Merge pull request #2102 from github/backport-v2.23.2-b7bf0a3ed

Merge releases/v3 into releases/v2

CHANGELOG.md

@@ -8,6 +8,11 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
 
 No user facing changes.
 
+## 2.23.2 - 26 Jan 2024
+
+- On Linux, the maximum possible value for the `--threads` option now respects the CPU count as specified in `cgroup` files to more accurately reflect the number of available cores when running in containers. [#2083](https://github.com/github/codeql-action/pull/2083)
+- Update default CodeQL bundle version to 2.16.1. [#2096](https://github.com/github/codeql-action/pull/2096)
+
 ## 2.23.1 - 17 Jan 2024
 
 - Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)

lib/analyze-action.js

@@ -158,6 +158,7 @@ async function run() {
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
         // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps

lib/autobuild-action.js

@@ -53,6 +53,7 @@ async function run() {
         }
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
         const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAKgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.16.0",
-    "cliVersion": "2.16.0",
-    "priorBundleVersion": "codeql-bundle-v2.15.5",
-    "priorCliVersion": "2.15.5"
+    "bundleVersion": "codeql-bundle-v2.16.1",
+    "cliVersion": "2.16.1",
+    "priorBundleVersion": "codeql-bundle-v2.16.0",
+    "priorCliVersion": "2.16.0"
 }

lib/environment.js

@@ -1,6 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.EnvVar = void 0;
+/**
+ * Environment variables used by the CodeQL Action.
+ *
+ * We recommend prefixing environment variables with `CODEQL_ACTION_`
+ * to reduce the risk that they are overwritten by other steps.
+ */
 var EnvVar;
 (function (EnvVar) {
     /** Whether the `analyze` Action completes successfully. */
@@ -30,6 +36,8 @@ var EnvVar;
     EnvVar["HAS_WARNED_ABOUT_DISK_SPACE"] = "CODEQL_ACTION_HAS_WARNED_ABOUT_DISK_SPACE";
     /** UUID representing the current job run. */
     EnvVar["JOB_RUN_UUID"] = "JOB_RUN_UUID";
+    /** Status for the entire job, submitted to the status report in `init-post` */
+    EnvVar["JOB_STATUS"] = "CODEQL_ACTION_JOB_STATUS";
     EnvVar["ODASA_TRACER_CONFIGURATION"] = "ODASA_TRACER_CONFIGURATION";
     /**
      * What percentage of the total amount of RAM over 8 GB that the Action should reserve for the

lib/environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA,IAAY,MAsEX;AAtED,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EAtEW,MAAM,sBAAN,MAAM,QAsEjB"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MAyEX;AAzED,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EAzEW,MAAM,sBAAN,MAAM,QAyEjB"}

lib/feature-flags.js

@@ -48,8 +48,8 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
  */
 var Feature;
 (function (Feature) {
-    Feature["CodeqlJavaLombokEnabled"] = "codeql_java_lombok_enabled";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
+    Feature["CppTrapCachingEnabled"] = "cpp_trap_caching_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
     Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
     Feature["PythonDefaultIsToSkipDependencyInstallationEnabled"] = "python_default_is_to_skip_dependency_installation_enabled";
@@ -58,16 +58,16 @@ var Feature;
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
-    [Feature.CodeqlJavaLombokEnabled]: {
-        envVar: "CODEQL_JAVA_LOMBOK",
-        minimumVersion: "2.14.0",
-        defaultValue: false,
-    },
     [Feature.CppDependencyInstallation]: {
         envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
         minimumVersion: "2.15.0",
         defaultValue: false,
     },
+    [Feature.CppTrapCachingEnabled]: {
+        envVar: "CODEQL_CPP_TRAP_CACHING",
+        minimumVersion: "2.16.1",
+        defaultValue: false,
+    },
     [Feature.DisableKotlinAnalysisEnabled]: {
         envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
         minimumVersion: undefined,

lib/init-action-post-helper.js

@@ -23,7 +23,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = exports.tryUploadSarifIfRunFailed = void 0;
+exports.getFinalJobStatus = exports.run = exports.tryUploadSarifIfRunFailed = void 0;
+const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
 const actionsUtil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
@@ -32,6 +33,7 @@ const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const repository_1 = require("./repository");
+const status_report_1 = require("./status-report");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -81,6 +83,12 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
 }
 async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
     if (process.env[environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
+        // If analyze didn't complete successfully and the job status hasn't
+        // already been set to Failure/ConfigurationError previously, this
+        // means that something along the way failed in a step that is not
+        // owned by the Action, for example a manual build step. We
+        // consider this a configuration error.
+        core.exportVariable(environment_1.EnvVar.JOB_STATUS, process.env[environment_1.EnvVar.JOB_STATUS] ?? status_report_1.JobStatus.ConfigurationError);
         try {
             return await maybeUploadFailedSarif(config, repositoryNwo, features, logger);
         }
@@ -90,6 +98,7 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger
         }
     }
     else {
+        core.exportVariable(environment_1.EnvVar.JOB_STATUS, process.env[environment_1.EnvVar.JOB_STATUS] ?? status_report_1.JobStatus.Success);
         return {
             upload_failed_run_skipped_because: "Analyze Action completed successfully",
         };
@@ -185,4 +194,19 @@ async function removeUploadedSarif(uploadFailedSarifResult, logger) {
         logger.warning("Could not delete the uploaded SARIF analysis because a SARIF ID wasn't provided by the API when uploading the SARIF file.");
     }
 }
+/**
+ * Returns the final job status sent in the `init-post` Action, based on the
+ * current value of the JOB_STATUS environment variable. If the variable is
+ * unset, or if its value is not one of the JobStatus enum values, returns
+ * Unknown. Otherwise it returns the status set in the environment variable.
+ */
+function getFinalJobStatus() {
+    const jobStatusFromEnvironment = process.env[environment_1.EnvVar.JOB_STATUS];
+    if (!jobStatusFromEnvironment ||
+        !Object.values(status_report_1.JobStatus).includes(jobStatusFromEnvironment)) {
+        return status_report_1.JobStatus.Unknown;
+    }
+    return jobStatusFromEnvironment;
+}
+exports.getFinalJobStatus = getFinalJobStatus;
 //# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post.js

@@ -59,6 +59,7 @@ async function runWrapper() {
     const statusReport = {
         ...statusReportBase,
         ...uploadFailedSarifResult,
+        job_status: initActionPostHelper.getFinalJobStatus(),
     };
     await (0, status_report_1.sendStatusReport)(statusReport);
 }

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,iCAKgB;AAMhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;KAC3B,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;IACD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAAyB;QACzC,GAAG,gBAAgB;QACnB,GAAG,uBAAuB;QAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;KACrD,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/init-action.js

@@ -117,6 +117,7 @@ async function run() {
     };
     const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
     (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+    (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
     const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
     const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
     core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, (0, uuid_1.v4)());
@@ -230,17 +231,31 @@ async function run() {
             !(await (0, util_1.codeQlVersionAbove)(codeql, "2.14.4"))) {
             core.exportVariable(kotlinLimitVar, "1.9.20");
         }
-        if (config.languages.includes(languages_1.Language.java)) {
+        if (config.languages.includes(languages_1.Language.java) &&
+            // Java Lombok support is enabled by default for >= 2.14.4
+            (await (0, util_1.codeQlVersionAbove)(codeql, "2.14.0")) &&
+            !(await (0, util_1.codeQlVersionAbove)(codeql, "2.14.4"))) {
             const envVar = "CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS";
             if (process.env[envVar]) {
                 logger.info(`Environment variable ${envVar} already set. Not en/disabling CodeQL Java Lombok support`);
             }
-            else if (await features.getValue(feature_flags_1.Feature.CodeqlJavaLombokEnabled, codeql)) {
+            else {
                 logger.info("Enabling CodeQL Java Lombok support");
                 core.exportVariable(envVar, "true");
             }
+        }
+        if (config.languages.includes(languages_1.Language.cpp)) {
+            const envVar = "CODEQL_EXTRACTOR_CPP_TRAP_CACHING";
+            if (process.env[envVar]) {
+                logger.info(`Environment variable ${envVar} already set. Not en/disabling CodeQL C++ TRAP caching support`);
+            }
+            else if (getTrapCachingEnabled() &&
+                (await features.getValue(feature_flags_1.Feature.CppTrapCachingEnabled, codeql))) {
+                logger.info("Enabling CodeQL C++ TRAP caching support");
+                core.exportVariable(envVar, "true");
+            }
             else {
-                logger.info("Disabling CodeQL Java Lombok support");
+                logger.info("Disabling CodeQL C++ TRAP caching support");
                 core.exportVariable(envVar, "false");
             }
         }

lib/resolve-environment-action.js

@@ -43,6 +43,7 @@ async function run() {
         }
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
         const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");

lib/resolve-environment-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolve-environment-action.js","sourceRoot":"","sources":["../src/resolve-environment-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,qCAAkD;AAClD,4DAA8C;AAC9C,uCAA6C;AAC7C,+DAAmE;AACnE,mDAIyB;AACzB,iCAKgB;AAEhB,MAAM,WAAW,GAAG,qBAAqB,CAAC;AAC1C,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,gDAA0B,EAC7C,MAAM,CAAC,SAAS,EAChB,MAAM,EACN,gBAAgB,EAChB,IAAA,+BAAgB,EAAC,UAAU,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAExC,IAAI,KAAK,YAAY,+BAAsB,EAAE,CAAC;YAC5C,6DAA6D;YAC7D,qEAAqE;YACrE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,kFAAkF;YAClF,IAAI,CAAC,SAAS,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;YAEF,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACJ,CAAC;QAED,OAAO;IACT,CAAC;IAED,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,GAAG,WAAW,mBAAmB,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,IAAA,sBAAe,GAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"resolve-environment-action.js","sourceRoot":"","sources":["../src/resolve-environment-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAKwB;AACxB,6CAAgD;AAChD,qCAAkD;AAClD,4DAA8C;AAC9C,uCAA6C;AAC7C,+DAAmE;AACnE,mDAIyB;AACzB,iCAMgB;AAEhB,MAAM,WAAW,GAAG,qBAAqB,CAAC;AAC1C,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,gDAA0B,EAC7C,MAAM,CAAC,SAAS,EAChB,MAAM,EACN,gBAAgB,EAChB,IAAA,+BAAgB,EAAC,UAAU,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAExC,IAAI,KAAK,YAAY,+BAAsB,EAAE,CAAC;YAC5C,6DAA6D;YAC7D,qEAAqE;YACrE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,kFAAkF;YAClF,IAAI,CAAC,SAAS,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;YAEF,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACJ,CAAC;QAED,OAAO;IACT,CAAC;IAED,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,GAAG,WAAW,mBAAmB,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,IAAA,sBAAe,GAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/status-report.js

@@ -23,13 +23,21 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = void 0;
+exports.sendStatusReport = exports.createStatusReportBase = exports.getActionsStatus = exports.JobStatus = void 0;
 const os = __importStar(require("os"));
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const environment_1 = require("./environment");
 const util_1 = require("./util");
+/** Overall status of the entire job. String values match the Hydro schema. */
+var JobStatus;
+(function (JobStatus) {
+    JobStatus["Unknown"] = "JOB_STATUS_UNKNOWN";
+    JobStatus["Success"] = "JOB_STATUS_SUCCESS";
+    JobStatus["Failure"] = "JOB_STATUS_FAILURE";
+    JobStatus["ConfigurationError"] = "JOB_STATUS_CONFIGURATION_ERROR";
+})(JobStatus || (exports.JobStatus = JobStatus = {}));
 function getActionsStatus(error, otherFailureCause) {
     if (error || otherFailureCause) {
         return error instanceof util_1.UserError ? "user-error" : "failure";
@@ -39,6 +47,19 @@ function getActionsStatus(error, otherFailureCause) {
     }
 }
 exports.getActionsStatus = getActionsStatus;
+/**
+ * Sets the overall job status environment variable to configuration error
+ * or failure, unless it's already been set to one of these values in a
+ * previous step.
+ */
+function setJobStatusIfUnsuccessful(actionStatus) {
+    if (actionStatus === "user-error") {
+        core.exportVariable(environment_1.EnvVar.JOB_STATUS, process.env[environment_1.EnvVar.JOB_STATUS] ?? JobStatus.ConfigurationError);
+    }
+    else if (actionStatus === "failure" || actionStatus === "aborted") {
+        core.exportVariable(environment_1.EnvVar.JOB_STATUS, process.env[environment_1.EnvVar.JOB_STATUS] ?? JobStatus.Failure);
+    }
+}
 /**
  * Compose a StatusReport.
  *
@@ -141,6 +162,7 @@ const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code sc
  * Returns whether sending the status report was successful of not.
  */
 async function sendStatusReport(statusReport) {
+    setJobStatusIfUnsuccessful(statusReport.status);
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug(`Sending status report: ${statusReportJSON}`);
     // If in test mode we don't want to upload the results

lib/upload-sarif-action.js

@@ -26,6 +26,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const status_report_1 = require("./status-report");
@@ -43,6 +44,8 @@ async function run() {
     const startedAt = new Date();
     const logger = (0, logging_1.getActionsLogger)();
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
+    const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+    (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
     if (!(await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)("upload-sarif", "starting", startedAt, await (0, util_1.checkDiskUsage)())))) {
         return;
     }

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,yDAA2C;AAC3C,iCAMgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,cAAc,EACd,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAC1C,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,cAAc,EACd,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CACF,CAAC,EACF,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,MAAM,EACN,EAAE,+BAA+B,EAAE,IAAI,EAAE,CAC1C,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,cAAc,EACd,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAkD;AAClD,6CAAgD;AAChD,uCAA6C;AAC7C,6CAAkD;AAClD,mDAKyB;AACzB,yDAA2C;AAC3C,iCAOgB;AAMhB,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,cAAc,EACd,SAAS,EACT,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;IAEtD,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,cAAc,EACd,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,CACvB,CACF,CAAC,EACF,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,MAAM,EACN,EAAE,+BAA+B,EAAE,IAAI,EAAE,CAC1C,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE,CAAC;YACnB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE,CAAC;YAC1E,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;QACJ,CAAC;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,cAAc,EACd,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,IAAA,qBAAc,GAAE,EACtB,OAAO,EACP,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;IACT,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,sCAAsC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/util.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkDiskUsage = exports.prettyPrintPack = exports.getErrorMessage = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.checkActionVersion = exports.checkDiskUsage = exports.prettyPrintPack = exports.getErrorMessage = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -247,7 +247,18 @@ exports.getAddSnippetsFlag = getAddSnippetsFlag;
  */
 function getThreadsFlagValue(userInput, logger) {
     let numThreads;
-    const maxThreads = os.cpus().length;
+    const maxThreadsCandidates = [os.cpus().length];
+    if (os.platform() === "linux") {
+        maxThreadsCandidates.push(...["/sys/fs/cgroup/cpuset.cpus.effective", "/sys/fs/cgroup/cpuset.cpus"]
+            .map((file) => getCgroupCpuCountFromCpus(file, logger))
+            .filter((count) => count !== undefined && count > 0)
+            .map((count) => count));
+        maxThreadsCandidates.push(...["/sys/fs/cgroup/cpu.max"]
+            .map((file) => getCgroupCpuCountFromCpuMax(file, logger))
+            .filter((count) => count !== undefined && count > 0)
+            .map((count) => count));
+    }
+    const maxThreads = Math.min(...maxThreadsCandidates);
     if (userInput) {
         numThreads = Number(userInput);
         if (Number.isNaN(numThreads)) {
@@ -270,6 +281,56 @@ function getThreadsFlagValue(userInput, logger) {
     return numThreads;
 }
 exports.getThreadsFlagValue = getThreadsFlagValue;
+/**
+ * Gets the number of available cores specified by the cgroup cpu.max file at the given path.
+ * Format of file: two values, the limit and the duration (period). If the limit is "max" then
+ * we return undefined and do not use this file to determine CPU limits.
+ */
+function getCgroupCpuCountFromCpuMax(cpuMaxFile, logger) {
+    if (!fs.existsSync(cpuMaxFile)) {
+        logger.debug(`While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.`);
+        return undefined;
+    }
+    const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8");
+    const cpuMaxStringSplit = cpuMaxString.split(" ");
+    if (cpuMaxStringSplit.length !== 2) {
+        logger.debug(`While resolving threads, did not use cgroup CPU file at ${cpuMaxFile} because it contained ${cpuMaxStringSplit.length} value(s) rather than the two expected.`);
+        return undefined;
+    }
+    const cpuLimit = cpuMaxStringSplit[0];
+    if (cpuLimit === "max") {
+        return undefined;
+    }
+    const duration = cpuMaxStringSplit[1];
+    const cpuCount = Math.floor(parseInt(cpuLimit) / parseInt(duration));
+    logger.info(`While resolving threads, found a cgroup CPU file with ${cpuCount} CPUs in ${cpuMaxFile}.`);
+    return cpuCount;
+}
+/**
+ * Gets the number of available cores listed in the cgroup cpuset.cpus file at the given path.
+ */
+function getCgroupCpuCountFromCpus(cpusFile, logger) {
+    if (!fs.existsSync(cpusFile)) {
+        logger.debug(`While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.`);
+        return undefined;
+    }
+    let cpuCount = 0;
+    // Comma-separated numbers and ranges, for eg. 0-1,3
+    const cpusString = fs.readFileSync(cpusFile, "utf-8");
+    for (const token of cpusString.split(",")) {
+        if (!token.includes("-")) {
+            // Not a range
+            ++cpuCount;
+        }
+        else {
+            const cpuStartIndex = parseInt(token.split("-")[0]);
+            const cpuEndIndex = parseInt(token.split("-")[1]);
+            cpuCount += cpuEndIndex - cpuStartIndex + 1;
+        }
+    }
+    logger.info(`While resolving threads, found a cgroup CPUs file with ${cpuCount} CPUs in ${cpusFile}.`);
+    return cpuCount;
+}
 /**
  * Get the codeql `--threads` flag specified for the `threads` input.
  * If no value was specified, all available threads will be used.
@@ -747,4 +808,34 @@ async function checkDiskUsage(logger) {
     };
 }
 exports.checkDiskUsage = checkDiskUsage;
+/**
+ * Prompt the customer to upgrade to CodeQL Action v3, if appropriate.
+ *
+ * Check whether a customer is running v2. If they are, and we can determine that the GitHub
+ * instance supports v3, then log a warning about v2's upcoming deprecation prompting the customer
+ * to upgrade to v3.
+ */
+function checkActionVersion(version, githubVersion) {
+    if (!semver.satisfies(version, ">=3") && // do not warn if the customer is already running v3
+        !process.env.CODEQL_V2_DEPRECATION_WARNING // do not warn if we have already warned
+    ) {
+        // Only log a warning for versions of GHES that are compatible with CodeQL Action version 3.
+        //
+        // GHES 3.11 shipped without the v3 tag, but it also shipped without this warning message code.
+        // Therefore users who are seeing this warning message code have pulled in a new version of the
+        // Action, and with it the v3 tag.
+        if (githubVersion.type === GitHubVariant.DOTCOM ||
+            githubVersion.type === GitHubVariant.GHE_DOTCOM ||
+            (githubVersion.type === GitHubVariant.GHES &&
+                semver.satisfies(semver.coerce(githubVersion.version) ?? "0.0.0", ">=3.11"))) {
+            core.warning("CodeQL Action v2 will be deprecated on December 5th, 2024. " +
+                "Please update all occurrences of the CodeQL Action in your workflow files to v3. " +
+                "For more information, see " +
+                "https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/");
+            // set CODEQL_V2_DEPRECATION_WARNING env var to prevent the warning from being logged multiple times
+            core.exportVariable("CODEQL_V2_DEPRECATION_WARNING", "true");
+        }
+    }
+}
+exports.checkActionVersion = checkActionVersion;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -29,7 +29,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path_1 = __importDefault(require("path"));
+const core = __importStar(require("@actions/core"));
 const ava_1 = __importDefault(require("ava"));
+const sinon = __importStar(require("sinon"));
+const api = __importStar(require("./api-client"));
 const environment_1 = require("./environment");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
@@ -305,4 +308,50 @@ const stubLocation = {
         message: "Removed 1 duplicate locations from SARIF notification objects.",
     });
 });
+function formatGitHubVersion(version) {
+    switch (version.type) {
+        case util.GitHubVariant.DOTCOM:
+            return "dotcom";
+        case util.GitHubVariant.GHE_DOTCOM:
+            return "GHE dotcom";
+        case util.GitHubVariant.GHES:
+            return `GHES ${version.version}`;
+        default:
+            util.assertNever(version);
+    }
+}
+const CHECK_ACTION_VERSION_TESTS = [
+    ["2.2.1", { type: util.GitHubVariant.DOTCOM }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, true],
+    ["3.2.1", { type: util.GitHubVariant.DOTCOM }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false],
+];
+for (const [version, githubVersion, shouldReportWarning,] of CHECK_ACTION_VERSION_TESTS) {
+    const reportWarningDescription = shouldReportWarning
+        ? "reports warning"
+        : "doesn't report warning";
+    const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(githubVersion)}`;
+    (0, ava_1.default)(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
+        const warningSpy = sinon.spy(core, "warning");
+        const versionStub = sinon
+            .stub(api, "getGitHubVersion")
+            .resolves(githubVersion);
+        // call checkActionVersion twice and assert below that warning is reported only once
+        util.checkActionVersion(version, await api.getGitHubVersion());
+        util.checkActionVersion(version, await api.getGitHubVersion());
+        if (shouldReportWarning) {
+            t.true(warningSpy.calledOnceWithExactly(sinon.match("CodeQL Action v2 will be deprecated")));
+        }
+        else {
+            t.false(warningSpy.called);
+        }
+        versionStub.restore();
+    });
+}
 //# sourceMappingURL=util.test.js.map

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.23.1",
+  "version": "2.23.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -957,16 +957,16 @@
       "integrity": "sha512-WUtIVRUZ9i5dYXefDEAI7sh9/O7jGvHg7Df/5O/gtH3Yabe5odI3UWopVR1qbPXQtvOxWu3mM4XxlYeZtMWF4g=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.19.0.tgz",
-      "integrity": "sha512-DUCUkQNklCQYnrBSSikjVChdc84/vMPDQSgJTHBZ64G9bA9w0Crc0rd2diujKbTdp6w2J47qkeHQLoi0rpLCdg==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.19.1.tgz",
+      "integrity": "sha512-roQScUGFruWod9CEyoV5KlCYrubC/fvG8/1zXuT0WTcxX87GnMMmnksMwSg99lo1xiKrBzw2icsJPMAw1OtKxg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.5.1",
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/type-utils": "6.19.0",
-        "@typescript-eslint/utils": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/type-utils": "6.19.1",
+        "@typescript-eslint/utils": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.4",
@@ -992,15 +992,15 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.19.0.tgz",
-      "integrity": "sha512-1DyBLG5SH7PYCd00QlroiW60YJ4rWMuUGa/JBV0iZuqi4l4IK3twKPq5ZkEebmGqRjXWVgsUzfd3+nZveewgow==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.19.1.tgz",
+      "integrity": "sha512-WEfX22ziAh6pRE9jnbkkLGp/4RhTpffr2ZK5bJ18M8mIfA8A+k97U9ZyaXCEJRlmMHh7R9MJZWXp/r73DzINVQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/typescript-estree": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/typescript-estree": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1020,13 +1020,13 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.19.0.tgz",
-      "integrity": "sha512-dO1XMhV2ehBI6QN8Ufi7I10wmUovmLU0Oru3n5LVlM2JuzB4M+dVphCPLkVpKvGij2j/pHBWuJ9piuXx+BhzxQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.19.1.tgz",
+      "integrity": "sha512-4CdXYjKf6/6aKNMSly/BP4iCSOpvMmqtDzRtqFyyAae3z5kkqEjKndR5vDHL8rSuMIIWP8u4Mw4VxLyxZW6D5w==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0"
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1"
       },
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1037,13 +1037,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.19.0.tgz",
-      "integrity": "sha512-mcvS6WSWbjiSxKCwBcXtOM5pRkPQ6kcDds/juxcy/727IQr3xMEcwr/YLHW2A2+Fp5ql6khjbKBzOyjuPqGi/w==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.19.1.tgz",
+      "integrity": "sha512-0vdyld3ecfxJuddDjACUvlAeYNrHP/pDeQk2pWBR2ESeEzQhg52DF53AbI9QCBkYE23lgkhLCZNkHn2hEXXYIg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "6.19.0",
-        "@typescript-eslint/utils": "6.19.0",
+        "@typescript-eslint/typescript-estree": "6.19.1",
+        "@typescript-eslint/utils": "6.19.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.0.1"
       },
@@ -1064,9 +1064,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.19.0.tgz",
-      "integrity": "sha512-lFviGV/vYhOy3m8BJ/nAKoAyNhInTdXpftonhWle66XHAtT1ouBlkjL496b5H5hb8dWXHwtypTqgtb/DEa+j5A==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.19.1.tgz",
+      "integrity": "sha512-6+bk6FEtBhvfYvpHsDgAL3uo4BfvnTnoge5LrrCj2eJN8g3IJdLTD4B/jK3Q6vo4Ql/Hoip9I8aB6fF+6RfDqg==",
       "dev": true,
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1077,13 +1077,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.19.0.tgz",
-      "integrity": "sha512-o/zefXIbbLBZ8YJ51NlkSAt2BamrK6XOmuxSR3hynMIzzyMY33KuJ9vuMdFSXW+H0tVvdF9qBPTHA91HDb4BIQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.19.1.tgz",
+      "integrity": "sha512-aFdAxuhzBFRWhy+H20nYu19+Km+gFfwNO4TEqyszkMcgBDYQjmPJ61erHxuT2ESJXhlhrO7I5EFIlZ+qGR8oVA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -1129,17 +1129,17 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.19.0.tgz",
-      "integrity": "sha512-QR41YXySiuN++/dC9UArYOg4X86OAYP83OWTewpVx5ct1IZhjjgTLocj7QNxGhWoTqknsgpl7L+hGygCO+sdYw==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.19.1.tgz",
+      "integrity": "sha512-JvjfEZuP5WoMqwh9SPAPDSHSg9FBHHGhjPugSRxu5jMfjvBpq5/sGTD+9M9aQ5sh6iJ8AY/Kk/oUYVEMAPwi7w==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
         "@types/json-schema": "^7.0.12",
         "@types/semver": "^7.5.0",
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/typescript-estree": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/typescript-estree": "6.19.1",
         "semver": "^7.5.4"
       },
       "engines": {
@@ -1154,12 +1154,12 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.19.0.tgz",
-      "integrity": "sha512-hZaUCORLgubBvtGpp1JEFEazcuEdfxta9j4iUwdSAr7mEsYYAp3EAUyCZk3VEEqGj6W+AV4uWyrDGtrlawAsgQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.19.1.tgz",
+      "integrity": "sha512-gkdtIO+xSO/SmI0W68DBg4u1KElmIUo3vXzgHyGPs6cxgB0sa3TlptRAAE0hUY1hM6FcDKEv7aIwiTGm76cXfQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
+        "@typescript-eslint/types": "6.19.1",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {

node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-unnecessary-condition.js

@@ -195,7 +195,10 @@ exports.default = (0, util_1.createRule)({
         function checkNodeForNullish(node) {
             const type = (0, util_1.getConstrainedTypeAtLocation)(services, node);
             // Conditional is always necessary if it involves `any`, `unknown` or a naked type parameter
-            if ((0, util_1.isTypeFlagSet)(type, ts.TypeFlags.Any | ts.TypeFlags.Unknown | ts.TypeFlags.TypeParameter)) {
+            if ((0, util_1.isTypeFlagSet)(type, ts.TypeFlags.Any |
+                ts.TypeFlags.Unknown |
+                ts.TypeFlags.TypeParameter |
+                ts.TypeFlags.TypeVariable)) {
                 return;
             }
             let messageId = null;
@@ -260,7 +263,8 @@ exports.default = (0, util_1.createRule)({
                     flag |=
                         ts.TypeFlags.Any |
                             ts.TypeFlags.Unknown |
-                            ts.TypeFlags.TypeParameter;
+                            ts.TypeFlags.TypeParameter |
+                            ts.TypeFlags.TypeVariable;
                     // Allow loose comparison to nullish values.
                     if (node.operator === '==' || node.operator === '!=') {
                         flag |= NULL | UNDEFINED | VOID;

node_modules/@typescript-eslint/eslint-plugin/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/eslint-plugin",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "TypeScript plugin for ESLint",
   "files": [
     "dist",
@@ -57,10 +57,10 @@
   },
   "dependencies": {
     "@eslint-community/regexpp": "^4.5.1",
-    "@typescript-eslint/scope-manager": "6.19.0",
-    "@typescript-eslint/type-utils": "6.19.0",
-    "@typescript-eslint/utils": "6.19.0",
-    "@typescript-eslint/visitor-keys": "6.19.0",
+    "@typescript-eslint/scope-manager": "6.19.1",
+    "@typescript-eslint/type-utils": "6.19.1",
+    "@typescript-eslint/utils": "6.19.1",
+    "@typescript-eslint/visitor-keys": "6.19.1",
     "debug": "^4.3.4",
     "graphemer": "^1.4.0",
     "ignore": "^5.2.4",
@@ -73,8 +73,8 @@
     "@types/debug": "*",
     "@types/marked": "*",
     "@types/natural-compare": "*",
-    "@typescript-eslint/rule-schema-to-typescript-types": "6.19.0",
-    "@typescript-eslint/rule-tester": "6.19.0",
+    "@typescript-eslint/rule-schema-to-typescript-types": "6.19.1",
+    "@typescript-eslint/rule-tester": "6.19.1",
     "ajv": "^6.12.6",
     "chalk": "^5.3.0",
     "cross-fetch": "*",

node_modules/@typescript-eslint/parser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/parser",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "An ESLint custom parser which leverages TypeScript ESTree",
   "files": [
     "dist",
@@ -51,10 +51,10 @@
     "eslint": "^7.0.0 || ^8.0.0"
   },
   "dependencies": {
-    "@typescript-eslint/scope-manager": "6.19.0",
-    "@typescript-eslint/types": "6.19.0",
-    "@typescript-eslint/typescript-estree": "6.19.0",
-    "@typescript-eslint/visitor-keys": "6.19.0",
+    "@typescript-eslint/scope-manager": "6.19.1",
+    "@typescript-eslint/types": "6.19.1",
+    "@typescript-eslint/typescript-estree": "6.19.1",
+    "@typescript-eslint/visitor-keys": "6.19.1",
     "debug": "^4.3.4"
   },
   "devDependencies": {

node_modules/@typescript-eslint/scope-manager/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/scope-manager",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "TypeScript scope analyser for ESLint",
   "files": [
     "dist",
@@ -44,13 +44,13 @@
     "typecheck": "npx nx typecheck"
   },
   "dependencies": {
-    "@typescript-eslint/types": "6.19.0",
-    "@typescript-eslint/visitor-keys": "6.19.0"
+    "@typescript-eslint/types": "6.19.1",
+    "@typescript-eslint/visitor-keys": "6.19.1"
   },
   "devDependencies": {
     "@prettier/sync": "*",
     "@types/glob": "*",
-    "@typescript-eslint/typescript-estree": "6.19.0",
+    "@typescript-eslint/typescript-estree": "6.19.1",
     "glob": "*",
     "jest-specific-snapshot": "*",
     "make-dir": "*",

node_modules/@typescript-eslint/type-utils/dist/isUnsafeAssignment.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"isUnsafeAssignment.d.ts","sourceRoot":"","sources":["../src/isUnsafeAssignment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAItC;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,EAAE,CAAC,IAAI,EACb,QAAQ,EAAE,EAAE,CAAC,IAAI,EACjB,OAAO,EAAE,EAAE,CAAC,WAAW,EACvB,UAAU,EAAE,QAAQ,CAAC,IAAI,GAAG,IAAI,GAC/B,KAAK,GAAG;IAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC;IAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAA;CAAE,CA8DhD"}
+{"version":3,"file":"isUnsafeAssignment.d.ts","sourceRoot":"","sources":["../src/isUnsafeAssignment.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAItC;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,EAAE,CAAC,IAAI,EACb,QAAQ,EAAE,EAAE,CAAC,IAAI,EACjB,OAAO,EAAE,EAAE,CAAC,WAAW,EACvB,UAAU,EAAE,QAAQ,CAAC,IAAI,GAAG,IAAI,GAC/B,KAAK,GAAG;IAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC;IAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAA;CAAE,CAQhD"}

node_modules/@typescript-eslint/type-utils/dist/isUnsafeAssignment.js

@@ -38,6 +38,10 @@ const predicates_1 = require("./predicates");
  * @returns false if it's safe, or an object with the two types if it's unsafe
  */
 function isUnsafeAssignment(type, receiver, checker, senderNode) {
+    return isUnsafeAssignmentWorker(type, receiver, checker, senderNode, new Map());
+}
+exports.isUnsafeAssignment = isUnsafeAssignment;
+function isUnsafeAssignmentWorker(type, receiver, checker, senderNode, visited) {
     if ((0, predicates_1.isTypeAnyType)(type)) {
         // Allow assignment of any ==> unknown.
         if ((0, predicates_1.isTypeUnknownType)(receiver)) {
@@ -47,6 +51,16 @@ function isUnsafeAssignment(type, receiver, checker, senderNode) {
             return { sender: type, receiver };
         }
     }
+    const typeAlreadyVisited = visited.get(type);
+    if (typeAlreadyVisited) {
+        if (typeAlreadyVisited.has(receiver)) {
+            return false;
+        }
+        typeAlreadyVisited.add(receiver);
+    }
+    else {
+        visited.set(type, new Set([receiver]));
+    }
     if (tsutils.isTypeReference(type) && tsutils.isTypeReference(receiver)) {
         // TODO - figure out how to handle cases like this,
         // where the types are assignable, but not the same type
@@ -80,7 +94,7 @@ function isUnsafeAssignment(type, receiver, checker, senderNode) {
         for (let i = 0; i < typeArguments.length; i += 1) {
             const arg = typeArguments[i];
             const receiverArg = receiverTypeArguments[i];
-            const unsafe = isUnsafeAssignment(arg, receiverArg, checker, senderNode);
+            const unsafe = isUnsafeAssignmentWorker(arg, receiverArg, checker, senderNode, visited);
             if (unsafe) {
                 return { sender: type, receiver };
             }
@@ -89,5 +103,4 @@ function isUnsafeAssignment(type, receiver, checker, senderNode) {
     }
     return false;
 }
-exports.isUnsafeAssignment = isUnsafeAssignment;
 //# sourceMappingURL=isUnsafeAssignment.js.map

node_modules/@typescript-eslint/type-utils/dist/isUnsafeAssignment.js.map

@@ -1 +1 @@
-{"version":3,"file":"isUnsafeAssignment.js","sourceRoot":"","sources":["../src/isUnsafeAssignment.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,oDAA0D;AAC1D,sDAAwC;AAGxC,6CAAgE;AAEhE;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,IAAa,EACb,QAAiB,EACjB,OAAuB,EACvB,UAAgC;IAEhC,IAAI,IAAA,0BAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QACxB,uCAAuC;QACvC,IAAI,IAAA,8BAAiB,EAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,IAAA,0BAAa,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvE,mDAAmD;QACnD,wDAAwD;QACxD;;;;;;;;;UASE;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpC,mGAAmG;YACnG,+DAA+D;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IACE,UAAU,EAAE,IAAI,KAAK,sBAAc,CAAC,aAAa;YACjD,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,sBAAc,CAAC,UAAU;YACpD,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK;YAChC,UAAU,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YACjC,UAAU,CAAC,aAAa,IAAI,IAAI,EAChC,CAAC;YACD,qCAAqC;YACrC,sFAAsF;YACtF,4FAA4F;YAC5F,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;QAC/C,MAAM,qBAAqB,GAAG,QAAQ,CAAC,aAAa,IAAI,EAAE,CAAC;QAE3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,WAAW,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC;YAE7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;YACzE,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAnED,gDAmEC"}
+{"version":3,"file":"isUnsafeAssignment.js","sourceRoot":"","sources":["../src/isUnsafeAssignment.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AACA,oDAA0D;AAC1D,sDAAwC;AAGxC,6CAAgE;AAEhE;;;;;;;;;GASG;AACH,SAAgB,kBAAkB,CAChC,IAAa,EACb,QAAiB,EACjB,OAAuB,EACvB,UAAgC;IAEhC,OAAO,wBAAwB,CAC7B,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,UAAU,EACV,IAAI,GAAG,EAAE,CACV,CAAC;AACJ,CAAC;AAbD,gDAaC;AAED,SAAS,wBAAwB,CAC/B,IAAa,EACb,QAAiB,EACjB,OAAuB,EACvB,UAAgC,EAChC,OAAmC;IAEnC,IAAI,IAAA,0BAAa,EAAC,IAAI,CAAC,EAAE,CAAC;QACxB,uCAAuC;QACvC,IAAI,IAAA,8BAAiB,EAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,IAAA,0BAAa,EAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACpC,CAAC;IACH,CAAC;IAED,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAE7C,IAAI,kBAAkB,EAAE,CAAC;QACvB,IAAI,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvE,mDAAmD;QACnD,wDAAwD;QACxD;;;;;;;;;UASE;QAEF,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpC,mGAAmG;YACnG,+DAA+D;YAC/D,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IACE,UAAU,EAAE,IAAI,KAAK,sBAAc,CAAC,aAAa;YACjD,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,sBAAc,CAAC,UAAU;YACpD,UAAU,CAAC,MAAM,CAAC,IAAI,KAAK,KAAK;YAChC,UAAU,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC;YACjC,UAAU,CAAC,aAAa,IAAI,IAAI,EAChC,CAAC;YACD,qCAAqC;YACrC,sFAAsF;YACtF,4FAA4F;YAC5F,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;QAC/C,MAAM,qBAAqB,GAAG,QAAQ,CAAC,aAAa,IAAI,EAAE,CAAC;QAE3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,WAAW,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC;YAE7C,MAAM,MAAM,GAAG,wBAAwB,CACrC,GAAG,EACH,WAAW,EACX,OAAO,EACP,UAAU,EACV,OAAO,CACR,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YACpC,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

node_modules/@typescript-eslint/type-utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/type-utils",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "Type utilities for working with TypeScript + ESLint together",
   "files": [
     "dist",
@@ -45,13 +45,13 @@
     "typecheck": "tsc -p tsconfig.json --noEmit"
   },
   "dependencies": {
-    "@typescript-eslint/typescript-estree": "6.19.0",
-    "@typescript-eslint/utils": "6.19.0",
+    "@typescript-eslint/typescript-estree": "6.19.1",
+    "@typescript-eslint/utils": "6.19.1",
     "debug": "^4.3.4",
     "ts-api-utils": "^1.0.1"
   },
   "devDependencies": {
-    "@typescript-eslint/parser": "6.19.0",
+    "@typescript-eslint/parser": "6.19.1",
     "ajv": "^6.10.0",
     "downlevel-dts": "*",
     "jest": "29.7.0",

node_modules/@typescript-eslint/types/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/types",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "Types for the TypeScript-ESTree AST spec",
   "files": [
     "dist",

node_modules/@typescript-eslint/typescript-estree/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/typescript-estree",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "A parser that converts TypeScript source code into an ESTree compatible form",
   "files": [
     "dist",
@@ -52,8 +52,8 @@
     "typecheck": "tsc -p tsconfig.json --noEmit"
   },
   "dependencies": {
-    "@typescript-eslint/types": "6.19.0",
-    "@typescript-eslint/visitor-keys": "6.19.0",
+    "@typescript-eslint/types": "6.19.1",
+    "@typescript-eslint/visitor-keys": "6.19.1",
     "debug": "^4.3.4",
     "globby": "^11.1.0",
     "is-glob": "^4.0.3",

node_modules/@typescript-eslint/utils/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/utils",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "Utilities for working with TypeScript + ESLint together",
   "files": [
     "dist",
@@ -68,16 +68,16 @@
     "@eslint-community/eslint-utils": "^4.4.0",
     "@types/json-schema": "^7.0.12",
     "@types/semver": "^7.5.0",
-    "@typescript-eslint/scope-manager": "6.19.0",
-    "@typescript-eslint/types": "6.19.0",
-    "@typescript-eslint/typescript-estree": "6.19.0",
+    "@typescript-eslint/scope-manager": "6.19.1",
+    "@typescript-eslint/types": "6.19.1",
+    "@typescript-eslint/typescript-estree": "6.19.1",
     "semver": "^7.5.4"
   },
   "peerDependencies": {
     "eslint": "^7.0.0 || ^8.0.0"
   },
   "devDependencies": {
-    "@typescript-eslint/parser": "6.19.0",
+    "@typescript-eslint/parser": "6.19.1",
     "downlevel-dts": "*",
     "jest": "29.7.0",
     "prettier": "^3.0.3",

node_modules/@typescript-eslint/visitor-keys/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@typescript-eslint/visitor-keys",
-  "version": "6.19.0",
+  "version": "6.19.1",
   "description": "Visitor keys used to help traverse the TypeScript-ESTree AST",
   "files": [
     "dist",
@@ -45,7 +45,7 @@
     "typecheck": "tsc -p tsconfig.json --noEmit"
   },
   "dependencies": {
-    "@typescript-eslint/types": "6.19.0",
+    "@typescript-eslint/types": "6.19.1",
     "eslint-visitor-keys": "^3.4.1"
   },
   "devDependencies": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.23.1",
+  "version": "2.23.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.23.1",
+      "version": "2.23.2",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.2",
@@ -45,8 +45,8 @@
         "@types/node": "16.11.22",
         "@types/semver": "^7.5.6",
         "@types/sinon": "^17.0.3",
-        "@typescript-eslint/eslint-plugin": "^6.19.0",
-        "@typescript-eslint/parser": "^6.19.0",
+        "@typescript-eslint/eslint-plugin": "^6.19.1",
+        "@typescript-eslint/parser": "^6.19.1",
         "ava": "^5.3.1",
         "eslint": "^8.56.0",
         "eslint-import-resolver-typescript": "^3.6.1",
@@ -1014,16 +1014,16 @@
       "integrity": "sha512-WUtIVRUZ9i5dYXefDEAI7sh9/O7jGvHg7Df/5O/gtH3Yabe5odI3UWopVR1qbPXQtvOxWu3mM4XxlYeZtMWF4g=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.19.0.tgz",
-      "integrity": "sha512-DUCUkQNklCQYnrBSSikjVChdc84/vMPDQSgJTHBZ64G9bA9w0Crc0rd2diujKbTdp6w2J47qkeHQLoi0rpLCdg==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.19.1.tgz",
+      "integrity": "sha512-roQScUGFruWod9CEyoV5KlCYrubC/fvG8/1zXuT0WTcxX87GnMMmnksMwSg99lo1xiKrBzw2icsJPMAw1OtKxg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.5.1",
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/type-utils": "6.19.0",
-        "@typescript-eslint/utils": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/type-utils": "6.19.1",
+        "@typescript-eslint/utils": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.4",
@@ -1049,15 +1049,15 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.19.0.tgz",
-      "integrity": "sha512-1DyBLG5SH7PYCd00QlroiW60YJ4rWMuUGa/JBV0iZuqi4l4IK3twKPq5ZkEebmGqRjXWVgsUzfd3+nZveewgow==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.19.1.tgz",
+      "integrity": "sha512-WEfX22ziAh6pRE9jnbkkLGp/4RhTpffr2ZK5bJ18M8mIfA8A+k97U9ZyaXCEJRlmMHh7R9MJZWXp/r73DzINVQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/typescript-estree": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/typescript-estree": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1077,13 +1077,13 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.19.0.tgz",
-      "integrity": "sha512-dO1XMhV2ehBI6QN8Ufi7I10wmUovmLU0Oru3n5LVlM2JuzB4M+dVphCPLkVpKvGij2j/pHBWuJ9piuXx+BhzxQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.19.1.tgz",
+      "integrity": "sha512-4CdXYjKf6/6aKNMSly/BP4iCSOpvMmqtDzRtqFyyAae3z5kkqEjKndR5vDHL8rSuMIIWP8u4Mw4VxLyxZW6D5w==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0"
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1"
       },
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1094,13 +1094,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.19.0.tgz",
-      "integrity": "sha512-mcvS6WSWbjiSxKCwBcXtOM5pRkPQ6kcDds/juxcy/727IQr3xMEcwr/YLHW2A2+Fp5ql6khjbKBzOyjuPqGi/w==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.19.1.tgz",
+      "integrity": "sha512-0vdyld3ecfxJuddDjACUvlAeYNrHP/pDeQk2pWBR2ESeEzQhg52DF53AbI9QCBkYE23lgkhLCZNkHn2hEXXYIg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "6.19.0",
-        "@typescript-eslint/utils": "6.19.0",
+        "@typescript-eslint/typescript-estree": "6.19.1",
+        "@typescript-eslint/utils": "6.19.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.0.1"
       },
@@ -1121,9 +1121,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.19.0.tgz",
-      "integrity": "sha512-lFviGV/vYhOy3m8BJ/nAKoAyNhInTdXpftonhWle66XHAtT1ouBlkjL496b5H5hb8dWXHwtypTqgtb/DEa+j5A==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.19.1.tgz",
+      "integrity": "sha512-6+bk6FEtBhvfYvpHsDgAL3uo4BfvnTnoge5LrrCj2eJN8g3IJdLTD4B/jK3Q6vo4Ql/Hoip9I8aB6fF+6RfDqg==",
       "dev": true,
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1134,13 +1134,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.19.0.tgz",
-      "integrity": "sha512-o/zefXIbbLBZ8YJ51NlkSAt2BamrK6XOmuxSR3hynMIzzyMY33KuJ9vuMdFSXW+H0tVvdF9qBPTHA91HDb4BIQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.19.1.tgz",
+      "integrity": "sha512-aFdAxuhzBFRWhy+H20nYu19+Km+gFfwNO4TEqyszkMcgBDYQjmPJ61erHxuT2ESJXhlhrO7I5EFIlZ+qGR8oVA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/visitor-keys": "6.19.0",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/visitor-keys": "6.19.1",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -1186,17 +1186,17 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.19.0.tgz",
-      "integrity": "sha512-QR41YXySiuN++/dC9UArYOg4X86OAYP83OWTewpVx5ct1IZhjjgTLocj7QNxGhWoTqknsgpl7L+hGygCO+sdYw==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.19.1.tgz",
+      "integrity": "sha512-JvjfEZuP5WoMqwh9SPAPDSHSg9FBHHGhjPugSRxu5jMfjvBpq5/sGTD+9M9aQ5sh6iJ8AY/Kk/oUYVEMAPwi7w==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
         "@types/json-schema": "^7.0.12",
         "@types/semver": "^7.5.0",
-        "@typescript-eslint/scope-manager": "6.19.0",
-        "@typescript-eslint/types": "6.19.0",
-        "@typescript-eslint/typescript-estree": "6.19.0",
+        "@typescript-eslint/scope-manager": "6.19.1",
+        "@typescript-eslint/types": "6.19.1",
+        "@typescript-eslint/typescript-estree": "6.19.1",
         "semver": "^7.5.4"
       },
       "engines": {
@@ -1211,12 +1211,12 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "6.19.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.19.0.tgz",
-      "integrity": "sha512-hZaUCORLgubBvtGpp1JEFEazcuEdfxta9j4iUwdSAr7mEsYYAp3EAUyCZk3VEEqGj6W+AV4uWyrDGtrlawAsgQ==",
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.19.1.tgz",
+      "integrity": "sha512-gkdtIO+xSO/SmI0W68DBg4u1KElmIUo3vXzgHyGPs6cxgB0sa3TlptRAAE0hUY1hM6FcDKEv7aIwiTGm76cXfQ==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.19.0",
+        "@typescript-eslint/types": "6.19.1",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.23.1",
+  "version": "2.23.2",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -60,8 +60,8 @@
     "@types/node": "16.11.22",
     "@types/semver": "^7.5.6",
     "@types/sinon": "^17.0.3",
-    "@typescript-eslint/eslint-plugin": "^6.19.0",
-    "@typescript-eslint/parser": "^6.19.0",
+    "@typescript-eslint/eslint-plugin": "^6.19.1",
+    "@typescript-eslint/parser": "^6.19.1",
     "ava": "^5.3.1",
     "eslint": "^8.56.0",
     "eslint-import-resolver-typescript": "^3.6.1",

queries/required-action-input.ql

@@ -19,7 +19,7 @@ class ActionDeclaration extends File {
     getRelativePath().matches("%/action.yml")
   }
 
-  YAMLDocument getRootNode() {
+  YamlDocument getRootNode() {
     result.getFile() = this
   }
 
@@ -27,7 +27,7 @@ class ActionDeclaration extends File {
    * The name of any input to this action.
    */
   string getAnInput() {
-    result = getRootNode().(YAMLMapping).lookup("inputs").(YAMLMapping).getKey(_).(YAMLString).getValue()
+    result = getRootNode().(YamlMapping).lookup("inputs").(YamlMapping).getKey(_).(YamlString).getValue()
   }
 
   /**
@@ -35,21 +35,10 @@ class ActionDeclaration extends File {
    * or because it has a default value.
    */
   predicate inputAlwaysHasValue(string input) {
-    exists(YAMLMapping value |
-      value = getRootNode().(YAMLMapping).lookup("inputs").(YAMLMapping).lookup(input) and
+    exists(YamlMapping value |
+      value = getRootNode().(YamlMapping).lookup("inputs").(YamlMapping).lookup(input) and
       (exists(value.lookup("default")) or
-       value.lookup("required").(YAMLBool).getBoolValue() = true))
-  }
-
-  /**
-   * The function that is the entrypoint to this action.
-   */
-  FunctionDeclStmt getEntrypoint() {
-    result.getFile().getRelativePath() = getRootNode().
-      (YAMLMapping).lookup("runs").
-      (YAMLMapping).lookup("main").
-      (YAMLString).getValue().regexpReplaceAll("\\.\\./lib/(.*)\\.js", "src/$1.ts") and
-    result.getName() = "run"
+       value.lookup("required").(YamlBool).getBoolValue() = true))
   }
 }
 

queries/undeclared-action-input.ql

@@ -24,7 +24,7 @@ class ActionDeclaration extends File {
     result = getRelativePath().regexpCapture("(.*)/action.yml", 1)
   }
 
-  YAMLDocument getRootNode() {
+  YamlDocument getRootNode() {
     result.getFile() = this
   }
 
@@ -32,7 +32,7 @@ class ActionDeclaration extends File {
    * The name of any input to this action.
    */
   string getAnInput() {
-    result = getRootNode().(YAMLMapping).lookup("inputs").(YAMLMapping).getKey(_).(YAMLString).getValue()
+    result = getRootNode().(YamlMapping).lookup("inputs").(YamlMapping).getKey(_).(YamlString).getValue()
   }
 
   /**
@@ -40,9 +40,9 @@ class ActionDeclaration extends File {
    */
   FunctionDeclStmt getEntrypoint() {
     result.getFile().getRelativePath() = getRootNode().
-      (YAMLMapping).lookup("runs").
-      (YAMLMapping).lookup("main").
-      (YAMLString).getValue().regexpReplaceAll("\\.\\./lib/(.*)\\.js", "src/$1.ts") and
+      (YamlMapping).lookup("runs").
+      (YamlMapping).lookup("main").
+      (YamlString).getValue().regexpReplaceAll("\\.\\./lib/(.*)\\.js", "src/$1.ts") and
     result.getName() = "run"
   }
 }

src/analyze-action.ts

@@ -220,6 +220,8 @@ async function run() {
 
     const gitHubVersion = await getGitHubVersion();
 
+    util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
+
     const features = new Features(
       gitHubVersion,
       repositoryNwo,

src/autobuild-action.ts

@@ -17,6 +17,7 @@ import {
   sendStatusReport,
 } from "./status-report";
 import {
+  checkActionVersion,
   checkDiskUsage,
   checkGitHubVersionInRange,
   initializeEnvironment,
@@ -77,6 +78,7 @@ async function run() {
 
     const gitHubVersion = await getGitHubVersion();
     checkGitHubVersionInRange(gitHubVersion, logger);
+    checkActionVersion(getActionVersion(), gitHubVersion);
 
     const config = await configUtils.getConfig(getTemporaryDirectory(), logger);
     if (config === undefined) {

src/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.16.0",
-  "cliVersion": "2.16.0",
-  "priorBundleVersion": "codeql-bundle-v2.15.5",
-  "priorCliVersion": "2.15.5"
+  "bundleVersion": "codeql-bundle-v2.16.1",
+  "cliVersion": "2.16.1",
+  "priorBundleVersion": "codeql-bundle-v2.16.0",
+  "priorCliVersion": "2.16.0"
 }

src/environment.ts

@@ -1,3 +1,9 @@
+/**
+ * Environment variables used by the CodeQL Action.
+ *
+ * We recommend prefixing environment variables with `CODEQL_ACTION_`
+ * to reduce the risk that they are overwritten by other steps.
+ */
 export enum EnvVar {
   /** Whether the `analyze` Action completes successfully. */
   ANALYZE_DID_COMPLETE_SUCCESSFULLY = "CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY",
@@ -35,6 +41,9 @@ export enum EnvVar {
   /** UUID representing the current job run. */
   JOB_RUN_UUID = "JOB_RUN_UUID",
 
+  /** Status for the entire job, submitted to the status report in `init-post` */
+  JOB_STATUS = "CODEQL_ACTION_JOB_STATUS",
+
   ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION",
 
   /**

src/feature-flags.ts

@@ -44,8 +44,8 @@ export interface FeatureEnablement {
  * Each value of this enum should end with `_enabled`.
  */
 export enum Feature {
-  CodeqlJavaLombokEnabled = "codeql_java_lombok_enabled",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
+  CppTrapCachingEnabled = "cpp_trap_caching_enabled",
   DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
   DisablePythonDependencyInstallationEnabled = "disable_python_dependency_installation_enabled",
   PythonDefaultIsToSkipDependencyInstallationEnabled = "python_default_is_to_skip_dependency_installation_enabled",
@@ -58,16 +58,16 @@ export const featureConfig: Record<
   Feature,
   { envVar: string; minimumVersion: string | undefined; defaultValue: boolean }
 > = {
-  [Feature.CodeqlJavaLombokEnabled]: {
-    envVar: "CODEQL_JAVA_LOMBOK",
-    minimumVersion: "2.14.0",
-    defaultValue: false,
-  },
   [Feature.CppDependencyInstallation]: {
     envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
     minimumVersion: "2.15.0",
     defaultValue: false,
   },
+  [Feature.CppTrapCachingEnabled]: {
+    envVar: "CODEQL_CPP_TRAP_CACHING",
+    minimumVersion: "2.16.1",
+    defaultValue: false,
+  },
   [Feature.DisableKotlinAnalysisEnabled]: {
     envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS",
     minimumVersion: undefined,

src/init-action-post-helper.ts

@@ -1,3 +1,4 @@
+import * as core from "@actions/core";
 import * as github from "@actions/github";
 
 import * as actionsUtil from "./actions-util";
@@ -8,6 +9,7 @@ import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { Logger } from "./logging";
 import { RepositoryNwo, parseRepositoryNwo } from "./repository";
+import { JobStatus } from "./status-report";
 import * as uploadLib from "./upload-lib";
 import {
   delay,
@@ -36,6 +38,10 @@ export interface UploadFailedSarifResult extends uploadLib.UploadStatusReport {
   sarifID?: string;
 }
 
+export interface JobStatusReport {
+  job_status: JobStatus;
+}
+
 function createFailedUploadFailedSarifResult(
   error: unknown,
 ): UploadFailedSarifResult {
@@ -121,6 +127,15 @@ export async function tryUploadSarifIfRunFailed(
   logger: Logger,
 ): Promise<UploadFailedSarifResult> {
   if (process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
+    // If analyze didn't complete successfully and the job status hasn't
+    // already been set to Failure/ConfigurationError previously, this
+    // means that something along the way failed in a step that is not
+    // owned by the Action, for example a manual build step. We
+    // consider this a configuration error.
+    core.exportVariable(
+      EnvVar.JOB_STATUS,
+      process.env[EnvVar.JOB_STATUS] ?? JobStatus.ConfigurationError,
+    );
     try {
       return await maybeUploadFailedSarif(
         config,
@@ -135,6 +150,10 @@ export async function tryUploadSarifIfRunFailed(
       return createFailedUploadFailedSarifResult(e);
     }
   } else {
+    core.exportVariable(
+      EnvVar.JOB_STATUS,
+      process.env[EnvVar.JOB_STATUS] ?? JobStatus.Success,
+    );
     return {
       upload_failed_run_skipped_because:
         "Analyze Action completed successfully",
@@ -282,3 +301,20 @@ async function removeUploadedSarif(
     );
   }
 }
+
+/**
+ * Returns the final job status sent in the `init-post` Action, based on the
+ * current value of the JOB_STATUS environment variable. If the variable is
+ * unset, or if its value is not one of the JobStatus enum values, returns
+ * Unknown. Otherwise it returns the status set in the environment variable.
+ */
+export function getFinalJobStatus(): JobStatus {
+  const jobStatusFromEnvironment = process.env[EnvVar.JOB_STATUS];
+  if (
+    !jobStatusFromEnvironment ||
+    !Object.values(JobStatus).includes(jobStatusFromEnvironment as JobStatus)
+  ) {
+    return JobStatus.Unknown;
+  }
+  return jobStatusFromEnvironment as JobStatus;
+}

src/init-action-post.ts

@@ -28,7 +28,8 @@ import {
 
 interface InitPostStatusReport
   extends StatusReportBase,
-    initActionPostHelper.UploadFailedSarifResult {}
+    initActionPostHelper.UploadFailedSarifResult,
+    initActionPostHelper.JobStatusReport {}
 
 async function runWrapper() {
   const startedAt = new Date();
@@ -83,6 +84,7 @@ async function runWrapper() {
   const statusReport: InitPostStatusReport = {
     ...statusReportBase,
     ...uploadFailedSarifResult,
+    job_status: initActionPostHelper.getFinalJobStatus(),
   };
   await sendStatusReport(statusReport);
 }

src/init-action.ts

@@ -54,6 +54,7 @@ import {
   isHostedRunner,
   UserError,
   wrapError,
+  checkActionVersion,
 } from "./util";
 import { validateWorkflow } from "./workflow";
 
@@ -212,6 +213,7 @@ async function run() {
 
   const gitHubVersion = await getGitHubVersion();
   checkGitHubVersionInRange(gitHubVersion, logger);
+  checkActionVersion(getActionVersion(), gitHubVersion);
 
   const repositoryNwo = parseRepositoryNwo(
     getRequiredEnvParam("GITHUB_REPOSITORY"),
@@ -423,19 +425,37 @@ async function run() {
       core.exportVariable(kotlinLimitVar, "1.9.20");
     }
 
-    if (config.languages.includes(Language.java)) {
+    if (
+      config.languages.includes(Language.java) &&
+      // Java Lombok support is enabled by default for >= 2.14.4
+      (await codeQlVersionAbove(codeql, "2.14.0")) &&
+      !(await codeQlVersionAbove(codeql, "2.14.4"))
+    ) {
       const envVar = "CODEQL_EXTRACTOR_JAVA_RUN_ANNOTATION_PROCESSORS";
       if (process.env[envVar]) {
         logger.info(
           `Environment variable ${envVar} already set. Not en/disabling CodeQL Java Lombok support`,
         );
-      } else if (
-        await features.getValue(Feature.CodeqlJavaLombokEnabled, codeql)
-      ) {
+      } else {
         logger.info("Enabling CodeQL Java Lombok support");
         core.exportVariable(envVar, "true");
+      }
+    }
+
+    if (config.languages.includes(Language.cpp)) {
+      const envVar = "CODEQL_EXTRACTOR_CPP_TRAP_CACHING";
+      if (process.env[envVar]) {
+        logger.info(
+          `Environment variable ${envVar} already set. Not en/disabling CodeQL C++ TRAP caching support`,
+        );
+      } else if (
+        getTrapCachingEnabled() &&
+        (await features.getValue(Feature.CppTrapCachingEnabled, codeql))
+      ) {
+        logger.info("Enabling CodeQL C++ TRAP caching support");
+        core.exportVariable(envVar, "true");
       } else {
-        logger.info("Disabling CodeQL Java Lombok support");
+        logger.info("Disabling CodeQL C++ TRAP caching support");
         core.exportVariable(envVar, "false");
       }
     }

src/resolve-environment-action.ts

@@ -1,6 +1,7 @@
 import * as core from "@actions/core";
 
 import {
+  getActionVersion,
   getOptionalInput,
   getRequiredInput,
   getTemporaryDirectory,
@@ -16,6 +17,7 @@ import {
   getActionsStatus,
 } from "./status-report";
 import {
+  checkActionVersion,
   checkDiskUsage,
   checkForTimeout,
   checkGitHubVersionInRange,
@@ -45,6 +47,7 @@ async function run() {
 
     const gitHubVersion = await getGitHubVersion();
     checkGitHubVersionInRange(gitHubVersion, logger);
+    checkActionVersion(getActionVersion(), gitHubVersion);
 
     const config = await configUtils.getConfig(getTemporaryDirectory(), logger);
     if (config === undefined) {

src/status-report.ts

@@ -32,12 +32,20 @@ export type ActionName =
   | "upload-sarif";
 
 export type ActionStatus =
-  | "aborted"
+  | "aborted" // Only used in the init Action, if init failed before initializing the tracer due to something other than a configuration error.
   | "failure"
   | "starting"
   | "success"
   | "user-error";
 
+/** Overall status of the entire job. String values match the Hydro schema. */
+export enum JobStatus {
+  Unknown = "JOB_STATUS_UNKNOWN",
+  Success = "JOB_STATUS_SUCCESS",
+  Failure = "JOB_STATUS_FAILURE",
+  ConfigurationError = "JOB_STATUS_CONFIGURATION_ERROR",
+}
+
 export interface StatusReportBase {
   /** Name of the action being executed. */
   action_name: ActionName;
@@ -133,6 +141,25 @@ export function getActionsStatus(
   }
 }
 
+/**
+ * Sets the overall job status environment variable to configuration error
+ * or failure, unless it's already been set to one of these values in a
+ * previous step.
+ */
+function setJobStatusIfUnsuccessful(actionStatus: ActionStatus) {
+  if (actionStatus === "user-error") {
+    core.exportVariable(
+      EnvVar.JOB_STATUS,
+      process.env[EnvVar.JOB_STATUS] ?? JobStatus.ConfigurationError,
+    );
+  } else if (actionStatus === "failure" || actionStatus === "aborted") {
+    core.exportVariable(
+      EnvVar.JOB_STATUS,
+      process.env[EnvVar.JOB_STATUS] ?? JobStatus.Failure,
+    );
+  }
+}
+
 // Any status report may include an array of EventReports associated with it.
 export interface EventReport {
   /** Time this event ended. */
@@ -273,6 +300,8 @@ const INCOMPATIBLE_MSG =
 export async function sendStatusReport<S extends StatusReportBase>(
   statusReport: S,
 ): Promise<boolean> {
+  setJobStatusIfUnsuccessful(statusReport.status);
+
   const statusReportJSON = JSON.stringify(statusReport);
   core.debug(`Sending status report: ${statusReportJSON}`);
   // If in test mode we don't want to upload the results

src/upload-sarif-action.ts

@@ -2,6 +2,7 @@ import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
 import { getActionVersion } from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import { getActionsLogger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
 import {
@@ -12,6 +13,7 @@ import {
 } from "./status-report";
 import * as upload_lib from "./upload-lib";
 import {
+  checkActionVersion,
   checkDiskUsage,
   getRequiredEnvParam,
   initializeEnvironment,
@@ -44,6 +46,10 @@ async function run() {
   const startedAt = new Date();
   const logger = getActionsLogger();
   initializeEnvironment(getActionVersion());
+
+  const gitHubVersion = await getGitHubVersion();
+  checkActionVersion(getActionVersion(), gitHubVersion);
+
   if (
     !(await sendStatusReport(
       await createStatusReportBase(

src/util.test.ts

@@ -2,8 +2,11 @@ import * as fs from "fs";
 import * as os from "os";
 import path from "path";
 
+import * as core from "@actions/core";
 import test from "ava";
+import * as sinon from "sinon";
 
+import * as api from "./api-client";
 import { EnvVar } from "./environment";
 import { getRunnerLogger } from "./logging";
 import { getRecordingLogger, LoggedMessage, setupTests } from "./testing-utils";
@@ -385,3 +388,64 @@ test("fixInvalidNotifications removes duplicate locations", (t) => {
     message: "Removed 1 duplicate locations from SARIF notification objects.",
   });
 });
+
+function formatGitHubVersion(version: util.GitHubVersion): string {
+  switch (version.type) {
+    case util.GitHubVariant.DOTCOM:
+      return "dotcom";
+    case util.GitHubVariant.GHE_DOTCOM:
+      return "GHE dotcom";
+    case util.GitHubVariant.GHES:
+      return `GHES ${version.version}`;
+    default:
+      util.assertNever(version);
+  }
+}
+
+const CHECK_ACTION_VERSION_TESTS: Array<[string, util.GitHubVersion, boolean]> =
+  [
+    ["2.2.1", { type: util.GitHubVariant.DOTCOM }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, true],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, true],
+    ["3.2.1", { type: util.GitHubVariant.DOTCOM }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHE_DOTCOM }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.10" }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.11" }, false],
+    ["3.2.1", { type: util.GitHubVariant.GHES, version: "3.12" }, false],
+  ];
+
+for (const [
+  version,
+  githubVersion,
+  shouldReportWarning,
+] of CHECK_ACTION_VERSION_TESTS) {
+  const reportWarningDescription = shouldReportWarning
+    ? "reports warning"
+    : "doesn't report warning";
+  const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(
+    githubVersion,
+  )}`;
+  test(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
+    const warningSpy = sinon.spy(core, "warning");
+    const versionStub = sinon
+      .stub(api, "getGitHubVersion")
+      .resolves(githubVersion);
+
+    // call checkActionVersion twice and assert below that warning is reported only once
+    util.checkActionVersion(version, await api.getGitHubVersion());
+    util.checkActionVersion(version, await api.getGitHubVersion());
+
+    if (shouldReportWarning) {
+      t.true(
+        warningSpy.calledOnceWithExactly(
+          sinon.match("CodeQL Action v2 will be deprecated"),
+        ),
+      );
+    } else {
+      t.false(warningSpy.called);
+    }
+    versionStub.restore();
+  });
+}

src/util.ts

@@ -354,7 +354,22 @@ export function getThreadsFlagValue(
   logger: Logger,
 ): number {
   let numThreads: number;
-  const maxThreads = os.cpus().length;
+  const maxThreadsCandidates = [os.cpus().length];
+  if (os.platform() === "linux") {
+    maxThreadsCandidates.push(
+      ...["/sys/fs/cgroup/cpuset.cpus.effective", "/sys/fs/cgroup/cpuset.cpus"]
+        .map((file) => getCgroupCpuCountFromCpus(file, logger))
+        .filter((count) => count !== undefined && count > 0)
+        .map((count) => count as number),
+    );
+    maxThreadsCandidates.push(
+      ...["/sys/fs/cgroup/cpu.max"]
+        .map((file) => getCgroupCpuCountFromCpuMax(file, logger))
+        .filter((count) => count !== undefined && count > 0)
+        .map((count) => count as number),
+    );
+  }
+  const maxThreads = Math.min(...maxThreadsCandidates);
   if (userInput) {
     numThreads = Number(userInput);
     if (Number.isNaN(numThreads)) {
@@ -380,6 +395,79 @@ export function getThreadsFlagValue(
   return numThreads;
 }
 
+/**
+ * Gets the number of available cores specified by the cgroup cpu.max file at the given path.
+ * Format of file: two values, the limit and the duration (period). If the limit is "max" then
+ * we return undefined and do not use this file to determine CPU limits.
+ */
+function getCgroupCpuCountFromCpuMax(
+  cpuMaxFile: string,
+  logger: Logger,
+): number | undefined {
+  if (!fs.existsSync(cpuMaxFile)) {
+    logger.debug(
+      `While resolving threads, did not find a cgroup CPU file at ${cpuMaxFile}.`,
+    );
+    return undefined;
+  }
+
+  const cpuMaxString = fs.readFileSync(cpuMaxFile, "utf-8");
+  const cpuMaxStringSplit = cpuMaxString.split(" ");
+  if (cpuMaxStringSplit.length !== 2) {
+    logger.debug(
+      `While resolving threads, did not use cgroup CPU file at ${cpuMaxFile} because it contained ${cpuMaxStringSplit.length} value(s) rather than the two expected.`,
+    );
+    return undefined;
+  }
+  const cpuLimit = cpuMaxStringSplit[0];
+  if (cpuLimit === "max") {
+    return undefined;
+  }
+  const duration = cpuMaxStringSplit[1];
+  const cpuCount = Math.floor(parseInt(cpuLimit) / parseInt(duration));
+
+  logger.info(
+    `While resolving threads, found a cgroup CPU file with ${cpuCount} CPUs in ${cpuMaxFile}.`,
+  );
+
+  return cpuCount;
+}
+
+/**
+ * Gets the number of available cores listed in the cgroup cpuset.cpus file at the given path.
+ */
+function getCgroupCpuCountFromCpus(
+  cpusFile: string,
+  logger: Logger,
+): number | undefined {
+  if (!fs.existsSync(cpusFile)) {
+    logger.debug(
+      `While resolving threads, did not find a cgroup CPUs file at ${cpusFile}.`,
+    );
+    return undefined;
+  }
+
+  let cpuCount = 0;
+  // Comma-separated numbers and ranges, for eg. 0-1,3
+  const cpusString = fs.readFileSync(cpusFile, "utf-8");
+  for (const token of cpusString.split(",")) {
+    if (!token.includes("-")) {
+      // Not a range
+      ++cpuCount;
+    } else {
+      const cpuStartIndex = parseInt(token.split("-")[0]);
+      const cpuEndIndex = parseInt(token.split("-")[1]);
+      cpuCount += cpuEndIndex - cpuStartIndex + 1;
+    }
+  }
+
+  logger.info(
+    `While resolving threads, found a cgroup CPUs file with ${cpuCount} CPUs in ${cpusFile}.`,
+  );
+
+  return cpuCount;
+}
+
 /**
  * Get the codeql `--threads` flag specified for the `threads` input.
  * If no value was specified, all available threads will be used.
@@ -944,3 +1032,44 @@ export async function checkDiskUsage(logger?: Logger): Promise<DiskUsage> {
     numTotalBytes: diskUsage.size,
   };
 }
+
+/**
+ * Prompt the customer to upgrade to CodeQL Action v3, if appropriate.
+ *
+ * Check whether a customer is running v2. If they are, and we can determine that the GitHub
+ * instance supports v3, then log a warning about v2's upcoming deprecation prompting the customer
+ * to upgrade to v3.
+ */
+export function checkActionVersion(
+  version: string,
+  githubVersion: GitHubVersion,
+) {
+  if (
+    !semver.satisfies(version, ">=3") && // do not warn if the customer is already running v3
+    !process.env.CODEQL_V2_DEPRECATION_WARNING // do not warn if we have already warned
+  ) {
+    // Only log a warning for versions of GHES that are compatible with CodeQL Action version 3.
+    //
+    // GHES 3.11 shipped without the v3 tag, but it also shipped without this warning message code.
+    // Therefore users who are seeing this warning message code have pulled in a new version of the
+    // Action, and with it the v3 tag.
+    if (
+      githubVersion.type === GitHubVariant.DOTCOM ||
+      githubVersion.type === GitHubVariant.GHE_DOTCOM ||
+      (githubVersion.type === GitHubVariant.GHES &&
+        semver.satisfies(
+          semver.coerce(githubVersion.version) ?? "0.0.0",
+          ">=3.11",
+        ))
+    ) {
+      core.warning(
+        "CodeQL Action v2 will be deprecated on December 5th, 2024. " +
+          "Please update all occurrences of the CodeQL Action in your workflow files to v3. " +
+          "For more information, see " +
+          "https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/",
+      );
+      // set CODEQL_V2_DEPRECATION_WARNING env var to prevent the warning from being logged multiple times
+      core.exportVariable("CODEQL_V2_DEPRECATION_WARNING", "true");
+    }
+  }
+}