Merge pull request #2481 from rvermeulen/rvermeulen/use-correct-token-for-auth

Use generated token on checkout

.github/workflows/update-release-branch.yml

@@ -115,19 +115,21 @@ jobs:
       SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
       TARGET_BRANCH: ${{ matrix.target_branch }}
     steps:
-    - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4
+    - name: Generate token
+      uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}
         private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
-    - uses: actions/checkout@v4
+
+    - name: Checkout
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
+        token: ${{ steps.app-token.outputs.token }}
     - uses: ./.github/actions/release-initialise
 
     - name: Update older release branch
-      env:
-        GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
       run: |
         echo SOURCE_BRANCH=${SOURCE_BRANCH}
         echo TARGET_BRANCH=${TARGET_BRANCH}

CHANGELOG.md

@@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## [UNRELEASED]
+
+No user facing changes.
+
 ## 3.26.7 - 13 Sep 2024
 
 - Update default CodeQL bundle version to 2.18.4. [#2471](https://github.com/github/codeql-action/pull/2471)

analyze/action.yml

@@ -74,7 +74,7 @@ inputs:
     required: true
     default: "true"
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
     required: false
     default: ${{ github.token }}
   matrix:

lib/analyze-action-post-helper.js

@@ -1,44 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.run = run;
-const core = __importStar(require("@actions/core"));
-const actionsUtil = __importStar(require("./actions-util"));
-const config_utils_1 = require("./config-utils");
-const logging_1 = require("./logging");
-async function run(uploadSarifDebugArtifact) {
-    const logger = (0, logging_1.getActionsLogger)();
-    const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
-    if (config === undefined) {
-        throw new Error("Config file could not be found at expected location. Did the 'init' action fail to start?");
-    }
-    // Upload Actions SARIF artifacts for debugging
-    if (config?.debugMode) {
-        core.info("Debug mode is on. Uploading available SARIF files as Actions debugging artifact...");
-        const outputDir = actionsUtil.getRequiredInput("output");
-        await uploadSarifDebugArtifact(config, outputDir);
-    }
-}
-//# sourceMappingURL=analyze-action-post-helper.js.map

lib/analyze-action-post-helper.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAMA,kBAuBC;AA7BD,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAmD;AACnD,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,wBAGkB;IAElB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}

lib/analyze-action-post-helper.test.js

@@ -1,73 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ava_1 = __importDefault(require("ava"));
-const sinon = __importStar(require("sinon"));
-const actionsUtil = __importStar(require("./actions-util"));
-const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
-const configUtils = __importStar(require("./config-utils"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-(0, testing_utils_1.setupTests)(ava_1.default);
-(0, ava_1.default)("post: analyze action with debug mode off", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        const gitHubVersion = {
-            type: util.GitHubVariant.DOTCOM,
-        };
-        sinon.stub(configUtils, "getConfig").resolves({
-            debugMode: false,
-            gitHubVersion,
-            languages: [],
-            packs: [],
-        });
-        const uploadSarifSpy = sinon.spy();
-        await analyzeActionPostHelper.run(uploadSarifSpy);
-        t.assert(uploadSarifSpy.notCalled);
-    });
-});
-(0, ava_1.default)("post: analyze action with debug mode on", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        const gitHubVersion = {
-            type: util.GitHubVariant.DOTCOM,
-        };
-        sinon.stub(configUtils, "getConfig").resolves({
-            debugMode: true,
-            gitHubVersion,
-            languages: [],
-            packs: [],
-        });
-        const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-        requiredInputStub.withArgs("output").returns("fake-output-dir");
-        const uploadSarifSpy = sinon.spy();
-        await analyzeActionPostHelper.run(uploadSarifSpy);
-        t.assert(uploadSarifSpy.called);
-    });
-});
-//# sourceMappingURL=analyze-action-post-helper.test.js.map

lib/analyze-action-post-helper.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"analyze-action-post-helper.test.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,sFAAwE;AACxE,4DAA8C;AAC9C,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,0CAA0C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC3D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,yCAAyC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1D,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAElD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-post.js

@@ -29,16 +29,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * other `post:` hooks.
  */
 const core = __importStar(require("@actions/core"));
-const analyzeActionPostHelper = __importStar(require("./analyze-action-post-helper"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
+const environment_1 = require("./environment");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
-        await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
-        // Also run the upload-sarif post action since we're potentially running
-        // the same steps in the analyze action.
-        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
+        // Upload SARIF artifacts if we determine that this is a first-party analysis run.
+        // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
+        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
+            await debugArtifacts.uploadCombinedSarifArtifacts();
+        }
     }
     catch (error) {
         core.setFailed(`analyze post-action step failed: ${(0, util_1.wrapError)(error).message}`);

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,sFAAwE;AACxE,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,uBAAuB,CAAC,GAAG,CAAC,cAAc,CAAC,wBAAwB,CAAC,CAAC;QAE3E,wEAAwE;QACxE,wCAAwC;QACxC,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+CAAuC;AACvC,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,cAAc,CAAC,4BAA4B,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAC/D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/analyze-action.js

@@ -163,6 +163,7 @@ async function run() {
         }
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
+        core.exportVariable(environment_1.EnvVar.SARIF_RESULTS_OUTPUT_DIR, outputDir);
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();

lib/debug-artifacts.js

@@ -27,10 +27,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.sanitizeArifactName = sanitizeArifactName;
+exports.uploadCombinedSarifArtifacts = uploadCombinedSarifArtifacts;
+exports.uploadAllAvailableDebugArtifacts = uploadAllAvailableDebugArtifacts;
 exports.uploadDebugArtifacts = uploadDebugArtifacts;
-exports.uploadSarifDebugArtifact = uploadSarifDebugArtifact;
-exports.uploadLogsDebugArtifact = uploadLogsDebugArtifact;
-exports.uploadDatabaseBundleDebugArtifact = uploadDatabaseBundleDebugArtifact;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const artifact = __importStar(require("@actions/artifact"));
@@ -40,10 +39,77 @@ const del_1 = __importDefault(require("del"));
 const actions_util_1 = require("./actions-util");
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
+const environment_1 = require("./environment");
 const util_1 = require("./util");
 function sanitizeArifactName(name) {
     return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
 }
+/**
+ * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
+ * environment variable is set
+ */
+async function uploadCombinedSarifArtifacts() {
+    const tempDir = (0, actions_util_1.getTemporaryDirectory)();
+    // Upload Actions SARIF artifacts for debugging when environment variable is set
+    if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
+        core.info("Uploading available combined SARIF files as Actions debugging artifact...");
+        const baseTempDir = path.resolve(tempDir, "combined-sarif");
+        const toUpload = [];
+        if (fs.existsSync(baseTempDir)) {
+            const outputDirs = fs.readdirSync(baseTempDir);
+            for (const outputDir of outputDirs) {
+                const sarifFiles = fs
+                    .readdirSync(path.resolve(baseTempDir, outputDir))
+                    .filter((f) => f.endsWith(".sarif"));
+                for (const sarifFile of sarifFiles) {
+                    toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));
+                }
+            }
+        }
+        if (toUpload.length > 0) {
+            await uploadDebugArtifacts(toUpload, baseTempDir, "combined-sarif-artifacts");
+        }
+    }
+}
+async function uploadAllAvailableDebugArtifacts(config, logger) {
+    const filesToUpload = [];
+    const analyzeActionOutputDir = process.env[environment_1.EnvVar.SARIF_RESULTS_OUTPUT_DIR];
+    for (const lang of config.languages) {
+        // Add any SARIF files, if they exist
+        if (analyzeActionOutputDir !== undefined &&
+            fs.existsSync(analyzeActionOutputDir) &&
+            fs.lstatSync(analyzeActionOutputDir).isDirectory()) {
+            const sarifFile = path.resolve(analyzeActionOutputDir, `${lang}.sarif`);
+            // Move SARIF to DB location so that they can be uploaded with the same root directory as the other artifacts.
+            if (fs.existsSync(sarifFile)) {
+                const sarifInDbLocation = path.resolve(config.dbLocation, `${lang}.sarif`);
+                fs.copyFileSync(sarifFile, sarifInDbLocation);
+                filesToUpload.push(sarifInDbLocation);
+            }
+        }
+        // Add any log files
+        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, lang);
+        const logsDirectory = path.resolve(databaseDirectory, "log");
+        if ((0, util_1.doesDirectoryExist)(logsDirectory)) {
+            filesToUpload.push(...(0, util_1.listFolder)(logsDirectory));
+        }
+        // Multilanguage tracing: there are additional logs in the root of the cluster
+        const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
+        if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
+            filesToUpload.push(...(0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
+        }
+        // Add database bundle
+        let databaseBundlePath;
+        if (!(0, analyze_1.dbIsFinalized)(config, lang, logger)) {
+            databaseBundlePath = await createPartialDatabaseBundle(config, lang);
+        }
+        else {
+            databaseBundlePath = await createDatabaseBundleCli(config, lang);
+        }
+        filesToUpload.push(databaseBundlePath);
+    }
+    await uploadDebugArtifacts(filesToUpload, config.dbLocation, config.debugArtifactName);
+}
 async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
     if (toUpload.length === 0) {
         return;
@@ -71,35 +137,6 @@ async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
         core.warning(`Failed to upload debug artifacts: ${e}`);
     }
 }
-async function uploadSarifDebugArtifact(config, outputDir) {
-    if (!(0, util_1.doesDirectoryExist)(outputDir)) {
-        return;
-    }
-    let toUpload = [];
-    for (const lang of config.languages) {
-        const sarifFile = path.resolve(outputDir, `${lang}.sarif`);
-        if (fs.existsSync(sarifFile)) {
-            toUpload = toUpload.concat(sarifFile);
-        }
-    }
-    await uploadDebugArtifacts(toUpload, outputDir, config.debugArtifactName);
-}
-async function uploadLogsDebugArtifact(config) {
-    let toUpload = [];
-    for (const language of config.languages) {
-        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
-        const logsDirectory = path.resolve(databaseDirectory, "log");
-        if ((0, util_1.doesDirectoryExist)(logsDirectory)) {
-            toUpload = toUpload.concat((0, util_1.listFolder)(logsDirectory));
-        }
-    }
-    // Multilanguage tracing: there are additional logs in the root of the cluster
-    const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
-    if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
-        toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
-    }
-    await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-}
 /**
  * If a database has not been finalized, we cannot run the `codeql database bundle`
  * command in the CLI because it will return an error. Instead we directly zip
@@ -126,21 +163,4 @@ async function createDatabaseBundleCli(config, language) {
     const databaseBundlePath = await (0, util_1.bundleDb)(config, language, await (0, codeql_1.getCodeQL)(config.codeQLCmd), `${config.debugDatabaseName}-${language}`);
     return databaseBundlePath;
 }
-async function uploadDatabaseBundleDebugArtifact(config, logger) {
-    for (const language of config.languages) {
-        try {
-            let databaseBundlePath;
-            if (!(0, analyze_1.dbIsFinalized)(config, language, logger)) {
-                databaseBundlePath = await createPartialDatabaseBundle(config, language);
-            }
-            else {
-                databaseBundlePath = await createDatabaseBundleCli(config, language);
-            }
-            await uploadDebugArtifacts([databaseBundlePath], config.dbLocation, config.debugArtifactName);
-        }
-        catch (error) {
-            core.info(`Failed to upload database debug bundle for ${config.debugDatabaseName}-${language}: ${error}`);
-        }
-    }
-}
 //# sourceMappingURL=debug-artifacts.js.map

lib/debug-artifacts.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,kDAEC;AAED,oDAsCC;AAED,4DAgBC;AAED,0DAwBC;AA8CD,8EA0BC;AAnLD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EACvB;YACE,eAAe,EAAE,IAAI;YACrB,wFAAwF;YACxF,aAAa,EAAE,CAAC;SACjB,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,yEAAyE;QACzE,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE,CAAC;QACnC,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE,CAAC;YACtC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;gBAC7C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YACvE,CAAC;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsBA,kDAEC;AAMD,oEAmCC;AAED,4EAyDC;AAED,oDAsCC;AApKD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAyE;AACzE,uCAA0C;AAC1C,qCAAqC;AAErC,+CAAuC;AAGvC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,4BAA4B;IAChD,MAAM,OAAO,GAAG,IAAA,oCAAqB,GAAE,CAAC;IAExC,gFAAgF;IAChF,IAAI,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,KAAK,MAAM,EAAE,CAAC;QACjE,IAAI,CAAC,IAAI,CACP,2EAA2E,CAC5E,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAE/C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,EAAE;qBAClB,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;qBACjD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAEvC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,oBAAoB,CACxB,QAAQ,EACR,WAAW,EACX,0BAA0B,CAC3B,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,gCAAgC,CACpD,MAAc,EACd,MAAc;IAEd,MAAM,aAAa,GAAa,EAAE,CAAC;IAEnC,MAAM,sBAAsB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,wBAAwB,CAAC,CAAC;IAC5E,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACpC,qCAAqC;QACrC,IACE,sBAAsB,KAAK,SAAS;YACpC,EAAE,CAAC,UAAU,CAAC,sBAAsB,CAAC;YACrC,EAAE,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC,WAAW,EAAE,EAClD,CAAC;YACD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;YACxE,8GAA8G;YAC9G,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CACpC,MAAM,CAAC,UAAU,EACjB,GAAG,IAAI,QAAQ,CAChB,CAAC;gBACF,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;gBAC9C,aAAa,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC9D,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE,CAAC;YACtC,aAAa,CAAC,IAAI,CAAC,GAAG,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,8EAA8E;QAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE,CAAC;YAC1D,aAAa,CAAC,IAAI,CAAC,GAAG,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;QACvE,CAAC;QAED,sBAAsB;QACtB,IAAI,kBAA0B,CAAC;QAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;YACzC,kBAAkB,GAAG,MAAM,2BAA2B,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACnE,CAAC;QACD,aAAa,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzC,CAAC;IAED,MAAM,oBAAoB,CACxB,aAAa,EACb,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EACvB;YACE,eAAe,EAAE,IAAI;YACrB,wFAAwF;YACxF,aAAa,EAAE,CAAC;SACjB,CACF,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,yEAAyE;QACzE,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC"}

lib/environment.js

@@ -53,6 +53,8 @@ var EnvVar;
     /** Status for the entire job, submitted to the status report in `init-post` */
     EnvVar["JOB_STATUS"] = "CODEQL_ACTION_JOB_STATUS";
     EnvVar["ODASA_TRACER_CONFIGURATION"] = "ODASA_TRACER_CONFIGURATION";
+    /** The value of the `output` input for the analyze action. */
+    EnvVar["SARIF_RESULTS_OUTPUT_DIR"] = "CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR";
     /**
      * What percentage of the total amount of RAM over 8 GB that the Action should reserve for the
      * system.

lib/environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MA2FX;AA3FD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EA3FW,MAAM,sBAAN,MAAM,QA2FjB"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MA8FX;AA9FD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD,8DAA8D;IAC9D,6EAAmE,CAAA;IAEnE;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EA9FW,MAAM,sBAAN,MAAM,QA8FjB"}

lib/init-action-post-helper.js

@@ -106,7 +106,7 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger
         };
     }
 }
-async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, config, repositoryNwo, features, logger) {
+async function run(uploadAllAvailableDebugArtifacts, printDebugLogs, config, repositoryNwo, features, logger) {
     const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger);
     if (uploadFailedSarifResult.upload_failed_run_skipped_because) {
         logger.debug("Won't upload a failed SARIF file for this CodeQL code scanning run because: " +
@@ -132,8 +132,7 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
         logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
-        await uploadDatabaseBundleDebugArtifact(config, logger);
-        await uploadLogsDebugArtifact(config);
+        await uploadAllAvailableDebugArtifacts(config, logger);
         await printDebugLogs(config);
     }
     if (actionsUtil.isSelfHostedRunner()) {

lib/init-action-post-helper.test.js

@@ -53,12 +53,10 @@ const workflow = __importStar(require("./workflow"));
             languages: [],
             packs: [],
         });
-        const uploadDatabaseBundleSpy = sinon.spy();
-        const uploadLogsSpy = sinon.spy();
+        const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
         const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, testing_utils_1.createTestConfig)({ debugMode: false }), (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-        t.assert(uploadDatabaseBundleSpy.notCalled);
-        t.assert(uploadLogsSpy.notCalled);
+        await initActionPostHelper.run(uploadAllAvailableDebugArtifactsSpy, printDebugLogsSpy, (0, testing_utils_1.createTestConfig)({ debugMode: false }), (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        t.assert(uploadAllAvailableDebugArtifactsSpy.notCalled);
         t.assert(printDebugLogsSpy.notCalled);
     });
 });
@@ -66,12 +64,10 @@ const workflow = __importStar(require("./workflow"));
     return await util.withTmpDir(async (tmpDir) => {
         process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
         process.env["RUNNER_TEMP"] = tmpDir;
-        const uploadDatabaseBundleSpy = sinon.spy();
-        const uploadLogsSpy = sinon.spy();
+        const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
         const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, testing_utils_1.createTestConfig)({ debugMode: true }), (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
-        t.assert(uploadDatabaseBundleSpy.called);
-        t.assert(uploadLogsSpy.called);
+        await initActionPostHelper.run(uploadAllAvailableDebugArtifactsSpy, printDebugLogsSpy, (0, testing_utils_1.createTestConfig)({ debugMode: true }), (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        t.assert(uploadAllAvailableDebugArtifactsSpy.called);
         t.assert(printDebugLogsSpy.called);
     });
 });

lib/init-action-post.js

@@ -54,7 +54,7 @@ async function runWrapper() {
             logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
             return;
         }
-        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actions_util_1.printDebugLogs, config, repositoryNwo, features, logger);
+        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.uploadAllAvailableDebugArtifacts, actions_util_1.printDebugLogs, config, repositoryNwo, features, logger);
     }
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAAuE;AACvE,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,gCAAgC,EAC/C,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/upload-sarif-action-post-helper.js

@@ -1,54 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.uploadArtifacts = uploadArtifacts;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const core = __importStar(require("@actions/core"));
-const actionsUtil = __importStar(require("./actions-util"));
-async function uploadArtifacts(uploadDebugArtifacts) {
-    const tempDir = actionsUtil.getTemporaryDirectory();
-    // Upload Actions SARIF artifacts for debugging when environment variable is set
-    if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
-        core.info("Uploading available combined SARIF files as Actions debugging artifact...");
-        const baseTempDir = path.resolve(tempDir, "combined-sarif");
-        const toUpload = [];
-        if (fs.existsSync(baseTempDir)) {
-            const outputDirs = fs.readdirSync(baseTempDir);
-            for (const outputDir of outputDirs) {
-                const sarifFiles = fs
-                    .readdirSync(path.resolve(baseTempDir, outputDir))
-                    .filter((f) => f.endsWith(".sarif"));
-                for (const sarifFile of sarifFiles) {
-                    toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));
-                }
-            }
-        }
-        if (toUpload.length > 0) {
-            await uploadDebugArtifacts(toUpload, baseTempDir, "upload-debug-artifacts");
-        }
-    }
-}
-//# sourceMappingURL=upload-sarif-action-post-helper.js.map

lib/upload-sarif-action-post-helper.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"upload-sarif-action-post-helper.js","sourceRoot":"","sources":["../src/upload-sarif-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAOA,0CAyCC;AAhDD,uCAAyB;AACzB,2CAA6B;AAE7B,oDAAsC;AAEtC,4DAA8C;AAEvC,KAAK,UAAU,eAAe,CACnC,oBAIkB;IAElB,MAAM,OAAO,GAAG,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAEpD,gFAAgF;IAChF,IAAI,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,KAAK,MAAM,EAAE,CAAC;QACjE,IAAI,CAAC,IAAI,CACP,2EAA2E,CAC5E,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAE5D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;YAE/C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,MAAM,UAAU,GAAG,EAAE;qBAClB,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;qBACjD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAEvC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;oBACnC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;gBACjE,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,oBAAoB,CACxB,QAAQ,EACR,WAAW,EACX,wBAAwB,CACzB,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}

lib/upload-sarif-action-post.js

@@ -30,11 +30,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
  */
 const core = __importStar(require("@actions/core"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
-const uploadSarifActionPostHelper = __importStar(require("./upload-sarif-action-post-helper"));
+const environment_1 = require("./environment");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
-        await uploadSarifActionPostHelper.uploadArtifacts(debugArtifacts.uploadDebugArtifacts);
+        // Upload SARIF artifacts if we determine that this is a third-party analysis run.
+        // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
+        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
+            await debugArtifacts.uploadCombinedSarifArtifacts();
+        }
     }
     catch (error) {
         core.setFailed(`upload-sarif post-action step failed: ${(0, util_1.wrapError)(error).message}`);

lib/upload-sarif-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+FAAiF;AACjF,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,2BAA2B,CAAC,eAAe,CAC/C,cAAc,CAAC,oBAAoB,CACpC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+CAAuC;AACvC,iCAAmC;AAEnC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,kFAAkF;QAClF,mFAAmF;QACnF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,cAAc,CAAC,4BAA4B,EAAE,CAAC;QACtD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CACpE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.26.7",
+  "version": "3.26.8",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "3.26.7",
+  "version": "3.26.8",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "3.26.7",
+      "version": "3.26.8",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.2",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.26.7",
+  "version": "3.26.8",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

src/analyze-action-post-helper.test.ts

@@ -1,57 +0,0 @@
-import test from "ava";
-import * as sinon from "sinon";
-
-import * as actionsUtil from "./actions-util";
-import * as analyzeActionPostHelper from "./analyze-action-post-helper";
-import * as configUtils from "./config-utils";
-import { setupTests } from "./testing-utils";
-import * as util from "./util";
-
-setupTests(test);
-
-test("post: analyze action with debug mode off", async (t) => {
-  return await util.withTmpDir(async (tmpDir) => {
-    process.env["RUNNER_TEMP"] = tmpDir;
-
-    const gitHubVersion: util.GitHubVersion = {
-      type: util.GitHubVariant.DOTCOM,
-    };
-    sinon.stub(configUtils, "getConfig").resolves({
-      debugMode: false,
-      gitHubVersion,
-      languages: [],
-      packs: [],
-    } as unknown as configUtils.Config);
-
-    const uploadSarifSpy = sinon.spy();
-
-    await analyzeActionPostHelper.run(uploadSarifSpy);
-
-    t.assert(uploadSarifSpy.notCalled);
-  });
-});
-
-test("post: analyze action with debug mode on", async (t) => {
-  return await util.withTmpDir(async (tmpDir) => {
-    process.env["RUNNER_TEMP"] = tmpDir;
-
-    const gitHubVersion: util.GitHubVersion = {
-      type: util.GitHubVariant.DOTCOM,
-    };
-    sinon.stub(configUtils, "getConfig").resolves({
-      debugMode: true,
-      gitHubVersion,
-      languages: [],
-      packs: [],
-    } as unknown as configUtils.Config);
-
-    const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
-    requiredInputStub.withArgs("output").returns("fake-output-dir");
-
-    const uploadSarifSpy = sinon.spy();
-
-    await analyzeActionPostHelper.run(uploadSarifSpy);
-
-    t.assert(uploadSarifSpy.called);
-  });
-});

src/analyze-action-post-helper.ts

@@ -1,30 +0,0 @@
-import * as core from "@actions/core";
-
-import * as actionsUtil from "./actions-util";
-import { Config, getConfig } from "./config-utils";
-import { getActionsLogger } from "./logging";
-
-export async function run(
-  uploadSarifDebugArtifact: (
-    config: Config,
-    outputDir: string,
-  ) => Promise<void>,
-) {
-  const logger = getActionsLogger();
-
-  const config = await getConfig(actionsUtil.getTemporaryDirectory(), logger);
-  if (config === undefined) {
-    throw new Error(
-      "Config file could not be found at expected location. Did the 'init' action fail to start?",
-    );
-  }
-
-  // Upload Actions SARIF artifacts for debugging
-  if (config?.debugMode) {
-    core.info(
-      "Debug mode is on. Uploading available SARIF files as Actions debugging artifact...",
-    );
-    const outputDir = actionsUtil.getRequiredInput("output");
-    await uploadSarifDebugArtifact(config, outputDir);
-  }
-}

src/analyze-action-post.ts

@@ -5,20 +5,17 @@
  */
 import * as core from "@actions/core";
 
-import * as analyzeActionPostHelper from "./analyze-action-post-helper";
 import * as debugArtifacts from "./debug-artifacts";
-import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
+import { EnvVar } from "./environment";
 import { wrapError } from "./util";
 
 async function runWrapper() {
   try {
-    await analyzeActionPostHelper.run(debugArtifacts.uploadSarifDebugArtifact);
-
-    // Also run the upload-sarif post action since we're potentially running
-    // the same steps in the analyze action.
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a first-party analysis run.
+    // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true") {
+      await debugArtifacts.uploadCombinedSarifArtifacts();
+    }
   } catch (error) {
     core.setFailed(
       `analyze post-action step failed: ${wrapError(error).message}`,

src/analyze-action.ts

@@ -230,6 +230,7 @@ async function run() {
 
     const apiDetails = getApiDetails();
     const outputDir = actionsUtil.getRequiredInput("output");
+    core.exportVariable(EnvVar.SARIF_RESULTS_OUTPUT_DIR, outputDir);
     const threads = util.getThreadsFlag(
       actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"],
       logger,

src/debug-artifacts.ts

@@ -6,10 +6,11 @@ import * as core from "@actions/core";
 import AdmZip from "adm-zip";
 import del from "del";
 
-import { getRequiredInput } from "./actions-util";
+import { getRequiredInput, getTemporaryDirectory } from "./actions-util";
 import { dbIsFinalized } from "./analyze";
 import { getCodeQL } from "./codeql";
 import { Config } from "./config-utils";
+import { EnvVar } from "./environment";
 import { Language } from "./languages";
 import { Logger } from "./logging";
 import {
@@ -23,6 +24,106 @@ export function sanitizeArifactName(name: string): string {
   return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
 }
 
+/**
+ * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
+ * environment variable is set
+ */
+export async function uploadCombinedSarifArtifacts() {
+  const tempDir = getTemporaryDirectory();
+
+  // Upload Actions SARIF artifacts for debugging when environment variable is set
+  if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
+    core.info(
+      "Uploading available combined SARIF files as Actions debugging artifact...",
+    );
+
+    const baseTempDir = path.resolve(tempDir, "combined-sarif");
+
+    const toUpload: string[] = [];
+
+    if (fs.existsSync(baseTempDir)) {
+      const outputDirs = fs.readdirSync(baseTempDir);
+
+      for (const outputDir of outputDirs) {
+        const sarifFiles = fs
+          .readdirSync(path.resolve(baseTempDir, outputDir))
+          .filter((f) => f.endsWith(".sarif"));
+
+        for (const sarifFile of sarifFiles) {
+          toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));
+        }
+      }
+    }
+
+    if (toUpload.length > 0) {
+      await uploadDebugArtifacts(
+        toUpload,
+        baseTempDir,
+        "combined-sarif-artifacts",
+      );
+    }
+  }
+}
+
+export async function uploadAllAvailableDebugArtifacts(
+  config: Config,
+  logger: Logger,
+) {
+  const filesToUpload: string[] = [];
+
+  const analyzeActionOutputDir = process.env[EnvVar.SARIF_RESULTS_OUTPUT_DIR];
+  for (const lang of config.languages) {
+    // Add any SARIF files, if they exist
+    if (
+      analyzeActionOutputDir !== undefined &&
+      fs.existsSync(analyzeActionOutputDir) &&
+      fs.lstatSync(analyzeActionOutputDir).isDirectory()
+    ) {
+      const sarifFile = path.resolve(analyzeActionOutputDir, `${lang}.sarif`);
+      // Move SARIF to DB location so that they can be uploaded with the same root directory as the other artifacts.
+      if (fs.existsSync(sarifFile)) {
+        const sarifInDbLocation = path.resolve(
+          config.dbLocation,
+          `${lang}.sarif`,
+        );
+        fs.copyFileSync(sarifFile, sarifInDbLocation);
+        filesToUpload.push(sarifInDbLocation);
+      }
+    }
+
+    // Add any log files
+    const databaseDirectory = getCodeQLDatabasePath(config, lang);
+    const logsDirectory = path.resolve(databaseDirectory, "log");
+    if (doesDirectoryExist(logsDirectory)) {
+      filesToUpload.push(...listFolder(logsDirectory));
+    }
+
+    // Multilanguage tracing: there are additional logs in the root of the cluster
+    const multiLanguageTracingLogsDirectory = path.resolve(
+      config.dbLocation,
+      "log",
+    );
+    if (doesDirectoryExist(multiLanguageTracingLogsDirectory)) {
+      filesToUpload.push(...listFolder(multiLanguageTracingLogsDirectory));
+    }
+
+    // Add database bundle
+    let databaseBundlePath: string;
+    if (!dbIsFinalized(config, lang, logger)) {
+      databaseBundlePath = await createPartialDatabaseBundle(config, lang);
+    } else {
+      databaseBundlePath = await createDatabaseBundleCli(config, lang);
+    }
+    filesToUpload.push(databaseBundlePath);
+  }
+
+  await uploadDebugArtifacts(
+    filesToUpload,
+    config.dbLocation,
+    config.debugArtifactName,
+  );
+}
+
 export async function uploadDebugArtifacts(
   toUpload: string[],
   rootDir: string,
@@ -63,50 +164,6 @@ export async function uploadDebugArtifacts(
   }
 }
 
-export async function uploadSarifDebugArtifact(
-  config: Config,
-  outputDir: string,
-) {
-  if (!doesDirectoryExist(outputDir)) {
-    return;
-  }
-
-  let toUpload: string[] = [];
-  for (const lang of config.languages) {
-    const sarifFile = path.resolve(outputDir, `${lang}.sarif`);
-    if (fs.existsSync(sarifFile)) {
-      toUpload = toUpload.concat(sarifFile);
-    }
-  }
-  await uploadDebugArtifacts(toUpload, outputDir, config.debugArtifactName);
-}
-
-export async function uploadLogsDebugArtifact(config: Config) {
-  let toUpload: string[] = [];
-  for (const language of config.languages) {
-    const databaseDirectory = getCodeQLDatabasePath(config, language);
-    const logsDirectory = path.resolve(databaseDirectory, "log");
-    if (doesDirectoryExist(logsDirectory)) {
-      toUpload = toUpload.concat(listFolder(logsDirectory));
-    }
-  }
-
-  // Multilanguage tracing: there are additional logs in the root of the cluster
-  const multiLanguageTracingLogsDirectory = path.resolve(
-    config.dbLocation,
-    "log",
-  );
-  if (doesDirectoryExist(multiLanguageTracingLogsDirectory)) {
-    toUpload = toUpload.concat(listFolder(multiLanguageTracingLogsDirectory));
-  }
-
-  await uploadDebugArtifacts(
-    toUpload,
-    config.dbLocation,
-    config.debugArtifactName,
-  );
-}
-
 /**
  * If a database has not been finalized, we cannot run the `codeql database bundle`
  * command in the CLI because it will return an error. Instead we directly zip
@@ -150,31 +207,3 @@ async function createDatabaseBundleCli(
   );
   return databaseBundlePath;
 }
-
-export async function uploadDatabaseBundleDebugArtifact(
-  config: Config,
-  logger: Logger,
-) {
-  for (const language of config.languages) {
-    try {
-      let databaseBundlePath: string;
-      if (!dbIsFinalized(config, language, logger)) {
-        databaseBundlePath = await createPartialDatabaseBundle(
-          config,
-          language,
-        );
-      } else {
-        databaseBundlePath = await createDatabaseBundleCli(config, language);
-      }
-      await uploadDebugArtifacts(
-        [databaseBundlePath],
-        config.dbLocation,
-        config.debugArtifactName,
-      );
-    } catch (error) {
-      core.info(
-        `Failed to upload database debug bundle for ${config.debugDatabaseName}-${language}: ${error}`,
-      );
-    }
-  }
-}

src/environment.ts

@@ -64,6 +64,9 @@ export enum EnvVar {
 
   ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION",
 
+  /** The value of the `output` input for the analyze action. */
+  SARIF_RESULTS_OUTPUT_DIR = "CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR",
+
   /**
    * What percentage of the total amount of RAM over 8 GB that the Action should reserve for the
    * system.

src/init-action-post-helper.test.ts

@@ -35,13 +35,11 @@ test("post: init action with debug mode off", async (t) => {
       packs: [],
     } as unknown as configUtils.Config);
 
-    const uploadDatabaseBundleSpy = sinon.spy();
-    const uploadLogsSpy = sinon.spy();
+    const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
     const printDebugLogsSpy = sinon.spy();
 
     await initActionPostHelper.run(
-      uploadDatabaseBundleSpy,
-      uploadLogsSpy,
+      uploadAllAvailableDebugArtifactsSpy,
       printDebugLogsSpy,
       createTestConfig({ debugMode: false }),
       parseRepositoryNwo("github/codeql-action"),
@@ -49,8 +47,7 @@ test("post: init action with debug mode off", async (t) => {
       getRunnerLogger(true),
     );
 
-    t.assert(uploadDatabaseBundleSpy.notCalled);
-    t.assert(uploadLogsSpy.notCalled);
+    t.assert(uploadAllAvailableDebugArtifactsSpy.notCalled);
     t.assert(printDebugLogsSpy.notCalled);
   });
 });
@@ -60,13 +57,11 @@ test("post: init action with debug mode on", async (t) => {
     process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
     process.env["RUNNER_TEMP"] = tmpDir;
 
-    const uploadDatabaseBundleSpy = sinon.spy();
-    const uploadLogsSpy = sinon.spy();
+    const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
     const printDebugLogsSpy = sinon.spy();
 
     await initActionPostHelper.run(
-      uploadDatabaseBundleSpy,
-      uploadLogsSpy,
+      uploadAllAvailableDebugArtifactsSpy,
       printDebugLogsSpy,
       createTestConfig({ debugMode: true }),
       parseRepositoryNwo("github/codeql-action"),
@@ -74,8 +69,7 @@ test("post: init action with debug mode on", async (t) => {
       getRunnerLogger(true),
     );
 
-    t.assert(uploadDatabaseBundleSpy.called);
-    t.assert(uploadLogsSpy.called);
+    t.assert(uploadAllAvailableDebugArtifactsSpy.called);
     t.assert(printDebugLogsSpy.called);
   });
 });

src/init-action-post-helper.ts

@@ -158,11 +158,10 @@ export async function tryUploadSarifIfRunFailed(
 }
 
 export async function run(
-  uploadDatabaseBundleDebugArtifact: (
+  uploadAllAvailableDebugArtifacts: (
     config: Config,
     logger: Logger,
   ) => Promise<void>,
-  uploadLogsDebugArtifact: (config: Config) => Promise<void>,
   printDebugLogs: (config: Config) => Promise<void>,
   config: Config,
   repositoryNwo: RepositoryNwo,
@@ -211,9 +210,7 @@ export async function run(
     logger.info(
       "Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...",
     );
-    await uploadDatabaseBundleDebugArtifact(config, logger);
-    await uploadLogsDebugArtifact(config);
-
+    await uploadAllAvailableDebugArtifacts(config, logger);
     await printDebugLogs(config);
   }
 

src/init-action-post.ts

@@ -64,8 +64,7 @@ async function runWrapper() {
     }
 
     uploadFailedSarifResult = await initActionPostHelper.run(
-      debugArtifacts.uploadDatabaseBundleDebugArtifact,
-      debugArtifacts.uploadLogsDebugArtifact,
+      debugArtifacts.uploadAllAvailableDebugArtifacts,
       printDebugLogs,
       config,
       repositoryNwo,

src/upload-sarif-action-post-helper.ts

@@ -1,49 +0,0 @@
-import * as fs from "fs";
-import * as path from "path";
-
-import * as core from "@actions/core";
-
-import * as actionsUtil from "./actions-util";
-
-export async function uploadArtifacts(
-  uploadDebugArtifacts: (
-    toUpload: string[],
-    rootDir: string,
-    artifactName: string,
-  ) => Promise<void>,
-) {
-  const tempDir = actionsUtil.getTemporaryDirectory();
-
-  // Upload Actions SARIF artifacts for debugging when environment variable is set
-  if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
-    core.info(
-      "Uploading available combined SARIF files as Actions debugging artifact...",
-    );
-
-    const baseTempDir = path.resolve(tempDir, "combined-sarif");
-
-    const toUpload: string[] = [];
-
-    if (fs.existsSync(baseTempDir)) {
-      const outputDirs = fs.readdirSync(baseTempDir);
-
-      for (const outputDir of outputDirs) {
-        const sarifFiles = fs
-          .readdirSync(path.resolve(baseTempDir, outputDir))
-          .filter((f) => f.endsWith(".sarif"));
-
-        for (const sarifFile of sarifFiles) {
-          toUpload.push(path.resolve(baseTempDir, outputDir, sarifFile));
-        }
-      }
-    }
-
-    if (toUpload.length > 0) {
-      await uploadDebugArtifacts(
-        toUpload,
-        baseTempDir,
-        "upload-debug-artifacts",
-      );
-    }
-  }
-}

src/upload-sarif-action-post.ts

@@ -6,14 +6,16 @@
 import * as core from "@actions/core";
 
 import * as debugArtifacts from "./debug-artifacts";
-import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
+import { EnvVar } from "./environment";
 import { wrapError } from "./util";
 
 async function runWrapper() {
   try {
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a third-party analysis run.
+    // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
+      await debugArtifacts.uploadCombinedSarifArtifacts();
+    }
   } catch (error) {
     core.setFailed(
       `upload-sarif post-action step failed: ${wrapError(error).message}`,

upload-sarif/action.yml

@@ -20,7 +20,7 @@ inputs:
     description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
     required: false
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
+    description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
     required: false
     default: ${{ github.token }}
   matrix: