: 45
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -266,11 +305,12 @@ jobs:
 
   runner-analyze-csharp-autobuild-ubuntu:
     name: Runner ubuntu autobuild C# analyze
+    timeout-minutes: 45
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -301,6 +341,7 @@ jobs:
           TEST_MODE: true
 
   runner-analyze-csharp-autobuild-windows:
+    timeout-minutes: 45
     name: Runner windows autobuild C# analyze
     needs: [check-js, check-node-modules]
     # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
@@ -308,7 +349,7 @@ jobs:
     runs-on: windows-2019
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -343,9 +384,10 @@ jobs:
     name: Runner macos autobuild C# analyze
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -380,11 +422,12 @@ jobs:
     name: Runner upload sarif
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
+    timeout-minutes: 45
 
     if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -402,9 +445,10 @@ jobs:
     name: Runner ubuntu extractor RAM and threads options
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |

.github/workflows/python-deps.yml

@@ -2,7 +2,7 @@ name: Test Python Package Installation on Linux and Mac
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -10,6 +10,7 @@ on:
 
 jobs:
   test-setup-python-scripts:
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     strategy:
         fail-fast: false
@@ -24,7 +25,7 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Initialize CodeQL
       uses: ./init
@@ -70,7 +71,7 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Initialize CodeQL
       uses: ./init
@@ -121,9 +122,9 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
-    - uses: actions/setup-python@v2
+    - uses: actions/setup-python@v3
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/release-runner.yml

@@ -1,54 +0,0 @@
-name: Release runner
-
-on:
-  workflow_dispatch:
-    inputs:
-      bundle-tag:
-        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
-        required: false
-
-jobs:
-  release-runner:
-    runs-on: ubuntu-latest
-    env:
-      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
-
-    strategy:
-      matrix:
-        extension: ["linux", "macos", "win.exe"]
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-runner-${{matrix.extension}}
-          path: runner/dist/codeql-runner-${{matrix.extension}}
-
-      - name: Resolve Upload URL for the release
-        if: ${{ github.event.inputs.bundle-tag != null }}
-        id: save_url
-        run: |
-          UPLOAD_URL=$(curl -sS \
-                "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
-                -H "Accept: application/json" \
-                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
-          echo ${UPLOAD_URL}
-          echo "::set-output name=upload_url::${UPLOAD_URL}"
-
-      - name: Upload Platform Package
-        if: ${{ github.event.inputs.bundle-tag != null }}
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.save_url.outputs.upload_url }}
-          asset_path: runner/dist/codeql-runner-${{matrix.extension}}
-          asset_name: codeql-runner-${{matrix.extension}}
-          asset_content_type: application/octet-stream

.github/workflows/script/update-required-checks.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Update the required checks based on the current branch.
+# Typically, this will be main.
+
+if [ -z "$GITHUB_TOKEN" ]; then
+  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
+  exit 1
+fi
+
+if [ "$#" -eq 1 ]; then
+  # If we were passed an argument, pass it as a query to fzf
+  GITHUB_SHA="$@"
+elif [ "$#" -gt 1 ]; then
+  echo "Usage: $0 [SHA]"
+  echo "Update the required checks based on the SHA, or main."
+elif [ -z "$GITHUB_SHA" ]; then
+  # If we don't have a SHA, use main
+  GITHUB_SHA="$(git rev-parse main)"
+fi
+
+echo "Getting checks for $GITHUB_SHA"
+
+# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
+CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"
+
+echo "$CHECKS" | jq
+
+echo "{\"contexts\": ${CHECKS}}" > checks.json
+
+for BRANCH in main releases/v2 releases/v1; do
+  echo "Updating $BRANCH"
+  gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
+done
+
+rm checks.json

.github/workflows/split.yml

@@ -1,73 +0,0 @@
-#
-# Split the CodeQL Bundle into platform bundles
-#
-# Instructions:
-#  1. Upload the new codeql-bundle (codeql-bundle.tar.gz) as an asset of the
-#     release (codeql-bundle-20200826)
-#  2. Take note of the CLI Release used by the bundle (e.g., v2.2.5)
-#  3. Manually launch this workflow file (via the Actions UI) specifying
-#     - The CLI Release (e.g., v2.2.5)
-#     - The release tag (e.g., codeql-bundle-20200826)
-#  4. If everything succeeds you should see 3 new assets.
-#
-
-name: Split Bundle
-
-on:
- workflow_dispatch:
-    inputs:
-      cli-release:
-        description: 'CodeQL CLI Release (e.g., "v2.2.5")'
-        required: true
-      bundle-tag:
-        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
-        required: true
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    env:
-      CLI_RELEASE: "${{ github.event.inputs.cli-release }}"
-      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
-
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ["linux64", "osx64", "win64"]
-
-    steps:
-      - name: Resolve Upload URL for the release
-        id: save_url
-        run: |
-          UPLOAD_URL=$(curl -sS \
-               "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
-               -H "Accept: application/json" \
-               -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
-          echo ${UPLOAD_URL}
-          echo "::set-output name=upload_url::${UPLOAD_URL}"
-
-      - name: Download CodeQL CLI and Bundle
-        run: |
-          wget --no-verbose "https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/codeql-bundle.tar.gz"
-          wget --no-verbose "https://github.com/github/codeql-cli-binaries/releases/download/${CLI_RELEASE}/codeql-${{matrix.platform}}.zip"
-
-      - name: Create Platform Package
-        # Replace the codeql-binaries with the platform specific ones
-        run: |
-          gunzip codeql-bundle.tar.gz
-          tar -f codeql-bundle.tar --delete codeql
-          unzip -q codeql-${{matrix.platform}}.zip
-          tar -f codeql-bundle.tar --append codeql
-          gzip codeql-bundle.tar
-          mv codeql-bundle.tar.gz codeql-bundle-${{matrix.platform}}.tar.gz
-          du -sh codeql-bundle-${{matrix.platform}}.tar.gz
-
-      - name: Upload Platform Package
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.save_url.outputs.upload_url }}
-          asset_path: ./codeql-bundle-${{matrix.platform}}.tar.gz
-          asset_name: codeql-bundle-${{matrix.platform}}.tar.gz
-          asset_content_type: application/tar+gzip

.github/workflows/update-dependencies.yml

@@ -6,11 +6,12 @@ on:
 jobs:
   update:
     name: Update dependencies
+    timeout-minutes: 45
     runs-on: macos-latest
     if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Remove PR label
       env:

.github/workflows/update-release-branch.yml

@@ -1,24 +1,35 @@
 name: Update release branch
 on:
-  repository_dispatch:
+  # You can trigger this workflow via workflow dispatch to start a release.
-    # Example of how to trigger this:
+  # This will open a PR to update the v2 release branch.
-    # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
-    # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
-    types: [update-release-branch]
   workflow_dispatch:
 
+  # When the v2 release is complete, this workflow will open a PR to update the v1 release branch.
+  push:
+    branches:
+      - releases/v2
+
 jobs:
   update:
+    timeout-minutes: 45
     runs-on: ubuntu-latest
-    if: ${{ github.repository == 'github/codeql-action' }}
+    if: github.repository == 'github/codeql-action'
     steps:
-    - uses: actions/checkout@v2
+    - name: Dump environment
+      run: env
+
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: '${{ toJson(github) }}'
+      run: echo "$GITHUB_CONTEXT"
+
+    - uses: actions/checkout@v3
       with:
         # Need full history so we calculate diffs
         fetch-depth: 0
 
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v3
       with:
         python-version: 3.8
 
@@ -32,5 +43,20 @@ jobs:
         git config --global user.email "github-actions@github.com"
         git config --global user.name "github-actions[bot]"
 
-    - name: Update release branch
+    - name: Update v2 release branch
-      run: python .github/update-release-branch.py ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }}
+      if: github.event_name == 'workflow_dispatch'
+      run: |
+        python .github/update-release-branch.py \
+          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --repository-nwo ${{ github.repository }} \
+          --mode v2-release \
+          --conductor ${GITHUB_ACTOR}
+
+    - name: Update v1 release branch
+      if: github.event_name == 'push'
+      run: |
+        python .github/update-release-branch.py \
+          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --repository-nwo ${{ github.repository }} \
+          --mode v1-release \
+          --conductor ${GITHUB_ACTOR}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -6,18 +6,20 @@ on:
 
 jobs:
   update-supported-enterprise-server-versions:
+    name: Update Supported Enterprise Server Versions
+    timeout-minutes: 45
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'github/codeql-action' }}
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Checkout Enterprise Releases
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: github/enterprise-releases
           ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}

CHANGELOG.md

@@ -1,4 +1,47 @@
-# CodeQL Action and CodeQL Runner Changelog
+# CodeQL Action Changelog
+
+## 1.1.10 - 10 May 2022
+
+- Update default CodeQL bundle version to 2.9.5. [#1056](https://github.com/github/codeql-action/pull/1056)
+- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.
+
+## 1.1.9 - 27 Apr 2022
+
+- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
+- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
+- Update default CodeQL bundle version to 2.9.0.
+- Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)
+
+## 1.1.8 - 08 Apr 2022
+
+- Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
+- Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)
+
+## 1.1.7 - 05 Apr 2022
+
+- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)
+
+## 1.1.6 - 30 Mar 2022
+
+- Update default CodeQL bundle version to 2.8.4. [#990](https://github.com/github/codeql-action/pull/990)
+- Fix a bug where an invalid `commit_oid` was being sent to code scanning when a custom checkout path was being used. [#956](https://github.com/github/codeql-action/pull/956)
+
+## 1.1.5 - 15 Mar 2022
+
+- Update default CodeQL bundle version to 2.8.3.
+- The CodeQL runner is now deprecated and no longer being released. For more information, see [CodeQL runner deprecation](https://github.blog/changelog/2021-09-21-codeql-runner-deprecation/).
+- Fix two bugs that cause action failures with GHES 3.3 or earlier. [#978](https://github.com/github/codeql-action/pull/978)
+  - Fix `not a permitted key` invalid requests with GHES 3.1 or earlier
+  - Fix `RUNNER_ARCH environment variable must be set` errors with GHES 3.3 or earlier
+
+## 1.1.4 - 07 Mar 2022
+
+- Update default CodeQL bundle version to 2.8.2. [#950](https://github.com/github/codeql-action/pull/950)
+- Fix a bug where old results can be uploaded if the languages in a repository change when using a non-ephemeral self-hosted runner. [#955](https://github.com/github/codeql-action/pull/955)
+
+## 1.1.3 - 23 Feb 2022
+
+- Fix a bug where the CLR traces can continue tracing even after tracing should be stopped. [#938](https://github.com/github/codeql-action/pull/938)
 
 ## 1.1.2 - 17 Feb 2022
 

CODEOWNERS

@@ -1 +1,3 @@
 **/* @github/codeql-action-reviewers
+
+/python-setup/ @github/codeql-python @github/codeql-action-reviewers

CONTRIBUTING.md

@@ -61,16 +61,42 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v1` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
 
-    A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml). 
+    You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into v1". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
 1. Review the checklist items in the pull request description.
-    Once you've checked off all but the last of these, approve the PR and automerge it.
+    Once you've checked off all but the last two of these, approve the PR and automerge it.
-1. When the "Merge main into v1" pull request is merged into the `v1` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
-    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v1" pull request, and bumps the patch version of the CodeQL Action.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
 
-    Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
+    Approve the mergeback PR and automerge it.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
+    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.
+
+    Review the checklist items in the pull request description.
+    Once you've checked off all the items, approve the PR and automerge it.
+1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
+
+## Keeping the PR checks up to date (admin access required)
+
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [Update required checks](.github/workflows/update-required-checks.yml) workflow.
+
+Or you can use this semi-automated approach:
+
+1. In a terminal check out the `SHA` whose checks you want to use as the base. Typically, this will be `main`. 
+2. From a terminal, run the following commands:
+
+    ```sh
+    SHA="$(git rev-parse HEAD)"
+    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
+    echo "{\"contexts\": ${CHECKS}}" > checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/releases/v2/protection/required_status_checks --input checks.json
+    gh api -X "PATCH" repos/github/codeql-action/branches/releases/v1/protection/required_status_checks --input checks.json
+    ````
+
+3. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
 
 ## Resources
 

README.md

@@ -39,8 +39,7 @@ on:
 
 jobs:
   CodeQL-Build:
-    # If you're only analyzing JavaScript or Python, CodeQL runs on ubuntu-latest, windows-latest, and macos-latest.
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
-    # If you're analyzing C/C++, C#, Go, or Java, CodeQL runs on ubuntu-latest, windows-2019, and macos-latest.
     runs-on: ubuntu-latest
 
     permissions:
@@ -53,11 +52,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         # Override language selection by uncommenting this and choosing your languages
         # with:
         #   languages: go, javascript, csharp, python, cpp, java
@@ -65,10 +64,10 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
       # ✏️ If the Autobuild fails above, remove it and uncomment the following
       #    three lines and modify them (or add more) to build your code if your
@@ -79,14 +78,14 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2
 ```
 
 If you prefer to integrate this within an existing CI workflow, it should end up looking something like this:
 
 ```yaml
 - name: Initialize CodeQL
-  uses: github/codeql-action/init@v1
+  uses: github/codeql-action/init@v2
   with:
     languages: go, javascript
 
@@ -96,7 +95,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
     make release
 
 - name: Perform CodeQL Analysis
-  uses: github/codeql-action/analyze@v1
+  uses: github/codeql-action/analyze@v2
 ```
 
 ### Configuration file
@@ -104,7 +103,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
 Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     config-file: ./.github/codeql/codeql-config.yml
 ```
@@ -112,7 +111,7 @@ Use the `config-file` parameter of the `init` action to enable the configuration
 The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     config-file: owner/repo/codeql-config.yml@branch
     external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
@@ -123,7 +122,7 @@ For information on how to write a configuration file, see "[Using a custom confi
 If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     queries: <local-or-remote-query>,<another-query>
 ```
@@ -131,7 +130,7 @@ If you only want to customise the queries used, you can specify them in your wor
 By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     queries: +<local-or-remote-query>,<another-query>
 ```
@@ -146,4 +145,4 @@ The very first time code scanning is run and if it is on a pull request, you wil
 
 After code scanning has analyzed the code in a pull request, it needs to compare the analysis of the topic branch (the merge commit of the branch you used to create the pull request) with the analysis of the base branch (the branch into which you want to merge the pull request). This allows code scanning to compute which alerts are newly introduced by the pull request, which alerts were already present in the base branch, and whether any existing alerts are fixed by the changes in the pull request. Initially, if you use a pull request to add code scanning to a repository, the base branch has not yet been analyzed, so it's not possible to compute these details. In this case, when you click through from the results check on the pull request you will see the "Missing analysis for base commit SHA-HASH" message.
 
-For more information and other causes of this message, see [Reasons for the "missing analysis" message](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#reasons-for-the-missing-analysis-message)
+For more information and other causes of this message, see [Reasons for the "Analysis not found" message](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#reasons-for-the-analysis-not-found-message)

analyze/action.yml

@@ -61,7 +61,7 @@ inputs:
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true
-    default: "false"
+    default: "true"
   token:
     default: ${{ github.token }}
   matrix:

autobuild/action.yml

@@ -6,6 +6,12 @@ inputs:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
+  working-directory:
+    description: >-
+      Run the autobuilder using this path (relative to $GITHUB_WORKSPACE) as
+      working directory. If this input is not set, the autobuilder runs with
+      $GITHUB_WORKSPACE as its working directory.
+    required: false
 runs:
   using: 'node12'
-  main: '../lib/autobuild-action.js'
+  main: '../lib/autobuild-action.js'

lib/actions-util.js

@@ -19,8 +19,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sanitizeArifactName = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.sendStatusReport = exports.createStatusReportBase = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRunID = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getToolCacheDirectory = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.sanitizeArifactName = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRunID = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getToolCacheDirectory = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -29,6 +30,8 @@ const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util_1 = require("./util");
+// eslint-disable-next-line import/no-commonjs
+const pkg = require("../package.json");
 /**
  * The utils in this module are meant to be run inside of the action only.
  * Code paths from the runner should not enter this module.
@@ -73,7 +76,7 @@ exports.getToolCacheDirectory = getToolCacheDirectory;
 /**
  * Gets the SHA of the commit that is currently checked out.
  */
-const getCommitOid = async function (ref = "HEAD") {
+const getCommitOid = async function (checkoutPath, ref = "HEAD") {
     // Try to use git to get the current commit SHA. If that fails then
     // log but otherwise silently fall back to using the SHA from the environment.
     // The only time these two values will differ is during analysis of a PR when
@@ -93,6 +96,7 @@ const getCommitOid = async function (ref = "HEAD") {
                     process.stderr.write(data);
                 },
             },
+            cwd: checkoutPath,
         }).exec();
         return commitOid.trim();
     }
@@ -112,6 +116,7 @@ const determineMergeBaseCommitOid = async function () {
         return undefined;
     }
     const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
+    const checkoutPath = (0, exports.getOptionalInput)("checkout_path");
     try {
         let commitOid = "";
         let baseOid = "";
@@ -136,6 +141,7 @@ const determineMergeBaseCommitOid = async function () {
                     process.stderr.write(data);
                 },
             },
+            cwd: checkoutPath,
         }).exec();
         // Let's confirm our assumptions: We had a merge commit and the parsed parent data looks correct
         if (commitOid === mergeSha &&
@@ -351,7 +357,7 @@ async function getWorkflowPath() {
     const repo = repo_nwo[1];
     const run_id = Number((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"));
     const apiClient = api.getActionsApiClient();
-    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id", {
+    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id?exclude_pull_requests=true", {
         owner,
         repo,
         run_id,
@@ -424,6 +430,9 @@ async function getRef() {
     // or in the form "refs/pull/N/merge" on a pull_request event
     const refInput = (0, exports.getOptionalInput)("ref");
     const shaInput = (0, exports.getOptionalInput)("sha");
+    const checkoutPath = (0, exports.getOptionalInput)("checkout_path") ||
+        (0, exports.getOptionalInput)("source-root") ||
+        (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE");
     const hasRefInput = !!refInput;
     const hasShaInput = !!shaInput;
     // If one of 'ref' or 'sha' are provided, both are required
@@ -445,15 +454,14 @@ async function getRef() {
     if (!pull_ref_regex.test(ref)) {
         return ref;
     }
-    const head = await (0, exports.getCommitOid)("HEAD");
+    const head = await (0, exports.getCommitOid)(checkoutPath, "HEAD");
-    // in actions/checkout@v2 we can check if git rev-parse HEAD == GITHUB_SHA
+    // in actions/checkout@v2+ we can check if git rev-parse HEAD == GITHUB_SHA
     // in actions/checkout@v1 this may not be true as it checks out the repository
     // using GITHUB_REF. There is a subtle race condition where
     // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check
     // git git-parse GITHUB_REF == git rev-parse HEAD instead.
     const hasChangedRef = sha !== head &&
-        (await (0, exports.getCommitOid)(ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !==
+        (await (0, exports.getCommitOid)(checkoutPath, ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !== head;
-            head;
     if (hasChangedRef) {
         const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
         core.debug(`No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`);
@@ -464,6 +472,15 @@ async function getRef() {
     }
 }
 exports.getRef = getRef;
+function getActionsStatus(error, otherFailureCause) {
+    if (error || otherFailureCause) {
+        return error instanceof util_1.UserError ? "user-error" : "failure";
+    }
+    else {
+        return "success";
+    }
+}
+exports.getActionsStatus = getActionsStatus;
 /**
  * Compose a StatusReport.
  *
@@ -489,6 +506,8 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
         workflowStartedAt = actionStartedAt.toISOString();
         core.exportVariable(sharedEnv.CODEQL_WORKFLOW_STARTED_AT, workflowStartedAt);
     }
+    const runnerOs = (0, util_1.getRequiredEnvParam)("RUNNER_OS");
+    const codeQlCliVersion = (0, util_1.getCachedCodeQlVersion)();
     // If running locally then the GITHUB_ACTION_REF cannot be trusted as it may be for the previous action
     // See https://github.com/actions/runner/issues/803
     const actionRef = isRunningLocalAction()
@@ -507,6 +526,8 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
         started_at: workflowStartedAt,
         action_started_at: actionStartedAt.toISOString(),
         status,
+        runner_os: runnerOs,
+        action_version: pkg.version,
     };
     // Add optional parameters
     if (cause) {
@@ -515,13 +536,27 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
     if (exception) {
         statusReport.exception = exception;
     }
-    if (status === "success" || status === "failure" || status === "aborted") {
+    if (status === "success" ||
+        status === "failure" ||
+        status === "aborted" ||
+        status === "user-error") {
         statusReport.completed_at = new Date().toISOString();
     }
     const matrix = getRequiredInput("matrix");
     if (matrix) {
         statusReport.matrix_vars = matrix;
     }
+    if ("RUNNER_ARCH" in process.env) {
+        // RUNNER_ARCH is available only in GHES 3.4 and later
+        // Values other than X86, X64, ARM, or ARM64 are discarded server side
+        statusReport.runner_arch = process.env["RUNNER_ARCH"];
+    }
+    if (runnerOs === "Windows" || runnerOs === "macOS") {
+        statusReport.runner_os_release = os.release();
+    }
+    if (codeQlCliVersion !== undefined) {
+        statusReport.codeql_version = codeQlCliVersion;
+    }
     return statusReport;
 }
 exports.createStatusReportBase = createStatusReportBase;
@@ -539,11 +574,17 @@ const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code sc
  * Returns whether sending the status report was successful of not.
  */
 async function sendStatusReport(statusReport) {
+    const gitHubVersion = await api.getGitHubVersionActionsOnly();
+    if ((0, util_1.isGitHubGhesVersionBelow)(gitHubVersion, "3.2.0")) {
+        // GHES 3.1 and earlier versions reject unexpected properties, which means
+        // that they will reject status reports with newly added properties.
+        // Inhibiting status reporting for GHES < 3.2 avoids such failures.
+        return true;
+    }
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug(`Sending status report: ${statusReportJSON}`);
     // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
+    if ((0, util_1.isInTestMode)()) {
-    if (testMode) {
         core.debug("In test mode. Status reports are not uploaded.");
         return true;
     }
@@ -636,7 +677,7 @@ async function isAnalyzingDefaultBranch() {
     // Get the current ref and trim and refs/heads/ prefix
     let currentRef = await getRef();
     currentRef = currentRef.startsWith("refs/heads/")
-        ? currentRef.substr("refs/heads/".length)
+        ? currentRef.slice("refs/heads/".length)
         : currentRef;
     const event = getWorkflowEvent();
     const defaultBranch = (_a = event === null || event === void 0 ? void 0 : event.repository) === null || _a === void 0 ? void 0 : _a.default_branch;

lib/actions-util.test.js

@@ -39,74 +39,93 @@ function errorCodes(actual, expected) {
     await t.throwsAsync(actionsutil.getRef);
 });
 (0, ava_1.default)("getRef() returns merge PR ref if GITHUB_SHA still checked out", async (t) => {
-    const expectedRef = "refs/pull/1/merge";
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    const currentSha = "a".repeat(40);
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    process.env["GITHUB_REF"] = expectedRef;
+        const expectedRef = "refs/pull/1/merge";
-    process.env["GITHUB_SHA"] = currentSha;
+        const currentSha = "a".repeat(40);
-    const callback = sinon.stub(actionsutil, "getCommitOid");
+        process.env["GITHUB_REF"] = expectedRef;
-    callback.withArgs("HEAD").resolves(currentSha);
+        process.env["GITHUB_SHA"] = currentSha;
-    const actualRef = await actionsutil.getRef();
+        const callback = sinon.stub(actionsutil, "getCommitOid");
-    t.deepEqual(actualRef, expectedRef);
+        callback.withArgs("HEAD").resolves(currentSha);
-    callback.restore();
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns merge PR ref if GITHUB_REF still checked out but sha has changed (actions checkout@v1)", async (t) => {
-    const expectedRef = "refs/pull/1/merge";
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    process.env["GITHUB_REF"] = expectedRef;
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    process.env["GITHUB_SHA"] = "b".repeat(40);
+        const expectedRef = "refs/pull/1/merge";
-    const sha = "a".repeat(40);
+        process.env["GITHUB_REF"] = expectedRef;
-    const callback = sinon.stub(actionsutil, "getCommitOid");
+        process.env["GITHUB_SHA"] = "b".repeat(40);
-    callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
+        const sha = "a".repeat(40);
-    callback.withArgs("HEAD").resolves(sha);
+        const callback = sinon.stub(actionsutil, "getCommitOid");
-    const actualRef = await actionsutil.getRef();
+        callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
-    t.deepEqual(actualRef, expectedRef);
+        callback.withArgs("HEAD").resolves(sha);
-    callback.restore();
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns head PR ref if GITHUB_REF no longer checked out", async (t) => {
-    process.env["GITHUB_REF"] = "refs/pull/1/merge";
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    process.env["GITHUB_SHA"] = "a".repeat(40);
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    const callback = sinon.stub(actionsutil, "getCommitOid");
+        process.env["GITHUB_REF"] = "refs/pull/1/merge";
-    callback.withArgs("refs/pull/1/merge").resolves("a".repeat(40));
+        process.env["GITHUB_SHA"] = "a".repeat(40);
-    callback.withArgs("HEAD").resolves("b".repeat(40));
+        const callback = sinon.stub(actionsutil, "getCommitOid");
-    const actualRef = await actionsutil.getRef();
+        callback.withArgs(tmpDir, "refs/pull/1/merge").resolves("a".repeat(40));
-    t.deepEqual(actualRef, "refs/pull/1/head");
+        callback.withArgs(tmpDir, "HEAD").resolves("b".repeat(40));
-    callback.restore();
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, "refs/pull/1/head");
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns ref provided as an input and ignores current HEAD", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-    // These values are be ignored
+        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
-    process.env["GITHUB_REF"] = "refs/pull/1/merge";
+        getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
-    process.env["GITHUB_SHA"] = "a".repeat(40);
+        // These values are be ignored
-    const callback = sinon.stub(actionsutil, "getCommitOid");
+        process.env["GITHUB_REF"] = "refs/pull/1/merge";
-    callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
+        process.env["GITHUB_SHA"] = "a".repeat(40);
-    callback.withArgs("HEAD").resolves("b".repeat(40));
+        const callback = sinon.stub(actionsutil, "getCommitOid");
-    const actualRef = await actionsutil.getRef();
+        callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
-    t.deepEqual(actualRef, "refs/pull/2/merge");
+        callback.withArgs("HEAD").resolves("b".repeat(40));
-    callback.restore();
+        const actualRef = await actionsutil.getRef();
-    getAdditionalInputStub.restore();
+        t.deepEqual(actualRef, "refs/pull/2/merge");
+        callback.restore();
+        getAdditionalInputStub.restore();
+    });
 });
 (0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    await t.throwsAsync(async () => {
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-        await actionsutil.getRef();
+        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
-    }, {
+        await t.throwsAsync(async () => {
-        instanceOf: Error,
+            await actionsutil.getRef();
-        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+        }, {
+            instanceOf: Error,
+            message: "Both 'ref' and 'sha' are required if one of them is provided.",
+        });
+        getAdditionalInputStub.restore();
     });
-    getAdditionalInputStub.restore();
 });
 (0, ava_1.default)("getRef() throws an error if only `sha` is provided as an input", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
-    getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-    await t.throwsAsync(async () => {
+        process.env["GITHUB_WORKSPACE"] = "/tmp";
-        await actionsutil.getRef();
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-    }, {
+        getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
-        instanceOf: Error,
+        await t.throwsAsync(async () => {
-        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+            await actionsutil.getRef();
+        }, {
+            instanceOf: Error,
+            message: "Both 'ref' and 'sha' are required if one of them is provided.",
+        });
+        getAdditionalInputStub.restore();
     });
-    getAdditionalInputStub.restore();
 });
 (0, ava_1.default)("computeAutomationID()", async (t) => {
     let actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
@@ -461,6 +480,7 @@ on: ["push"]
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const envFile = path.join(tmpDir, "event.json");
         fs.writeFileSync(envFile, JSON.stringify({
             repository: {

lib/analysis-paths.test.js

@@ -45,6 +45,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@@ -69,6 +70,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@@ -94,6 +96,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from environment variables", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
         sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
         sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
             languages: [],
             packs: [],
         });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
         // When there are no action inputs for RAM and threads, the action uses

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from action inputs", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
         sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
         sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
             languages: [],
             packs: [],
         });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
         process.env["CODEQL_THREADS"] = "1";

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -37,9 +37,7 @@ const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
 async function sendStatusReport(startedAt, config, stats, error) {
-    const status = (stats === null || stats === void 0 ? void 0 : stats.analyze_failure_language) !== undefined || error !== undefined
+    const status = actionsUtil.getActionsStatus(error, stats === null || stats === void 0 ? void 0 : stats.analyze_failure_language);
-        ? "failure"
-        : "success";
     const statusReportBase = await actionsUtil.createStatusReportBase("finish", status, startedAt, error === null || error === void 0 ? void 0 : error.message, error === null || error === void 0 ? void 0 : error.stack);
     const statusReport = {
         ...statusReportBase,
@@ -59,6 +57,7 @@ async function run() {
     let runStats = undefined;
     let config = undefined;
     util.initializeEnvironment(util.Mode.actions, pkg.version);
+    await util.checkActionVersion(pkg.version);
     try {
         if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("finish", "starting", startedAt)))) {
             return;
@@ -119,7 +118,11 @@ async function run() {
         }
         // Possibly upload the database bundles for remote queries
         await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
-        if (uploadResult !== undefined &&
+        // We don't upload results in test mode, so don't wait for processing
+        if (util.isInTestMode()) {
+            core.debug("In test mode. Waiting for processing is disabled.");
+        }
+        else if (uploadResult !== undefined &&
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
         }

lib/analyze.js

@@ -29,6 +29,7 @@ const codeql_1 = require("./codeql");
 const count_loc_1 = require("./count-loc");
 const languages_1 = require("./languages");
 const sharedEnv = __importStar(require("./shared-environment"));
+const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 class CodeQLAnalysisError extends Error {
     constructor(queriesStatusReport, message) {
@@ -130,11 +131,11 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         if (!hasBuiltinQueries && !hasCustomQueries && !hasPackWithCustomQueries) {
             throw new Error(`Unable to analyse ${language} as no queries were selected for this language`);
         }
+        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
         try {
             if (hasPackWithCustomQueries) {
                 logger.info("Performing analysis with custom CodeQL Packs.");
                 logger.startGroup(`Downloading custom packs for ${language}`);
-                const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
                 const results = await codeql.packDownload(packsWithVersion);
                 logger.info(`Downloaded packs: ${results.packs
                     .map((r) => `${r.name}@${r.version || "latest"}`)
@@ -158,7 +159,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 }
             }
             if (packsWithVersion.length > 0) {
-                querySuitePaths.push(await runQueryGroup(language, "packs", createPackSuiteContents(packsWithVersion), undefined));
+                querySuitePaths.push(...(await runQueryPacks(language, "packs", packsWithVersion, undefined)));
                 ranCustom = true;
             }
             if (ranCustom) {
@@ -216,25 +217,47 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         return querySuitePath;
     }
+    async function runQueryPacks(language, type, packs, searchPath) {
+        const databasePath = util.getCodeQLDatabasePath(config, language);
+        // Run the queries individually instead of all at once to avoid command
+        // line length restrictions, particularly on windows.
+        for (const pack of packs) {
+            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
+            const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+            await codeql.databaseRunQueries(databasePath, searchPath, pack, memoryFlag, threadsFlag);
+            logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
+        }
+        return packs;
+    }
 }
 exports.runQueries = runQueries;
 function createQuerySuiteContents(queries) {
     return queries.map((q) => `- query: ${q}`).join("\n");
 }
-function createPackSuiteContents(packsWithVersion) {
-    return packsWithVersion.map(packWithVersionToQuerySuiteEntry).join("\n");
-}
-function packWithVersionToQuerySuiteEntry(pack) {
-    let text = `- qlpack: ${pack.packName}`;
-    if (pack.version) {
-        text += `\n  version: ${pack.version}`;
-    }
-    return text;
-}
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
-    // Delete the tracer config env var to avoid tracing ourselves
+    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-    fs.mkdirSync(outputDir, { recursive: true });
+        // Delete variables as specified by the end-tracing script
+        await (0, tracer_config_1.endTracingForCluster)(config);
+    }
+    else {
+        // Delete the tracer config env var to avoid tracing ourselves
+        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+    }
+    // After switching to Node16, this entire block can be replaced with `await fs.promises.rm(outputDir, { recursive: true, force: true });`.
+    try {
+        await fs.promises.rmdir(outputDir, {
+            recursive: true,
+            maxRetries: 5,
+            retryDelay: 2000,
+        });
+    }
+    catch (error) {
+        if ((error === null || error === void 0 ? void 0 : error.code) !== "ENOENT") {
+            throw error;
+        }
+    }
+    await fs.promises.mkdir(outputDir, { recursive: true });
     await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger);
 }
 exports.runFinalize = runFinalize;

lib/analyze.test.js

@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
-const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
@@ -53,18 +52,8 @@ const util = __importStar(require("./util"));
         const addSnippetsFlag = "";
         const threadsFlag = "";
         const packs = {
-            [languages_1.Language.cpp]: [
+            [languages_1.Language.cpp]: ["a/b@1.0.0"],
-                {
+            [languages_1.Language.java]: ["c/d@2.0.0"],
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.0.0"),
-                },
-            ],
-            [languages_1.Language.java]: [
-                {
-                    packName: "c/d",
-                    version: (0, semver_1.clean)("2.0.0"),
-                },
-            ],
         };
         for (const language of Object.values(languages_1.Language)) {
             (0, codeql_1.setCodeQL)({
@@ -128,6 +117,7 @@ const util = __importStar(require("./util"));
                 debugMode: false,
                 debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                 debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+                injectedMlQueries: false,
             };
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
@@ -208,32 +198,10 @@ const util = __importStar(require("./util"));
                 query: "bar.ql",
             },
         ];
-        const qlsPackContentCpp = [
-            {
-                qlpack: "a/b",
-                version: "1.0.0",
-            },
-        ];
-        const qlsPackContentJava = [
-            {
-                qlpack: "c/d",
-                version: "2.0.0",
-            },
-        ];
         for (const lang of Object.values(languages_1.Language)) {
             t.deepEqual(readContents(`${lang}-queries-builtin.qls`), qlsContent);
             t.deepEqual(readContents(`${lang}-queries-custom-0.qls`), qlsContent);
             t.deepEqual(readContents(`${lang}-queries-custom-1.qls`), qlsContent2);
-            const packSuiteName = `${lang}-queries-packs.qls`;
-            if (lang === languages_1.Language.cpp) {
-                t.deepEqual(readContents(packSuiteName), qlsPackContentCpp);
-            }
-            else if (lang === languages_1.Language.java) {
-                t.deepEqual(readContents(packSuiteName), qlsPackContentJava);
-            }
-            else {
-                t.false(fs.existsSync(path.join(tmpDir, "codeql_databases", packSuiteName)));
-            }
         }
         function readContents(name) {
             const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");

lib/api-client.js

@@ -22,12 +22,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getActionsApiClient = exports.getApiClient = exports.DisallowedAPIVersionReason = void 0;
+exports.getGitHubVersionActionsOnly = exports.getActionsApiClient = exports.getApiClient = exports.DisallowedAPIVersionReason = void 0;
 const path = __importStar(require("path"));
 const githubUtils = __importStar(require("@actions/github/lib/utils"));
 const retry = __importStar(require("@octokit/plugin-retry"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
 const actions_util_1 = require("./actions-util");
+const util = __importStar(require("./util"));
 const util_1 = require("./util");
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
@@ -57,15 +58,36 @@ function getApiUrl(githubUrl) {
     url.pathname = path.join(url.pathname, "api", "v3");
     return url.toString();
 }
+function getApiDetails() {
+    return {
+        auth: (0, actions_util_1.getRequiredInput)("token"),
+        url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
+    };
+}
 // Temporary function to aid in the transition to running on and off of github actions.
 // Once all code has been converted this function should be removed or made canonical
 // and called only from the action entrypoints.
 function getActionsApiClient() {
-    const apiDetails = {
+    return (0, exports.getApiClient)(getApiDetails());
-        auth: (0, actions_util_1.getRequiredInput)("token"),
-        url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
-    };
-    return (0, exports.getApiClient)(apiDetails);
 }
 exports.getActionsApiClient = getActionsApiClient;
+let cachedGitHubVersion = undefined;
+/**
+ * Report the GitHub server version. This is a wrapper around
+ * util.getGitHubVersion() that automatically supplies GitHub API details using
+ * GitHub Action inputs. If you need to get the GitHub server version from the
+ * Runner, please call util.getGitHubVersion() instead.
+ *
+ * @returns GitHub version
+ */
+async function getGitHubVersionActionsOnly() {
+    if (!util.isActions()) {
+        throw new Error("getGitHubVersionActionsOnly() works only in an action");
+    }
+    if (cachedGitHubVersion === undefined) {
+        cachedGitHubVersion = await util.getGitHubVersion(getApiDetails());
+    }
+    return cachedGitHubVersion;
+}
+exports.getGitHubVersionActionsOnly = getGitHubVersionActionsOnly;
 //# sourceMappingURL=api-client.js.map

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,iCAAsD;AAEtD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAeM,MAAM,YAAY,GAAG,UAC1B,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;QAClC,SAAS,EAAE,UAAU,IAAA,cAAO,GAAE,IAAI,GAAG,CAAC,OAAO,EAAE;QAC/C,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAdW,QAAA,YAAY,gBAcvB;AAEF,SAAS,SAAS,CAAC,SAAiB;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,uDAAuD;IACvD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,uFAAuF;AACvF,qFAAqF;AACrF,+CAA+C;AAC/C,SAAgB,mBAAmB;IACjC,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;KAC9C,CAAC;IAEF,OAAO,IAAA,oBAAY,EAAC,UAAU,CAAC,CAAC;AAClC,CAAC;AAPD,kDAOC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAkD;AAClD,6CAA+B;AAC/B,iCAAqE;AAErE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAEvC,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,GAA1B,kCAA0B,KAA1B,kCAA0B,QAGrC;AAeM,MAAM,YAAY,GAAG,UAC1B,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC;QAClC,SAAS,EAAE,UAAU,IAAA,cAAO,GAAE,IAAI,GAAG,CAAC,OAAO,EAAE;QAC/C,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC,CAAC;AAdW,QAAA,YAAY,gBAcvB;AAEF,SAAS,SAAS,CAAC,SAAiB;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,uDAAuD;IACvD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,aAAa;IACpB,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,uFAAuF;AACvF,qFAAqF;AACrF,+CAA+C;AAC/C,SAAgB,mBAAmB;IACjC,OAAO,IAAA,oBAAY,EAAC,aAAa,EAAE,CAAC,CAAC;AACvC,CAAC;AAFD,kDAEC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAE/D;;;;;;;GAOG;AACI,KAAK,UAAU,2BAA2B;IAC/C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE;QACrB,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;KAC1E;IACD,IAAI,mBAAmB,KAAK,SAAS,EAAE;QACrC,mBAAmB,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,EAAE,CAAC,CAAC;KACpE;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,kEAQC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.4", "minimumVersion": "3.1" }
+{ "maximumVersion": "3.5", "minimumVersion": "3.1" }

lib/autobuild-action.js

@@ -29,9 +29,7 @@ const util_1 = require("./util");
 const pkg = require("../package.json");
 async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
-    const status = failingLanguage !== undefined || cause !== undefined
+    const status = (0, actions_util_1.getActionsStatus)(cause, failingLanguage);
-        ? "failure"
-        : "success";
     const statusReportBase = await (0, actions_util_1.createStatusReportBase)("autobuild", status, startedAt, cause === null || cause === void 0 ? void 0 : cause.message, cause === null || cause === void 0 ? void 0 : cause.stack);
     const statusReport = {
         ...statusReportBase,
@@ -41,8 +39,9 @@ async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguag
     await (0, actions_util_1.sendStatusReport)(statusReport);
 }
 async function run() {
-    const logger = (0, logging_1.getActionsLogger)();
     const startedAt = new Date();
+    const logger = (0, logging_1.getActionsLogger)();
+    await (0, util_1.checkActionVersion)(pkg.version);
     let language = undefined;
     try {
         if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("autobuild", "starting", startedAt)))) {
@@ -54,6 +53,11 @@ async function run() {
         }
         language = (0, autobuild_1.determineAutobuildLanguage)(config, logger);
         if (language !== undefined) {
+            const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
+            if (workingDirectory) {
+                logger.info(`Changing autobuilder working directory to ${workingDirectory}`);
+                process.chdir(workingDirectory);
+            }
             await (0, autobuild_1.runAutobuild)(language, config, logger);
         }
     }

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAKwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GACV,eAAe,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS;QAClD,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAyE;AAEzE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -194,6 +194,19 @@ async function getCodeQLBundleDownloadURL(apiDetails, variant, logger) {
     }
     return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
 }
+/**
+ * Set up CodeQL CLI access.
+ *
+ * @param codeqlURL
+ * @param apiDetails
+ * @param tempDir
+ * @param toolCacheDir
+ * @param variant
+ * @param logger
+ * @param checkVersion Whether to check that CodeQL CLI meets the minimum
+ *        version requirement. Must be set to true outside tests.
+ * @returns
+ */
 async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolCacheDir, variant, logger, checkVersion) {
     try {
         // We use the special value of 'latest' to prioritize the version in the
@@ -365,16 +378,26 @@ async function getCodeQLForTesting() {
     return getCodeQLForCmd("codeql-for-testing", false);
 }
 exports.getCodeQLForTesting = getCodeQLForTesting;
+/**
+ * Return a CodeQL object for CodeQL CLI access.
+ *
+ * @param cmd Path to CodeQL CLI
+ * @param checkVersion Whether to check that CodeQL CLI meets the minimum
+ *        version requirement. Must be set to true outside tests.
+ * @returns A new CodeQL object
+ */
 async function getCodeQLForCmd(cmd, checkVersion) {
-    let cachedVersion = undefined;
     const codeql = {
         getPath() {
             return cmd;
         },
         async getVersion() {
-            if (cachedVersion === undefined)
+            let result = util.getCachedCodeQlVersion();
-                cachedVersion = runTool(cmd, ["version", "--format=terse"]);
+            if (result === undefined) {
-            return await cachedVersion;
+                result = (await runTool(cmd, ["version", "--format=terse"])).trim();
+                util.cacheCodeQlVersion(result);
+            }
+            return result;
         },
         async printVersion() {
             await runTool(cmd, ["version", "--format=json"]);
@@ -429,14 +452,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 ...getExtraOptionsFromEnv(["database", "init"]),
             ]);
         },
-        async databaseInitCluster(databasePath, languages, sourceRoot, processName, processLevel) {
+        async databaseInitCluster(config, sourceRoot, processName, processLevel) {
-            const extraArgs = languages.map((language) => `--language=${language}`);
+            const extraArgs = config.languages.map((language) => `--language=${language}`);
-            if (languages.filter(languages_1.isTracedLanguage).length > 0) {
+            if (config.languages.filter(languages_1.isTracedLanguage).length > 0) {
                 extraArgs.push("--begin-tracing");
                 if (processName !== undefined) {
                     extraArgs.push(`--trace-process-name=${processName}`);
                 }
                 else {
+                    // We default to 3 if no other arguments are provided since this was the default
+                    // behaviour of the Runner. Note this path never happens in the CodeQL Action
+                    // because that always passes in a process name.
                     extraArgs.push(`--trace-process-level=${processLevel || 3}`);
                 }
             }
@@ -444,7 +470,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "database",
                 "init",
                 "--db-cluster",
-                databasePath,
+                config.dbLocation,
                 `--source-root=${sourceRoot}`,
                 ...extraArgs,
                 ...getExtraOptionsFromEnv(["database", "init"]),
@@ -586,7 +612,8 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 (await util.codeQlVersionAbove(this, CODEQL_VERSION_SARIF_GROUP))) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
-            codeqlArgs.push(databasePath, ...querySuitePaths);
+            codeqlArgs.push(databasePath);
+            codeqlArgs.push(...querySuitePaths);
             // capture stdout, which contains analysis summaries
             return await runTool(cmd, codeqlArgs);
         },
@@ -614,8 +641,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "pack",
                 "download",
                 "--format=json",
+                "--resolve-query-specs",
                 ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs.map(packWithVersionToString),
+                ...packs,
             ];
             const output = await runTool(cmd, codeqlArgs);
             try {
@@ -657,15 +685,20 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
     };
+    // To ensure that status reports include the CodeQL CLI version whereever
+    // possbile, we want to call getVersion(), which populates the version value
+    // used by status reporting, at the earliest opportunity. But invoking
+    // getVersion() directly here breaks tests that only pretend to create a
+    // CodeQL object. So instead we rely on the assumption that all non-test
+    // callers would set checkVersion to true, and util.codeQlVersionAbove()
+    // would call getVersion(), so the CLI version would be cached as soon as the
+    // CodeQL object is created.
     if (checkVersion &&
         !(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
         throw new Error(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${await codeql.getVersion()}`);
     }
     return codeql;
 }
-function packWithVersionToString(pack) {
-    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
-}
 /**
  * Gets the options for `path` of `options` as an array of extra option strings.
  */

lib/config-utils.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
+exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const yaml = __importStar(require("js-yaml"));
@@ -118,9 +118,11 @@ const builtinSuites = ["security-extended", "security-and-quality"];
 /**
  * Determine the set of queries associated with suiteName's suites and add them to resultMap.
  * Throws an error if suiteName is not a valid builtin suite.
+ * May inject ML queries, and the return value will declare if this was done.
  */
 async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, featureFlags, configFile) {
     var _a;
+    let injectedMlQueries = false;
     const found = builtinSuites.find((suite) => suite === suiteName);
     if (!found) {
         throw new Error(getQueryUsesInvalid(configFile, suiteName));
@@ -128,18 +130,28 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
     // If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
     // opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
     // pack, then add the ML-powered query pack so that we run ML-powered queries.
-    if (languages.includes("javascript") &&
+    if (
+    // Disable ML-powered queries on Windows
+    process.platform !== "win32" &&
+        languages.includes("javascript") &&
         (found === "security-extended" || found === "security-and-quality") &&
-        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some((pack) => pack.packName === util_1.ML_POWERED_JS_QUERIES_PACK.packName)) &&
+        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some(isMlPoweredJsQueriesPack)) &&
         (await featureFlags.getValue(feature_flags_1.FeatureFlag.MlPoweredQueriesEnabled)) &&
         (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES))) {
         if (!packs.javascript) {
             packs.javascript = [];
         }
-        packs.javascript.push(util_1.ML_POWERED_JS_QUERIES_PACK);
+        packs.javascript.push(await (0, util_1.getMlPoweredJsQueriesPack)(codeQL));
+        injectedMlQueries = true;
     }
     const suites = languages.map((l) => `${l}-${suiteName}.qls`);
     await runResolveQueries(codeQL, resultMap, suites, undefined);
+    return injectedMlQueries;
+}
+function isMlPoweredJsQueriesPack(pack) {
+    return (pack === util_1.ML_POWERED_JS_QUERIES_PACK_NAME ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}:`));
 }
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
@@ -196,6 +208,11 @@ async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetail
  * parsing the 'uses' actions in the workflow file. So it can handle
  * local paths starting with './', or references to remote repos, or
  * a finite set of hardcoded terms for builtin suites.
+ *
+ * This may inject ML queries into the packs to use, and the return value will
+ * declare if this was done.
+ *
+ * @returns whether or not we injected ML queries into the packs
  */
 async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, featureFlags, logger, configFile) {
     queryUses = queryUses.trim();
@@ -205,15 +222,15 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
     // Check for the local path case before we start trying to parse the repository name
     if (queryUses.startsWith("./")) {
         await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile);
-        return;
+        return false;
     }
     // Check for one of the builtin suites
     if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
-        await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile);
+        return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile);
-        return;
     }
     // Otherwise, must be a reference to another repo
     await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
+    return false;
 }
 // Regex validating stars in paths or paths-ignore entries.
 // The intention is to only allow ** to appear when immediately
@@ -422,12 +439,15 @@ async function getLanguages(codeQL, languagesInput, repository, apiDetails, logg
     return parsedLanguages;
 }
 async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureFlags, logger) {
+    let injectedMlQueries = false;
     queriesInput = queriesInput.trim();
     // "+" means "don't override config file" - see shouldAddConfigFileQueries
     queriesInput = queriesInput.replace(/^\+/, "");
     for (const query of queriesInput.split(",")) {
-        await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = injectedMlQueries || didInject;
     }
+    return injectedMlQueries;
 }
 // Returns true if either no queries were provided in the workflow.
 // or if the queries in the workflow were provided in "additive" mode,
@@ -435,7 +455,7 @@ async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, r
 // should instead be added in addition
 function shouldAddConfigFileQueries(queriesInput) {
     if (queriesInput) {
-        return queriesInput.trimStart().substr(0, 1) === "+";
+        return queriesInput.trimStart().slice(0, 1) === "+";
     }
     return true;
 }
@@ -454,8 +474,9 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
     }
     await addDefaultQueries(codeQL, languages, queries);
     const packs = (_a = parsePacksFromInput(packsInput, languages)) !== null && _a !== void 0 ? _a : {};
+    let injectedMlQueries = false;
     if (queriesInput) {
-        await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
     return {
         languages,
@@ -472,6 +493,7 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
         debugMode,
         debugArtifactName,
         debugDatabaseName,
+        injectedMlQueries,
     };
 }
 exports.getDefaultConfig = getDefaultConfig;
@@ -524,8 +546,9 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
     // they should take precedence over the queries in the config file
     // unless they're prefixed with "+", in which case they supplement those
     // in the config file.
+    let injectedMlQueries = false;
     if (queriesInput) {
-        await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
     if (shouldAddConfigFileQueries(queriesInput) &&
         QUERIES_PROPERTY in parsedYAML) {
@@ -578,6 +601,7 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
         debugMode,
         debugArtifactName,
         debugDatabaseName,
+        injectedMlQueries,
     };
 }
 /**
@@ -615,7 +639,7 @@ function parsePacksFromConfig(packsByLanguage, languages, configFile) {
         }
         packs[lang] = [];
         for (const packStr of packsArr) {
-            packs[lang].push(toPackWithVersion(packStr, configFile));
+            packs[lang].push(validatePacksSpecification(packStr, configFile));
         }
     }
     return packs;
@@ -640,32 +664,74 @@ function parsePacksFromInput(packsInput, languages) {
     }
     return {
         [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-            packs.push(toPackWithVersion(pack, ""));
+            packs.push(validatePacksSpecification(pack, ""));
             return packs;
         }, []),
     };
 }
-function toPackWithVersion(packStr, configFile) {
+/**
+ * Validates that this package specification is syntactically correct.
+ * It may not point to any real package, but after this function returns
+ * without throwing, we are guaranteed that the package specification
+ * is roughly correct.
+ *
+ * The CLI itself will do a more thorough validation of the package
+ * specification.
+ *
+ * A package specification looks like this:
+ *
+ * `scope/name@version:path`
+ *
+ * Version and path are optional.
+ *
+ * @param packStr the package specification to verify.
+ * @param configFile Config file to use for error reporting
+ */
+function validatePacksSpecification(packStr, configFile) {
     if (typeof packStr !== "string") {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    const nameWithVersion = packStr.trim().split("@");
+    packStr = packStr.trim();
-    let version;
+    const atIndex = packStr.indexOf("@");
-    if (nameWithVersion.length > 2 ||
+    const colonIndex = packStr.indexOf(":", atIndex);
-        !PACK_IDENTIFIER_PATTERN.test(nameWithVersion[0])) {
+    const packStart = 0;
+    const versionStart = atIndex + 1 || undefined;
+    const pathStart = colonIndex + 1 || undefined;
+    const packEnd = Math.min(atIndex > 0 ? atIndex : Infinity, colonIndex > 0 ? colonIndex : Infinity, packStr.length);
+    const versionEnd = versionStart
+        ? Math.min(colonIndex > 0 ? colonIndex : Infinity, packStr.length)
+        : undefined;
+    const pathEnd = pathStart ? packStr.length : undefined;
+    const packName = packStr.slice(packStart, packEnd).trim();
+    const version = versionStart
+        ? packStr.slice(versionStart, versionEnd).trim()
+        : undefined;
+    const packPath = pathStart
+        ? packStr.slice(pathStart, pathEnd).trim()
+        : undefined;
+    if (!PACK_IDENTIFIER_PATTERN.test(packName)) {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    else if (nameWithVersion.length === 2) {
+    if (version) {
-        version = semver.clean(nameWithVersion[1]) || undefined;
+        try {
-        if (!version) {
+            new semver.Range(version);
+        }
+        catch (e) {
+            // The range string is invalid. OK to ignore the caught error
             throw new Error(getPacksStrInvalid(packStr, configFile));
         }
     }
-    return {
+    if (packPath &&
-        packName: nameWithVersion[0].trim(),
+        (path.isAbsolute(packPath) || path.normalize(packPath) !== packPath)) {
-        version,
+        throw new Error(getPacksStrInvalid(packStr, configFile));
-    };
+    }
+    if (!packPath && pathStart) {
+        // 0 length path
+        throw new Error(getPacksStrInvalid(packStr, configFile));
+    }
+    return (packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : ""));
 }
+exports.validatePacksSpecification = validatePacksSpecification;
 // exported for testing
 function parsePacks(rawPacksFromConfig, rawPacksInput, languages, configFile) {
     const packsFromInput = parsePacksFromInput(rawPacksInput, languages);

lib/config-utils.test.js

@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
-const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
@@ -221,6 +220,7 @@ function mockListLanguages(languages) {
             debugMode: false,
             debugArtifactName: "my-artifact",
             debugDatabaseName: "my-db",
+            injectedMlQueries: false,
         };
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
@@ -600,12 +600,7 @@ function queriesToResolvedQueryForm(queries) {
         const languages = "javascript";
         const { packs } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
-                {
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
         });
     });
 });
@@ -639,18 +634,8 @@ function queriesToResolvedQueryForm(queries) {
         const languages = "javascript,python,cpp";
         const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example" }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
-                {
+            [languages_1.Language.python]: ["c/d@1.2.3"],
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
-            [languages_1.Language.python]: [
-                {
-                    packName: "c/d",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
         });
         t.deepEqual(queries, {
             cpp: {
@@ -785,28 +770,47 @@ const invalidPackNameMacro = ava_1.default.macro({
 });
 (0, ava_1.default)("no packs", parsePacksMacro, {}, [], {});
 (0, ava_1.default)("two packs", parsePacksMacro, ["a/b", "c/d@1.2.3"], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
-    ],
 });
 (0, ava_1.default)("two packs with spaces", parsePacksMacro, [" a/b ", " c/d@1.2.3 "], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
-    ],
 });
 (0, ava_1.default)("two packs with language", parsePacksMacro, {
     [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
     [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
 }, [languages_1.Language.cpp, languages_1.Language.java, languages_1.Language.csharp], {
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
+    [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
+});
+(0, ava_1.default)("packs with other valid names", parsePacksMacro, [
+    // ranges are ok
+    "c/d@1.0",
+    "c/d@~1.0.0",
+    "c/d@~1.0.0:a/b",
+    "c/d@~1.0.0+abc:a/b",
+    "c/d@~1.0.0-abc:a/b",
+    "c/d:a/b",
+    // whitespace is removed
+    " c/d      @     ~1.0.0    :    b.qls   ",
+    // and it is retained within a path
+    " c/d      @     ~1.0.0    :    b/a path with/spaces.qls   ",
+    // this is valid. the path is '@'. It will probably fail when passed to the CLI
+    "c/d@1.2.3:@",
+    // this is valid, too. It will fail if it doesn't match a path
+    // (globbing is not done)
+    "c/d@1.2.3:+*)_(",
+], [languages_1.Language.cpp], {
     [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
+        "c/d@1.0",
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
+        "c/d@~1.0.0",
-    ],
+        "c/d@~1.0.0:a/b",
-    [languages_1.Language.java]: [
+        "c/d@~1.0.0+abc:a/b",
-        { packName: "d/e", version: undefined },
+        "c/d@~1.0.0-abc:a/b",
-        { packName: "f/g", version: (0, semver_1.clean)("1.2.3") },
+        "c/d:a/b",
+        "c/d@~1.0.0:b.qls",
+        "c/d@~1.0.0:b/a path with/spaces.qls",
+        "c/d@1.2.3:@",
+        "c/d@1.2.3:+*)_(",
     ],
 });
 (0, ava_1.default)("no language", parsePacksErrorMacro, ["a/b@1.2.3"], [languages_1.Language.java, languages_1.Language.python], /The configuration file "\/a\/b" is invalid: property "packs" must split packages by language/);
@@ -816,7 +820,14 @@ const invalidPackNameMacro = ava_1.default.macro({
 (0, ava_1.default)(invalidPackNameMacro, "c-/d");
 (0, ava_1.default)(invalidPackNameMacro, "-c/d");
 (0, ava_1.default)(invalidPackNameMacro, "c/d_d");
-(0, ava_1.default)(invalidPackNameMacro, "c/d@x");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@@");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@1.0.0:");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:/a");
+(0, ava_1.default)(invalidPackNameMacro, "@1.0.0:a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@../a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@b/../a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:z@1");
 /**
  * Test macro for testing the packs block and the packs input
  */
@@ -833,39 +844,22 @@ function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, langu
 }
 parseInputAndConfigErrorMacro.title = (providedTitle) => `Parse Packs input and config Error: ${providedTitle}`;
 (0, ava_1.default)("input only", parseInputAndConfigMacro, {}, " c/d ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [{ packName: "c/d", version: undefined }],
+    [languages_1.Language.cpp]: ["c/d"],
 });
 (0, ava_1.default)("input only with multiple", parseInputAndConfigMacro, {}, "a/b , c/d@1.2.3", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: "1.2.3" },
-    ],
 });
 (0, ava_1.default)("input only with +", parseInputAndConfigMacro, {}, "  +  a/b , c/d@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: "1.2.3" },
-    ],
 });
 (0, ava_1.default)("config only", parseInputAndConfigMacro, ["a/b", "c/d"], "  ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d"],
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: undefined },
-    ],
 });
 (0, ava_1.default)("input overrides", parseInputAndConfigMacro, ["a/b", "c/d"], " e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3"],
-        { packName: "e/f", version: undefined },
-        { packName: "g/h", version: "1.2.3" },
-    ],
 });
 (0, ava_1.default)("input and config", parseInputAndConfigMacro, ["a/b", "c/d"], " +e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3", "a/b", "c/d"],
-        { packName: "e/f", version: undefined },
-        { packName: "g/h", version: "1.2.3" },
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: undefined },
-    ],
 });
 (0, ava_1.default)("input with no language", parseInputAndConfigErrorMacro, {}, "c/d", [], /No languages specified/);
 (0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], /multi-language analysis/);
@@ -894,10 +888,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
             if (expectedVersionString !== undefined) {
                 t.deepEqual(packs, {
                     [languages_1.Language.javascript]: [
-                        {
+                        `codeql/javascript-experimental-atm-queries@${expectedVersionString}`,
-                            packName: "codeql/javascript-experimental-atm-queries",
-                            version: expectedVersionString,
-                        },
                     ],
                 });
             }
@@ -910,11 +901,20 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
         ? `${expectedVersionString} are`
         : "aren't"} loaded for packs: ${packsInput}, queries: ${queriesInput} using CLI v${codeQLVersion} when feature flag is ${isMlPoweredQueriesFlagEnabled ? "enabled" : "disabled"}`,
 });
-// macro, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, versionString
+// macro, codeQLVersion, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, expectedVersionString
+// Test that ML-powered queries aren't run on v2.7.4 of the CLI.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.4", true, undefined, "security-extended", undefined);
+// Test that ML-powered queries aren't run when the feature flag is off.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", false, undefined, "security-extended", undefined);
+// Test that ML-powered queries aren't run when the user hasn't specified that we should run the
+// `security-extended` or `security-and-quality` query suite.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", "~0.0.2");
+// Test that ML-powered queries are run on non-Windows platforms running `security-extended`.
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", "~0.0.2");
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.1.0");
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
+// Test that ML-powered queries are run on non-Windows platforms running `security-and-quality`.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", process.platform === "win32" ? undefined : "~0.1.0");
+// Test that we don't inject an ML-powered query pack if the user has already specified one.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", process.platform === "win32" ? undefined : "0.0.1");
+// Test that the ~0.2.0 version of ML-powered queries is run on v2.8.4 of the CLI.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.8.4", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.2.0");
 //# sourceMappingURL=config-utils.test.js.map

lib/database-upload.test.js

@@ -58,6 +58,7 @@ function getTestConfig(tmpDir) {
         debugMode: false,
         debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
         debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME,
+        injectedMlQueries: false,
     };
 }
 async function mockHttpRequests(databaseUploadStatusCode) {

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220214"
+    "bundleVersion": "codeql-bundle-20220428"
 }

lib/init-action.js

@@ -22,6 +22,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const feature_flags_1 = require("./feature-flags");
 const init_1 = require("./init");
@@ -48,7 +49,7 @@ async function sendSuccessStatusReport(startedAt, config, toolsVersion) {
     }
     if (queriesInput !== undefined) {
         queriesInput = queriesInput.startsWith("+")
-            ? queriesInput.substr(1)
+            ? queriesInput.slice(1)
             : queriesInput;
         queries.push(...queriesInput.split(","));
     }
@@ -70,6 +71,7 @@ async function run() {
     const startedAt = new Date();
     const logger = (0, logging_1.getActionsLogger)();
     (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
+    await (0, util_1.checkActionVersion)(pkg.version);
     let config;
     let codeql;
     let toolsVersion;
@@ -78,7 +80,7 @@ async function run() {
         externalRepoAuth: (0, actions_util_1.getOptionalInput)("external-repository-token"),
         url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
     };
-    const gitHubVersion = await (0, util_1.getGitHubVersion)(apiDetails);
+    const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
     (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger, util_1.Mode.actions);
     const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
     const featureFlags = new feature_flags_1.GitHubFeatureFlags(gitHubVersion, apiDetails, repositoryNwo, logger);
@@ -92,10 +94,6 @@ async function run() {
         toolsVersion = initCodeQLResult.toolsVersion;
         await (0, util_1.enrichEnvironment)(util_1.Mode.actions, codeql);
         config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), (0, actions_util_1.getOptionalInput)("debug") === "true", (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), (0, util_1.getRequiredEnvParam)("RUNNER_TOOL_CACHE"), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, featureFlags, logger);
-        if (config.languages.some(languages_1.isTracedLanguage)) {
-            // We currently do not support tracing on Windows 11 and Windows Server 2022
-            (0, util_1.checkNotWindows11)();
-        }
         if (config.languages.includes(languages_1.Language.python) &&
             (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
             try {
@@ -145,7 +143,7 @@ async function run() {
     catch (error) {
         core.setFailed(String(error));
         console.log(error);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "failure", startedAt, String(error), error instanceof Error ? error.stack : undefined));
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", (0, actions_util_1.getActionsStatus)(error), startedAt, String(error), error instanceof Error ? error.stack : undefined));
         return;
     }
     await sendSuccessStatusReport(startedAt, config, toolsVersion);

lib/init.js

@@ -47,12 +47,12 @@ async function initConfig(languagesInput, queriesInput, packsInput, configFile,
 }
 exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, processLevel) {
-    var _a;
+    var _a, _b;
     fs.mkdirSync(config.dbLocation, { recursive: true });
     try {
         if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
             // Init a database cluster
-            await codeql.databaseInitCluster(config.dbLocation, config.languages, sourceRoot, processName, processLevel);
+            await codeql.databaseInitCluster(config, sourceRoot, processName, processLevel);
         }
         else {
             for (const language of config.languages) {
@@ -67,7 +67,11 @@ async function runInit(codeql, config, sourceRoot, processName, processLevel) {
         if (e instanceof Error &&
             ((_a = e.message) === null || _a === void 0 ? void 0 : _a.includes("Refusing to create databases")) &&
             e.message.includes("exists and is not an empty directory.")) {
-            throw new Error(`Is the "init" action called twice in the same job? ${e.message}`);
+            throw new util.UserError(`Is the "init" action called twice in the same job? ${e.message}`);
+        }
+        else if (e instanceof Error &&
+            ((_b = e.message) === null || _b === void 0 ? void 0 : _b.includes("is not compatible with this CodeQL CLI"))) {
+            throw new util.UserError(e.message);
         }
         else {
             throw e;

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,YAAoB,EACpB,OAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,YAAY,EACZ,OAAO,EACP,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAA8B,EAC9B,UAA8B,EAC9B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA1CD,gCA0CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC;;IAEhC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,SAAS,EAChB,UAAU,EACV,WAAW,EACX,YAAY,CACb,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,kDAAkD;QAClD,yCAAyC;QACzC,IACE,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAA;YACnD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAC3D;YACA,MAAM,IAAI,KAAK,CACb,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;aAAM;YACL,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AA7CD,0BA6CC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBAChE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAtCD,8CAsCC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,kEAAoD;AAEpD,gEAAkD;AAElD,qCAA2E;AAC3E,4DAA8C;AAI9C,mDAAwE;AACxE,6CAA+B;AAC/B,iCAA4C;AAErC,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAA4B,EAC5B,OAAe,EACf,YAAoB,EACpB,OAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAA,oBAAW,EAChD,SAAS,EACT,UAAU,EACV,OAAO,EACP,YAAY,EACZ,OAAO,EACP,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AArBD,gCAqBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAA8B,EAC9B,UAA8B,EAC9B,SAAkB,EAClB,iBAAyB,EACzB,iBAAyB,EACzB,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,aAAqB,EACrB,aAAiC,EACjC,UAAoC,EACpC,YAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,UAAU,EACV,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,aAAa,EACb,aAAa,EACb,UAAU,EACV,YAAY,EACZ,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA1CD,gCA0CC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC;;IAEhC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,IAAI;QACF,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;YAChE,0BAA0B;YAC1B,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,CACb,CAAC;SACH;aAAM;YACL,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;gBACvC,yBAAyB;gBACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,EAC5C,QAAQ,EACR,UAAU,CACX,CAAC;aACH;SACF;KACF;IAAC,OAAO,CAAC,EAAE;QACV,kDAAkD;QAClD,yCAAyC;QACzC,IACE,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,8BAA8B,CAAC,CAAA;YACnD,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uCAAuC,CAAC,EAC3D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CACtB,sDAAsD,CAAC,CAAC,OAAO,EAAE,CAClE,CAAC;SACH;aAAM,IACL,CAAC,YAAY,KAAK;aAClB,MAAA,CAAC,CAAC,OAAO,0CAAE,QAAQ,CAAC,wCAAwC,CAAC,CAAA,EAC7D;YACA,MAAM,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACrC;aAAM;YACL,MAAM,CAAC,CAAC;SACT;KACF;IACD,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAjDD,0BAiDC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;;;;;gDAqBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EACvC;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AA5FD,kDA4FC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,CAAC,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;IAEjE,IAAI;QACF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;gBACvE,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,mBAAmB,CAAC;aAC9C,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAC7B,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAC7C,CAAC,IAAI,EAAE,CAAC;SACV;QACD,MAAM,MAAM,GAAG,0BAA0B,CAAC;QAC1C,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;gBAC/D,IAAI;gBACJ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;aAAM;YACL,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,EAAE;gBAChE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;aAC/B,CAAC,CAAC,IAAI,EAAE,CAAC;SACX;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CACZ,gFAAgF,CAAC,IAAI;YACnF,qGAAqG;YACrG,oGAAoG;YACpG,iDAAiD,CACpD,CAAC;QACF,OAAO;KACR;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAtCD,8CAsCC"}

lib/testing-utils.js

@@ -90,6 +90,7 @@ exports.setupTests = setupTests;
 function setupActionsVars(tempDir, toolsDir) {
     process.env["RUNNER_TEMP"] = tempDir;
     process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+    process.env["GITHUB_WORKSPACE"] = tempDir;
 }
 exports.setupActionsVars = setupActionsVars;
 function getRecordingLogger(messages) {

lib/testing-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAE1C,6CAA+B;AAE/B,wDAA0C;AAC1C,iDAAmC;AAEnC,iCAAmC;AASnC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CACL,KAA0B,EAC1B,QAAiB,EACjB,EAA0B,EACjB,EAAE;QACX,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAiB;IAC1C,MAAM,SAAS,GAAG,IAA2B,CAAC;IAE9C,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,KAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC;AAED,yEAAyE;AACzE,sDAAsD;AACtD,SAAgB,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IAChE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAC;AAC9C,CAAC;AAHD,4CAGC;AAOD,SAAgB,kBAAkB,CAAC,QAAyB;IAC1D,OAAO;QACL,KAAK,EAAE,CAAC,OAAe,EAAE,EAAE;YACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,EAAE;YACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,CAAC,OAAuB,EAAE,EAAE;YACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,KAAK,EAAE,CAAC,OAAuB,EAAE,EAAE;YACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;QACnB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAtBD,gDAsBC;AAED,0EAA0E;AAC1E,SAAgB,0BAA0B,CACxC,kBAA0B,EAC1B,QAAyC;IAEzC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAClC,8DAA8D,CAC/D,CAAC;IACF,IAAI,kBAAkB,GAAG,GAAG,EAAE;QAC5B,QAAQ,CAAC,QAAQ,CAAC;YAChB,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,GAAG,EAAE,8DAA8D;SACpE,CAAC,CAAC;KACJ;SAAM;QACL,QAAQ,CAAC,MAAM,CAAC,IAAI,gBAAS,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC,CAAC;KAC1E;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;AAC5D,CAAC;AAxBD,gEAwBC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAE1C,6CAA+B;AAE/B,wDAA0C;AAC1C,iDAAmC;AAEnC,iCAAmC;AASnC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CACL,KAA0B,EAC1B,QAAiB,EACjB,EAA0B,EACjB,EAAE;QACX,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAiB;IAC1C,MAAM,SAAS,GAAG,IAA2B,CAAC;IAE9C,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,KAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC;AAED,yEAAyE;AACzE,sDAAsD;AACtD,SAAgB,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IAChE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC;AAC5C,CAAC;AAJD,4CAIC;AAOD,SAAgB,kBAAkB,CAAC,QAAyB;IAC1D,OAAO;QACL,KAAK,EAAE,CAAC,OAAe,EAAE,EAAE;YACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,EAAE;YACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,CAAC,OAAuB,EAAE,EAAE;YACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,KAAK,EAAE,CAAC,OAAuB,EAAE,EAAE;YACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;QACnB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAtBD,gDAsBC;AAED,0EAA0E;AAC1E,SAAgB,0BAA0B,CACxC,kBAA0B,EAC1B,QAAyC;IAEzC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAClC,8DAA8D,CAC/D,CAAC;IACF,IAAI,kBAAkB,GAAG,GAAG,EAAE;QAC5B,QAAQ,CAAC,QAAQ,CAAC;YAChB,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,GAAG,EAAE,8DAA8D;SACpE,CAAC,CAAC;KACJ;SAAM;QACL,QAAQ,CAAC,MAAM,CAAC,IAAI,gBAAS,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC,CAAC;KAC1E;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;AAC5D,CAAC;AAxBD,gEAwBC"}

lib/tracer-config.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCombinedTracerConfig = exports.concatTracerConfigs = exports.getTracerConfigForLanguage = exports.getTracerConfigForCluster = void 0;
+exports.getCombinedTracerConfig = exports.concatTracerConfigs = exports.getTracerConfigForLanguage = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const codeql_1 = require("./codeql");
@@ -33,6 +33,30 @@ const CRITICAL_TRACER_VARS = new Set([
     "SEMMLE_DEPTRACE_SOCKET",
     "SEMMLE_JAVA_TOOL_OPTIONS",
 ]);
+async function endTracingForCluster(config) {
+    // If there are no traced languages, we don't need to do anything.
+    if (!config.languages.some(languages_1.isTracedLanguage))
+        return;
+    const envVariablesFile = path.resolve(config.dbLocation, "temp/tracingEnvironment/end-tracing.json");
+    if (!fs.existsSync(envVariablesFile)) {
+        throw new Error(`Environment file for ending tracing not found: ${envVariablesFile}`);
+    }
+    try {
+        const endTracingEnvVariables = JSON.parse(fs.readFileSync(envVariablesFile, "utf8"));
+        for (const [key, value] of Object.entries(endTracingEnvVariables)) {
+            if (value !== null) {
+                process.env[key] = value;
+            }
+            else {
+                delete process.env[key];
+            }
+        }
+    }
+    catch (e) {
+        throw new Error(`Failed to parse file containing end tracing environment variables: ${e}`);
+    }
+}
+exports.endTracingForCluster = endTracingForCluster;
 async function getTracerConfigForCluster(config) {
     const tracingEnvVariables = JSON.parse(fs.readFileSync(path.resolve(config.dbLocation, "temp/tracingEnvironment/start-tracing.json"), "utf8"));
     return {

lib/tracer-config.test.js

@@ -47,6 +47,7 @@ function getTestConfig(tmpDir) {
         debugMode: false,
         debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
         debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        injectedMlQueries: false,
     };
 }
 // A very minimal setup

lib/upload-lib.js

@@ -93,9 +93,11 @@ function getAutomationID(category, analysis_key, environment) {
 async function uploadPayload(payload, repositoryNwo, apiDetails, logger) {
     logger.info("Uploading results");
     // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
+    if (util.isInTestMode()) {
-    if (testMode) {
+        const payloadSaveFile = path.join(actionsUtil.getTemporaryDirectory(), "payload.json");
-        logger.debug("In test mode. Results are not uploaded.");
+        logger.info(`In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`);
+        logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`);
+        fs.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2));
         return;
     }
     const client = api.getApiClient(apiDetails);
@@ -134,7 +136,7 @@ exports.findSarifFilesInDir = findSarifFilesInDir;
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
 async function uploadFromActions(sarifPath, gitHubVersion, apiDetails, logger) {
-    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getOptionalInput("category"), util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), gitHubVersion, apiDetails, logger);
+    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path")), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getOptionalInput("category"), util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), gitHubVersion, apiDetails, logger);
 }
 exports.uploadFromActions = uploadFromActions;
 // Uploads a single sarif file or a directory of sarif files
@@ -308,34 +310,28 @@ async function waitForProcessing(repositoryNwo, sarifID, apiDetails, logger) {
             logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
             break;
         }
+        let response = undefined;
         try {
-            const response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
+            response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
                 owner: repositoryNwo.owner,
                 repo: repositoryNwo.repo,
                 sarif_id: sarifID,
             });
-            const status = response.data.processing_status;
-            logger.info(`Analysis upload status is ${status}.`);
-            if (status === "complete") {
-                break;
-            }
-            else if (status === "failed") {
-                throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
-            }
         }
         catch (e) {
-            if (util.isHTTPError(e)) {
+            logger.warning(`An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`);
-                switch (e.status) {
+            break;
-                    case 404:
+        }
-                        logger.debug("Analysis is not found yet...");
+        const status = response.data.processing_status;
-                        break; // Note this breaks from the case statement, not the outer loop.
+        logger.info(`Analysis upload status is ${status}.`);
-                    default:
+        if (status === "complete") {
-                        throw e;
+            break;
-                }
+        }
-            }
+        else if (status === "pending") {
-            else {
+            logger.debug("Analysis processing is still pending...");
-                throw e;
+        }
-            }
+        else if (status === "failed") {
+            throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
         }
         await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
     }

lib/upload-sarif-action.js

@@ -21,6 +21,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const upload_lib = __importStar(require("./upload-lib"));
@@ -36,8 +37,9 @@ async function sendSuccessStatusReport(startedAt, uploadStats) {
     await actionsUtil.sendStatusReport(statusReport);
 }
 async function run() {
-    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
     const startedAt = new Date();
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
+    await (0, util_1.checkActionVersion)(pkg.version);
     if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", "starting", startedAt)))) {
         return;
     }
@@ -46,10 +48,14 @@ async function run() {
             auth: actionsUtil.getRequiredInput("token"),
             url: (0, util_1.getRequiredEnvParam)("GITHUB_SERVER_URL"),
         };
-        const gitHubVersion = await (0, util_1.getGitHubVersion)(apiDetails);
+        const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
         const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), gitHubVersion, apiDetails, (0, logging_1.getActionsLogger)());
         core.setOutput("sarif-id", uploadResult.sarifID);
-        if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
+        // We don't upload results in test mode, so don't wait for processing
+        if ((0, util_1.isInTestMode)()) {
+            core.debug("In test mode. Waiting for processing is disabled.");
+        }
+        else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
         }
         await sendSuccessStatusReport(startedAt, uploadResult.statusReport);
@@ -59,7 +65,7 @@ async function run() {
         const stack = error instanceof Error ? error.stack : String(error);
         core.setFailed(message);
         console.log(error);
-        await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", "failure", startedAt, message, stack));
+        await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", actionsUtil.getActionsStatus(error), startedAt, message, stack));
         return;
     }
 }

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,uBAAgB,EAAC,UAAU,CAAC,CAAC;QAEzD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,SAAS,EACT,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAMgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/util.js

@@ -22,13 +22,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getMlPoweredJsQueriesStatus = exports.ML_POWERED_JS_QUERIES_PACK = exports.checkNotWindows11 = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.isHTTPError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const del_1 = __importDefault(require("del"));
 const semver = __importStar(require("semver"));
+const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const codeql_1 = require("./codeql");
@@ -486,10 +487,37 @@ class HTTPError extends Error {
     }
 }
 exports.HTTPError = HTTPError;
+/**
+ * An Error class that indicates an error that occurred due to
+ * a misconfiguration of the action or the CodeQL CLI.
+ */
+class UserError extends Error {
+    constructor(message) {
+        super(message);
+    }
+}
+exports.UserError = UserError;
 function isHTTPError(arg) {
     return (arg === null || arg === void 0 ? void 0 : arg.status) !== undefined && Number.isInteger(arg.status);
 }
 exports.isHTTPError = isHTTPError;
+function isGitHubGhesVersionBelow(gitHubVersion, expectedVersion) {
+    return (gitHubVersion.type === GitHubVariant.GHES &&
+        semver.lt(gitHubVersion.version, expectedVersion));
+}
+exports.isGitHubGhesVersionBelow = isGitHubGhesVersionBelow;
+let cachedCodeQlVersion = undefined;
+function cacheCodeQlVersion(version) {
+    if (cachedCodeQlVersion !== undefined) {
+        throw new Error("cacheCodeQlVersion() should be called only once");
+    }
+    cachedCodeQlVersion = version;
+}
+exports.cacheCodeQlVersion = cacheCodeQlVersion;
+function getCachedCodeQlVersion() {
+    return cachedCodeQlVersion;
+}
+exports.getCachedCodeQlVersion = getCachedCodeQlVersion;
 async function codeQlVersionAbove(codeql, requiredVersion) {
     return semver.gte(await codeql.getVersion(), requiredVersion);
 }
@@ -518,30 +546,26 @@ function isGoodVersion(versionSpec) {
     return !BROKEN_VERSIONS.includes(versionSpec);
 }
 exports.isGoodVersion = isGoodVersion;
-function checkNotWindows11() {
+exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-queries";
-    if (os.platform() === "win32" && semver.gte(os.release(), "10.0.20348")) {
-        throw new Error("Tracing builds with CodeQL is currently not supported on Windows 11 and Windows Server 2022. Please modify your Actions workflow to use an earlier version of Windows for this job, for example by setting `runs-on: windows-2019`.");
-    }
-}
-exports.checkNotWindows11 = checkNotWindows11;
 /**
- * The ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
+ * Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
  * queries beta.
  */
-exports.ML_POWERED_JS_QUERIES_PACK = {
+async function getMlPoweredJsQueriesPack(codeQL) {
-    packName: "codeql/javascript-experimental-atm-queries",
+    if (await codeQlVersionAbove(codeQL, "2.8.4")) {
-    version: "~0.0.2",
+        return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
-};
+    }
+    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
+}
+exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
 /**
  * Get information about ML-powered JS queries to populate status reports with.
  *
  * This will be:
  *
- * - The version string if the analysis is using the ML-powered query pack that will be added to the
+ * - The version string if the analysis is using a single version of the ML-powered query pack.
- *   analysis if the repo is opted into the ML-powered queries beta, i.e.
+ * - "latest" if the version string of the ML-powered query pack is undefined. This is unlikely to
- *   {@link ML_POWERED_JS_QUERIES_PACK.version}. If the version string
+ *   occur in practice (see comment below).
- *   {@link ML_POWERED_JS_QUERIES_PACK.version} is undefined, then the status report string will be
- *   "latest", however this shouldn't occur in practice (see comment below).
  * - "false" if the analysis won't run any ML-powered JS queries.
  * - "other" in all other cases.
  *
@@ -551,30 +575,64 @@ exports.ML_POWERED_JS_QUERIES_PACK = {
  * version of the CodeQL Action. For instance, we might want to compare the `~0.1.0` and `~0.0.2`
  * version strings.
  *
- * We restrict the set of strings we report here by excluding other version strings and combinations
- * of version strings. We do this to limit the cardinality of the ML-powered JS queries status
- * report field, since some platforms that ingest this status report bill based on the cardinality
- * of its fields.
- *
  * This function lives here rather than in `init-action.ts` so it's easier to test, since tests for
  * `init-action.ts` would each need to live in their own file. See `analyze-action-env.ts` for an
  * explanation as to why this is.
  */
 function getMlPoweredJsQueriesStatus(config) {
-    const mlPoweredJsQueryPacks = (config.packs.javascript || []).filter((pack) => pack.packName === exports.ML_POWERED_JS_QUERIES_PACK.packName);
+    const mlPoweredJsQueryPacks = (config.packs.javascript || [])
-    if (mlPoweredJsQueryPacks.length === 0) {
+        .map((pack) => pack.split("@"))
-        return "false";
+        .filter((packNameVersion) => packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
+        packNameVersion.length <= 2);
+    switch (mlPoweredJsQueryPacks.length) {
+        case 1:
+            // We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
+            // otherwise we won't be able to make changes to the pack unless those changes are compatible
+            // with each version of the CodeQL Action. Therefore in practice we should only hit the
+            // `latest` case here when customers have explicitly added the ML-powered query pack to their
+            // CodeQL config.
+            return mlPoweredJsQueryPacks[0][1] || "latest";
+        case 0:
+            return "false";
+        default:
+            return "other";
     }
-    const firstVersionString = mlPoweredJsQueryPacks[0].version;
-    if (mlPoweredJsQueryPacks.length === 1 &&
-        exports.ML_POWERED_JS_QUERIES_PACK.version === firstVersionString) {
-        // We should always specify an explicit version string in `ML_POWERED_JS_QUERIES_PACK`,
-        // otherwise we won't be able to make changes to the pack unless those changes are compatible
-        // with each version of the CodeQL Action. Therefore in practice, we should never hit the
-        // `latest` case here.
-        return exports.ML_POWERED_JS_QUERIES_PACK.version || "latest";
-    }
-    return "other";
 }
 exports.getMlPoweredJsQueriesStatus = getMlPoweredJsQueriesStatus;
+/**
+ * Prompt the customer to upgrade to CodeQL Action v2, if appropriate.
+ *
+ * Check whether a customer is running v1. If they are, and we can determine that the GitHub
+ * instance supports v2, then log a warning about v1's upcoming deprecation prompting the customer
+ * to upgrade to v2.
+ */
+async function checkActionVersion(version) {
+    var _a;
+    if (!semver.satisfies(version, ">=2")) {
+        const githubVersion = await api.getGitHubVersionActionsOnly();
+        // Only log a warning for versions of GHES that are compatible with CodeQL Action version 2.
+        //
+        // GHES 3.4 shipped without the v2 tag, but it also shipped without this warning message code.
+        // Therefore users who are seeing this warning message code have pulled in a new version of the
+        // Action, and with it the v2 tag.
+        if (githubVersion.type === GitHubVariant.DOTCOM ||
+            githubVersion.type === GitHubVariant.GHAE ||
+            (githubVersion.type === GitHubVariant.GHES &&
+                semver.satisfies((_a = semver.coerce(githubVersion.version)) !== null && _a !== void 0 ? _a : "0.0.0", ">=3.4"))) {
+            core.warning("CodeQL Action v1 will be deprecated on December 7th, 2022. Please upgrade to v2. For " +
+                "more information, see " +
+                "https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/");
+        }
+    }
+}
+exports.checkActionVersion = checkActionVersion;
+/*
+ * Returns whether we are in test mode.
+ *
+ * In test mode, we don't upload SARIF results or status reports to the GitHub API.
+ */
+function isInTestMode() {
+    return process.env["TEST_MODE"] === "true" || false;
+}
+exports.isInTestMode = isInTestMode;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -25,6 +25,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const stream = __importStar(require("stream"));
+const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
@@ -205,32 +206,31 @@ async function mockStdInForAuthExpectError(t, mockLogger, ...text) {
     await t.throwsAsync(async () => util.getGitHubAuth(mockLogger, undefined, true, stdin));
 }
 const ML_POWERED_JS_STATUS_TESTS = [
+    // If no packs are loaded, status is false.
     [[], "false"],
-    [[{ packName: "someOtherPack" }], "false"],
+    // If another pack is loaded but not the ML-powered query pack, status is false.
+    [["someOtherPack"], "false"],
+    // If the ML-powered query pack is loaded with a specific version, status is that version.
+    [[`${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
+    // If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
+    // status is the version of the ML-powered query pack.
     [
-        [{ packName: "someOtherPack" }, util.ML_POWERED_JS_QUERIES_PACK],
+        ["someOtherPack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
-        util.ML_POWERED_JS_QUERIES_PACK.version,
+        "~0.1.0",
-    ],
-    [[util.ML_POWERED_JS_QUERIES_PACK], util.ML_POWERED_JS_QUERIES_PACK.version],
-    [[{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName }], "other"],
-    [
-        [{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "~0.0.1" }],
-        "other",
     ],
+    // If the ML-powered query pack is loaded without a version, the status is "latest".
+    [[util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
+    // If the ML-powered query pack is loaded with two different versions, the status is "other".
     [
         [
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.1" },
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.1`,
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.2" },
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.2`,
-        ],
-        "other",
-    ],
-    [
-        [
-            { packName: "someOtherPack" },
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName },
         ],
         "other",
     ],
+    // If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
+    // the status is "latest".
+    [["someOtherPack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
 ];
 for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
     const packDescriptions = `[${packs
@@ -257,9 +257,63 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
                 debugMode: false,
                 debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                 debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+                injectedMlQueries: false,
             };
             t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus);
         });
     });
 }
+(0, ava_1.default)("isGitHubGhesVersionBelow", async (t) => {
+    t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.DOTCOM }, "3.2.0"));
+    t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHAE }, "3.2.0"));
+    t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.3.0" }, "3.2.0"));
+    t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.2.0" }, "3.2.0"));
+    t.true(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.1.2" }, "3.2.0"));
+});
+function formatGitHubVersion(version) {
+    switch (version.type) {
+        case util.GitHubVariant.DOTCOM:
+            return "dotcom";
+        case util.GitHubVariant.GHAE:
+            return "GHAE";
+        case util.GitHubVariant.GHES:
+            return `GHES ${version.version}`;
+        default:
+            util.assertNever(version);
+    }
+}
+const CHECK_ACTION_VERSION_TESTS = [
+    ["1.2.1", { type: util.GitHubVariant.DOTCOM }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHAE }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, true],
+    ["2.2.1", { type: util.GitHubVariant.DOTCOM }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHAE }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, false],
+];
+for (const [version, githubVersion, shouldReportWarning,] of CHECK_ACTION_VERSION_TESTS) {
+    const reportWarningDescription = shouldReportWarning
+        ? "reports warning"
+        : "doesn't report warning";
+    const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(githubVersion)}`;
+    (0, ava_1.default)(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
+        const warningSpy = sinon.spy(core, "warning");
+        const versionStub = sinon
+            .stub(api, "getGitHubVersionActionsOnly")
+            .resolves(githubVersion);
+        const isActionsStub = sinon.stub(util, "isActions").returns(true);
+        await util.checkActionVersion(version);
+        if (shouldReportWarning) {
+            t.true(warningSpy.calledOnceWithExactly(sinon.match("CodeQL Action v1 will be deprecated")));
+        }
+        else {
+            t.false(warningSpy.called);
+        }
+        versionStub.restore();
+        isActionsStub.restore();
+    });
+}
 //# sourceMappingURL=util.test.js.map

node_modules/.package-lock.json

@@ -1,19 +1,18 @@
 {
   "name": "codeql",
-  "version": "1.1.2",
+  "version": "1.1.10",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "node_modules/@actions/artifact": {
-      "version": "0.5.2",
+      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-0.5.2.tgz",
+      "resolved": "https://registry.npmjs.org/@actions/artifact/-/artifact-1.0.0.tgz",
-      "integrity": "sha512-q/r8WSqyxBJ0ffLCRrtjCBTGnAYqP+ID4yG7f7YSlhrQ4thNg/d+Tq9f1YkLPKX46ZR97OWtGDY+oU/nxcqvLw==",
+      "integrity": "sha512-oje+cCiM2maVwoiN+LT9kh2C6UqiTcS1tDKins+nRfckX+C8JJD2kAmzpD5fn/p5Dibjrqk1mtwreAzgNxHrDg==",
       "dependencies": {
         "@actions/core": "^1.2.6",
         "@actions/http-client": "^1.0.11",
-        "@types/tmp": "^0.1.0",
+        "tmp": "^0.2.1",
-        "tmp": "^0.1.0",
+        "tmp-promise": "^3.0.2"
-        "tmp-promise": "^2.0.2"
       }
     },
     "node_modules/@actions/core": {
@@ -501,10 +500,6 @@
         "@sinonjs/fake-timers": "^7.1.0"
       }
     },
-    "node_modules/@types/tmp": {
-      "version": "0.1.0",
-      "integrity": "sha512-6IwZ9HzWbCq6XoQWhxLpDjuADodH/MKXRUIDFudvgjcVdjFknvmR+DNsoUeer4XPrEnrZs04Jj+kfV9pFsrhmA=="
-    },
     "node_modules/@typescript-eslint/eslint-plugin": {
       "version": "4.28.5",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.28.5.tgz",
@@ -898,6 +893,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/array.prototype.flat": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -2793,10 +2796,40 @@
         "loc": "dist/cli.js"
       }
     },
+    "node_modules/github-linguist/node_modules/array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dependencies": {
+        "array-uniq": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/github-linguist/node_modules/commander": {
       "version": "2.20.3",
       "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
     },
+    "node_modules/github-linguist/node_modules/glob": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/github-linguist/node_modules/globby": {
       "version": "6.1.0",
       "integrity": "sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=",
@@ -2819,18 +2852,19 @@
       }
     },
     "node_modules/glob": {
-      "version": "7.1.7",
+      "version": "8.0.1",
-      "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.1.tgz",
+      "integrity": "sha512-cF7FYZZ47YzmCu7dDy50xSRRfO3ErRfrXuLZcNIuyiJEco0XSrGtuilG19L5xp3NcwTx7Gn+X6Tv3fmsUPTbow==",
       "dependencies": {
         "fs.realpath": "^1.0.0",
         "inflight": "^1.0.4",
         "inherits": "2",
-        "minimatch": "^3.0.4",
+        "minimatch": "^5.0.1",
         "once": "^1.3.0",
         "path-is-absolute": "^1.0.0"
       },
       "engines": {
-        "node": "*"
+        "node": ">=12"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
@@ -2847,6 +2881,25 @@
         "node": ">= 6"
       }
     },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/glob/node_modules/minimatch": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
+      "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/globals": {
       "version": "13.10.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
@@ -3598,8 +3651,9 @@
       }
     },
     "node_modules/minimist": {
-      "version": "1.2.5",
+      "version": "1.2.6",
-      "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
       "dev": true
     },
     "node_modules/ms": {
@@ -4361,8 +4415,9 @@
       }
     },
     "node_modules/removeNPMAbsolutePaths": {
-      "version": "2.0.0",
+      "version": "3.0.0",
-      "integrity": "sha512-Hea7U6iJcD0NE/aqBqxBMPKeKaxjqMNyTTajmH2dH9hhafJ9Tem5r4UeJK8+BdE1MK9lqoOYqNM0Sq9rl1OIbQ==",
+      "resolved": "https://registry.npmjs.org/removeNPMAbsolutePaths/-/removeNPMAbsolutePaths-3.0.0.tgz",
+      "integrity": "sha512-g4DIbk+xI8YC1RafmVKaPyMcuQlKZ8N7RQMUvRv+YLHNw1PhyFtjsC6WBaiTCfDKFGQhBaRSc0b0qUjPeCdIdQ==",
       "dev": true,
       "bin": {
         "removeNPMAbsolutePaths": "bin/removeNPMAbsolutePaths"
@@ -4452,6 +4507,25 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/rimraf/node_modules/glob": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/run-parallel": {
       "version": "1.1.9",
       "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q=="
@@ -4933,30 +5007,22 @@
       }
     },
     "node_modules/tmp": {
-      "version": "0.1.0",
+      "version": "0.2.1",
-      "integrity": "sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.1.tgz",
+      "integrity": "sha512-76SUhtfqR2Ijn+xllcI5P1oyannHNHByD80W1q447gU3mp9G9PSpGdWmjUOHRDPiHYacIk66W7ubDTuPF3BEtQ==",
       "dependencies": {
-        "rimraf": "^2.6.3"
+        "rimraf": "^3.0.0"
       },
       "engines": {
-        "node": ">=6"
+        "node": ">=8.17.0"
       }
     },
     "node_modules/tmp-promise": {
-      "version": "2.1.1",
+      "version": "3.0.3",
-      "integrity": "sha512-Z048AOz/w9b6lCbJUpevIJpRpUztENl8zdv1bmAKVHimfqRFl92ROkmT9rp7TVBnrEw2gtMTol/2Cp2S2kJa4Q==",
+      "resolved": "https://registry.npmjs.org/tmp-promise/-/tmp-promise-3.0.3.tgz",
+      "integrity": "sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==",
       "dependencies": {
-        "tmp": "0.1.0"
+        "tmp": "^0.2.0"
-      }
-    },
-    "node_modules/tmp/node_modules/rimraf": {
-      "version": "2.7.1",
-      "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==",
-      "dependencies": {
-        "glob": "^7.1.3"
-      },
-      "bin": {
-        "rimraf": "bin.js"
       }
     },
     "node_modules/to-regex-range": {

node_modules/@actions/artifact/lib/artifact-client.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.create = void 0;
 const artifact_client_1 = require("./internal/artifact-client");
 /**
  * Constructs an ArtifactClient

node_modules/@actions/artifact/lib/artifact-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"artifact-client.js","sourceRoot":"","sources":["../src/artifact-client.ts"],"names":[],"mappings":";;AAIA,gEAAgF;AAUhF;;GAEG;AACH,SAAgB,MAAM;IACpB,OAAO,uCAAqB,CAAC,MAAM,EAAE,CAAA;AACvC,CAAC;AAFD,wBAEC"}
+{"version":3,"file":"artifact-client.js","sourceRoot":"","sources":["../src/artifact-client.ts"],"names":[],"mappings":";;;AAIA,gEAAgF;AAUhF;;GAEG;AACH,SAAgB,MAAM;IACpB,OAAO,uCAAqB,CAAC,MAAM,EAAE,CAAA;AACvC,CAAC;AAFD,wBAEC"}

node_modules/@actions/artifact/lib/internal/artifact-client.js

@@ -1,4 +1,23 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -8,18 +27,13 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultArtifactClient = void 0;
 const core = __importStar(require("@actions/core"));
 const upload_specification_1 = require("./upload-specification");
 const upload_http_client_1 = require("./upload-http-client");
 const utils_1 = require("./utils");
+const path_and_artifact_name_validation_1 = require("./path-and-artifact-name-validation");
 const download_http_client_1 = require("./download-http-client");
 const download_specification_1 = require("./download-specification");
 const config_variables_1 = require("./config-variables");
@@ -36,7 +50,9 @@ class DefaultArtifactClient {
      */
     uploadArtifact(name, files, rootDirectory, options) {
         return __awaiter(this, void 0, void 0, function* () {
-            utils_1.checkArtifactName(name);
+            core.info(`Starting artifact upload
+For more detailed logs during the artifact upload process, enable step-debugging: https://docs.github.com/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging`);
+            path_and_artifact_name_validation_1.checkArtifactName(name);
             // Get specification for the files being uploaded
             const uploadSpecification = upload_specification_1.getUploadSpecification(name, rootDirectory, files);
             const uploadResponse = {
@@ -57,12 +73,24 @@ class DefaultArtifactClient {
                     throw new Error('No URL provided by the Artifact Service to upload an artifact to');
                 }
                 core.debug(`Upload Resource URL: ${response.fileContainerResourceUrl}`);
+                core.info(`Container for artifact "${name}" successfully created. Starting upload of file(s)`);
                 // Upload each of the files that were found concurrently
                 const uploadResult = yield uploadHttpClient.uploadArtifactToFileContainer(response.fileContainerResourceUrl, uploadSpecification, options);
                 // Update the size of the artifact to indicate we are done uploading
                 // The uncompressed size is used for display when downloading a zip of the artifact from the UI
+                core.info(`File upload process has finished. Finalizing the artifact upload`);
                 yield uploadHttpClient.patchArtifactSize(uploadResult.totalSize, name);
-                core.info(`Finished uploading artifact ${name}. Reported size is ${uploadResult.uploadSize} bytes. There were ${uploadResult.failedItems.length} items that failed to upload`);
+                if (uploadResult.failedItems.length > 0) {
+                    core.info(`Upload finished. There were ${uploadResult.failedItems.length} items that failed to upload`);
+                }
+                else {
+                    core.info(`Artifact has been finalized. All files have been successfully uploaded!`);
+                }
+                core.info(`
+The raw size of all the files that were specified for upload is ${uploadResult.totalSize} bytes
+The size of all the files that were uploaded is ${uploadResult.uploadSize} bytes. This takes into account any gzip compression used to reduce the upload size, time and storage
+
+Note: The size of downloaded zips can differ significantly from the reported size. For more information see: https://github.com/actions/upload-artifact#zipped-artifact-downloads \r\n`);
                 uploadResponse.artifactItems = uploadSpecification.map(item => item.absoluteFilePath);
                 uploadResponse.size = uploadResult.uploadSize;
                 uploadResponse.failedItems = uploadResult.failedItems;
@@ -125,6 +153,7 @@ class DefaultArtifactClient {
             while (downloadedArtifacts < artifacts.count) {
                 const currentArtifactToDownload = artifacts.value[downloadedArtifacts];
                 downloadedArtifacts += 1;
+                core.info(`starting download of artifact ${currentArtifactToDownload.name} : ${downloadedArtifacts}/${artifacts.count}`);
                 // Get container entries for the specific artifact
                 const items = yield downloadHttpClient.getContainerItems(currentArtifactToDownload.name, currentArtifactToDownload.fileContainerResourceUrl);
                 const downloadSpecification = download_specification_1.getDownloadSpecification(currentArtifactToDownload.name, items.value, path, true);

node_modules/@actions/artifact/lib/internal/artifact-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"artifact-client.js","sourceRoot":"","sources":["../../src/internal/artifact-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,oDAAqC;AACrC,iEAG+B;AAC/B,6DAAqD;AAKrD,mCAIgB;AAChB,iEAAyD;AACzD,qEAAiE;AACjE,yDAAwD;AACxD,+BAAuC;AAuCvC,MAAa,qBAAqB;IAChC;;OAEG;IACH,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,qBAAqB,EAAE,CAAA;IACpC,CAAC;IAED;;OAEG;IACG,cAAc,CAClB,IAAY,EACZ,KAAe,EACf,aAAqB,EACrB,OAAmC;;YAEnC,yBAAiB,CAAC,IAAI,CAAC,CAAA;YAEvB,iDAAiD;YACjD,MAAM,mBAAmB,GAA0B,6CAAsB,CACvE,IAAI,EACJ,aAAa,EACb,KAAK,CACN,CAAA;YACD,MAAM,cAAc,GAAmB;gBACrC,YAAY,EAAE,IAAI;gBAClB,aAAa,EAAE,EAAE;gBACjB,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,EAAE;aAChB,CAAA;YAED,MAAM,gBAAgB,GAAG,IAAI,qCAAgB,EAAE,CAAA;YAE/C,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE;gBACpC,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAA;aACpD;iBAAM;gBACL,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,6BAA6B,CACnE,IAAI,EACJ,OAAO,CACR,CAAA;gBACD,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE;oBACtC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAA;oBAC/B,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAA;iBACF;gBACD,IAAI,CAAC,KAAK,CAAC,wBAAwB,QAAQ,CAAC,wBAAwB,EAAE,CAAC,CAAA;gBAEvE,wDAAwD;gBACxD,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,6BAA6B,CACvE,QAAQ,CAAC,wBAAwB,EACjC,mBAAmB,EACnB,OAAO,CACR,CAAA;gBAED,oEAAoE;gBACpE,+FAA+F;gBAC/F,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;gBAEtE,IAAI,CAAC,IAAI,CACP,+BAA+B,IAAI,sBAAsB,YAAY,CAAC,UAAU,sBAAsB,YAAY,CAAC,WAAW,CAAC,MAAM,8BAA8B,CACpK,CAAA;gBAED,cAAc,CAAC,aAAa,GAAG,mBAAmB,CAAC,GAAG,CACpD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAC9B,CAAA;gBACD,cAAc,CAAC,IAAI,GAAG,YAAY,CAAC,UAAU,CAAA;gBAC7C,cAAc,CAAC,WAAW,GAAG,YAAY,CAAC,WAAW,CAAA;aACtD;YACD,OAAO,cAAc,CAAA;QACvB,CAAC;KAAA;IAEK,gBAAgB,CACpB,IAAY,EACZ,IAAyB,EACzB,OAAqC;;YAErC,MAAM,kBAAkB,GAAG,IAAI,yCAAkB,EAAE,CAAA;YAEnD,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,CAAA;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE;gBACzB,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;aACF;YAED,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACzD,OAAO,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAA;YAC/B,CAAC,CAAC,CAAA;YACF,IAAI,CAAC,kBAAkB,EAAE;gBACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,IAAI,EAAE,CAAC,CAAA;aACrE;YAED,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CACtD,kBAAkB,CAAC,IAAI,EACvB,kBAAkB,CAAC,wBAAwB,CAC5C,CAAA;YAED,IAAI,CAAC,IAAI,EAAE;gBACT,IAAI,GAAG,wCAAqB,EAAE,CAAA;aAC/B;YACD,IAAI,GAAG,gBAAS,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,GAAG,cAAO,CAAC,IAAI,CAAC,CAAA;YAEpB,4IAA4I;YAC5I,MAAM,qBAAqB,GAAG,iDAAwB,CACpD,IAAI,EACJ,KAAK,CAAC,KAAK,EACX,IAAI,EACJ,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,oBAAoB,KAAI,KAAK,CACvC,CAAA;YAED,IAAI,qBAAqB,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;gBACtD,IAAI,CAAC,IAAI,CACP,sDAAsD,kBAAkB,CAAC,IAAI,EAAE,CAChF,CAAA;aACF;iBAAM;gBACL,4EAA4E;gBAC5E,MAAM,oCAA4B,CAChC,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;gBACD,IAAI,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAA;gBAChE,MAAM,mCAA2B,CAC/B,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;gBACD,MAAM,kBAAkB,CAAC,sBAAsB,CAC7C,qBAAqB,CAAC,eAAe,CACtC,CAAA;aACF;YAED,OAAO;gBACL,YAAY,EAAE,IAAI;gBAClB,YAAY,EAAE,qBAAqB,CAAC,oBAAoB;aACzD,CAAA;QACH,CAAC;KAAA;IAEK,oBAAoB,CACxB,IAAyB;;YAEzB,MAAM,kBAAkB,GAAG,IAAI,yCAAkB,EAAE,CAAA;YAEnD,MAAM,QAAQ,GAAuB,EAAE,CAAA;YACvC,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,CAAA;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE;gBACzB,IAAI,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;gBACrE,OAAO,QAAQ,CAAA;aAChB;YAED,IAAI,CAAC,IAAI,EAAE;gBACT,IAAI,GAAG,wCAAqB,EAAE,CAAA;aAC/B;YACD,IAAI,GAAG,gBAAS,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,GAAG,cAAO,CAAC,IAAI,CAAC,CAAA;YAEpB,IAAI,mBAAmB,GAAG,CAAC,CAAA;YAC3B,OAAO,mBAAmB,GAAG,SAAS,CAAC,KAAK,EAAE;gBAC5C,MAAM,yBAAyB,GAAG,SAAS,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBACtE,mBAAmB,IAAI,CAAC,CAAA;gBAExB,kDAAkD;gBAClD,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CACtD,yBAAyB,CAAC,IAAI,EAC9B,yBAAyB,CAAC,wBAAwB,CACnD,CAAA;gBAED,MAAM,qBAAqB,GAAG,iDAAwB,CACpD,yBAAyB,CAAC,IAAI,EAC9B,KAAK,CAAC,KAAK,EACX,IAAI,EACJ,IAAI,CACL,CAAA;gBACD,IAAI,qBAAqB,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;oBACtD,IAAI,CAAC,IAAI,CACP,qDAAqD,yBAAyB,CAAC,IAAI,EAAE,CACtF,CAAA;iBACF;qBAAM;oBACL,MAAM,oCAA4B,CAChC,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;oBACD,MAAM,mCAA2B,CAC/B,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;oBACD,MAAM,kBAAkB,CAAC,sBAAsB,CAC7C,qBAAqB,CAAC,eAAe,CACtC,CAAA;iBACF;gBAED,QAAQ,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,yBAAyB,CAAC,IAAI;oBAC5C,YAAY,EAAE,qBAAqB,CAAC,oBAAoB;iBACzD,CAAC,CAAA;aACH;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;CACF;AApMD,sDAoMC"}
+{"version":3,"file":"artifact-client.js","sourceRoot":"","sources":["../../src/internal/artifact-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAqC;AACrC,iEAG+B;AAC/B,6DAAqD;AAKrD,mCAGgB;AAChB,2FAAqE;AACrE,iEAAyD;AACzD,qEAAiE;AACjE,yDAAwD;AACxD,+BAAuC;AAuCvC,MAAa,qBAAqB;IAChC;;OAEG;IACH,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,qBAAqB,EAAE,CAAA;IACpC,CAAC;IAED;;OAEG;IACG,cAAc,CAClB,IAAY,EACZ,KAAe,EACf,aAAqB,EACrB,OAAmC;;YAEnC,IAAI,CAAC,IAAI,CACP;8MACwM,CACzM,CAAA;YACD,qDAAiB,CAAC,IAAI,CAAC,CAAA;YAEvB,iDAAiD;YACjD,MAAM,mBAAmB,GAA0B,6CAAsB,CACvE,IAAI,EACJ,aAAa,EACb,KAAK,CACN,CAAA;YACD,MAAM,cAAc,GAAmB;gBACrC,YAAY,EAAE,IAAI;gBAClB,aAAa,EAAE,EAAE;gBACjB,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,EAAE;aAChB,CAAA;YAED,MAAM,gBAAgB,GAAG,IAAI,qCAAgB,EAAE,CAAA;YAE/C,IAAI,mBAAmB,CAAC,MAAM,KAAK,CAAC,EAAE;gBACpC,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAA;aACpD;iBAAM;gBACL,yDAAyD;gBACzD,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,6BAA6B,CACnE,IAAI,EACJ,OAAO,CACR,CAAA;gBACD,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE;oBACtC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAA;oBAC/B,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAA;iBACF;gBAED,IAAI,CAAC,KAAK,CAAC,wBAAwB,QAAQ,CAAC,wBAAwB,EAAE,CAAC,CAAA;gBACvE,IAAI,CAAC,IAAI,CACP,2BAA2B,IAAI,oDAAoD,CACpF,CAAA;gBAED,wDAAwD;gBACxD,MAAM,YAAY,GAAG,MAAM,gBAAgB,CAAC,6BAA6B,CACvE,QAAQ,CAAC,wBAAwB,EACjC,mBAAmB,EACnB,OAAO,CACR,CAAA;gBAED,oEAAoE;gBACpE,+FAA+F;gBAC/F,IAAI,CAAC,IAAI,CACP,kEAAkE,CACnE,CAAA;gBACD,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;gBAEtE,IAAI,YAAY,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;oBACvC,IAAI,CAAC,IAAI,CACP,+BAA+B,YAAY,CAAC,WAAW,CAAC,MAAM,8BAA8B,CAC7F,CAAA;iBACF;qBAAM;oBACL,IAAI,CAAC,IAAI,CACP,yEAAyE,CAC1E,CAAA;iBACF;gBAED,IAAI,CAAC,IAAI,CACP;kEAC0D,YAAY,CAAC,SAAS;kDACtC,YAAY,CAAC,UAAU;;uLAE8G,CAChL,CAAA;gBAED,cAAc,CAAC,aAAa,GAAG,mBAAmB,CAAC,GAAG,CACpD,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAC9B,CAAA;gBACD,cAAc,CAAC,IAAI,GAAG,YAAY,CAAC,UAAU,CAAA;gBAC7C,cAAc,CAAC,WAAW,GAAG,YAAY,CAAC,WAAW,CAAA;aACtD;YACD,OAAO,cAAc,CAAA;QACvB,CAAC;KAAA;IAEK,gBAAgB,CACpB,IAAY,EACZ,IAAyB,EACzB,OAAqC;;YAErC,MAAM,kBAAkB,GAAG,IAAI,yCAAkB,EAAE,CAAA;YAEnD,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,CAAA;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE;gBACzB,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;aACF;YAED,MAAM,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;gBACzD,OAAO,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAA;YAC/B,CAAC,CAAC,CAAA;YACF,IAAI,CAAC,kBAAkB,EAAE;gBACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,IAAI,EAAE,CAAC,CAAA;aACrE;YAED,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CACtD,kBAAkB,CAAC,IAAI,EACvB,kBAAkB,CAAC,wBAAwB,CAC5C,CAAA;YAED,IAAI,CAAC,IAAI,EAAE;gBACT,IAAI,GAAG,wCAAqB,EAAE,CAAA;aAC/B;YACD,IAAI,GAAG,gBAAS,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,GAAG,cAAO,CAAC,IAAI,CAAC,CAAA;YAEpB,4IAA4I;YAC5I,MAAM,qBAAqB,GAAG,iDAAwB,CACpD,IAAI,EACJ,KAAK,CAAC,KAAK,EACX,IAAI,EACJ,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,oBAAoB,KAAI,KAAK,CACvC,CAAA;YAED,IAAI,qBAAqB,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;gBACtD,IAAI,CAAC,IAAI,CACP,sDAAsD,kBAAkB,CAAC,IAAI,EAAE,CAChF,CAAA;aACF;iBAAM;gBACL,4EAA4E;gBAC5E,MAAM,oCAA4B,CAChC,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;gBACD,IAAI,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAA;gBAChE,MAAM,mCAA2B,CAC/B,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;gBACD,MAAM,kBAAkB,CAAC,sBAAsB,CAC7C,qBAAqB,CAAC,eAAe,CACtC,CAAA;aACF;YAED,OAAO;gBACL,YAAY,EAAE,IAAI;gBAClB,YAAY,EAAE,qBAAqB,CAAC,oBAAoB;aACzD,CAAA;QACH,CAAC;KAAA;IAEK,oBAAoB,CACxB,IAAyB;;YAEzB,MAAM,kBAAkB,GAAG,IAAI,yCAAkB,EAAE,CAAA;YAEnD,MAAM,QAAQ,GAAuB,EAAE,CAAA;YACvC,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,aAAa,EAAE,CAAA;YAC1D,IAAI,SAAS,CAAC,KAAK,KAAK,CAAC,EAAE;gBACzB,IAAI,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAA;gBACrE,OAAO,QAAQ,CAAA;aAChB;YAED,IAAI,CAAC,IAAI,EAAE;gBACT,IAAI,GAAG,wCAAqB,EAAE,CAAA;aAC/B;YACD,IAAI,GAAG,gBAAS,CAAC,IAAI,CAAC,CAAA;YACtB,IAAI,GAAG,cAAO,CAAC,IAAI,CAAC,CAAA;YAEpB,IAAI,mBAAmB,GAAG,CAAC,CAAA;YAC3B,OAAO,mBAAmB,GAAG,SAAS,CAAC,KAAK,EAAE;gBAC5C,MAAM,yBAAyB,GAAG,SAAS,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;gBACtE,mBAAmB,IAAI,CAAC,CAAA;gBACxB,IAAI,CAAC,IAAI,CACP,iCAAiC,yBAAyB,CAAC,IAAI,MAAM,mBAAmB,IAAI,SAAS,CAAC,KAAK,EAAE,CAC9G,CAAA;gBAED,kDAAkD;gBAClD,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CACtD,yBAAyB,CAAC,IAAI,EAC9B,yBAAyB,CAAC,wBAAwB,CACnD,CAAA;gBAED,MAAM,qBAAqB,GAAG,iDAAwB,CACpD,yBAAyB,CAAC,IAAI,EAC9B,KAAK,CAAC,KAAK,EACX,IAAI,EACJ,IAAI,CACL,CAAA;gBACD,IAAI,qBAAqB,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;oBACtD,IAAI,CAAC,IAAI,CACP,qDAAqD,yBAAyB,CAAC,IAAI,EAAE,CACtF,CAAA;iBACF;qBAAM;oBACL,MAAM,oCAA4B,CAChC,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;oBACD,MAAM,mCAA2B,CAC/B,qBAAqB,CAAC,kBAAkB,CACzC,CAAA;oBACD,MAAM,kBAAkB,CAAC,sBAAsB,CAC7C,qBAAqB,CAAC,eAAe,CACtC,CAAA;iBACF;gBAED,QAAQ,CAAC,IAAI,CAAC;oBACZ,YAAY,EAAE,yBAAyB,CAAC,IAAI;oBAC5C,YAAY,EAAE,qBAAqB,CAAC,oBAAoB;iBACzD,CAAC,CAAA;aACH;YACD,OAAO,QAAQ,CAAA;QACjB,CAAC;KAAA;CACF;AAhOD,sDAgOC"}

node_modules/@actions/artifact/lib/internal/config-variables.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRetentionDays = exports.getWorkSpaceDirectory = exports.getWorkFlowRunId = exports.getRuntimeUrl = exports.getRuntimeToken = exports.getDownloadFileConcurrency = exports.getInitialRetryIntervalInMilliseconds = exports.getRetryMultiplier = exports.getRetryLimit = exports.getUploadChunkSize = exports.getUploadFileConcurrency = void 0;
 // The number of concurrent uploads that happens at the same time
 function getUploadFileConcurrency() {
     return 2;

node_modules/@actions/artifact/lib/internal/config-variables.js.map

@@ -1 +1 @@
-{"version":3,"file":"config-variables.js","sourceRoot":"","sources":["../../src/internal/config-variables.ts"],"names":[],"mappings":";;AAAA,iEAAiE;AACjE,SAAgB,wBAAwB;IACtC,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,4DAEC;AAED,2FAA2F;AAC3F,4CAA4C;AAC5C,SAAgB,kBAAkB;IAChC,OAAO,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA,CAAC,cAAc;AACvC,CAAC;AAFD,gDAEC;AAED,yFAAyF;AACzF,SAAgB,aAAa;IAC3B,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,sCAEC;AAED,wGAAwG;AACxG,0GAA0G;AAC1G,SAAgB,kBAAkB;IAChC,OAAO,GAAG,CAAA;AACZ,CAAC;AAFD,gDAEC;AAED,yGAAyG;AACzG,SAAgB,qCAAqC;IACnD,OAAO,IAAI,CAAA;AACb,CAAC;AAFD,sFAEC;AAED,mEAAmE;AACnE,SAAgB,0BAA0B;IACxC,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,gEAEC;AAED,SAAgB,eAAe;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IAClD,IAAI,CAAC,KAAK,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;KACpE;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAND,0CAMC;AAED,SAAgB,aAAa;IAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;IACrD,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;KAClE;IACD,OAAO,UAAU,CAAA;AACnB,CAAC;AAND,sCAMC;AAED,SAAgB,gBAAgB;IAC9B,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAClD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;KAC5D;IACD,OAAO,aAAa,CAAA;AACtB,CAAC;AAND,4CAMC;AAED,SAAgB,qBAAqB;IACnC,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC1D,IAAI,CAAC,kBAAkB,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;KAC/D;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAND,sDAMC;AAED,SAAgB,gBAAgB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAC7C,CAAC;AAFD,4CAEC"}
+{"version":3,"file":"config-variables.js","sourceRoot":"","sources":["../../src/internal/config-variables.ts"],"names":[],"mappings":";;;AAAA,iEAAiE;AACjE,SAAgB,wBAAwB;IACtC,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,4DAEC;AAED,2FAA2F;AAC3F,4CAA4C;AAC5C,SAAgB,kBAAkB;IAChC,OAAO,CAAC,GAAG,IAAI,GAAG,IAAI,CAAA,CAAC,cAAc;AACvC,CAAC;AAFD,gDAEC;AAED,yFAAyF;AACzF,SAAgB,aAAa;IAC3B,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,sCAEC;AAED,wGAAwG;AACxG,0GAA0G;AAC1G,SAAgB,kBAAkB;IAChC,OAAO,GAAG,CAAA;AACZ,CAAC;AAFD,gDAEC;AAED,yGAAyG;AACzG,SAAgB,qCAAqC;IACnD,OAAO,IAAI,CAAA;AACb,CAAC;AAFD,sFAEC;AAED,mEAAmE;AACnE,SAAgB,0BAA0B;IACxC,OAAO,CAAC,CAAA;AACV,CAAC;AAFD,gEAEC;AAED,SAAgB,eAAe;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;IAClD,IAAI,CAAC,KAAK,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;KACpE;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAND,0CAMC;AAED,SAAgB,aAAa;IAC3B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAA;IACrD,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAA;KAClE;IACD,OAAO,UAAU,CAAA;AACnB,CAAC;AAND,sCAMC;AAED,SAAgB,gBAAgB;IAC9B,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAClD,IAAI,CAAC,aAAa,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;KAC5D;IACD,OAAO,aAAa,CAAA;AACtB,CAAC;AAND,4CAMC;AAED,SAAgB,qBAAqB;IACnC,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC1D,IAAI,CAAC,kBAAkB,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;KAC/D;IACD,OAAO,kBAAkB,CAAA;AAC3B,CAAC;AAND,sDAMC;AAED,SAAgB,gBAAgB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAA;AAC7C,CAAC;AAFD,4CAEC"}

node_modules/@actions/artifact/lib/internal/contracts.d.ts

@@ -25,8 +25,18 @@ export interface PatchArtifactSizeSuccessResponse {
     uploadUrl: string;
 }
 export interface UploadResults {
+    /**
+     * The size in bytes of data that was transferred during the upload process to the actions backend service. This takes into account possible
+     * gzip compression to reduce the amount of data that needs to be transferred
+     */
     uploadSize: number;
+    /**
+     * The raw size of the files that were specified for upload
+     */
     totalSize: number;
+    /**
+     * An array of files that failed to upload
+     */
     failedItems: string[];
 }
 export interface ListArtifactsResponse {

node_modules/@actions/artifact/lib/internal/download-http-client.js

@@ -1,4 +1,23 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -8,14 +27,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.DownloadHttpClient = void 0;
 const fs = __importStar(require("fs"));
 const core = __importStar(require("@actions/core"));
 const zlib = __importStar(require("zlib"));
@@ -167,9 +180,6 @@ class DownloadHttpClient {
                 let response;
                 try {
                     response = yield makeDownloadRequest();
-                    if (core.isDebug()) {
-                        utils_1.displayHttpDiagnostics(response);
-                    }
                 }
                 catch (error) {
                     // if an error is caught, it is usually indicative of a timeout so retry the download

node_modules/@actions/artifact/lib/internal/download-specification.js

@@ -1,12 +1,25 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    result["default"] = mod;
+    __setModuleDefault(result, mod);
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDownloadSpecification = void 0;
 const path = __importStar(require("path"));
 /**
  * Creates a specification for a set of files that will be downloaded