Merge pull request #1662 from github/update-v2.3.2-8b12d99ee

Merge main into releases/v2
Update changelog for v2.3.2
2025-12-26 09:10:07 +08:00 · 2023-04-27 11:49:50 -07:00 · 2023-04-27 18:18:58 +00:00 · 2023-04-27 18:05:34 +00:00 · 2023-04-26 14:15:40 -07:00 · 2023-04-26 20:48:31 +00:00
328 changed files with 1532 additions and 30915 deletions
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
--- a/.github/actions/check-sarif/action.yml
+++ b/.github/actions/check-sarif/action.yml
--- a/.github/actions/check-sarif/index.js
+++ b/.github/actions/check-sarif/index.js
--- a/.github/actions/prepare-test/action.yml
+++ b/.github/actions/prepare-test/action.yml
--- a/.github/actions/query-filter-test/action.yml
+++ b/.github/actions/query-filter-test/action.yml
@@ -44,7 +44,7 @@ runs:
      env:
        CODEQL_ACTION_TEST_MODE: "true"
    - name: Check SARIF
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file:  ${{ inputs.sarif-file }}
        queries-run: ${{ inputs.queries-run}}
--- a/.github/actions/setup-swift/action.yml
+++ b/.github/actions/setup-swift/action.yml
@@ -1,18 +1,18 @@
 name: "Set up Swift"
-description: Performs necessary steps to set up appropriate Swift version.
+description: Sets up an appropriate Swift version if Swift is enabled via CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT.
 inputs:
  codeql-path:
+    description: Path to the CodeQL CLI executable.
    required: true
 runs:
  using: "composite"
  steps:
    - name: Get Swift version
      id: get_swift_version
-      # We don't support Swift on Windows or prior versions of CLI.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      env: 
-        CODEQL_PATH: ${{inputs.codeql-path}}
+        CODEQL_PATH: ${{ inputs.codeql-path }}
      run: |
        if [ $RUNNER_OS = "macOS" ]; then
          PLATFORM="osx64"
@@ -26,7 +26,7 @@ runs:
          VERSION="5.7.0"
        fi
        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
-    - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
+    - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      with:
-        swift-version: "${{steps.get_swift_version.outputs.version}}"
+        swift-version: "${{ steps.get_swift_version.outputs.version }}"
--- a/.github/actions/update-bundle/action.yml
+++ b/.github/actions/update-bundle/action.yml
@@ -0,0 +1,14 @@
+name: Update default CodeQL bundle
+description: Updates 'src/defaults.json' to point to a new CodeQL bundle release.
+
+runs:
+  using: composite
+  steps:
+    - name: Install ts-node
+      shell: bash
+      run: npm install -g ts-node
+
+    - name: Run update script
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts
--- a/.github/actions/update-bundle/index.ts
+++ b/.github/actions/update-bundle/index.ts
@@ -0,0 +1,67 @@
+import * as fs from 'fs';
+import * as github from '@actions/github';
+
+interface BundleInfo {
+  bundleVersion: string;
+  cliVersion: string;
+}
+
+interface Defaults {
+  bundleVersion: string;
+  cliVersion: string;
+  priorBundleVersion: string;
+  priorCliVersion: string;
+}
+
+function getCodeQLCliVersionForRelease(release): string {
+  // We do not currently tag CodeQL bundles based on the CLI version they contain.
+  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
+  // This marker file is uploaded as a release asset for all new CodeQL bundles.
+  const cliVersionsFromMarkerFiles = release.assets
+    .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+    .filter((v) => v)
+    .map((v) => v as string);
+  if (cliVersionsFromMarkerFiles.length > 1) {
+    throw new Error(
+      `Release ${release.tag_name} has multiple CLI version marker files.`
+    );
+  } else if (cliVersionsFromMarkerFiles.length === 0) {
+    throw new Error(
+      `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+    );
+  }
+  return cliVersionsFromMarkerFiles[0];
+}
+
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+  return {
+    bundleVersion: release.tag_name,
+    cliVersion: getCodeQLCliVersionForRelease(release)
+  };
+}
+
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+  const release = github.context.payload.release;
+  console.log('Updating default bundle as a result of the following release: ' +
+    `${JSON.stringify(release)}.`)
+
+  const bundleInfo = await getBundleInfoFromRelease(release);
+  return {
+    bundleVersion: bundleInfo.bundleVersion,
+    cliVersion: bundleInfo.cliVersion,
+    priorBundleVersion: currentDefaults.bundleVersion,
+    priorCliVersion: currentDefaults.cliVersion
+  };
+}
+
+async function main() {
+  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+  const newDefaults = await getNewDefaults(previousDefaults);
+  // Update the source file in the repository. Calling workflows should subsequently rebuild
+  // the Action to update `lib/defaults.json`.
+  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}
+
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,6 +16,6 @@ updates:
    schedule:
      interval: weekly
  - package-ecosystem: github-actions
-    directory: "/.github/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
    schedule:
      interval: weekly
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -69,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -39,9 +39,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: csharp
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -45,9 +45,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -25,6 +25,12 @@ jobs:
    strategy:
      matrix:
        include:
+        - os: ubuntu-latest
+          version: stable-20230317
+        - os: macos-latest
+          version: stable-20230317
+        - os: windows-latest
+          version: stable-20230317
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
@@ -45,9 +51,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -39,9 +39,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
@@ -49,7 +60,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
      env:
        CODEQL_FILE_BASELINE_INFORMATION: true
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Build code
@@ -70,7 +81,10 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp cs go java js py rb swift"
+        expected_baseline_languages="cpp cs go java js py rb"
+        if [[ $RUNNER_OS != "Windows" ]]; then
+          expected_baseline_languages+=" swift"
+        fi

        for lang in ${expected_baseline_languages}; do
          rule_name="${lang}/baseline/expected-extracted-files"
@@ -84,5 +98,4 @@ jobs:
          fi
        done
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -35,9 +35,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: java
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -69,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -57,14 +61,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -57,14 +61,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -57,14 +61,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -51,9 +51,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Init with registries
      uses: ./../action/init
      with:
@@ -69,8 +80,8 @@ jobs:
    - name: Verify packages installed
      shell: bash
      run: |
-        PRIVATE_PACK="$HOME/.codeql/packages/dsp-testing/private-pack"
-        CODEQL_PACK1="$HOME/.codeql/packages/dsp-testing/codeql-pack1"
+        PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
+        CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"

        if [[ -d $PRIVATE_PACK ]]
        then
@@ -117,5 +128,9 @@ jobs:
            cat $QLCONFIG_PATH
            exit 1
        fi
+    permissions:
+      contents: read
+      packages: read
+
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -39,9 +39,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Move codeql-action
      shell: bash
      run: |
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@@ -25,12 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20220120
+        - os: ubuntu-latest
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
+          version: stable-20220401
+        - os: windows-latest
+          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -57,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
@@ -85,9 +109,9 @@ jobs:
        retention-days: 7

    - name: Check sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
-      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
+      if: "!(matrix.version == 'stable-20220401' && runner.os == 'Windows')"
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
@@ -96,7 +120,7 @@ jobs:
    - name: Check results
      env:
      # Running on Windows requires CodeQL CLI 2.9.0+.
-        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' &&
+        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220401' &&
          runner.os == 'Windows') }}
      shell: bash
      run: |
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -57,23 +61,29 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}

-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
+        codeql-path: ${{ steps.init.outputs.codeql-path }}

    - name: Build code
      shell: bash
@@ -119,8 +129,7 @@ jobs:
        fi

    - name: Check language autodetect for Ruby
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      run: |
        RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
@@ -130,8 +139,7 @@ jobs:
        fi

    - name: Check language autodetect for Swift
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      run: |
        SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -140,5 +148,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -51,13 +51,24 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -69,7 +80,7 @@ jobs:
        upload-database: false

    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -51,13 +51,24 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -69,7 +80,7 @@ jobs:
        upload-database: false

    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -51,9 +51,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging.yml
@@ -68,7 +79,7 @@ jobs:
        upload-database: false

    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -51,14 +51,25 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging2.yml
        languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
      shell: bash
@@ -68,7 +79,7 @@ jobs:
        output: ${{ runner.temp }}/results

    - name: Check results
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -69,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -35,9 +35,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Set up Ruby
      uses: ruby/setup-ruby@v1
      with:
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -45,9 +45,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: ruby
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -45,13 +45,24 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@1.0.0
+        packs: +codeql-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -39,9 +39,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v3
    - uses: ./init
      with:
--- a/.github/workflows/__swift-autobuild.yml
+++ b/.github/workflows/__swift-autobuild.yml
@@ -1,72 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
-# to regenerate this file.
-
-name: PR Check - Swift analysis using autobuild
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  swift-autobuild:
-    strategy:
-      matrix:
-        include:
-        - os: macos-latest
-          version: latest
-        - os: macos-latest
-          version: cached
-        - os: macos-latest
-          version: nightly-latest
-    name: Swift analysis using autobuild
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: ${{ matrix.version }}
-    - uses: ./../action/init
-      id: init
-      with:
-        languages: swift
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-    - name: Check working directory
-      shell: bash
-      run: pwd
-    - uses: ./../action/autobuild
-      timeout-minutes: 10
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
-        if [[ ! -d "$SWIFT_DB" ]]; then
-          echo "Did not create a database for Swift."
-          exit 1
-        fi
-    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
-      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -45,15 +45,26 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
        languages: swift
        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
+    - uses: ./../action/.github/actions/setup-swift
      with:
        codeql-path: ${{steps.init.outputs.codeql-path}}
    - name: Check working directory
@@ -75,6 +86,5 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -35,9 +35,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -35,18 +35,33 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Fetch a CodeQL bundle
      shell: bash
      env:
        CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
      run: |
        wget "$CODEQL_URL"
-    - uses: ./../action/init
+    - id: init
+      uses: ./../action/init
      with:
        tools: ./codeql-bundle.tar.gz
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -35,9 +35,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -25,12 +25,14 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: ubuntu-latest
@@ -45,18 +47,28 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
+      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
    # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -69,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -69,14 +75,20 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v3
      with:
        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -47,12 +47,12 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}

    - name: Empty file
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: "{}"
        languages: javascript
@@ -60,31 +60,31 @@ jobs:

    - name: Packs from input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}

    - name: Packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}

    - name: Queries from input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -96,7 +96,7 @@ jobs:

    - name: Queries from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -108,27 +108,27 @@ jobs:

    - name: Queries and packs from input with +
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
-            "packs": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+            "packs": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
          }
        languages: javascript
        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
-        packs: + dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2
+        packs: + codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2
        tools: ${{ steps.prepare-test.outputs.tools-url }}

    - name: Queries and packs from config
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }],
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ]
            }
          }
        languages: javascript
@@ -137,7 +137,7 @@ jobs:

    - name: Queries and packs from config overriden by input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -152,7 +152,7 @@ jobs:

    - name: Queries and packs from config merging with input
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -161,7 +161,7 @@ jobs:
              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }
            ],
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2", "codeql/javascript-queries" ]
            }
          }
        languages: javascript
@@ -172,12 +172,12 @@ jobs:

    - name: Multi-language packs from config
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
            "packs": {
-              "javascript": ["dsp-testing/codeql-pack1@1.0.0", "dsp-testing/codeql-pack2" ],
+              "javascript": ["codeql-testing/codeql-pack1@1.0.0", "codeql-testing/codeql-pack2" ],
              "ruby": ["codeql/ruby-queries"]
            },
            "queries": [
@@ -190,7 +190,7 @@ jobs:

    - name: Other config properties
      if: success() || failure()
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: |
          {
@@ -209,7 +209,7 @@ jobs:
      if: success() || failure()
      env:
        CODEQL_PASS_CONFIG_TO_CLI: false
-      uses: ./../action/.github/check-codescanning-config
+      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: ""
        languages: javascript
--- a/.github/workflows/debug-artifacts-failure.yml
+++ b/.github/workflows/debug-artifacts-failure.yml
@@ -36,7 +36,7 @@ jobs:
        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
        with:
          version: latest
      - uses: actions/setup-go@v4
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -21,31 +21,17 @@ jobs:
  upload-artifacts:
    strategy:
      matrix:
-        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: ubuntu-latest
-          version: stable-20220401
-        - os: macos-latest
-          version: stable-20220401
-        - os: ubuntu-latest
-          version: cached
-        - os: macos-latest
-          version: cached
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+        os:
+        - ubuntu-latest
+        - macos-latest
+        version:
+        - stable-20220401
+        - stable-20220615
+        - stable-20220908
+        - stable-20221211
+        - cached
+        - latest
+        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -56,7 +42,7 @@ jobs:
        uses: actions/checkout@v3
      - name: Prepare test
        id: prepare-test
-        uses: ./.github/prepare-test
+        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v4
@@ -84,17 +70,10 @@ jobs:
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest"
+          VERSIONS="stable-20220401 stable-20220615 stable-20220908 stable-20221211 cached latest nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
-            if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then
-              # Note the absence of the period in "ubuntu-2004": this is present in the image name
-              # but not the artifact name
-              OPERATING_SYSTEMS="ubuntu-2004 macos-latest"
-            else
-              OPERATING_SYSTEMS="ubuntu-latest macos-latest"
-            fi
-            for os in $OPERATING_SYSTEMS; do
+            for os in ubuntu-latest macos-latest; do
              pushd "./my-debug-artifacts-$os-$version"
              echo "Artifacts from version $version on $os:"
              for language in $LANGUAGES; do
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@@ -25,7 +25,7 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: latest
    - uses: ./../action/init
@@ -39,7 +39,7 @@ jobs:
        upload: never

    - name: Check Sarif
-      uses: ./../action/.github/check-sarif
+      uses: ./../action/.github/actions/check-sarif
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/incomplete-hostname-regexp,js/path-injection
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -23,12 +23,12 @@ jobs:
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
-      uses: ./.github/prepare-test
+      uses: ./.github/actions/prepare-test
      with:
        version: latest

    - name: Check SARIF for default queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip
@@ -37,7 +37,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}

    - name: Check SARIF for query packs with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block
@@ -46,7 +46,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}

    - name: Check SARIF for query packs and local queries with Single include, Single exclude
-      uses: ./../action/.github/query-filter-test
+      uses: ./../action/.github/actions/query-filter-test
      with:
        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -0,0 +1,91 @@
+name: Update default CodeQL bundle
+
+on:
+  release:
+    # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+    # Note: The prereleased type will not trigger for pre-releases published
+    # from draft releases, but the published type will trigger. If you want a
+    # workflow to run when stable and pre-releases publish, subscribe to
+    # published instead of released and prereleased.
+    #
+    # From https://github.com/orgs/community/discussions/26281
+    # As a work around, in published type workflow,  you could add if condition
+    # to filter pre-release attribute.
+    types: [published]
+
+jobs:
+  update-bundle:
+    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dump environment
+        run: env
+
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github) }}'
+        run: echo "$GITHUB_CONTEXT"
+
+      - uses: actions/checkout@v3
+
+      - name: Update git config
+        run: |
+          git config --global user.email "github-actions@github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update bundle
+        uses: ./.github/actions/update-bundle
+
+      - name: Rebuild Action
+        run: npm run build
+
+      - name: Commit and push changes
+        env:
+          RELEASE_TAG: "${{ github.event.release.tag_name }}"
+        run: |
+          git checkout -b "update-bundle/$RELEASE_TAG"
+          git commit -am "Update default bundle to $RELEASE_TAG"
+          git push --set-upstream origin "update-bundle/$RELEASE_TAG"
+
+      - name: Open pull request
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cli_version=$(jq -r '.cliVersion' src/defaults.json)
+          pr_url=$(gh pr create \
+            --title "Update default bundle to $cli_version" \
+            --body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \
+            --assignee "$GITHUB_ACTOR" \
+            --draft \
+          )
+          echo "CLI_VERSION=$cli_version" | tee -a "$GITHUB_ENV"
+          echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
+
+      - name: Create changelog note
+        shell: python
+        run: |
+          import os
+          import re
+
+          # Get the PR number from the PR URL.
+          pr_number = os.environ['PR_URL'].split('/')[-1]
+          changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
+
+          # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
+          # Use perl to avoid having to escape the newline character.
+
+          with open('CHANGELOG.md', 'r') as f:
+              changelog = f.read()
+
+          changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
+
+          # Add the changelog note to the bottom of the "[UNRELEASED]" section.
+          changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
+
+          with open('CHANGELOG.md', 'w') as f:
+              f.write(changelog)
+
+      - name: Push changelog note
+        run: |
+          git commit -am "Add changelog note"
+          git push
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -36,7 +36,7 @@ jobs:
        env:
          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
      - name: Commit Changes
-        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
+        uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 # v5.0.0
        with:
          commit-message: Update supported GitHub Enterprise Server versions.
          title: Update supported GitHub Enterprise Server versions.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,31 @@
 # CodeQL Action Changelog

+## 2.3.2 - 27 Apr 2023
+
+No user facing changes.
+
+## 2.3.1 - 26 Apr 2023
+
+No user facing changes.
+
+## 2.3.0 - 21 Apr 2023
+
+- Update default CodeQL bundle version to 2.13.0. [#1649](https://github.com/github/codeql-action/pull/1649)
+- Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
+
+## 2.2.12 - 13 Apr 2023
+
+- Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
+- Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)
+
+## 2.2.11 - 06 Apr 2023
+
+No user facing changes.
+
+## 2.2.10 - 05 Apr 2023
+
+- Update default CodeQL bundle version to 2.12.6. [#1629](https://github.com/github/codeql-action/pull/1629)
+
 ## 2.2.9 - 27 Mar 2023

 - Customers post-processing the SARIF output of the `analyze` Action before uploading it to Code Scanning will benefit from an improved debugging experience. [#1598](https://github.com/github/codeql-action/pull/1598)
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -163,7 +163,7 @@ async function getAnalysisKey() {
    if (analysisKey !== undefined) {
        return analysisKey;
    }
-    const workflowPath = await (0, workflow_1.getWorkflowPath)();
+    const workflowPath = await (0, workflow_1.getWorkflowRelativePath)();
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    analysisKey = `${workflowPath}:${jobName}`;
    core.exportVariable(analysisKeyEnvVar, analysisKey);
@@ -290,11 +290,8 @@ exports.getActionVersion = getActionVersion;
 async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
    const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
    const ref = await getRef();
-    const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
-    let workflowRunID = -1;
-    if (workflowRunIDStr) {
-        workflowRunID = parseInt(workflowRunIDStr, 10);
-    }
+    const workflowRunID = (0, workflow_1.getWorkflowRunID)();
+    const workflowRunAttempt = (0, workflow_1.getWorkflowRunAttempt)();
    const workflowName = process.env["GITHUB_WORKFLOW"] || "";
    const jobName = process.env["GITHUB_JOB"] || "";
    const analysis_key = await getAnalysisKey();
@@ -314,6 +311,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
    }
    const statusReport = {
        workflow_run_id: workflowRunID,
+        workflow_run_attempt: workflowRunAttempt,
        workflow_name: workflowName,
        job_name: jobName,
        analysis_key,
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -31,13 +31,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const util_1 = require("./util");
 async function runWrapper() {
    try {
        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
    }
    catch (error) {
-        core.setFailed(`analyze post-action step failed: ${error}`);
-        console.log(error);
+        core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);
    }
 }
 void runWrapper();
--- a/lib/analyze-action-post.js.map
+++ b/lib/analyze-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AAEpD,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,oCAAoC,KAAK,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;KAC5E;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -155,7 +155,6 @@ async function run() {
        if (hasBadExpectErrorInput()) {
            throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
        }
-        await (0, codeql_1.enrichEnvironment)(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
@@ -205,8 +204,8 @@ async function run() {
        }
        core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
    }
-    catch (origError) {
-        const error = origError instanceof Error ? origError : new Error(String(origError));
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
        if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
@@ -239,7 +238,7 @@ async function runWrapper() {
        await exports.runPromise;
    }
    catch (error) {
-        core.setFailed(`analyze action failed: ${error}`);
+        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
    }
    await (0, util_1.checkForTimeout)();
 }
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -37,7 +37,6 @@ const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
-const sharedEnv = __importStar(require("./shared-environment"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 class CodeQLAnalysisError extends Error {
@@ -283,20 +282,13 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
    }
    await fs.promises.mkdir(outputDir, { recursive: true });
    const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger);
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    // WARNING: This does not _really_ end tracing, as the tracer will restore its
    // critical environment variables and it'll still be active for all processes
    // launched from this build step.
    // However, it will stop tracing for all steps past the codeql-action/analyze
    // step.
-    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Delete variables as specified by the end-tracing script
-        await (0, tracer_config_1.endTracingForCluster)(config);
-    }
-    else {
-        // Delete the tracer config env var to avoid tracing ourselves
-        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-    }
+    // Delete variables as specified by the end-tracing script
+    await (0, tracer_config_1.endTracingForCluster)(config);
    return timings;
 }
 exports.runFinalize = runFinalize;
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -74,10 +74,10 @@ async function run() {
            }
        }
    }
-    catch (error) {
-        core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps.  ${error instanceof Error ? error.message : String(error)}`);
-        console.log(error);
-        await sendCompletedStatusReport(startedAt, languages ?? [], currentLanguage, error instanceof Error ? error : new Error(String(error)));
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. ${error.message}`);
+        await sendCompletedStatusReport(startedAt, languages ?? [], currentLanguage, error);
        return;
    }
    await sendCompletedStatusReport(startedAt, languages ?? []);
@@ -87,8 +87,7 @@ async function runWrapper() {
        await run();
    }
    catch (error) {
-        core.setFailed(`autobuild action failed. ${error}`);
-        console.log(error);
+        core.setFailed(`autobuild action failed. ${(0, util_1.wrapError)(error).message}`);
    }
 }
 void runWrapper();
--- a/lib/autobuild-action.js.map
+++ b/lib/autobuild-action.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAA0E;AAS1E,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAIgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KACxE;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -23,10 +23,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
@@ -35,10 +34,10 @@ const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
-const shared_environment_1 = require("./shared-environment");
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 class CommandInvocationError extends Error {
    constructor(cmd, args, exitCode, error, output) {
        super(`Failure invoking ${cmd} with arguments ${args}.\n
@@ -61,7 +60,7 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.6.3";
+const CODEQL_MINIMUM_VERSION = "2.8.5";
 /**
 * Versions of CodeQL that version-flag certain functionality in the Action.
 * For convenience, please keep these in descending order. Once a version
@@ -72,21 +71,6 @@ const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
 const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";
 exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
 const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
-/**
- * This variable controls using the new style of tracing from the CodeQL
- * CLI. In particular, with versions above this we will use both indirect
- * tracing, and multi-language tracing together with database clusters.
- *
- * Note that there were bugs in both of these features that were fixed in
- * release 2.7.0 of the CodeQL CLI, therefore this flag is only enabled for
- * versions above that.
- */
-exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
-/**
- * Versions 2.7.3+ of the CodeQL CLI support build tracing with glibc 2.34 on Linux. Versions before
- * this cannot perform build tracing when running on the Actions `ubuntu-22.04` runner image.
- */
-exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = "2.7.3";
 /**
 * Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
 * resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
@@ -138,8 +122,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        };
    }
    catch (e) {
-        logger.error(e instanceof Error ? e : new Error(String(e)));
-        throw new Error("Unable to download and extract CodeQL CLI");
+        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.wrapError)(e).message}`);
    }
 }
 exports.setupCodeQL = setupCodeQL;
@@ -176,8 +159,6 @@ function setCodeQL(partialCodeql) {
        getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
        getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve("1.0.0"))),
        printVersion: resolveFunction(partialCodeql, "printVersion"),
-        getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
-        databaseInit: resolveFunction(partialCodeql, "databaseInit"),
        databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
        runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
        extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
@@ -244,73 +225,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async printVersion() {
            await runTool(cmd, ["version", "--format=json"]);
        },
-        async getTracerEnv(databasePath) {
-            // Write tracer-env.js to a temp location.
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const tracerEnvJs = path.resolve(databasePath, "working", "tracer-env.js");
-            fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
-            fs.writeFileSync(tracerEnvJs, `
-        const fs = require('fs');
-        const env = {};
-        for (let entry of Object.entries(process.env)) {
-          const key = entry[0];
-          const value = entry[1];
-          if (typeof value !== 'undefined' && key !== '_' && !key.startsWith('JAVA_MAIN_CLASS_')) {
-            env[key] = value;
-          }
-        }
-        process.stdout.write(process.argv[2]);
-        fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`);
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const envFile = path.resolve(databasePath, "working", "env.tmp");
-            try {
-                await runTool(cmd, [
-                    "database",
-                    "trace-command",
-                    databasePath,
-                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                    process.execPath,
-                    tracerEnvJs,
-                    envFile,
-                ]);
-            }
-            catch (e) {
-                if (e instanceof CommandInvocationError &&
-                    e.output.includes("undefined symbol: __libc_dlopen_mode, version GLIBC_PRIVATE") &&
-                    process.platform === "linux" &&
-                    !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_TRACING_GLIBC_2_34))) {
-                    throw new util.UserError("The CodeQL CLI is incompatible with the version of glibc on your system. " +
-                        `Please upgrade to CodeQL CLI version ${exports.CODEQL_VERSION_TRACING_GLIBC_2_34} or ` +
-                        "later. If you cannot upgrade to a newer version of the CodeQL CLI, you can " +
-                        `alternatively run your workflow on another runner image such as "ubuntu-20.04" ` +
-                        "that has glibc 2.33 or earlier installed.");
-                }
-                else {
-                    throw e;
-                }
-            }
-            return JSON.parse(fs.readFileSync(envFile, "utf-8"));
-        },
-        async databaseInit(databasePath, language, sourceRoot) {
-            await runTool(cmd, [
-                "database",
-                "init",
-                databasePath,
-                `--language=${language}`,
-                `--source-root=${sourceRoot}`,
-                ...getExtraOptionsFromEnv(["database", "init"]),
-            ]);
-        },
        async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
            if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
@@ -509,7 +423,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        },
        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
            const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
-            const codeqlOutputFile = shouldExportDiagnostics
+            // Update this to take into account the CodeQL version when we have a version with the fix.
+            const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics;
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
                ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
                : sarifFile;
            const codeqlArgs = [
@@ -537,16 +453,17 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (shouldExportDiagnostics) {
                codeqlArgs.push("--sarif-include-diagnostics");
            }
+            else if (await util.codeQlVersionAbove(this, "2.12.4")) {
+                codeqlArgs.push("--no-sarif-include-diagnostics");
+            }
            codeqlArgs.push(databasePath);
            if (querySuitePaths) {
                codeqlArgs.push(...querySuitePaths);
            }
            // capture stdout, which contains analysis summaries
            const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
-            if (shouldExportDiagnostics) {
-                let sarif = JSON.parse(fs.readFileSync(codeqlOutputFile, "utf8"));
-                sarif = util.fixInvalidNotifications(sarif, logger);
-                fs.writeFileSync(sarifFile, JSON.stringify(sarif));
+            if (shouldWorkaroundInvalidNotifications) {
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
            }
            return returnState.stdout;
        },
@@ -625,14 +542,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            await new toolrunner.ToolRunner(cmd, args).exec();
        },
        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
-            const intermediateSarifFile = path.join(tempDir, "codeql-intermediate-results.sarif");
+            // Update this to take into account the CodeQL version when we have a version with the fix.
+            const shouldWorkaroundInvalidNotifications = true;
+            const codeqlOutputFile = shouldWorkaroundInvalidNotifications
+                ? path.join(tempDir, "codeql-intermediate-results.sarif")
+                : sarifFile;
            const args = [
                "database",
                "export-diagnostics",
                `${databasePath}`,
                "--db-cluster",
                "--format=sarif-latest",
-                `--output=${intermediateSarifFile}`,
+                `--output=${codeqlOutputFile}`,
                "--sarif-include-diagnostics",
                "-vvv",
                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
@@ -641,10 +562,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                args.push("--sarif-category", automationDetailsId);
            }
            await new toolrunner.ToolRunner(cmd, args).exec();
-            // Fix invalid notifications in the SARIF file output by CodeQL.
-            let sarif = JSON.parse(fs.readFileSync(intermediateSarifFile, "utf8"));
-            sarif = util.fixInvalidNotifications(sarif, logger);
-            fs.writeFileSync(sarifFile, JSON.stringify(sarif));
+            if (shouldWorkaroundInvalidNotifications) {
+                // Fix invalid notifications in the SARIF file output by CodeQL.
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+            }
        },
        async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
            const args = [
@@ -845,19 +766,4 @@ async function getCodeScanningConfigExportArguments(config, codeql, features) {
    }
    return [];
 }
-/**
- * Enrich the environment variables with further flags that we cannot
- * know the value of until we know what version of CodeQL we're running.
- */
-async function enrichEnvironment(codeql) {
-    if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_NEW_TRACING)) {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "false");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "false");
-    }
-    else {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "true");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "true");
-    }
-}
-exports.enrichEnvironment = enrichEnvironment;
 //# sourceMappingURL=codeql.js.map
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@@ -382,11 +382,11 @@ for (const isBundleVersionInUrl of [true, false]) {
            tagName: "codeql-bundle-20230203",
        });
        mockDownloadApi({
-            repo: "dsp-testing/codeql-cli-nightlies",
+            repo: "codeql-testing/codeql-cli-nightlies",
            platformSpecific: false,
            tagName: "codeql-bundle-20230203",
        });
-        const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
        t.is(result.toolsVersion, "0.0.0-20230203");
        t.is(result.toolsSource, init_1.ToolsSource.Download);
        t.true(Number.isInteger(result.toolsDownloadDurationMs));
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -1134,7 +1134,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            {
                // no slash
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1200,7 +1200,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1227,7 +1227,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                // missing url property
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
            {
@@ -1252,7 +1252,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
            {
                // no slash
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
        ]);
@@ -1283,7 +1283,7 @@ const calculateAugmentationErrorMacro = ava_1.default.macro({
        const registriesInput = yaml.dump([
            {
                url: "http://ghcr.io",
-                packages: ["codeql/*", "dsp-testing/*"],
+                packages: ["codeql/*", "codeql-testing/*"],
                token: "not-a-token",
            },
        ]);
--- a/lib/config-utils.test.js.map
+++ b/lib/config-utils.test.js.map
--- a/lib/debug-artifacts.js
+++ b/lib/debug-artifacts.js
@@ -74,7 +74,6 @@ async function uploadSarifDebugArtifact(config, outputDir) {
 }
 exports.uploadSarifDebugArtifact = uploadSarifDebugArtifact;
 async function uploadLogsDebugArtifact(config) {
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    let toUpload = [];
    for (const language of config.languages) {
        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
@@ -83,21 +82,12 @@ async function uploadLogsDebugArtifact(config) {
            toUpload = toUpload.concat((0, util_1.listFolder)(logsDirectory));
        }
    }
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Multilanguage tracing: there are additional logs in the root of the cluster
-        const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
-        if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
-            toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
-        }
+    // Multilanguage tracing: there are additional logs in the root of the cluster
+    const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
+    if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
+        toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
    }
    await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-    // Before multi-language tracing, we wrote a compound-build-tracer.log in the temp dir
-    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-        const compoundBuildTracerLogDirectory = path.resolve(config.tempDir, "compound-build-tracer.log");
-        if ((0, util_1.doesDirectoryExist)(compoundBuildTracerLogDirectory)) {
-            await uploadDebugArtifacts([compoundBuildTracerLogDirectory], config.tempDir, config.debugArtifactName);
-        }
-    }
 }
 exports.uploadLogsDebugArtifact = uploadLogsDebugArtifact;
 /**
--- a/lib/debug-artifacts.js.map
+++ b/lib/debug-artifacts.js.map
@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAiE;AAIjE,iCAMgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;QAChE,8EAA8E;QAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;YACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;SAC3E;KACF;IACD,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,sFAAsF;IACtF,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,CAAC,EAAE;QACnE,MAAM,+BAA+B,GAAG,IAAI,CAAC,OAAO,CAClD,MAAM,CAAC,OAAO,EACd,2BAA2B,CAC5B,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,+BAA+B,CAAC,EAAE;YACvD,MAAM,oBAAoB,CACxB,CAAC,+BAA+B,CAAC,EACjC,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;KACF;AACH,CAAC;AA1CD,0DA0CC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;QACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAxBD,0DAwBC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230317",
-    "cliVersion": "2.12.5",
-    "priorBundleVersion": "codeql-bundle-20230304",
-    "priorCliVersion": "2.12.4"
+    "bundleVersion": "codeql-bundle-20230414",
+    "cliVersion": "2.13.0",
+    "priorBundleVersion": "codeql-bundle-20230403",
+    "priorCliVersion": "2.12.6"
 }
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@@ -55,12 +55,12 @@ exports.featureConfig = {
    [Feature.ExportCodeScanningConfigEnabled]: {
        envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
        minimumVersion: "2.12.3",
-        defaultValue: false,
+        defaultValue: true,
    },
    [Feature.ExportDiagnosticsEnabled]: {
        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
        minimumVersion: "2.12.4",
-        defaultValue: false,
+        defaultValue: true,
    },
    [Feature.MlPoweredQueriesEnabled]: {
        envVar: "CODEQL_ML_POWERED_QUERIES",
@@ -70,7 +70,7 @@ exports.featureConfig = {
    [Feature.UploadFailedSarifEnabled]: {
        envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
        minimumVersion: "2.11.3",
-        defaultValue: false,
+        defaultValue: true,
    },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/init-action-post-helper.js
+++ b/lib/init-action-post-helper.js
@@ -34,9 +34,10 @@ const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 function createFailedUploadFailedSarifResult(error) {
+    const wrappedError = (0, util_1.wrapError)(error);
    return {
-        upload_failed_run_error: error instanceof Error ? error.message : String(error),
-        upload_failed_run_stack_trace: error instanceof Error ? error.stack : undefined,
+        upload_failed_run_error: wrappedError.message,
+        upload_failed_run_stack_trace: wrappedError.stack,
    };
 }
 /**
@@ -51,7 +52,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
    if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
        return { upload_failed_run_skipped_because: "Feature disabled" };
    }
-    const workflow = await (0, workflow_1.getWorkflow)();
+    const workflow = await (0, workflow_1.getWorkflow)(logger);
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
    const shouldUpload = (0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix);
--- a/lib/init-action-post-helper.js.map
+++ b/lib/init-action-post-helper.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -48,10 +48,10 @@ async function runWrapper() {
        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actions_util_1.printDebugLogs, repositoryNwo, features, logger);
    }
-    catch (e) {
-        core.setFailed(e instanceof Error ? e.message : String(e));
-        console.log(e);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(e), startedAt, String(e), e instanceof Error ? e.stack : undefined));
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        core.setFailed(error.message);
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init-post", (0, actions_util_1.getActionsStatus)(error), startedAt, error.message, error.stack));
        return;
    }
    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init-post", "success", startedAt);
--- a/lib/init-action-post.js.map
+++ b/lib/init-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAMxE,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,CAAC,CAAC,EACnB,SAAS,EACT,MAAM,CAAC,CAAC,CAAC,EACT,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CACzC,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAIgB;AAMhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -27,7 +27,6 @@ const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
-const codeql_1 = require("./codeql");
 const feature_flags_1 = require("./feature-flags");
 const init_1 = require("./init");
 const languages_1 = require("./languages");
@@ -36,8 +35,8 @@ const repository_1 = require("./repository");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
-async function sendInitStatusReport(actionStatus, startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger) {
-    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", actionStatus, startedAt);
+async function sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
+    const statusReportBase = await (0, actions_util_1.createStatusReportBase)("init", (0, actions_util_1.getActionsStatus)(error), startedAt, error?.message, error?.stack);
    const workflowLanguages = (0, actions_util_1.getOptionalInput)("languages");
    const initStatusReport = {
        ...statusReportBase,
@@ -116,7 +115,7 @@ async function run() {
    const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
    try {
-        const workflowErrors = await (0, workflow_1.validateWorkflow)();
+        const workflowErrors = await (0, workflow_1.validateWorkflow)(logger);
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
            return;
        }
@@ -129,7 +128,6 @@ async function run() {
        toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
        toolsVersion = initCodeQLResult.toolsVersion;
        toolsSource = initCodeQLResult.toolsSource;
-        await (0, codeql_1.enrichEnvironment)(codeql);
        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
        // Debug mode is enabled if:
        // - The `init` Action is passed `debug: true`.
@@ -141,17 +139,16 @@ async function run() {
            try {
                await (0, init_1.installPythonDeps)(codeql, logger);
            }
-            catch (err) {
-                const message = err instanceof Error ? err.message : String(err);
-                logger.warning(`${message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
+            catch (unwrappedError) {
+                const error = (0, util_1.wrapError)(unwrappedError);
+                logger.warning(`${error.message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
            }
        }
    }
-    catch (e) {
-        const message = e instanceof Error ? e.message : String(e);
-        core.setFailed(message);
-        console.log(e);
-        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "aborted", startedAt, message));
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        core.setFailed(error.message);
+        await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "aborted", startedAt, error.message, error.stack));
        return;
    }
    try {
@@ -179,20 +176,16 @@ async function run() {
            for (const [key, value] of Object.entries(tracerConfig.env)) {
                core.exportVariable(key, value);
            }
-            if (process.platform === "win32" &&
-                !(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-                await (0, init_1.injectWindowsTracer)("Runner.Worker.exe", undefined, config, codeql, tracerConfig);
-            }
        }
        core.setOutput("codeql-path", config.codeQLCmd);
    }
-    catch (error) {
-        core.setFailed(String(error));
-        console.log(error);
-        await sendInitStatusReport((0, actions_util_1.getActionsStatus)(error), startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        core.setFailed(error.message);
+        await sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error);
        return;
    }
-    await sendInitStatusReport("success", startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
+    await sendCompletedStatusReport(startedAt, config, toolsDownloadDurationMs, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
 }
 function getTrapCachingEnabled() {
    // If the workflow specified something always respect that
@@ -210,8 +203,7 @@ async function runWrapper() {
        await run();
    }
    catch (error) {
-        core.setFailed(`init action failed: ${error}`);
-        console.log(error);
+        core.setFailed(`init action failed: ${(0, util_1.wrapError)(error).message}`);
    }
    await (0, util_1.checkForTimeout)();
 }
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map
--- a/lib/init.js
+++ b/lib/init.js
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
+exports.installPythonDeps = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -33,7 +33,6 @@ const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 var ToolsSource;
 (function (ToolsSource) {
    ToolsSource["Unknown"] = "UNKNOWN";
@@ -60,35 +59,27 @@ exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, registriesInput, features, apiDetails, logger) {
    fs.mkdirSync(config.dbLocation, { recursive: true });
    try {
-        if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-            // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
-            // So, create it now.
-            // If we are parsing the config file in the Action, then the qlconfig file was already created
-            // before the `pack download` command was invoked. It is not required for the init command.
-            let registriesAuthTokens;
-            let qlconfigFile;
-            if (await util.useCodeScanningConfigInCli(codeql, features)) {
-                ({ registriesAuthTokens, qlconfigFile } =
-                    await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
-            }
-            await configUtils.wrapEnvironment({
-                GITHUB_TOKEN: apiDetails.auth,
-                CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
-            }, 
-            // Init a database cluster
-            async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
-        }
-        else {
-            for (const language of config.languages) {
-                // Init language database
-                await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
-            }
+        // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
+        // So, create it now.
+        // If we are parsing the config file in the Action, then the qlconfig file was already created
+        // before the `pack download` command was invoked. It is not required for the init command.
+        let registriesAuthTokens;
+        let qlconfigFile;
+        if (await util.useCodeScanningConfigInCli(codeql, features)) {
+            ({ registriesAuthTokens, qlconfigFile } =
+                await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
        }
+        await configUtils.wrapEnvironment({
+            GITHUB_TOKEN: apiDetails.auth,
+            CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
+        }, 
+        // Init a database cluster
+        async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
    }
    catch (e) {
        throw processError(e);
    }
-    return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql);
+    return await (0, tracer_config_1.getCombinedTracerConfig)(config);
 }
 exports.runInit = runInit;
 /**
@@ -119,89 +110,6 @@ function processError(e) {
    }
    return e;
 }
-// Runs a powershell script to inject the tracer into a parent process
-// so it can tracer future processes, hopefully including the build process.
-// If processName is given then injects into the nearest parent process with
-// this name, otherwise uses the processLevel-th parent if defined, otherwise
-// defaults to the 3rd parent as a rough guess.
-async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
-    let script;
-    if (processName !== undefined) {
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      while ($true) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Found process: $p"
-        if ($p -eq $null) {
-          throw "Could not determine ${processName} process"
-        }
-        if ($p[0].Name -eq "${processName}") {
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    else {
-        // If the level is not defined then guess at the 3rd parent process.
-        // This won't be correct in every setting but it should be enough in most settings,
-        // and overestimating is likely better in this situation so we definitely trace
-        // what we want, though this does run the risk of interfering with future CI jobs.
-        // Note that the default of 3 doesn't work on github actions, so we include a
-        // special case in the script that checks for Runner.Worker.exe so we can still work
-        // on actions if the runner is invoked there.
-        processLevel = processLevel || 3;
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      for ($i = 0; $i -le ${processLevel}; $i++) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Parent process \${i}: $p"
-        if ($p -eq $null) {
-          throw "Process tree ended before reaching required level"
-        }
-        # Special case just in case the runner is used on actions
-        if ($p[0].Name -eq "Runner.Worker.exe") {
-          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } elseif ($p[0].Name -eq "Agent.Worker.exe") {
-          Write-Host "Found Agent.Worker.exe process which means we are running on Azure Pipelines"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1");
-    fs.writeFileSync(injectTracerPath, script);
-    await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
-        "-ExecutionPolicy",
-        "Bypass",
-        "-file",
-        injectTracerPath,
-        path.resolve(path.dirname(codeql.getPath()), "tools", "win64", "tracer.exe"),
-    ], { env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }).exec();
-}
-exports.injectWindowsTracer = injectWindowsTracer;
 async function installPythonDeps(codeql, logger) {
    logger.startGroup("Setup Python dependencies");
    const scriptsFolder = path.resolve(__dirname, "../python-setup");
--- a/lib/init.js.map
+++ b/lib/init.js.map
--- a/lib/setup-codeql.js
+++ b/lib/setup-codeql.js
@@ -139,7 +139,7 @@ async function tryFindCliVersionDotcomOnly(tagName, logger) {
        return tryGetCodeQLCliVersionForRelease(release.data, logger);
    }
    catch (e) {
-        logger.debug(`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${e instanceof Error ? e.message : e}`);
+        logger.debug(`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${(0, util_1.wrapError)(e).message}`);
        return undefined;
    }
 }
--- a/lib/setup-codeql.js.map
+++ b/lib/setup-codeql.js.map
--- a/lib/setup-codeql.test.js
+++ b/lib/setup-codeql.test.js
@@ -57,7 +57,7 @@ ava_1.default.beforeEach(() => {
            t.deepEqual(parsedVersion, expectedVersion);
        }
        catch (e) {
-            t.fail(e instanceof Error ? e.message : String(e));
+            t.fail((0, util_1.wrapError)(e).message);
        }
    }
 });
--- a/lib/setup-codeql.test.js.map
+++ b/lib/setup-codeql.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"setup-codeql.test.js","sourceRoot":"","sources":["../src/setup-codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,uCAA4C;AAC5C,4DAA8C;AAC9C,mDAA6C;AAC7C,iCAA+C;AAE/C,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,CAAC,CAAC,SAAS,CACT,WAAW,CAAC,mBAAmB,CAC7B,mDAAmD,CACpD,EACD,UAAU,CACX,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9B,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,IAAI;YACF,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,CAC/C,OAAO,EACP,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;SACpD;KACF;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,CAAC,CAAC,EAAE,EAAE;IACtC,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;IAErC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAE/B,kCAAkC;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC,CAAC,SAAS,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAErD,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yEAAyE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1F,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,EAAE,CACF,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACD,wBAAwB,CACzB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iFAAiF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClG,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CACT,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACH;QACE,OAAO,EACL,+EAA+E;KAClF,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"setup-codeql.test.js","sourceRoot":"","sources":["../src/setup-codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,uCAA4C;AAC5C,4DAA8C;AAC9C,mDAA6C;AAC7C,iCAA0D;AAE1D,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,CAAC,CAAC,SAAS,CACT,WAAW,CAAC,mBAAmB,CAC7B,mDAAmD,CACpD,EACD,UAAU,CACX,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9B,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,IAAI;YACF,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,CAC/C,OAAO,EACP,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,IAAA,gBAAS,EAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SAC9B;KACF;AACH,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,CAAC,CAAC,EAAE,EAAE;IACtC,MAAM,MAAM,GAAG,IAAA,yBAAe,EAAC,IAAI,CAAC,CAAC;IAErC,IAAA,4BAAqB,EAAC,OAAO,CAAC,CAAC;IAE/B,kCAAkC;IAClC,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACtE,CAAC,CAAC,SAAS,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAAC;IAErD,mCAAmC;IACnC,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,GAAG,SAAS,CAAC;IACpD,MAAM,OAAO,GAAG,WAAW,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yEAAyE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1F,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,EAAE,CACF,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACD,wBAAwB,CACzB,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iFAAiF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClG,mDAAmD;IACnD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,sBAAsB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3C,KAAK,EAAE;YACL,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;SAC/C;QACD,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC;YAC9B;gBACE,MAAM,EAAE;oBACN;wBACE,IAAI,EAAE,wBAAwB;qBAC/B;iBACF;gBACD,QAAQ,EAAE,wBAAwB;aACnC;SACF,CAAC;KACH,CAAC,CAAC,CAAC;IACJ,MAAM,CAAC,CAAC,WAAW,CACjB,KAAK,IAAI,EAAE,CACT,MAAM,WAAW,CAAC,6BAA6B,CAC7C,QAAQ,EACR,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,EACH;QACE,OAAO,EACL,+EAA+E;KAClF,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
--- a/lib/toolrunner-error-catcher.js
+++ b/lib/toolrunner-error-catcher.js
@@ -26,6 +26,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.toolrunnerErrorCatcher = void 0;
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
+const util_1 = require("./util");
 /**
 * Wrapper for toolrunner.Toolrunner which checks for specific return code and/or regex matches in console output.
 * Output will be streamed to the live console as well as captured for subsequent processing.
@@ -83,8 +84,7 @@ async function toolrunnerErrorCatcher(commandLine, args, matchers, options) {
        }
    }
    catch (e) {
-        const error = e instanceof Error ? e : new Error(String(e));
-        throw error;
+        throw (0, util_1.wrapError)(e);
    }
 }
 exports.toolrunnerErrorCatcher = toolrunnerErrorCatcher;
--- a/lib/toolrunner-error-catcher.js.map
+++ b/lib/toolrunner-error-catcher.js.map
@@ -1 +1 @@
-{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AASpD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,QAAgB,CAAC;IACrB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CACxC,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;QAET,mEAAmE;QACnE,IAAI,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAEhD,IAAI,QAAQ,EAAE;YACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,QAAQ;oBAC7B,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC;oBACjC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EACjC;oBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClC;aACF;SACF;QAED,qFAAqF;QACrF,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;SAC7B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,QAAQ,EAAE,CACjE,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AAhED,wDAgEC"}
+{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AAGpD,iCAAmC;AAOnC;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,KAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,QAAgB,CAAC;IACrB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CACxC,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;QAET,mEAAmE;QACnE,IAAI,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAEhD,IAAI,QAAQ,EAAE;YACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,QAAQ;oBAC7B,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC;oBACjC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,EACjC;oBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClC;aACF;SACF;QAED,qFAAqF;QACrF,IAAI,OAAO,EAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;SAC7B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,QAAQ,EAAE,CACjE,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAA,gBAAS,EAAC,CAAC,CAAC,CAAC;KACpB;AACH,CAAC;AA/DD,wDA+DC"}
--- a/lib/tracer-config.js
+++ b/lib/tracer-config.js
@@ -23,20 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCombinedTracerConfig = exports.concatTracerConfigs = exports.getTracerConfigForLanguage = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
+exports.getCombinedTracerConfig = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const codeql_1 = require("./codeql");
 const languages_1 = require("./languages");
-const util = __importStar(require("./util"));
-const util_1 = require("./util");
-const CRITICAL_TRACER_VARS = new Set([
-    "SEMMLE_PRELOAD_libtrace",
-    "SEMMLE_RUNNER",
-    "SEMMLE_COPY_EXECUTABLES_ROOT",
-    "SEMMLE_DEPTRACE_SOCKET",
-    "SEMMLE_JAVA_TOOL_OPTIONS",
-]);
 async function endTracingForCluster(config) {
    // If there are no traced languages, we don't need to do anything.
    if (!config.languages.some((l) => (0, languages_1.isTracedLanguage)(l)))
@@ -64,162 +54,17 @@ exports.endTracingForCluster = endTracingForCluster;
 async function getTracerConfigForCluster(config) {
    const tracingEnvVariables = JSON.parse(fs.readFileSync(path.resolve(config.dbLocation, "temp/tracingEnvironment/start-tracing.json"), "utf8"));
    return {
-        spec: tracingEnvVariables["ODASA_TRACER_CONFIGURATION"],
        env: tracingEnvVariables,
    };
 }
 exports.getTracerConfigForCluster = getTracerConfigForCluster;
-async function getTracerConfigForLanguage(codeql, config, language) {
-    const env = await codeql.getTracerEnv(util.getCodeQLDatabasePath(config, language));
-    const spec = env["ODASA_TRACER_CONFIGURATION"];
-    const info = { spec, env: {} };
-    // Extract critical tracer variables from the environment
-    for (const entry of Object.entries(env)) {
-        const key = entry[0];
-        const value = entry[1];
-        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
-        if (key === "ODASA_TRACER_CONFIGURATION") {
-            continue;
-        }
-        // skip undefined values
-        if (typeof value === "undefined") {
-            continue;
-        }
-        // Keep variables that do not exist in current environment. In addition always keep
-        // critical and CODEQL_ variables
-        if (typeof process.env[key] === "undefined" ||
-            CRITICAL_TRACER_VARS.has(key) ||
-            key.startsWith("CODEQL_")) {
-            info.env[key] = value;
-        }
-    }
-    return info;
-}
-exports.getTracerConfigForLanguage = getTracerConfigForLanguage;
-function concatTracerConfigs(tracerConfigs, config, writeBothEnvironments = false) {
-    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
-    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
-    // Merge the environments
-    const env = {};
-    let copyExecutables = false;
-    let envSize = 0;
-    for (const v of Object.values(tracerConfigs)) {
-        for (const e of Object.entries(v.env)) {
-            const name = e[0];
-            const value = e[1];
-            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
-            if (name === "SEMMLE_COPY_EXECUTABLES_ROOT") {
-                copyExecutables = true;
-            }
-            else if (name in env) {
-                if (env[name] !== value) {
-                    throw Error(`Incompatible values in environment parameter ${name}: ${env[name]} and ${value}`);
-                }
-            }
-            else {
-                env[name] = value;
-                envSize += 1;
-            }
-        }
-    }
-    // Concatenate spec files into a new spec file
-    const languages = Object.keys(tracerConfigs);
-    const cppIndex = languages.indexOf("cpp");
-    // Make sure cpp is the last language, if it's present since it must be concatenated last
-    if (cppIndex !== -1) {
-        const lastLang = languages[languages.length - 1];
-        languages[languages.length - 1] = languages[cppIndex];
-        languages[cppIndex] = lastLang;
-    }
-    const totalLines = [];
-    let totalCount = 0;
-    for (const lang of languages) {
-        const lines = fs
-            .readFileSync(tracerConfigs[lang].spec, "utf8")
-            .split(/\r?\n/);
-        const count = parseInt(lines[1], 10);
-        totalCount += count;
-        totalLines.push(...lines.slice(2));
-    }
-    const newLogFilePath = path.resolve(config.tempDir, "compound-build-tracer.log");
-    const spec = path.resolve(config.tempDir, "compound-spec");
-    const compoundTempFolder = path.resolve(config.tempDir, "compound-temp");
-    const newSpecContent = [
-        newLogFilePath,
-        totalCount.toString(10),
-        ...totalLines,
-    ];
-    if (copyExecutables) {
-        env["SEMMLE_COPY_EXECUTABLES_ROOT"] = compoundTempFolder;
-        envSize += 1;
-    }
-    fs.writeFileSync(spec, newSpecContent.join("\n"));
-    if (writeBothEnvironments || process.platform !== "win32") {
-        // Prepare the content of the compound environment file on Unix
-        let buffer = Buffer.alloc(4);
-        buffer.writeInt32LE(envSize, 0);
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const lineBuffer = Buffer.from(`${key}=${value}\0`, "utf8");
-            const sizeBuffer = Buffer.alloc(4);
-            sizeBuffer.writeInt32LE(lineBuffer.length, 0);
-            buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
-        }
-        // Write the compound environment for Unix
-        const envPath = `${spec}.environment`;
-        fs.writeFileSync(envPath, buffer);
-    }
-    if (writeBothEnvironments || process.platform === "win32") {
-        // Prepare the content of the compound environment file on Windows
-        let bufferWindows = Buffer.alloc(0);
-        let length = 0;
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const string = `${key}=${value}\0`;
-            length += string.length;
-            const lineBuffer = Buffer.from(string, "utf16le");
-            bufferWindows = Buffer.concat([bufferWindows, lineBuffer]);
-        }
-        const sizeBuffer = Buffer.alloc(4);
-        sizeBuffer.writeInt32LE(length + 1, 0); // Add one for trailing null character marking end
-        const trailingNull = Buffer.from(`\0`, "utf16le");
-        bufferWindows = Buffer.concat([sizeBuffer, bufferWindows, trailingNull]);
-        // Write the compound environment for Windows
-        const envPathWindows = `${spec}.win32env`;
-        fs.writeFileSync(envPathWindows, bufferWindows);
-    }
-    return { env, spec };
-}
-exports.concatTracerConfigs = concatTracerConfigs;
-async function getCombinedTracerConfig(config, codeql) {
+async function getCombinedTracerConfig(config) {
    // Abort if there are no traced languages as there's nothing to do
    const tracedLanguages = config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l));
    if (tracedLanguages.length === 0) {
        return undefined;
    }
-    let mainTracerConfig;
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        mainTracerConfig = await getTracerConfigForCluster(config);
-    }
-    else {
-        // Get all the tracer configs and combine them together
-        const tracedLanguageConfigs = {};
-        for (const language of tracedLanguages) {
-            tracedLanguageConfigs[language] = await getTracerConfigForLanguage(codeql, config, language);
-        }
-        mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
-        // Add a couple more variables
-        mainTracerConfig.env["ODASA_TRACER_CONFIGURATION"] = mainTracerConfig.spec;
-        const codeQLDir = path.dirname(codeql.getPath());
-        if (process.platform === "darwin") {
-            mainTracerConfig.env["DYLD_INSERT_LIBRARIES"] = path.join(codeQLDir, "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            mainTracerConfig.env["LD_PRELOAD"] = path.join(codeQLDir, "tools", "linux64", "${LIB}trace.so");
-        }
-    }
+    const mainTracerConfig = await getTracerConfigForCluster(config);
    // On macos it's necessary to prefix the build command with the runner executable
    // on order to trace when System Integrity Protection is enabled.
    // The executable also exists and works for other platforms so we output this env
--- a/lib/tracer-config.js.map
+++ b/lib/tracer-config.js.map
--- a/lib/tracer-config.test.js
+++ b/lib/tracer-config.test.js
@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
@@ -56,267 +55,35 @@ function getTestConfig(tmpDir) {
        trapCacheDownloadTime: 0,
    };
 }
-// A very minimal setup
-(0, ava_1.default)("getTracerConfigForLanguage - minimal setup", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, { spec: "abc", env: { foo: "bar" } });
-    });
-});
-// Existing vars should not be overwritten, unless they are critical or prefixed with CODEQL_
-(0, ava_1.default)("getTracerConfigForLanguage - existing / critical vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        // Set up some variables in the environment
-        process.env["foo"] = "abc";
-        process.env["SEMMLE_PRELOAD_libtrace"] = "abc";
-        process.env["SEMMLE_RUNNER"] = "abc";
-        process.env["SEMMLE_COPY_EXECUTABLES_ROOT"] = "abc";
-        process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
-        process.env["SEMMLE_JAVA_TOOL_OPTIONS"] = "abc";
-        process.env["CODEQL_VAR"] = "abc";
-        // Now CodeQL returns all these variables, and one more, with different values
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                    baz: "qux",
-                    SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                    SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                    SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                    SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                    SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                    CODEQL_VAR: "CODEQL_VAR",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, {
-            spec: "abc",
-            env: {
-                // Should contain all variables except 'foo', because that already existed in the
-                // environment with a different value, and is not deemed a "critical" variable.
-                baz: "qux",
-                SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                CODEQL_VAR: "CODEQL_VAR",
-            },
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - minimal configs correctly combined", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nabc\ndef\nghi`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - conflicting env vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        // Ok if env vars have the same name and the same value
-        t.deepEqual((0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "b", c: "c" } },
-        }, config).env, {
-            a: "a",
-            b: "b",
-            c: "c",
-        });
-        // Throws if env vars have same name but different values
-        const e = t.throws(() => (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "c" } },
-        }, config));
-        // If e is undefined, then the previous assertion will fail.
-        if (e !== undefined) {
-            t.deepEqual(e.message, "Incompatible values in environment parameter b: b and c");
-        }
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - cpp spec lines come last if present", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ cpp: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nghi\nabc\ndef`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - SEMMLE_COPY_EXECUTABLES_ROOT is updated to point to compound spec", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        const result = (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { SEMMLE_COPY_EXECUTABLES_ROOT: "foo" } },
-        }, config);
-        t.deepEqual(result.env, {
-            a: "a",
-            b: "b",
-            SEMMLE_COPY_EXECUTABLES_ROOT: path.join(tmpDir, "compound-temp"),
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - compound environment file is created correctly", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                foo: "bar_baz",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config, true);
-        // Check binary contents for the Unix file
-        const envPath = `${result.spec}.environment`;
-        t.true(fs.existsSync(envPath));
-        const buffer = fs.readFileSync(envPath);
-        t.deepEqual(buffer.length, 28);
-        t.deepEqual(buffer.readInt32LE(0), 2); // number of env vars
-        t.deepEqual(buffer.readInt32LE(4), 4); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 8, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(buffer.readInt32LE(12), 12); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 16, 28), "foo=bar_baz\0"); // [key]=[value]\0
-        // Check binary contents for the Windows file
-        const envPathWindows = `${result.spec}.win32env`;
-        t.true(fs.existsSync(envPathWindows));
-        const bufferWindows = fs.readFileSync(envPathWindows);
-        t.deepEqual(bufferWindows.length, 38);
-        t.deepEqual(bufferWindows.readInt32LE(0), 4 + 12 + 1); // number of tchars to represent the environment
-        t.deepEqual(bufferWindows.toString("utf16le", 4, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 12, 36), "foo=bar_baz\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 36, 38), "\0"); // trailing null character
-    });
-});
 (0, ava_1.default)("getCombinedTracerConfig - return undefined when no languages are traced languages", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        const config = getTestConfig(tmpDir);
        // No traced languages
        config.languages = [languages_1.Language.javascript, languages_1.Language.python];
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    CODEQL_DIST: "/",
-                    foo: "bar",
-                };
-            },
-        });
-        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL), undefined);
+        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config), undefined);
    });
 });
-(0, ava_1.default)("getCombinedTracerConfig - valid spec file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n2\nabc\ndef");
        const bundlePath = path.join(tmpDir, "bundle");
        const codeqlPlatform = process.platform === "win32"
            ? "win64"
            : process.platform === "darwin"
                ? "osx64"
                : "linux64";
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: spec,
-                    CODEQL_DIST: bundlePath,
-                    CODEQL_PLATFORM: codeqlPlatform,
-                    foo: "bar",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL);
-        t.notDeepEqual(result, undefined);
-        const expectedEnv = {
+        const startTracingEnv = {
            foo: "bar",
            CODEQL_DIST: bundlePath,
            CODEQL_PLATFORM: codeqlPlatform,
-            ODASA_TRACER_CONFIGURATION: result.spec,
        };
-        if (process.platform === "darwin") {
-            expectedEnv["DYLD_INSERT_LIBRARIES"] = path.join(path.dirname(codeQL.getPath()), "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            expectedEnv["LD_PRELOAD"] = path.join(path.dirname(codeQL.getPath()), "tools", "linux64", "${LIB}trace.so");
-        }
+        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
+        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
+        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
+        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
+        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config);
+        t.notDeepEqual(result, undefined);
+        const expectedEnv = startTracingEnv;
        if (process.platform === "win32") {
            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
        }
@@ -327,7 +94,6 @@ function getTestConfig(tmpDir) {
            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
        }
        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
            env: expectedEnv,
        });
    });
--- a/lib/tracer-config.test.js.map
+++ b/lib/tracer-config.test.js.map
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -40,6 +40,7 @@ const fingerprints = __importStar(require("./fingerprints"));
 const repository_1 = require("./repository");
 const shared_environment_1 = require("./shared-environment");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 const workflow = __importStar(require("./workflow"));
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
@@ -133,7 +134,7 @@ exports.findSarifFilesInDir = findSarifFilesInDir;
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
 async function uploadFromActions(sarifPath, checkoutPath, category, logger) {
-    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(checkoutPath), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), category, util.getRequiredEnvParam("GITHUB_WORKFLOW"), workflow.getWorkflowRunID(), checkoutPath, actionsUtil.getRequiredInput("matrix"), logger);
+    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(checkoutPath), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), category, util.getRequiredEnvParam("GITHUB_WORKFLOW"), workflow.getWorkflowRunID(), workflow.getWorkflowRunAttempt(), checkoutPath, actionsUtil.getRequiredInput("matrix"), logger);
 }
 exports.uploadFromActions = uploadFromActions;
 function getSarifFilePaths(sarifPath) {
@@ -160,7 +161,7 @@ function countResultsInSarif(sarif) {
        parsedSarif = JSON.parse(sarif);
    }
    catch (e) {
-        throw new Error(`Invalid SARIF. JSON syntax error: ${e instanceof Error ? e.message : String(e)}`);
+        throw new Error(`Invalid SARIF. JSON syntax error: ${(0, util_1.wrapError)(e).message}`);
    }
    if (!Array.isArray(parsedSarif.runs)) {
        throw new Error("Invalid SARIF. Missing 'runs' array.");
@@ -196,7 +197,7 @@ function validateSarifFileSchema(sarifFilePath, logger) {
 exports.validateSarifFileSchema = validateSarifFileSchema;
 // buildPayload constructs a map ready to be uploaded to the API from the given
 // parameters, respecting the current mode and target GitHub instance version.
-function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, mergeBaseCommitOid) {
+function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, mergeBaseCommitOid) {
    const payloadObj = {
        commit_oid: commitOid,
        ref,
@@ -204,6 +205,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
        analysis_name: analysisName,
        sarif: zippedSarif,
        workflow_run_id: workflowRunID,
+        workflow_run_attempt: workflowRunAttempt,
        checkout_uri: checkoutURI,
        environment,
        started_at: process.env[shared_environment_1.CODEQL_WORKFLOW_STARTED_AT],
@@ -234,7 +236,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
 exports.buildPayload = buildPayload;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
-async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, category, analysisName, workflowRunID, sourceRoot, environment, logger) {
+async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, category, analysisName, workflowRunID, workflowRunAttempt, sourceRoot, environment, logger) {
    logger.startGroup("Uploading results");
    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
    // Validate that the files we were asked to upload are all valid SARIF files
@@ -251,7 +253,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
    const sarifPayload = JSON.stringify(sarif);
    const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
    const checkoutURI = (0, file_url_1.default)(sourceRoot);
-    const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, await actionsUtil.determineMergeBaseCommitOid());
+    const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, workflowRunAttempt, checkoutURI, environment, toolNames, await actionsUtil.determineMergeBaseCommitOid());
    // Log some useful debug info about the info
    const rawUploadSizeBytes = sarifPayload.length;
    logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`);
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@@ -48,7 +48,7 @@ ava_1.default.beforeEach(() => {
 });
 (0, ava_1.default)("validate correct payload used for push, PR merge commit, and PR head", async (t) => {
    process.env["GITHUB_EVENT_NAME"] = "push";
-    const pushPayload = uploadLib.buildPayload("commit", "refs/heads/master", "key", undefined, "", undefined, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const pushPayload = uploadLib.buildPayload("commit", "refs/heads/master", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
    // Not triggered by a pull request
    t.falsy(pushPayload.base_ref);
    t.falsy(pushPayload.base_sha);
@@ -56,11 +56,11 @@ ava_1.default.beforeEach(() => {
    process.env["GITHUB_SHA"] = "commit";
    process.env["GITHUB_BASE_REF"] = "master";
    process.env["GITHUB_EVENT_PATH"] = `${__dirname}/../src/testdata/pull_request.json`;
-    const prMergePayload = uploadLib.buildPayload("commit", "refs/pull/123/merge", "key", undefined, "", undefined, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const prMergePayload = uploadLib.buildPayload("commit", "refs/pull/123/merge", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
    // Uploads for a merge commit use the merge base
    t.deepEqual(prMergePayload.base_ref, "refs/heads/master");
    t.deepEqual(prMergePayload.base_sha, "mergeBaseCommit");
-    const prHeadPayload = uploadLib.buildPayload("headCommit", "refs/pull/123/head", "key", undefined, "", undefined, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
+    const prHeadPayload = uploadLib.buildPayload("headCommit", "refs/pull/123/head", "key", undefined, "", 1234, 1, "/opt/src", undefined, ["CodeQL", "eslint"], "mergeBaseCommit");
    // Uploads for the head use the PR base
    t.deepEqual(prHeadPayload.base_ref, "refs/heads/master");
    t.deepEqual(prHeadPayload.base_sha, "f95f852bd8fca8fcc58a9a2d6c842781e32a215e");
--- a/lib/upload-lib.test.js.map
+++ b/lib/upload-lib.test.js.map
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -56,12 +56,12 @@ async function run() {
        }
        await sendSuccessStatusReport(startedAt, uploadResult.statusReport);
    }
-    catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        const stack = error instanceof Error ? error.stack : String(error);
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        const message = error.message;
        core.setFailed(message);
        console.log(error);
-        await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", actionsUtil.getActionsStatus(error), startedAt, message, stack));
+        await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", actionsUtil.getActionsStatus(error), startedAt, message, error.stack));
        return;
    }
 }
@@ -70,8 +70,7 @@ async function runWrapper() {
        await run();
    }
    catch (error) {
-        core.setFailed(`codeql/upload-sarif action failed: ${error}`);
-        console.log(error);
+        core.setFailed(`codeql/upload-sarif action failed: ${(0, util_1.wrapError)(error).message}`);
    }
 }
 void runWrapper();
--- a/lib/upload-sarif-action.js.map
+++ b/lib/upload-sarif-action.js.map
@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAIgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAC1C,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAC1C,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACjE,CAAC;KACH;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/util.js
+++ b/lib/util.js
@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -69,9 +69,9 @@ function getExtraOptionsEnvParam() {
    try {
        return JSON.parse(raw);
    }
-    catch (e) {
-        const message = e instanceof Error ? e.message : String(e);
-        throw new Error(`${varName} environment variable is set, but does not contain valid JSON: ${message}`);
+    catch (unwrappedError) {
+        const error = wrapError(unwrappedError);
+        throw new Error(`${varName} environment variable is set, but does not contain valid JSON: ${error.message}`);
    }
 }
 exports.getExtraOptionsEnvParam = getExtraOptionsEnvParam;
@@ -337,9 +337,11 @@ exports.assertNever = assertNever;
 * knowing what version of CodeQL we're running.
 */
 function initializeEnvironment(version) {
-    core.exportVariable(shared_environment_1.EnvVar.VERSION, version);
-    core.exportVariable(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE, "true");
-    core.exportVariable(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD, "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE), "false");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SANDWICH), "false");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE), "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD), "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.VERSION), version);
 }
 exports.initializeEnvironment = initializeEnvironment;
 /**
@@ -676,7 +678,7 @@ function fixInvalidNotifications(sarif, logger) {
            `${shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
        return sarif;
    }
-    if (!(sarif.runs instanceof Array)) {
+    if (!Array.isArray(sarif.runs)) {
        return sarif;
    }
    // Ensure that the array of locations for each SARIF notification contains unique locations.
@@ -687,19 +689,19 @@ function fixInvalidNotifications(sarif, logger) {
        ...sarif,
        runs: sarif.runs.map((run) => {
            if (run.tool?.driver?.name !== "CodeQL" ||
-                !(run.invocations instanceof Array)) {
+                !Array.isArray(run.invocations)) {
                return run;
            }
            return {
                ...run,
                invocations: run.invocations.map((invocation) => {
-                    if (!(invocation.toolExecutionNotifications instanceof Array)) {
+                    if (!Array.isArray(invocation.toolExecutionNotifications)) {
                        return invocation;
                    }
                    return {
                        ...invocation,
                        toolExecutionNotifications: invocation.toolExecutionNotifications.map((notification) => {
-                            if (!(notification.locations instanceof Array)) {
+                            if (!Array.isArray(notification.locations)) {
                                return notification;
                            }
                            const newLocations = removeDuplicateLocations(notification.locations);
@@ -719,7 +721,20 @@ function fixInvalidNotifications(sarif, logger) {
        logger.info(`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
            "objects.");
    }
+    else {
+        logger.debug("No duplicate locations found in SARIF notification objects.");
+    }
    return newSarif;
 }
 exports.fixInvalidNotifications = fixInvalidNotifications;
+function fixInvalidNotificationsInFile(inputPath, outputPath, logger) {
+    let sarif = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+    sarif = fixInvalidNotifications(sarif, logger);
+    fs.writeFileSync(outputPath, JSON.stringify(sarif));
+}
+exports.fixInvalidNotificationsInFile = fixInvalidNotificationsInFile;
+function wrapError(error) {
+    return error instanceof Error ? error : new Error(String(error));
+}
+exports.wrapError = wrapError;
 //# sourceMappingURL=util.js.map
--- a/lib/util.js.map
+++ b/lib/util.js.map
--- a/lib/util.test.js
+++ b/lib/util.test.js
@@ -363,7 +363,11 @@ const stubLocation = {
    const messages = [];
    const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages));
    t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
-    t.is(messages.length, 0);
+    t.is(messages.length, 1);
+    t.deepEqual(messages[0], {
+        type: "debug",
+        message: "No duplicate locations found in SARIF notification objects.",
+    });
 });
 (0, ava_1.default)("fixInvalidNotifications removes duplicate locations", (t) => {
    const messages = [];
--- a/lib/util.test.js.map
+++ b/lib/util.test.js.map
--- a/lib/workflow.js
+++ b/lib/workflow.js
@@ -22,10 +22,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
    __setModuleDefault(result, mod);
    return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCheckoutPathInputOrThrow = exports.getUploadInputOrThrow = exports.getCategoryInputOrThrow = exports.getWorkflowRunID = exports.getWorkflowPath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
+exports.getCheckoutPathInputOrThrow = exports.getUploadInputOrThrow = exports.getCategoryInputOrThrow = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getWorkflowRelativePath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
@@ -84,8 +88,6 @@ function toCodedErrors(errors) {
 exports.WorkflowErrors = toCodedErrors({
    MismatchedBranches: `Please make sure that every branch in on.pull_request is also in on.push so that Code Scanning can compare pull requests against the state of the base branch.`,
    MissingPushHook: `Please specify an on.push hook so that Code Scanning can compare pull requests against the state of the base branch.`,
-    PathsSpecified: `Using on.push.paths can prevent Code Scanning annotating new alerts in your pull requests.`,
-    PathsIgnoreSpecified: `Using on.push.paths-ignore can prevent Code Scanning annotating new alerts in your pull requests.`,
    CheckoutWrongHead: `git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.`,
 });
 function getWorkflowErrors(doc) {
@@ -130,19 +132,6 @@ function getWorkflowErrors(doc) {
        if (!hasPush && hasPullRequest) {
            missingPush = true;
        }
-        if (hasPush && hasPullRequest) {
-            const paths = doc.on.push?.paths;
-            // if you specify paths or paths-ignore you can end up with commits that have no baseline
-            // if they didn't change any files
-            // currently we cannot go back through the history and find the most recent baseline
-            if (Array.isArray(paths) && paths.length > 0) {
-                errors.push(exports.WorkflowErrors.PathsSpecified);
-            }
-            const pathsIgnore = doc.on.push?.["paths-ignore"];
-            if (Array.isArray(pathsIgnore) && pathsIgnore.length > 0) {
-                errors.push(exports.WorkflowErrors.PathsIgnoreSpecified);
-            }
-        }
        // if doc.on.pull_request is null that means 'all branches'
        // if doc.on.pull_request is undefined that means 'off'
        // we only want to check for mismatched branches if pull_request is on.
@@ -172,10 +161,10 @@ function getWorkflowErrors(doc) {
    return errors;
 }
 exports.getWorkflowErrors = getWorkflowErrors;
-async function validateWorkflow() {
+async function validateWorkflow(logger) {
    let workflow;
    try {
-        workflow = await getWorkflow();
+        workflow = await getWorkflow(logger);
    }
    catch (e) {
        return `error: getWorkflow() failed: ${String(e)}`;
@@ -213,25 +202,37 @@ function formatWorkflowCause(errors) {
    return errors.map((e) => e.code).join(",");
 }
 exports.formatWorkflowCause = formatWorkflowCause;
-async function getWorkflow() {
-    const relativePath = await getWorkflowPath();
-    const absolutePath = path.join((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), relativePath);
-    try {
-        return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
-    }
-    catch (e) {
-        if (e instanceof Error && e["code"] === "ENOENT") {
-            throw new Error(`Unable to load code scanning workflow from ${absolutePath}. This can happen if the currently ` +
-                "running workflow checks out a branch that doesn't contain the corresponding workflow file.");
-        }
-        throw e;
+async function getWorkflow(logger) {
+    // In default setup, the currently executing workflow is not checked into the repository.
+    // Instead, a gzipped then base64 encoded version of the workflow file is provided via the
+    // `CODE_SCANNING_WORKFLOW_FILE` environment variable.
+    const maybeWorkflow = process.env["CODE_SCANNING_WORKFLOW_FILE"];
+    if (maybeWorkflow) {
+        logger.debug("Using the workflow specified by the CODE_SCANNING_WORKFLOW_FILE environment variable.");
+        return yaml.load(zlib_1.default.gunzipSync(Buffer.from(maybeWorkflow, "base64")).toString());
    }
+    const workflowPath = await getWorkflowAbsolutePath(logger);
+    return yaml.load(fs.readFileSync(workflowPath, "utf-8"));
 }
 exports.getWorkflow = getWorkflow;
 /**
- * Get the path of the currently executing workflow.
+ * Get the absolute path of the currently executing workflow.
 */
-async function getWorkflowPath() {
+async function getWorkflowAbsolutePath(logger) {
+    const relativePath = await getWorkflowRelativePath();
+    const absolutePath = path.join((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), relativePath);
+    if (fs.existsSync(absolutePath)) {
+        logger.debug(`Derived the following absolute path for the currently executing workflow: ${absolutePath}.`);
+        return absolutePath;
+    }
+    throw new Error(`Expected to find a code scanning workflow file at ${absolutePath}, but no such file existed. ` +
+        "This can happen if the currently running workflow checks out a branch that doesn't contain " +
+        "the corresponding workflow file.");
+}
+/**
+ * Get the path of the currently executing workflow relative to the repository root.
+ */
+async function getWorkflowRelativePath() {
    const repo_nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY").split("/");
    const owner = repo_nwo[0];
    const repo = repo_nwo[1];
@@ -246,18 +247,37 @@ async function getWorkflowPath() {
    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
    return workflowResponse.data.path;
 }
-exports.getWorkflowPath = getWorkflowPath;
+exports.getWorkflowRelativePath = getWorkflowRelativePath;
 /**
 * Get the workflow run ID.
 */
 function getWorkflowRunID() {
-    const workflowRunID = parseInt((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"), 10);
+    const workflowRunIdString = (0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID");
+    const workflowRunID = parseInt(workflowRunIdString, 10);
    if (Number.isNaN(workflowRunID)) {
-        throw new Error("GITHUB_RUN_ID must define a non NaN workflow run ID");
+        throw new Error(`GITHUB_RUN_ID must define a non NaN workflow run ID. Current value is ${workflowRunIdString}`);
+    }
+    if (workflowRunID < 0) {
+        throw new Error(`GITHUB_RUN_ID must be a non-negative integer. Current value is ${workflowRunIdString}`);
    }
    return workflowRunID;
 }
 exports.getWorkflowRunID = getWorkflowRunID;
+/**
+ * Get the workflow run attempt number.
+ */
+function getWorkflowRunAttempt() {
+    const workflowRunAttemptString = (0, util_1.getRequiredEnvParam)("GITHUB_RUN_ATTEMPT");
+    const workflowRunAttempt = parseInt(workflowRunAttemptString, 10);
+    if (Number.isNaN(workflowRunAttempt)) {
+        throw new Error(`GITHUB_RUN_ATTEMPT must define a non NaN workflow run attempt. Current value is ${workflowRunAttemptString}`);
+    }
+    if (workflowRunAttempt <= 0) {
+        throw new Error(`GITHUB_RUN_ATTEMPT must be a positive integer. Current value is ${workflowRunAttemptString}`);
+    }
+    return workflowRunAttempt;
+}
+exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
 function getStepsCallingAction(job, actionName) {
    if (job.uses) {
        throw new Error(`Could not get steps calling ${actionName} since the job calls a reusable workflow.`);
--- a/lib/workflow.js.map
+++ b/lib/workflow.js.map
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Angela P Wen	f3feb00acb	Merge pull request #1662 from github/update-v2.3.2-8b12d99ee Merge main into releases/v2	2023-04-27 11:49:50 -07:00
github-actions[bot]	1c9e206df3	Update changelog for v2.3.2	2023-04-27 18:18:58 +00:00
Angela P Wen	8b12d99ee5	Fix bug where run attempt was reported as run ID (#1661 )	2023-04-27 18:05:34 +00:00
Angela P Wen	dcf71cf79b	Merge pull request #1660 from github/mergeback/v2.3.1-to-main-8662eabe Mergeback v2.3.1 refs/heads/releases/v2 into main	2023-04-26 14:15:40 -07:00
github-actions[bot]	194450bdd6	Update checked-in dependencies	2023-04-26 20:48:31 +00:00
github-actions[bot]	e78ef455a8	Update changelog and version after v2.3.1	2023-04-26 20:44:18 +00:00
Angela P Wen	8662eabe0e	Merge pull request #1659 from github/update-v2.3.1-da583b07a * Update changelog and version after v2.3.0 * Update checked-in dependencies * Throw full error for CLI bundle download (#1657) * Add `workload_run_attempt` to analysis upload (#1658) * Refactor status report upload logic Previously we had duplicated the logic to check `GITHUB_RUN_ID`. We now call the `getWorkflowRunID()` method for the status report upload method, and move the logic for the run attempt to `getWorkflowRunAttempt()` * Add `workflow_run_attempt` to analysis payload * Stop allowing `undefined` run IDs and attempts Because we already throw an error if the ID or attempt aren't numbers, we don't have to allow `undefined` values into the payload. * Update changelog for v2.3.1 --------- Co-authored-by: github-actions[bot] <github-actions@github.com> Co-authored-by: Chuan-kai Lin <cklin@github.com> Co-authored-by: Angela P Wen <angelapwen@github.com>	2023-04-26 13:42:37 -07:00
github-actions[bot]	1f2f707d99	Update changelog for v2.3.1	2023-04-26 20:16:15 +00:00
Angela P Wen	da583b07a7	Add `workload_run_attempt` to analysis upload (#1658 ) * Refactor status report upload logic Previously we had duplicated the logic to check `GITHUB_RUN_ID`. We now call the `getWorkflowRunID()` method for the status report upload method, and move the logic for the run attempt to `getWorkflowRunAttempt()` * Add `workflow_run_attempt` to analysis payload * Stop allowing `undefined` run IDs and attempts Because we already throw an error if the ID or attempt aren't numbers, we don't have to allow `undefined` values into the payload.	2023-04-26 02:13:27 +00:00
Angela P Wen	a9648ea7c6	Throw full error for CLI bundle download (#1657 )	2023-04-24 07:46:45 -07:00
Chuan-kai Lin	c5f3f016ae	Merge pull request #1656 from github/mergeback/v2.3.0-to-main-b2c19fb9 Mergeback v2.3.0 refs/heads/releases/v2 into main	2023-04-21 12:43:38 -07:00
github-actions[bot]	90f053271e	Update checked-in dependencies	2023-04-21 19:12:19 +00:00
github-actions[bot]	0f085f964c	Update changelog and version after v2.3.0	2023-04-21 19:09:10 +00:00
Chuan-kai Lin	b2c19fb9a2	Merge pull request #1655 from github/update-v2.3.0-a8affb063 Merge main into releases/v2	2023-04-21 12:07:18 -07:00
github-actions[bot]	b203f98343	Update changelog for v2.3.0	2023-04-21 18:24:50 +00:00
Chuan-kai Lin	a8affb0639	Merge pull request #1649 from github/cklin/codeql-cli-2.13.0 Update default CodeQL bundle version to 2.13.0	2023-04-20 07:39:38 -07:00
Henry Mercer	b8cc643a23	Merge branch 'main' into cklin/codeql-cli-2.13.0	2023-04-20 11:23:25 +01:00
Henry Mercer	7019a9c6fd	Merge pull request #1618 from github/henrymercer/remove-legacy-tracing Remove legacy tracing	2023-04-20 11:22:32 +01:00
Henry Mercer	66f62df188	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-19 15:56:42 +01:00
Henry Mercer	afdf30f311	Merge pull request #1652 from github/henrymercer/fix-bundle-version Fix the `bundleVersion` field set by the automated bundle update PR	2023-04-18 21:04:26 +01:00
Henry Mercer	55a2e70992	Autoformat `index.ts`	2023-04-18 18:59:36 +01:00
Henry Mercer	1c2f282107	Fix bundle version It's the whole tag, we don't want to remove the `codeql-bundle-` prefix.	2023-04-18 18:59:09 +01:00
dependabot[bot]	9a866ed452	Bump swift-actions/setup-swift in /.github/actions/setup-swift (#1650 ) Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 1.22.0 to 1.23.0. - [Release notes](https://github.com/swift-actions/setup-swift/releases) - [Commits](`da0e3e04b5...65540b95f5`) --- updated-dependencies: - dependency-name: swift-actions/setup-swift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-17 19:16:10 +00:00
Chuan-kai Lin	7867d03591	Update default CodeQL bundle version to 2.13.0	2023-04-14 15:28:21 -07:00
Chuan-kai Lin	be2b53b5c7	Merge pull request #1648 from github/cklin/update-bundle-trigger Fix pre-release trigger for update-bundle action	2023-04-14 15:11:42 -07:00
Chuan-kai Lin	ae24b75fca	Fix pre-release trigger for update-bundle action This PR switches the update-bundle release trigger from `prereleased` to `published` because the former has been documented not to work. From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release: > Note: The prereleased type will not trigger for pre-releases published from draft releases, but the published type will trigger. If you want a workflow to run when stable and pre-releases publish, subscribe to published instead of released and prereleased.	2023-04-14 14:50:37 -07:00
Henry Mercer	dc046388f3	Merge pull request #1647 from github/mergeback/v2.2.12-to-main-7df0ce34 Mergeback v2.2.12 refs/heads/releases/v2 into main	2023-04-13 17:23:16 +01:00
github-actions[bot]	b4fa971e40	Update checked-in dependencies	2023-04-13 15:50:19 +00:00
github-actions[bot]	7879209bb2	Update changelog and version after v2.2.12	2023-04-13 14:03:50 +00:00
Henry Mercer	7df0ce3489	Merge pull request #1646 from github/update-v2.2.12-d944b3423 Merge main into releases/v2	2023-04-13 15:01:19 +01:00
github-actions[bot]	fbedecac34	Update changelog for v2.2.12	2023-04-13 11:35:13 +00:00
Henry Mercer	d944b3423d	Merge pull request #1619 from github/henrymercer/default-setup-workflow Allow workflow to be passed via an environment variable for default setup	2023-04-13 10:17:54 +01:00
Henry Mercer	e3210d8ce3	Add changelog note	2023-04-12 19:18:17 +01:00
Henry Mercer	599f4927f2	Allow passing the workflow via an environment variable	2023-04-12 14:14:43 +01:00
Henry Mercer	ed6c4995fc	Merge pull request #1645 from github/henrymercer/remove-dependencies Remove unused dependencies	2023-04-11 16:27:15 +01:00
Henry Mercer	c2b5d643fd	Require xml2js `>=0.5.0` to address CVE-2023-0842	2023-04-11 13:33:36 +01:00
Henry Mercer	8a093aa1a5	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-11 12:25:45 +01:00
Henry Mercer	9c13316a15	Remove unused dependencies	2023-04-11 12:17:38 +01:00
Angela P Wen	98f7bbd610	Add `workflow_run_attempt` data to status report (#1640 )	2023-04-10 20:02:23 +00:00
dependabot[bot]	d7b9dcdb85	Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1643 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`38e0b6e68b...5b4a9f6a9e`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-10 11:27:05 -07:00
Henry Mercer	988e1bc941	Merge pull request #1639 from github/mergeback/v2.2.11-to-main-d186a2a3 Mergeback v2.2.11 refs/heads/releases/v2 into main	2023-04-06 19:20:52 +01:00
github-actions[bot]	e12fed6a79	Update checked-in dependencies	2023-04-06 17:58:48 +00:00
github-actions[bot]	ca89579b06	Update changelog and version after v2.2.11	2023-04-06 17:31:29 +00:00
Henry Mercer	d186a2a36c	Merge pull request #1638 from github/update-v2.2.11-518b24fea Merge main into releases/v2	2023-04-06 18:29:23 +01:00
github-actions[bot]	748f83eaab	Update changelog for v2.2.11	2023-04-06 17:08:10 +00:00
Henry Mercer	518b24fea4	Merge pull request #1637 from github/henrymercer/fix-init-exception-reporting Report exceptions to telemetry in init Action	2023-04-06 17:57:29 +01:00
Henry Mercer	69371ffa95	Merge branch 'main' into henrymercer/fix-init-exception-reporting	2023-04-06 17:05:02 +01:00
Henry Mercer	e5c2f32a9f	Consistently wrap errors	2023-04-06 17:04:21 +01:00
Henry Mercer	c28edf06a1	Merge pull request #1636 from github/henrymercer/re-enable-duplicate-sarif-workaround Re-enable duplicate SARIF notification location workaround	2023-04-06 16:45:06 +01:00
Henry Mercer	555b602b2f	Report exceptions to telemetry in init Action	2023-04-06 15:08:48 +01:00
Henry Mercer	7193623f40	Re-enable duplicate SARIF notification location workaround	2023-04-06 14:48:04 +01:00
Henry Mercer	2058418de9	Don't expect Swift baseline info on Windows	2023-04-05 20:41:23 +01:00
Henry Mercer	5da64f56c0	Set up Swift in unset environment workflow	2023-04-05 20:27:02 +01:00
Henry Mercer	322cea6439	Set up Swift in local bundle workflow	2023-04-05 19:31:20 +01:00
Henry Mercer	f7a67e4341	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-05 18:39:27 +01:00
Alexander Eyers-Taylor	f32426ba96	Merge pull request #1635 from github/mergeback/v2.2.10-to-main-8c8d71dd Mergeback v2.2.10 refs/heads/releases/v2 into main	2023-04-05 18:13:33 +01:00
github-actions[bot]	173a94ca3f	Update checked-in dependencies	2023-04-05 16:53:56 +00:00
github-actions[bot]	8efbd5b301	Update changelog and version after v2.2.10	2023-04-05 16:15:52 +00:00
Alexander Eyers-Taylor	8c8d71dde4	Merge pull request #1634 from github/update-v2.2.10-66aeadb4c Merge main into releases/v2	2023-04-05 17:13:56 +01:00
github-actions[bot]	d53297ef61	Update changelog for v2.2.10	2023-04-05 15:35:01 +00:00
Henry Mercer	66aeadb4c9	Merge pull request #1631 from github/henrymercer/duplicate-diagnostics-fixed-in-cli Skip the SARIF notification object workaround for CLIs that have fixed this bug	2023-04-05 10:46:12 +01:00
Andrew Eisenberg	fa7cce4d4b	Merge pull request #1632 from github/aeisenberg/codeql-testing-org Move to the codeql-testing org	2023-04-04 14:38:19 -07:00
Andrew Eisenberg	2754e10472	Move to the codeql-testing org Refer to the packages in codeql-testing, not in dsp-testing.	2023-04-04 13:39:56 -07:00
Henry Mercer	3bba073180	Skip the SARIF notification object workaround for fixed CLIs	2023-04-04 18:19:05 +01:00
Alexander Eyers-Taylor	ae0109a777	Merge pull request #1629 from github/alexet/update-2.12.6-2 Update default CodeQL bundle version to 2.12.6	2023-04-04 16:32:13 +01:00
Alexander Eyers-Taylor	9c869ebf0d	Update default CodeQL bundle version to 2.12.6	2023-04-04 16:01:04 +01:00
Henry Mercer	f0a422fa27	Merge pull request #1630 from github/henrymercer/automate-bundle-upgrade Automate the bundle upgrade	2023-04-03 20:07:03 +01:00
Henry Mercer	98173be3f0	Add a comment about `lib/defaults.json`	2023-04-03 19:39:22 +01:00
Henry Mercer	f6091a09eb	Use `tee` when setting env vars to improve debugging	2023-04-03 19:34:20 +01:00
Henry Mercer	a86046f817	Explain CLI version marker files	2023-04-03 19:32:03 +01:00
Henry Mercer	33f30874a7	Format `.github/actions/update-bundle/index.ts`	2023-04-03 19:30:07 +01:00
Henry Mercer	1c0a788663	Add workflow to automatically update the bundle	2023-04-03 19:10:01 +01:00
Henry Mercer	e85546ccca	Move internal Actions into `.github/actions` This is a more standard location for these custom Actions.	2023-04-03 18:29:29 +01:00
Henry Mercer	bb28e7e59e	Merge pull request #1626 from github/henrymercer/diagnostics-ghes Enable diagnostics functionality on GHES	2023-03-30 10:22:39 +01:00
Henry Mercer	69aec345f1	Pass negative SARIF include diagnostics flag when feature is disabled In preparation for enabling this flag by default in the CLI	2023-03-29 18:56:19 +01:00
Henry Mercer	29a4713933	Enable diagnostics functionality on GHES	2023-03-29 18:45:27 +01:00
Henry Mercer	d838bacfbe	Simplify matrix	2023-03-29 15:48:13 +01:00
Robin Neatherway	dc81ae3368	Merge pull request #1625 from github/rneatherway/rm-old-checks Remove checks for triggering on specific paths	2023-03-29 13:28:57 +01:00
Henry Mercer	72d018e267	Improve serialization of Swift environment variable if expression	2023-03-29 13:15:59 +01:00
Henry Mercer	9975b733f4	Fix bundle version comments	2023-03-29 13:03:45 +01:00
Henry Mercer	6cd5121600	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-03-29 13:03:14 +01:00
Robin Neatherway	f6e4cff38a	Remove checks for triggering on specific paths These are no longer necessary with the new approach to selecting alerts to show on pull requests.	2023-03-29 11:02:16 +02:00
Henry Mercer	fff3a80b5b	Merge pull request #1620 from github/henrymercer/disable-flaky-check Disable flaky Swift autobuild checks	2023-03-28 21:01:11 +01:00
Henry Mercer	ff39eb8d6a	Disable flaky Swift autobuild checks	2023-03-28 20:40:23 +01:00
Henry Mercer	6ef37003ca	Update CodeQL releases used in PR checks	2023-03-28 20:07:09 +01:00
Henry Mercer	d13d683355	Bump minor version number and add changelog note	2023-03-28 18:53:47 +01:00
Henry Mercer	d8fe76e161	Delete legacy tracing	2023-03-28 18:53:43 +01:00
Henry Mercer	4772c1d99f	Bump minimum version to 2.8.5	2023-03-28 17:24:45 +01:00
Andrew Eisenberg	f9c159f4fd	Merge pull request #1613 from github/aeisenberg/codeql-testing Use new location for external queries	2023-03-27 17:35:01 -07:00
Andrew Eisenberg	0af0653ef4	Use new location for external queries They have moved from `dsp-testing` to `codeql-testing`.	2023-03-27 16:11:45 -07:00
Henry Mercer	bc0ed6a6c3	Merge pull request #1610 from github/henrymercer/diagnostics-workaround-improvements Follow-up improvements to the diagnostics workaround	2023-03-27 17:12:07 +01:00
Henry Mercer	b0e191ecbc	Merge pull request #1609 from github/mergeback/v2.2.9-to-main-04df1262 Mergeback v2.2.9 refs/heads/releases/v2 into main	2023-03-27 16:42:07 +01:00
Henry Mercer	57eca7cbb2	Use `Array.isArray`	2023-03-27 15:59:29 +01:00
Henry Mercer	1e7a38893c	Wrap reading and writing SARIF files	2023-03-27 15:44:47 +01:00
github-actions[bot]	2deae45400	Update checked-in dependencies	2023-03-27 14:03:17 +00:00
github-actions[bot]	32daed70e7	Update changelog and version after v2.2.9	2023-03-27 13:41:15 +00:00