Merge pull request #1746 from github/update-v2.20.2-7dfbc0e0d

Merge main into releases/v2

.github/actions/setup-swift/action.yml

@@ -24,10 +24,15 @@ runs:
           VERSION="null"
         else
           VERSION="$("$SWIFT_EXTRACTOR_DIR/tools/$PLATFORM/extractor" --version | awk '/version/ { print $3 }')"
-          # Specify 5.7.0, otherwise setup Action will default to latest minor version. 
+          # Specify 5.x.0, otherwise setup Action will default to latest minor version. 
           if [ $VERSION = "5.7" ]; then
             VERSION="5.7.0"
-          fi
+          elif [ $VERSION = "5.8" ]; then
+            VERSION="5.8.0"
+          # setup-swift does not yet support v5.8.1 Remove this when it does.
+          elif [ $VERSION = "5.8.1" ]; then
+            VERSION="5.8.0"
+          fi 
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
 

.github/workflows/__analyze-ref-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: "Analyze: 'ref' and 'sha' from inputs"
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__autobuild-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - autobuild-action
@@ -32,6 +32,9 @@ jobs:
         - os: windows-latest
           version: latest
     name: autobuild-action
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -46,9 +49,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__config-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Config export
@@ -38,6 +38,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Config export
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -52,9 +55,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__diagnostics-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Diagnostic export
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Diagnostic export
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +61,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__export-file-baseline-information.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Export file baseline information
@@ -32,6 +32,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Export file baseline information
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -46,9 +49,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__extractor-ram-threads.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Extractor ram and threads options test
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Extractor ram and threads options test
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -42,9 +45,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__go-custom-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: Custom queries'
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Go: Custom queries'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__go-tracing-autobuilder.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with autobuilder step'
@@ -54,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with autobuilder step'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -68,9 +71,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with custom build steps'
@@ -54,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with custom build steps'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -68,9 +71,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with legacy workflow'
@@ -54,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: tracing with legacy workflow'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -68,9 +71,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__init-with-registries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Download using registries'
@@ -44,6 +44,10 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Download using registries'
+    permissions:
+      contents: read
+      packages: read
+
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +62,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
@@ -127,9 +129,5 @@ jobs:
             cat $QLCONFIG_PATH
             exit 1
         fi
-    permissions:
-      contents: read
-      packages: read
-
     env:
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__javascript-source-root.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Custom source root
@@ -32,6 +32,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Custom source root
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -46,9 +49,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__ml-powered-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - ML-powered queries
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: ML-powered queries
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__multi-language-autodetect.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Multi-language repository
@@ -54,6 +54,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Multi-language repository
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -68,9 +71,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input passed to the CLI'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config and input passed to the CLI'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +61,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__packaging-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config and input'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +61,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__packaging-config-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config file'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Config file'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +61,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__packaging-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Action input'
@@ -44,6 +44,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: 'Packaging: Action input'
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -58,9 +61,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__remote-config.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Remote config file
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Remote config file
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__resolve-environment-action.yml

@@ -0,0 +1,70 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Resolve environment
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  resolve-environment-action:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-v2.13.4
+        - os: macos-latest
+          version: stable-v2.13.4
+        - os: windows-latest
+          version: stable-v2.13.4
+    name: Resolve environment
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - uses: ./../action/init
+      with:
+        languages: go
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - uses: ./../action/resolve-environment
+      id: resolve-environment
+      with:
+        language: go
+
+    - name: Fail if no Go configuration was returned
+      if: (!fromJSON(steps.resolve-environment.outputs.environment).configuration.go)
+      run: exit 1
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__rubocop-multi-language.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - RuboCop multi-language
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: cached
     name: RuboCop multi-language
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -42,9 +45,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__ruby.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Ruby analysis
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Ruby analysis
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -52,9 +55,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__split-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Split workflow
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Split workflow
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -52,9 +55,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__submit-sarif-failure.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Submit SARIF after failure
@@ -32,6 +32,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Submit SARIF after failure
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -46,9 +49,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__swift-custom-build.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Swift analysis using a custom build command
@@ -38,6 +38,9 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Swift analysis using a custom build command
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -52,9 +55,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__test-autobuild-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Autobuild working directory
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Autobuild working directory
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -42,9 +45,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__test-local-codeql.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Local CodeQL bundle
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Local CodeQL bundle
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -42,9 +45,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__test-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Proxy test
@@ -28,6 +28,9 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Proxy test
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -42,9 +45,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__unset-environment.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Test unsetting environment variables
@@ -40,6 +40,9 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Test unsetting environment variables
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -54,9 +57,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__upload-ref-sha-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: "Upload-sarif: 'ref' and 'sha' from inputs"
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/__with-checkout-path.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
+#     (cd pr-checks; pip install ruamel.yaml && python3 sync.py)
 # to regenerate this file.
 
 name: PR Check - Use a custom `checkout_path`
@@ -68,6 +68,9 @@ jobs:
         - os: windows-latest
           version: nightly-latest
     name: Use a custom `checkout_path`
+    permissions:
+      contents: read
+      security-events: write
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
@@ -82,9 +85,7 @@ jobs:
       if: >-
         runner.os != 'Windows' && (
             matrix.version == '20220908' ||
-            matrix.version == '20221211' ||
-            matrix.version == 'cached' ||
-            matrix.version == 'latest'
+            matrix.version == '20221211'
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV

.github/workflows/debug-artifacts.yml

@@ -56,7 +56,6 @@ jobs:
           debug-artifact-name: my-debug-artifacts
           debug-database-name: my-db
       - uses: ./../action/.github/actions/setup-swift
-        if: matrix.version == 'nightly-latest'
         with:
           codeql-path: ${{ steps.init.outputs.codeql-path }}
       - name: Build code

.github/workflows/post-release-mergeback.yml

@@ -40,7 +40,7 @@ jobs:
 
       - name: Update git config
         run: |
-          git config --global user.email "github-actions@github.com"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
 
       - name: Get version and new branch

.github/workflows/python-deps.yml

@@ -72,7 +72,7 @@ jobs:
 
     - name: Verify packages installed
       run: |
-        $GITHUB_WORKSPACE/python-setup/tests/check_requests_2_26_0.sh ${PYTHON_VERSION}
+        $GITHUB_WORKSPACE/python-setup/tests/check_requests.sh ${PYTHON_VERSION} 2.31.0
 
   # This one shouldn't fail, but also won't install packages
   test-setup-python-scripts-non-standard-location:
@@ -170,5 +170,5 @@ jobs:
 
     - name: Verify packages installed
       run: |
-        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_2_26_0.ps1"
-        powershell -File $cmd $Env:PYTHON_VERSION
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests.ps1"
+        powershell -File $cmd $Env:PYTHON_VERSION 2.31.0

.github/workflows/update-bundle.yml

@@ -30,7 +30,7 @@ jobs:
 
       - name: Update git config
         run: |
-          git config --global user.email "github-actions@github.com"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
 
       - name: Update bundle

.github/workflows/update-dependencies.yml

@@ -29,7 +29,7 @@ jobs:
         git checkout "origin/$BRANCH"
         .github/workflows/script/update-node-modules.sh update
         if [ ! -z "$(git status --porcelain)" ]; then
-          git config --global user.email "github-actions@github.com"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
           git add node_modules
           git commit -am "Update checked-in dependencies"

.github/workflows/update-release-branch.yml

@@ -35,7 +35,7 @@ jobs:
 
     - name: Update git config
       run: |
-        git config --global user.email "github-actions@github.com"
+        git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
         git config --global user.name "github-actions[bot]"
 
     - name: Update release branch

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -35,14 +35,22 @@ jobs:
           npm run build
         env:
           ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
-      - name: Commit Changes
-        uses: peter-evans/create-pull-request@284f54f989303d2699d373481a0cfa13ad5a6666 # v5.0.1
-        with:
-          commit-message: Update supported GitHub Enterprise Server versions.
-          title: Update supported GitHub Enterprise Server versions.
-          body: ""
-          author: GitHub <noreply@github.com>
-          branch: update-supported-enterprise-server-versions
-          draft: true
+
+      - name: Update git config
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Commit changes and open PR
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [[ -z $(git status --porcelain) ]]; then
+            echo "No changes to commit"
+          else
+            git checkout -b update-supported-enterprise-server-versions
+            git add .
+            git commit --message "Update supported GitHub Enterprise Server versions"
+            git push origin update-supported-enterprise-server-versions
+            gh pr create --fill --draft
+          fi

.github/workflows/update-supported-enterprise-server-versions/update.py

@@ -35,7 +35,10 @@ def main():
 
 		if oldest_supported_release is None or release_version < oldest_supported_release:
 			end_of_life_date = datetime.date.fromisoformat(release_data["end"])
-			if end_of_life_date > datetime.date.today():
+			# The GHES version is not actually end of life until the end of the day specified by
+			# `end_of_life_date`. Wait an extra week to be safe.
+			is_end_of_life = datetime.date.today() > end_of_life_date + datetime.timedelta(weeks=1)
+			if not is_end_of_life:
 				oldest_supported_release = release_version
 
 	api_compatibility_data = {

CHANGELOG.md

@@ -1,5 +1,27 @@
 # CodeQL Action Changelog
 
+## 2.20.2 - 03 Jul 2023
+
+No user facing changes.
+
+## 2.20.1 - 21 Jun 2023
+
+- Update default CodeQL bundle version to 2.13.4. [#1721](https://github.com/github/codeql-action/pull/1721)
+- Experimental: add a new `resolve-environment` action which attempts to infer a configuration for the build environment that is required to build a given project. Do not use this in production as it is part of an internal experiment and subject to change at any time.
+
+## 2.20.0 - 13 Jun 2023
+
+- Bump the version of the Action to 2.20.0. This ensures that users who received a Dependabot upgrade to [`cdcdbb5`](https://github.com/github/codeql-action/commit/cdcdbb579706841c47f7063dda365e292e5cad7a), which was mistakenly marked as Action version 2.13.4, continue to receive updates to the CodeQL Action. Full details in [#1729](https://github.com/github/codeql-action/pull/1729)
+
+## 2.3.6 - 01 Jun 2023
+
+- Update default CodeQL bundle version to 2.13.3. [#1698](https://github.com/github/codeql-action/pull/1698)
+
+## 2.3.5 - 25 May 2023
+
+- Allow invalid URIs to be used as values to `artifactLocation.uri` properties. This reverses a change from [#1668](https://github.com/github/codeql-action/pull/1668) that inadvertently led to stricter validation of some URI values. [#1705](https://github.com/github/codeql-action/pull/1705)
+- Gracefully handle invalid URIs when fingerprinting. [#1694](https://github.com/github/codeql-action/pull/1694)
+
 ## 2.3.4 - 24 May 2023
 
 - Updated the SARIF 2.1.0 JSON schema file to the latest from [oasis-tcs/sarif-spec](https://github.com/oasis-tcs/sarif-spec/blob/123e95847b13fbdd4cbe2120fa5e33355d4a042b/Schemata/sarif-schema-2.1.0.json). [#1668](https://github.com/github/codeql-action/pull/1668)

CONTRIBUTING.md

@@ -12,7 +12,7 @@ Please note that this project is released with a [Contributor Code of Conduct][c
 
 ## Development and Testing
 
-Before you start, ensure that you have a recent version of node (14 or higher) installed, along with a recent version of npm (7 or higher). You can see which version of node is used by the action in `init/action.yml`.
+Before you start, ensure that you have a recent version of node (16 or higher) installed, along with a recent version of npm (9.2 or higher). You can see which version of node is used by the action in `init/action.yml`.
 
 ### Common tasks
 

README.md

@@ -170,3 +170,7 @@ You can use Actions or environment variables to share configuration across multi
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).
+
+## Contributing
+
+This project welcomes contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to build, install, and contribute.

lib/actions-util.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -42,9 +42,9 @@ const pkg = require("../package.json");
  *
  * This allows us to get stronger type checking of required/optional inputs.
  */
-function getRequiredInput(name) {
+const getRequiredInput = function (name) {
     return core.getInput(name, { required: true });
-}
+};
 exports.getRequiredInput = getRequiredInput;
 /**
  * Wrapper around core.getInput that converts empty inputs to undefined.
@@ -104,7 +104,7 @@ exports.getCommitOid = getCommitOid;
  * Returns undefined if run by other triggers or the merge base cannot be determined.
  */
 const determineMergeBaseCommitOid = async function () {
-    if (workflowEventName() !== "pull_request") {
+    if (getWorkflowEventName() !== "pull_request") {
         return undefined;
     }
     const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
@@ -155,7 +155,7 @@ exports.determineMergeBaseCommitOid = determineMergeBaseCommitOid;
  *
  * This will combine the workflow path and current job name.
  * Computing this the first time requires making requests to
- * the github API, but after that the result will be cached.
+ * the GitHub API, but after that the result will be cached.
  */
 async function getAnalysisKey() {
     const analysisKeyEnvVar = "CODEQL_ACTION_ANALYSIS_KEY";
@@ -172,7 +172,7 @@ async function getAnalysisKey() {
 exports.getAnalysisKey = getAnalysisKey;
 async function getAutomationID() {
     const analysis_key = await getAnalysisKey();
-    const environment = getRequiredInput("matrix");
+    const environment = (0, exports.getRequiredInput)("matrix");
     return computeAutomationID(analysis_key, environment);
 }
 exports.getAutomationID = getAutomationID;
@@ -290,6 +290,7 @@ exports.getActionVersion = getActionVersion;
 async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
     const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
     const ref = await getRef();
+    const jobRunUUID = process.env[sharedEnv.JOB_RUN_UUID] || "";
     const workflowRunID = (0, workflow_1.getWorkflowRunID)();
     const workflowRunAttempt = (0, workflow_1.getWorkflowRunAttempt)();
     const workflowName = process.env["GITHUB_WORKFLOW"] || "";
@@ -310,6 +311,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
         core.exportVariable(sharedEnv.CODEQL_ACTION_TESTING_ENVIRONMENT, testingEnvironment);
     }
     const statusReport = {
+        job_run_uuid: jobRunUUID,
         workflow_run_id: workflowRunID,
         workflow_run_attempt: workflowRunAttempt,
         workflow_name: workflowName,
@@ -340,7 +342,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
         status === "user-error") {
         statusReport.completed_at = new Date().toISOString();
     }
-    const matrix = getRequiredInput("matrix");
+    const matrix = (0, exports.getRequiredInput)("matrix");
     if (matrix) {
         statusReport.matrix_vars = matrix;
     }
@@ -395,7 +397,8 @@ async function sendStatusReport(statusReport) {
         if ((0, util_1.isHTTPError)(e)) {
             switch (e.status) {
                 case 403:
-                    if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
+                    if (getWorkflowEventName() === "push" &&
+                        process.env["GITHUB_ACTOR"] === "dependabot[bot]") {
                         core.setFailed('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                             "Uploading Code Scanning results requires write access. " +
                             'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
@@ -428,42 +431,36 @@ async function sendStatusReport(statusReport) {
     }
 }
 exports.sendStatusReport = sendStatusReport;
-function workflowEventName() {
-    // If the original event is dynamic CODESCANNING_EVENT_NAME will contain the right info (push/pull_request)
-    if (process.env["GITHUB_EVENT_NAME"] === "dynamic") {
-        const value = process.env["CODESCANNING_EVENT_NAME"];
-        if (value === undefined || value.length === 0) {
-            return process.env["GITHUB_EVENT_NAME"];
-        }
-        return value;
-    }
-    return process.env["GITHUB_EVENT_NAME"];
+/**
+ * Returns the name of the event that triggered this workflow.
+ *
+ * This will be "dynamic" for default setup workflow runs.
+ */
+function getWorkflowEventName() {
+    return (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_NAME");
 }
-exports.workflowEventName = workflowEventName;
-// Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
-function workflowIsTriggeredByPushEvent() {
-    return workflowEventName() === "push";
-}
-// Is dependabot the actor that triggered the current workflow run.
-function isDependabotActor() {
-    return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
-}
-// Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
-// as opposed to running a remote action (i.e. when another repo references us)
+exports.getWorkflowEventName = getWorkflowEventName;
+/**
+ * Returns whether the current workflow is executing a local copy of the Action, e.g. we're running
+ * a workflow on the codeql-action repo itself.
+ */
 function isRunningLocalAction() {
     const relativeScriptPath = getRelativeScriptPath();
     return (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath));
 }
 exports.isRunningLocalAction = isRunningLocalAction;
-// Get the location where the action is running from.
-// This can be used to get the actions name or tell if we're running a local action.
+/**
+ * Get the location where the Action is running from.
+ *
+ * This can be used to get the Action's name or tell if we're running a local Action.
+ */
 function getRelativeScriptPath() {
     const runnerTemp = (0, util_1.getRequiredEnvParam)("RUNNER_TEMP");
     const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
     return path.relative(actionsDirectory, __filename);
 }
 exports.getRelativeScriptPath = getRelativeScriptPath;
-// Reads the contents of GITHUB_EVENT_PATH as a JSON object
+/** Returns the contents of `GITHUB_EVENT_PATH` as a JSON object. */
 function getWorkflowEvent() {
     const eventJsonFile = (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_PATH");
     try {
@@ -476,10 +473,13 @@ function getWorkflowEvent() {
 function removeRefsHeadsPrefix(ref) {
     return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }
-// Returns whether we are analyzing the default branch for the repository.
-// For cases where the repository information might not be available (e.g.,
-// dynamic workflows), this can be forced by the environment variable
-// CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH.
+/**
+ * Returns whether we are analyzing the default branch for the repository.
+ *
+ * This first checks the environment variable `CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH`. This
+ * environment variable can be set in cases where repository information might not be available, for
+ * example dynamic workflows.
+ */
 async function isAnalyzingDefaultBranch() {
     if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") {
         return true;
@@ -489,8 +489,8 @@ async function isAnalyzingDefaultBranch() {
     currentRef = removeRefsHeadsPrefix(currentRef);
     const event = getWorkflowEvent();
     let defaultBranch = event?.repository?.default_branch;
-    if (process.env.GITHUB_EVENT_NAME === "schedule") {
-        defaultBranch = removeRefsHeadsPrefix((0, util_1.getRequiredEnvParam)("GITHUB_REF"));
+    if (getWorkflowEventName() === "schedule") {
+        defaultBranch = removeRefsHeadsPrefix(getRefFromEnv());
     }
     return currentRef === defaultBranch;
 }
@@ -524,7 +524,10 @@ async function printDebugLogs(config) {
     }
 }
 exports.printDebugLogs = printDebugLogs;
-// Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload inputs appropriately.
+/**
+ * Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload
+ * inputs appropriately.
+ */
 function getUploadValue(input) {
     switch (input) {
         case undefined:

lib/actions-util.test.js

@@ -31,6 +31,7 @@ const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsutil = __importStar(require("./actions-util"));
+const sharedEnv = __importStar(require("./shared-environment"));
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -172,6 +173,7 @@ const util_1 = require("./util");
     t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
+    process.env["GITHUB_EVENT_NAME"] = "push";
     process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
     t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
     process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "false";
@@ -210,12 +212,38 @@ const util_1 = require("./util");
         getAdditionalInputStub.restore();
     });
 });
-(0, ava_1.default)("workflowEventName()", async (t) => {
-    process.env["GITHUB_EVENT_NAME"] = "push";
-    t.deepEqual(actionsutil.workflowEventName(), "push");
-    process.env["GITHUB_EVENT_NAME"] = "dynamic";
-    t.deepEqual(actionsutil.workflowEventName(), "dynamic");
-    process.env["CODESCANNING_EVENT_NAME"] = "push";
-    t.deepEqual(actionsutil.workflowEventName(), "push");
+(0, ava_1.default)("createStatusReportBase", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        process.env["GITHUB_REF"] = "refs/heads/main";
+        process.env["GITHUB_SHA"] = "a".repeat(40);
+        process.env["GITHUB_RUN_ID"] = "100";
+        process.env["GITHUB_RUN_ATTEMPT"] = "2";
+        process.env["GITHUB_REPOSITORY"] = "octocat/HelloWorld";
+        process.env["CODEQL_ACTION_ANALYSIS_KEY"] = "analysis-key";
+        process.env["RUNNER_OS"] = "macOS";
+        const getRequiredInput = sinon.stub(actionsutil, "getRequiredInput");
+        getRequiredInput.withArgs("matrix").resolves("input/matrix");
+        const statusReport = await actionsutil.createStatusReportBase("init", "failure", new Date("May 19, 2023 05:19:00"), "failure cause", "exception stack trace");
+        t.assert(typeof statusReport.job_run_uuid === "string");
+        t.assert(statusReport.workflow_run_id === 100);
+        t.assert(statusReport.workflow_run_attempt === 2);
+        t.assert(statusReport.workflow_name === (process.env["GITHUB_WORKFLOW"] || ""));
+        t.assert(statusReport.job_name === (process.env["GITHUB_JOB"] || ""));
+        t.assert(statusReport.analysis_key === "analysis-key");
+        t.assert(statusReport.commit_oid === process.env["GITHUB_SHA"]);
+        t.assert(statusReport.ref === process.env["GITHUB_REF"]);
+        t.assert(statusReport.action_name === "init");
+        t.assert(statusReport.action_oid === "unknown");
+        t.assert(statusReport.started_at ===
+            process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT]);
+        t.assert(statusReport.action_started_at ===
+            new Date("May 19, 2023 05:19:00").toISOString());
+        t.assert(statusReport.status === "failure");
+        t.assert(statusReport.cause === "failure cause");
+        t.assert(statusReport.exception === "exception stack trace");
+        t.assert(statusReport.runner_os === process.env["RUNNER_OS"]);
+        t.assert(typeof statusReport.action_version === "string");
+    });
 });
 //# sourceMappingURL=actions-util.test.js.map

lib/analyze-action.js

@@ -44,7 +44,7 @@ const logging_1 = require("./logging");
 const repository_1 = require("./repository");
 const shared_environment_1 = require("./shared-environment");
 const trap_caching_1 = require("./trap-caching");
-const upload_lib = __importStar(require("./upload-lib"));
+const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
@@ -177,7 +177,7 @@ async function run() {
         core.setOutput("db-locations", dbLocations);
         const uploadInput = actionsUtil.getOptionalInput("upload");
         if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await upload_lib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
+            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
             core.setOutput("sarif-id", uploadResult.sarifID);
         }
         else {
@@ -196,7 +196,7 @@ async function run() {
         }
         else if (uploadResult !== undefined &&
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
-            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, (0, logging_1.getActionsLogger)());
+            await uploadLib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, (0, logging_1.getActionsLogger)());
         }
         // If we did not throw an error yet here, but we expect one, throw it.
         if (actionsUtil.getOptionalInput("expect-error") === "true") {

lib/analyze.js

@@ -39,6 +39,7 @@ const configUtils = __importStar(require("./config-utils"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const tracer_config_1 = require("./tracer-config");
+const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
 class CodeQLAnalysisError extends Error {
     constructor(queriesStatusReport, message) {
@@ -54,7 +55,7 @@ async function setupPythonExtractor(logger, features, codeql) {
         // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
         return;
     }
-    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
         logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
             "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
         return;
@@ -138,6 +139,9 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
         const packsWithVersion = config.packs[language] || [];
         try {
+            const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+            let startTimeInterpretResults;
+            let endTimeInterpretResults;
             if (await util.useCodeScanningConfigInCli(codeql, features)) {
                 // If we are using the code scanning config in the CLI,
                 // much of the work needed to generate the query suites
@@ -152,11 +156,11 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
                     new Date().getTime() - startTimeBuiltIn;
                 logger.startGroup(`Interpreting results for ${language}`);
-                const startTimeInterpretResults = new Date().getTime();
-                const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+                startTimeInterpretResults = new Date().getTime();
                 const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+                endTimeInterpretResults = new Date().getTime();
                 statusReport[`interpret_results_${language}_duration_ms`] =
-                    new Date().getTime() - startTimeInterpretResults;
+                    endTimeInterpretResults - startTimeInterpretResults;
                 logger.endGroup();
                 logger.info(analysisSummary);
             }
@@ -201,15 +205,30 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 }
                 logger.endGroup();
                 logger.startGroup(`Interpreting results for ${language}`);
-                const startTimeInterpretResults = new Date().getTime();
-                const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+                startTimeInterpretResults = new Date().getTime();
                 const analysisSummary = await runInterpretResults(language, querySuitePaths, sarifFile, config.debugMode);
+                endTimeInterpretResults = new Date().getTime();
                 statusReport[`interpret_results_${language}_duration_ms`] =
-                    new Date().getTime() - startTimeInterpretResults;
+                    endTimeInterpretResults - startTimeInterpretResults;
                 logger.endGroup();
                 logger.info(analysisSummary);
             }
-            logger.info(await runPrintLinesOfCode(language));
+            if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
+                const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
+                const perQueryAlertCountEventReport = {
+                    event: "codeql database interpret-results",
+                    started_at: startTimeInterpretResults.toString(),
+                    completed_at: endTimeInterpretResults.toString(),
+                    exit_status: "success",
+                    language,
+                    properties: perQueryAlertCounts,
+                };
+                if (statusReport["event_reports"] === undefined) {
+                    statusReport["event_reports"] = [];
+                }
+                statusReport["event_reports"].push(perQueryAlertCountEventReport);
+            }
+            await runPrintLinesOfCode(language);
         }
         catch (e) {
             logger.info(String(e));
@@ -225,6 +244,26 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         const databasePath = util.getCodeQLDatabasePath(config, language);
         return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features, logger);
     }
+    /** Get an object with all queries and their counts parsed from a SARIF file path. */
+    function getPerQueryAlertCounts(sarifPath, log) {
+        (0, upload_lib_1.validateSarifFileSchema)(sarifPath, log);
+        const sarifObject = JSON.parse(fs.readFileSync(sarifPath, "utf8"));
+        // We do not need to compute fingerprints because we are not sending data based off of locations.
+        // Generate the query: alert count object
+        const perQueryAlertCounts = {};
+        // All rules (queries), from all results, from all runs
+        for (const sarifRun of sarifObject.runs) {
+            if (sarifRun.results) {
+                for (const result of sarifRun.results) {
+                    const query = result.rule?.id || result.ruleId;
+                    if (query) {
+                        perQueryAlertCounts[query] = (perQueryAlertCounts[query] || 0) + 1;
+                    }
+                }
+            }
+        }
+        return perQueryAlertCounts;
+    }
     async function runPrintLinesOfCode(language) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
         return await codeql.databasePrintBaseline(databasePath);

lib/analyze.test.js

@@ -37,11 +37,16 @@ const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
+const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
-// Checks that the duration fields are populated for the correct language
-// and correct case of builtin or custom. Also checks the correct search
-// paths are set in the database analyze invocation.
+/** Checks that the duration fields are populated for the correct language
+ * and correct case of builtin or custom. Also checks the correct search
+ * paths are set in the database analyze invocation.
+ *
+ * Mocks the QA telemetry feature flag and checks the appropriate status report
+ * fields.
+ */
 (0, ava_1.default)("status report fields and search path setting", async (t) => {
     let searchPathsUsed = [];
     return await util.withTmpDir(async (tmpDir) => {
@@ -53,6 +58,7 @@ const util = __importStar(require("./util"));
             [languages_1.Language.cpp]: ["a/b@1.0.0"],
             [languages_1.Language.java]: ["c/d@2.0.0"],
         };
+        sinon.stub(uploadLib, "validateSarifFileSchema");
         for (const language of Object.values(languages_1.Language)) {
             (0, codeql_1.setCodeQL)({
                 packDownload: async () => ({ packs: [] }),
@@ -130,18 +136,25 @@ const util = __importStar(require("./util"));
                 builtin: ["foo.ql"],
                 custom: [],
             };
-            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([]));
+            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
             const hasPacks = language in packs;
             const statusReportKeys = Object.keys(builtinStatusReport).sort();
             if (hasPacks) {
-                t.deepEqual(statusReportKeys.length, 3, statusReportKeys.toString());
+                t.deepEqual(statusReportKeys.length, 4, statusReportKeys.toString());
                 t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
                 t.deepEqual(statusReportKeys[1], `analyze_custom_queries_${language}_duration_ms`);
-                t.deepEqual(statusReportKeys[2], `interpret_results_${language}_duration_ms`);
+                t.deepEqual(statusReportKeys[2], "event_reports");
+                t.deepEqual(statusReportKeys[3], `interpret_results_${language}_duration_ms`);
             }
             else {
                 t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
-                t.deepEqual(statusReportKeys[1], `interpret_results_${language}_duration_ms`);
+                t.deepEqual(statusReportKeys[1], "event_reports");
+                t.deepEqual(statusReportKeys[2], `interpret_results_${language}_duration_ms`);
+            }
+            if (builtinStatusReport.event_reports) {
+                for (const eventReport of builtinStatusReport.event_reports) {
+                    t.deepEqual(eventReport.event, "codeql database interpret-results");
+                }
             }
             config.queries[language] = {
                 builtin: [],
@@ -156,14 +169,20 @@ const util = __importStar(require("./util"));
                     },
                 ],
             };
-            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([]));
-            t.deepEqual(Object.keys(customStatusReport).length, 2);
+            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            t.deepEqual(Object.keys(customStatusReport).length, 3);
             t.true(`analyze_custom_queries_${language}_duration_ms` in customStatusReport);
             const expectedSearchPathsUsed = hasPacks
                 ? [undefined, undefined, "/1", "/2", undefined]
                 : [undefined, "/1", "/2"];
             t.deepEqual(searchPathsUsed, expectedSearchPathsUsed);
             t.true(`interpret_results_${language}_duration_ms` in customStatusReport);
+            t.true("event_reports" in customStatusReport);
+            if (customStatusReport.event_reports) {
+                for (const eventReport of customStatusReport.event_reports) {
+                    t.deepEqual(eventReport.event, "codeql database interpret-results");
+                }
+            }
         }
         verifyQuerySuites(tmpDir);
     });

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.9", "minimumVersion": "3.5" }
+{ "maximumVersion": "3.10", "minimumVersion": "3.5" }

lib/codeql.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -89,6 +89,10 @@ exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
  * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
  */
 exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
+/**
+ * Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
+ */
+exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
 /**
  * Set up CodeQL CLI access.
  *
@@ -165,6 +169,7 @@ function setCodeQL(partialCodeql) {
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
         betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
         resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
+        resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
         packDownload: resolveFunction(partialCodeql, "packDownload"),
         databaseCleanup: resolveFunction(partialCodeql, "databaseCleanup"),
         databaseBundle: resolveFunction(partialCodeql, "databaseBundle"),
@@ -374,6 +379,24 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
             }
         },
+        async resolveBuildEnvironment(workingDir, language) {
+            const codeqlArgs = [
+                "resolve",
+                "build-environment",
+                `--language=${language}`,
+                ...getExtraOptionsFromEnv(["resolve", "build-environment"]),
+            ];
+            if (workingDir !== undefined) {
+                codeqlArgs.push("--working-dir", workingDir);
+            }
+            const output = await runTool(cmd, codeqlArgs);
+            try {
+                return JSON.parse(output);
+            }
+            catch (e) {
+                throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
+            }
+        },
         async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun) {
             const codeqlArgs = [
                 "database",

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230428",
-    "cliVersion": "2.13.1",
-    "priorBundleVersion": "codeql-bundle-20230414",
-    "priorCliVersion": "2.13.0"
+    "bundleVersion": "codeql-bundle-v2.13.4",
+    "cliVersion": "2.13.4",
+    "priorBundleVersion": "codeql-bundle-20230524",
+    "priorCliVersion": "2.13.3"
 }

lib/feature-flags.js

@@ -36,11 +36,12 @@ var Feature;
 (function (Feature) {
     Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
+    Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
     Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
+    Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
     Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
-    Feature["DisablePythonDependencyInstallation"] = "disable_python_dependency_installation";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
     [Feature.DisableKotlinAnalysisEnabled]: {
@@ -68,12 +69,17 @@ exports.featureConfig = {
         minimumVersion: "2.7.5",
         defaultValue: false,
     },
+    [Feature.QaTelemetryEnabled]: {
+        envVar: "CODEQL_ACTION_QA_TELEMETRY",
+        minimumVersion: undefined,
+        defaultValue: false,
+    },
     [Feature.UploadFailedSarifEnabled]: {
         envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
         minimumVersion: "2.11.3",
         defaultValue: true,
     },
-    [Feature.DisablePythonDependencyInstallation]: {
+    [Feature.DisablePythonDependencyInstallationEnabled]: {
         envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
         // Although the python extractor only started supporting not extracting installed
         // dependencies in 2.13.1, the init-action can still benefit from not installing

lib/fingerprints.js

@@ -194,7 +194,14 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
         logger.debug(`Ignoring location as URI "${location.uri}" is invalid`);
         return undefined;
     }
-    let uri = decodeURIComponent(location.uri);
+    let uri;
+    try {
+        uri = decodeURIComponent(location.uri);
+    }
+    catch (e) {
+        logger.debug(`Ignoring location as URI "${location.uri}" is invalid`);
+        return undefined;
+    }
     // Remove a file scheme, and abort if the scheme is anything else
     const fileUriPrefix = "file://";
     if (uri.startsWith(fileUriPrefix)) {

lib/init-action-post-helper.js

@@ -110,8 +110,9 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     // but we didn't upload anything.
     if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true" &&
         !uploadFailedSarifResult.raw_upload_size_bytes) {
+        const error = JSON.stringify(uploadFailedSarifResult);
         throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
-            `but the result was instead ${uploadFailedSarifResult}.`);
+            `but the result was instead ${error}.`);
     }
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,KAAK,GAAG,CACzC,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AAtDD,kBAsDC"}

lib/init-action.js

@@ -25,6 +25,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
+const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const feature_flags_1 = require("./feature-flags");
@@ -32,6 +33,7 @@ const init_1 = require("./init");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
+const sharedEnv = __importStar(require("./shared-environment"));
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -114,6 +116,7 @@ async function run() {
     const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
     const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
     const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
+    core.exportVariable(sharedEnv.JOB_RUN_UUID, (0, uuid_1.v4)());
     try {
         const workflowErrors = await (0, workflow_1.validateWorkflow)(logger);
         if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
@@ -136,7 +139,7 @@ async function run() {
         (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(), (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, features, logger);
         if (config.languages.includes(languages_1.Language.python) &&
             (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
-            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
                 logger.info("Skipping python dependency installation");
             }
             else {
@@ -176,7 +179,7 @@ async function run() {
             core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
         }
         // Disable Python dependency extraction if feature flag set
-        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
             core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
         }
         const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");

lib/resolve-environment-action.js

@@ -0,0 +1,82 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
+const codeql_1 = require("./codeql");
+const configUtils = __importStar(require("./config-utils"));
+const languages_1 = require("./languages");
+const logging_1 = require("./logging");
+const resolve_environment_1 = require("./resolve-environment");
+const util_1 = require("./util");
+const ACTION_NAME = "resolve-environment";
+const ENVIRONMENT_OUTPUT_NAME = "environment";
+async function run() {
+    const startedAt = new Date();
+    const logger = (0, logging_1.getActionsLogger)();
+    const language = (0, languages_1.resolveAlias)((0, actions_util_1.getRequiredInput)("language"));
+    try {
+        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)(ACTION_NAME, "starting", startedAt)))) {
+            return;
+        }
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
+        if (config === undefined) {
+            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
+        }
+        const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
+        const result = await (0, resolve_environment_1.runResolveBuildEnvironment)(config.codeQLCmd, logger, workingDirectory, language);
+        core.setOutput(ENVIRONMENT_OUTPUT_NAME, result);
+    }
+    catch (unwrappedError) {
+        const error = (0, util_1.wrapError)(unwrappedError);
+        if (error instanceof codeql_1.CommandInvocationError) {
+            // If the CLI failed to run successfully for whatever reason,
+            // we just return an empty JSON object and proceed with the workflow.
+            core.setOutput(ENVIRONMENT_OUTPUT_NAME, {});
+            logger.warning(`Failed to resolve a build environment suitable for automatically building your code. ${error.message}`);
+        }
+        else {
+            // For any other error types, something has more seriously gone wrong and we fail.
+            core.setFailed(`Failed to resolve a build environment suitable for automatically building your code. ${error.message}`);
+            await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)(ACTION_NAME, (0, actions_util_1.getActionsStatus)(error), startedAt, error.message, error.stack));
+        }
+        return;
+    }
+    await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)(ACTION_NAME, "success", startedAt));
+}
+async function runWrapper() {
+    try {
+        await run();
+    }
+    catch (error) {
+        core.setFailed(`${ACTION_NAME} action failed: ${(0, util_1.wrapError)(error).message}`);
+    }
+    await (0, util_1.checkForTimeout)();
+}
+void runWrapper();
+//# sourceMappingURL=resolve-environment-action.js.map

lib/resolve-environment-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-environment-action.js","sourceRoot":"","sources":["../src/resolve-environment-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,6CAAgD;AAChD,qCAAkD;AAClD,4DAA8C;AAC9C,2CAAqD;AACrD,uCAA6C;AAC7C,+DAAmE;AACnE,iCAA+E;AAE/E,MAAM,WAAW,GAAG,qBAAqB,CAAC;AAC1C,MAAM,uBAAuB,GAAG,aAAa,CAAC;AAE9C,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,QAAQ,GAAa,IAAA,wBAAY,EAAC,IAAA,+BAAgB,EAAC,UAAU,CAAC,CAAC,CAAC;IAEtE,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,MAAM,IAAA,gDAA0B,EAC7C,MAAM,CAAC,SAAS,EAChB,MAAM,EACN,gBAAgB,EAChB,QAAQ,CACT,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;KACjD;IAAC,OAAO,cAAc,EAAE;QACvB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QAExC,IAAI,KAAK,YAAY,+BAAsB,EAAE;YAC3C,6DAA6D;YAC7D,qEAAqE;YACrE,IAAI,CAAC,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,CAAC,OAAO,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;SACH;aAAM;YACL,kFAAkF;YAClF,IAAI,CAAC,SAAS,CACZ,wFAAwF,KAAK,CAAC,OAAO,EAAE,CACxG,CAAC;YAEF,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAC1B,WAAW,EACX,IAAA,+BAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;SACH;QAED,OAAO;KACR;IAED,MAAM,IAAA,+BAAgB,EACpB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC,CAChE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,GAAG,WAAW,mBAAmB,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;KAC7E;IACD,MAAM,IAAA,sBAAe,GAAE,CAAC;AAC1B,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/resolve-environment.js

@@ -0,0 +1,49 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runResolveBuildEnvironment = void 0;
+const codeql_1 = require("./codeql");
+const util = __importStar(require("./util"));
+async function runResolveBuildEnvironment(cmd, logger, workingDir, language) {
+    logger.startGroup(`Attempting to resolve build environment for ${language}`);
+    const codeql = await (0, codeql_1.getCodeQL)(cmd);
+    let result = {};
+    // If the CodeQL version in use does not support the `resolve build-environment`
+    // command, just return an empty configuration. Otherwise invoke the CLI.
+    if (!(await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_RESOLVE_ENVIRONMENT))) {
+        logger.warning("Unsupported CodeQL CLI version for `resolve build-environment` command, " +
+            "returning an empty configuration.");
+    }
+    else {
+        if (workingDir !== undefined) {
+            logger.info(`Using ${workingDir} as the working directory.`);
+        }
+        result = await codeql.resolveBuildEnvironment(workingDir, language);
+    }
+    logger.endGroup();
+    return result;
+}
+exports.runResolveBuildEnvironment = runResolveBuildEnvironment;
+//# sourceMappingURL=resolve-environment.js.map

lib/resolve-environment.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-environment.js","sourceRoot":"","sources":["../src/resolve-environment.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAyE;AAGzE,6CAA+B;AAExB,KAAK,UAAU,0BAA0B,CAC9C,GAAW,EACX,MAAc,EACd,UAA8B,EAC9B,QAAkB;IAElB,MAAM,CAAC,UAAU,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;IAE7E,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,GAAG,CAAC,CAAC;IACpC,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,gFAAgF;IAChF,yEAAyE;IACzE,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,2CAAkC,CAAC,CAAC,EAC5E;QACA,MAAM,CAAC,OAAO,CACZ,0EAA0E;YACxE,mCAAmC,CACtC,CAAC;KACH;SAAM;QACL,IAAI,UAAU,KAAK,SAAS,EAAE;YAC5B,MAAM,CAAC,IAAI,CAAC,SAAS,UAAU,4BAA4B,CAAC,CAAC;SAC9D;QAED,MAAM,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;KACrE;IAED,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA9BD,gEA8BC"}

lib/shared-environment.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = exports.EnvVar = void 0;
+exports.JOB_RUN_UUID = exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = exports.EnvVar = void 0;
 /**
  * Environment variables to be set by codeql-action and used by the
  * CLI.
@@ -60,4 +60,6 @@ exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = "CODEQL_ACTION_DISABLE_DU
  */
 exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
 exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
+/** UUID representing the current job run. */
+exports.JOB_RUN_UUID = "JOB_RUN_UUID";
 //# sourceMappingURL=shared-environment.js.map

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,IAAY,MA8BX;AA9BD,WAAY,MAAM;IAChB;;OAEG;IACH,2CAAiC,CAAA;IAEjC;;;OAGG;IACH,uEAA6D,CAAA;IAE7D;;;OAGG;IACH,mEAAyD,CAAA;IAEzD;;;;OAIG;IACH,yEAA+D,CAAA;IAE/D;;;OAGG;IACH,6DAAmD,CAAA;AACrD,CAAC,EA9BW,MAAM,GAAN,cAAM,KAAN,cAAM,QA8BjB;AAED;;;GAGG;AACU,QAAA,kCAAkC,GAC7C,oCAAoC,CAAC;AAEvC;;;GAGG;AACU,QAAA,+CAA+C,GAC1D,iDAAiD,CAAC;AAEvC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;GAGG;AACU,QAAA,4CAA4C,GACvD,8CAA8C,CAAC;AAEjD;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,IAAY,MA8BX;AA9BD,WAAY,MAAM;IAChB;;OAEG;IACH,2CAAiC,CAAA;IAEjC;;;OAGG;IACH,uEAA6D,CAAA;IAE7D;;;OAGG;IACH,mEAAyD,CAAA;IAEzD;;;;OAIG;IACH,yEAA+D,CAAA;IAE/D;;;OAGG;IACH,6DAAmD,CAAA;AACrD,CAAC,EA9BW,MAAM,GAAN,cAAM,KAAN,cAAM,QA8BjB;AAED;;;GAGG;AACU,QAAA,kCAAkC,GAC7C,oCAAoC,CAAC;AAEvC;;;GAGG;AACU,QAAA,+CAA+C,GAC1D,iDAAiD,CAAC;AAEvC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;GAGG;AACU,QAAA,4CAA4C,GACvD,8CAA8C,CAAC;AAEjD;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAEvE,6CAA6C;AAChC,QAAA,YAAY,GAAG,cAAc,CAAC"}

lib/trap-caching.js

@@ -91,7 +91,7 @@ async function downloadTrapCaches(codeql, languages, logger) {
     }
     let baseSha = "unknown";
     const eventPath = process.env.GITHUB_EVENT_PATH;
-    if (actionsUtil.workflowEventName() === "pull_request" &&
+    if (actionsUtil.getWorkflowEventName() === "pull_request" &&
         eventPath !== undefined) {
         const event = JSON.parse(fs.readFileSync(path.resolve(eventPath), "utf-8"));
         baseSha = event.pull_request?.base?.sha || baseSha;

lib/upload-lib.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.pruneInvalidResults = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.countResultsInSarif = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = exports.combineSarifFiles = void 0;
+exports.pruneInvalidResults = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const process_1 = require("process");
@@ -62,7 +62,6 @@ function combineSarifFiles(sarifFiles) {
     }
     return combinedSarif;
 }
-exports.combineSarifFiles = combineSarifFiles;
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
 function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
@@ -174,23 +173,29 @@ function countResultsInSarif(sarif) {
     }
     return numResults;
 }
-exports.countResultsInSarif = countResultsInSarif;
 // Validates that the given file path refers to a valid SARIF file.
 // Throws an error if the file is invalid.
 function validateSarifFileSchema(sarifFilePath, logger) {
     const sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
     const schema = require("../src/sarif-schema-2.1.0.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
-    if (!result.valid) {
+    // Filter errors related to invalid URIs in the artifactLocation field as this
+    // is a breaking change. See https://github.com/github/codeql-action/issues/1703
+    const errors = (result.errors || []).filter((err) => err.argument !== "uri-reference");
+    const warnings = (result.errors || []).filter((err) => err.argument === "uri-reference");
+    for (const warning of warnings) {
+        logger.info(`Warning: '${warning.instance}' is not a valid URI in '${warning.property}'.`);
+    }
+    if (errors.length) {
         // Output the more verbose error messages in groups as these may be very large.
-        for (const error of result.errors) {
+        for (const error of errors) {
             logger.startGroup(`Error details: ${error.stack}`);
             logger.info(JSON.stringify(error, null, 2));
             logger.endGroup();
         }
         // Set the main error message to the stacks of all the errors.
         // This should be of a manageable size and may even give enough to fix the error.
-        const sarifErrors = result.errors.map((e) => `- ${e.stack}`);
+        const sarifErrors = errors.map((e) => `- ${e.stack}`);
         throw new Error(`Unable to upload "${sarifFilePath}" as it is not valid SARIF:\n${sarifErrors.join("\n")}`);
     }
 }
@@ -213,7 +218,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
         base_ref: undefined,
         base_sha: undefined,
     };
-    if (actionsUtil.workflowEventName() === "pull_request") {
+    if (actionsUtil.getWorkflowEventName() === "pull_request") {
         if (commitOid === util.getRequiredEnvParam("GITHUB_SHA") &&
             mergeBaseCommitOid) {
             // We're uploading results for the merge commit
@@ -352,16 +357,21 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger
         response.data.errors.length === 1 &&
         response.data.errors[0].toString().startsWith("unsuccessful execution")) {
         logger.debug("Successfully uploaded a SARIF file for the unsuccessful execution. Received expected " +
-            '"unsuccessful execution" error, and no other errors.');
+            '"unsuccessful execution" processing error, and no other errors.');
+    }
+    else if (status === "failed") {
+        logger.warning(`Failed to upload a SARIF file for the unsuccessful execution. Code scanning status ` +
+            `information for the repository may be out of date as a result. Processing errors: ${response.data.errors}`);
+    }
+    else if (status === "complete") {
+        // There is a known transient issue with the code scanning API where it sometimes reports
+        // `complete` for an unsuccessful execution submission.
+        logger.debug("Uploaded a SARIF file for the unsuccessful execution, but did not receive the expected " +
+            '"unsuccessful execution" processing error. This is a known transient issue with the ' +
+            "code scanning API, and does not cause out of date code scanning status information.");
     }
     else {
-        const shortMessage = "Failed to upload a SARIF file for the unsuccessful execution. Code scanning status " +
-            "information for the repository may be out of date as a result.";
-        const longMessage = shortMessage + status === "failed"
-            ? ` Processing errors: ${response.data.errors}`
-            : ' Encountered no processing errors, but expected to receive an "unsuccessful execution" error.';
-        logger.debug(longMessage);
-        throw new Error(shortMessage);
+        util.assertNever(status);
     }
 }
 function validateUniqueCategory(sarif) {

lib/upload-lib.test.js

@@ -233,6 +233,18 @@ ava_1.default.beforeEach(() => {
     t.deepEqual(loggedMessages.length, 1);
     t.assert(loggedMessages[0].includes("Pruned 2 results"));
 });
+(0, ava_1.default)("accept results with invalid artifactLocation.uri value", (t) => {
+    const loggedMessages = [];
+    const mockLogger = {
+        info: (message) => {
+            loggedMessages.push(message);
+        },
+    };
+    const sarifFile = `${__dirname}/../src/testdata/with-invalid-uri.sarif`;
+    uploadLib.validateSarifFileSchema(sarifFile, mockLogger);
+    t.deepEqual(loggedMessages.length, 1);
+    t.deepEqual(loggedMessages[0], "Warning: 'not a valid URI' is not a valid URI in 'instance.runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri'.");
+});
 const affectedCodeQLVersion = {
     driver: {
         name: "CodeQL",

lib/util.js

@@ -673,11 +673,6 @@ function removeDuplicateLocations(locations) {
     });
 }
 function fixInvalidNotifications(sarif, logger) {
-    if (process.env[shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
-        logger.info("SARIF notification object duplicate location fix disabled by the " +
-            `${shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
-        return sarif;
-    }
     if (!Array.isArray(sarif.runs)) {
         return sarif;
     }
@@ -727,10 +722,27 @@ function fixInvalidNotifications(sarif, logger) {
     return newSarif;
 }
 exports.fixInvalidNotifications = fixInvalidNotifications;
+/**
+ * Removes duplicates from the sarif file.
+ *
+ * When `CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX` is set to true, this will
+ * simply rename the input file to the output file. Otherwise, it will parse the
+ * input file as JSON, remove duplicate locations from the SARIF notification
+ * objects, and write the result to the output file.
+ *
+ * For context, see documentation of:
+ * `CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX`. */
 function fixInvalidNotificationsInFile(inputPath, outputPath, logger) {
-    let sarif = JSON.parse(fs.readFileSync(inputPath, "utf8"));
-    sarif = fixInvalidNotifications(sarif, logger);
-    fs.writeFileSync(outputPath, JSON.stringify(sarif));
+    if (process.env[shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
+        logger.info("SARIF notification object duplicate location fix disabled by the " +
+            `${shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
+        fs.renameSync(inputPath, outputPath);
+    }
+    else {
+        let sarif = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+        sarif = fixInvalidNotifications(sarif, logger);
+        fs.writeFileSync(outputPath, JSON.stringify(sarif));
+    }
 }
 exports.fixInvalidNotificationsInFile = fixInvalidNotificationsInFile;
 function wrapError(error) {

lib/workflow.js

@@ -298,7 +298,9 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
  * This allows us to test workflow parsing functionality as a CodeQL Action PR check.
  */
 function getAnalyzeActionName() {
-    if ((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY") === "github/codeql-action") {
+    if ((0, util_1.isInTestMode)() ||
+        process.env["CODEQL_ACTION_TESTING_ENVIRONMENT"] ===
+            "codeql-action-pr-checks") {
         return "./analyze";
     }
     else {

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.3.4",
+  "version": "2.20.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -557,9 +557,9 @@
       }
     },
     "node_modules/@octokit/openapi-types": {
-      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-16.0.0.tgz",
-      "integrity": "sha512-JbFWOqTJVLHZSUUoF4FzAZKYtqdxWu9Z5m2QQnOyEa04fOFljvyh7D3GYKbfuaSWisqehImiVIMG4eyJeP5VEA=="
+      "version": "18.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-18.0.0.tgz",
+      "integrity": "sha512-V8GImKs3TeQRxRtXFpG2wl19V7444NIOTDF24AWuIbmNaNYOQMWRbjcGDXV5B+0n887fgDcuMNOmlul+k+oJtw=="
     },
     "node_modules/@octokit/plugin-paginate-rest": {
       "version": "2.4.0",
@@ -596,20 +596,28 @@
       }
     },
     "node_modules/@octokit/plugin-retry": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-4.0.4.tgz",
-      "integrity": "sha512-d7qGFLR3AH+WbNEDUvBPgMc7wRCxU40FZyNXFFqs8ISw75ZYS5/P3ScggzU13dCoY0aywYDxKugGstQTwNgppA==",
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-5.0.2.tgz",
+      "integrity": "sha512-/Z7rWLCfjwmaVdyFuMkZoAnhfrvYgtvDrbO2d6lv7XrvJa8gFGB5tLUMngfuyMBfDCc5B9+EVu7IkQx5ebVlMg==",
       "dependencies": {
         "@octokit/types": "^9.0.0",
         "bottleneck": "^2.15.3"
       },
       "engines": {
-        "node": ">= 14"
+        "node": ">= 18"
       },
       "peerDependencies": {
         "@octokit/core": ">=3"
       }
     },
+    "node_modules/@octokit/plugin-retry/node_modules/@octokit/types": {
+      "version": "9.3.2",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-9.3.2.tgz",
+      "integrity": "sha512-D4iHGTdAnEEVsB8fl95m1hiz7D5YiRdQ9b/OEb3BYRVwbLsGHcRVPz+u+BgRLNk0Q0/4iZCBqDN96j2XNxfXrA==",
+      "dependencies": {
+        "@octokit/openapi-types": "^18.0.0"
+      }
+    },
     "node_modules/@octokit/request": {
       "version": "5.4.9",
       "integrity": "sha512-CzwVvRyimIM1h2n9pLVYfTDmX9m+KHSgCpqPsY8F1NdEK8IaWqXhSBXsdjOBFZSpEcxNEeg4p0UO9cQ8EnOCLA==",
@@ -650,11 +658,11 @@
       }
     },
     "node_modules/@octokit/types": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-9.0.0.tgz",
-      "integrity": "sha512-LUewfj94xCMH2rbD5YJ+6AQ4AVjFYTgpp6rboWM5T7N3IsIF65SBEOVcYMGAEzO/kKNiNaW4LoWtoThOhH06gw==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-10.0.0.tgz",
+      "integrity": "sha512-Vm8IddVmhCgU1fxC1eyinpwqzXPEYu0NrYzD3YZjlGjyftdLBTeqNblRC0jmJmgxbJIsQlyogVeGnrNaaMVzIg==",
       "dependencies": {
-        "@octokit/openapi-types": "^16.0.0"
+        "@octokit/openapi-types": "^18.0.0"
       }
     },
     "node_modules/@opentelemetry/api": {
@@ -5213,9 +5221,9 @@
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
     },
     "node_modules/semver": {
-      "version": "7.3.8",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
-      "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+      "version": "7.5.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.2.tgz",
+      "integrity": "sha512-SoftuTROv/cRjCze/scjGyiDtcUyxw1rgYQSZY7XTmtR5hX+dm76iDbTH8TkLPHCQmlbQVSSbNZCPM2hb0knnQ==",
       "dependencies": {
         "lru-cache": "^6.0.0"
       },

node_modules/@octokit/openapi-types/package.json

@@ -9,12 +9,12 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "16.0.0",
+  "version": "18.0.0",
   "main": "",
   "types": "types.d.ts",
   "author": "Gregor Martynus (https://twitter.com/gr2m)",
   "license": "MIT",
   "octokit": {
-    "openapi-version": "10.0.0"
+    "openapi-version": "12.0.0"
   }
 }

node_modules/@octokit/plugin-retry/dist-node/index.js

@@ -1,63 +1,107 @@
-'use strict';
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
-Object.defineProperty(exports, '__esModule', { value: true });
+// pkg/dist-src/index.js
+var dist_src_exports = {};
+__export(dist_src_exports, {
+  VERSION: () => VERSION,
+  retry: () => retry
+});
+module.exports = __toCommonJS(dist_src_exports);
 
-function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
-
-var Bottleneck = _interopDefault(require('bottleneck/light'));
-
-// @ts-ignore
-async function errorRequest(octokit, state, error, options) {
+// pkg/dist-src/error-request.js
+async function errorRequest(state, octokit, error, options) {
   if (!error.request || !error.request.request) {
-    // address https://github.com/octokit/plugin-retry.js/issues/8
     throw error;
   }
-  // retry all >= 400 && not doNotRetry
   if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
     const retries = options.request.retries != null ? options.request.retries : state.retries;
     const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
     throw octokit.retry.retryRequest(error, retries, retryAfter);
   }
-  // Maybe eventually there will be more cases here
   throw error;
 }
 
-// @ts-ignore
-// @ts-ignore
-async function wrapRequest(state, request, options) {
-  const limiter = new Bottleneck();
-  // @ts-ignore
-  limiter.on("failed", function (error, info) {
+// pkg/dist-src/wrap-request.js
+var import_light = __toESM(require("bottleneck/light"));
+var import_request_error = require("@octokit/request-error");
+async function wrapRequest(state, octokit, request, options) {
+  const limiter = new import_light.default();
+  limiter.on("failed", function(error, info) {
     const maxRetries = ~~error.request.request.retries;
     const after = ~~error.request.request.retryAfter;
     options.request.retryCount = info.retryCount + 1;
     if (maxRetries > info.retryCount) {
-      // Returning a number instructs the limiter to retry
-      // the request after that number of milliseconds have passed
       return after * state.retryAfterBaseValue;
     }
   });
-  return limiter.schedule(request, options);
+  return limiter.schedule(
+    requestWithGraphqlErrorHandling.bind(null, state, octokit, request),
+    options
+  );
+}
+async function requestWithGraphqlErrorHandling(state, octokit, request, options) {
+  const response = await request(request, options);
+  if (response.data && response.data.errors && /Something went wrong while executing your query/.test(
+    response.data.errors[0].message
+  )) {
+    const error = new import_request_error.RequestError(response.data.errors[0].message, 500, {
+      request: options,
+      response
+    });
+    return errorRequest(state, octokit, error, options);
+  }
+  return response;
 }
 
-const VERSION = "4.0.4";
+// pkg/dist-src/index.js
+var VERSION = "5.0.2";
 function retry(octokit, octokitOptions) {
-  const state = Object.assign({
-    enabled: true,
-    retryAfterBaseValue: 1000,
-    doNotRetry: [400, 401, 403, 404, 422],
-    retries: 3
-  }, octokitOptions.retry);
+  const state = Object.assign(
+    {
+      enabled: true,
+      retryAfterBaseValue: 1e3,
+      doNotRetry: [400, 401, 403, 404, 422],
+      retries: 3
+    },
+    octokitOptions.retry
+  );
   if (state.enabled) {
-    octokit.hook.error("request", errorRequest.bind(null, octokit, state));
-    octokit.hook.wrap("request", wrapRequest.bind(null, state));
+    octokit.hook.error("request", errorRequest.bind(null, state, octokit));
+    octokit.hook.wrap("request", wrapRequest.bind(null, state, octokit));
   }
   return {
     retry: {
       retryRequest: (error, retries, retryAfter) => {
         error.request.request = Object.assign({}, error.request.request, {
-          retries: retries,
-          retryAfter: retryAfter
+          retries,
+          retryAfter
         });
         return error;
       }
@@ -65,7 +109,8 @@ function retry(octokit, octokitOptions) {
   };
 }
 retry.VERSION = VERSION;
-
-exports.VERSION = VERSION;
-exports.retry = retry;
-//# sourceMappingURL=index.js.map
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  VERSION,
+  retry
+});

node_modules/@octokit/plugin-retry/dist-node/index.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"index.js","sources":["../dist-src/error-request.js","../dist-src/wrap-request.js","../dist-src/index.js"],"sourcesContent":["// @ts-ignore\nexport async function errorRequest(octokit, state, error, options) {\n    if (!error.request || !error.request.request) {\n        // address https://github.com/octokit/plugin-retry.js/issues/8\n        throw error;\n    }\n    // retry all >= 400 && not doNotRetry\n    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n        const retries = options.request.retries != null ? options.request.retries : state.retries;\n        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n        throw octokit.retry.retryRequest(error, retries, retryAfter);\n    }\n    // Maybe eventually there will be more cases here\n    throw error;\n}\n","// @ts-ignore\nimport Bottleneck from \"bottleneck/light\";\n// @ts-ignore\nexport async function wrapRequest(state, request, options) {\n    const limiter = new Bottleneck();\n    // @ts-ignore\n    limiter.on(\"failed\", function (error, info) {\n        const maxRetries = ~~error.request.request.retries;\n        const after = ~~error.request.request.retryAfter;\n        options.request.retryCount = info.retryCount + 1;\n        if (maxRetries > info.retryCount) {\n            // Returning a number instructs the limiter to retry\n            // the request after that number of milliseconds have passed\n            return after * state.retryAfterBaseValue;\n        }\n    });\n    return limiter.schedule(request, options);\n}\n","import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nexport const VERSION = \"4.0.4\";\nexport function retry(octokit, octokitOptions) {\n    const state = Object.assign({\n        enabled: true,\n        retryAfterBaseValue: 1000,\n        doNotRetry: [400, 401, 403, 404, 422],\n        retries: 3,\n    }, octokitOptions.retry);\n    if (state.enabled) {\n        octokit.hook.error(\"request\", errorRequest.bind(null, octokit, state));\n        octokit.hook.wrap(\"request\", wrapRequest.bind(null, state));\n    }\n    return {\n        retry: {\n            retryRequest: (error, retries, retryAfter) => {\n                error.request.request = Object.assign({}, error.request.request, {\n                    retries: retries,\n                    retryAfter: retryAfter,\n                });\n                return error;\n            },\n        },\n    };\n}\nretry.VERSION = VERSION;\n"],"names":["errorRequest","octokit","state","error","options","request","status","doNotRetry","includes","retries","retryAfter","Math","pow","retryCount","retry","retryRequest","wrapRequest","limiter","Bottleneck","on","info","maxRetries","after","retryAfterBaseValue","schedule","VERSION","octokitOptions","Object","assign","enabled","hook","bind","wrap"],"mappings":";;;;;;;;AAAA;AACO,eAAeA,YAAY,CAACC,OAAO,EAAEC,KAAK,EAAEC,KAAK,EAAEC,OAAO,EAAE;EAC/D,IAAI,CAACD,KAAK,CAACE,OAAO,IAAI,CAACF,KAAK,CAACE,OAAO,CAACA,OAAO,EAAE;;IAE1C,MAAMF,KAAK;;;EAGf,IAAIA,KAAK,CAACG,MAAM,IAAI,GAAG,IAAI,CAACJ,KAAK,CAACK,UAAU,CAACC,QAAQ,CAACL,KAAK,CAACG,MAAM,CAAC,EAAE;IACjE,MAAMG,OAAO,GAAGL,OAAO,CAACC,OAAO,CAACI,OAAO,IAAI,IAAI,GAAGL,OAAO,CAACC,OAAO,CAACI,OAAO,GAAGP,KAAK,CAACO,OAAO;IACzF,MAAMC,UAAU,GAAGC,IAAI,CAACC,GAAG,CAAC,CAACR,OAAO,CAACC,OAAO,CAACQ,UAAU,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACrE,MAAMZ,OAAO,CAACa,KAAK,CAACC,YAAY,CAACZ,KAAK,EAAEM,OAAO,EAAEC,UAAU,CAAC;;;EAGhE,MAAMP,KAAK;AACf;;ACdA;AACA,AACA;AACA,AAAO,eAAea,WAAW,CAACd,KAAK,EAAEG,OAAO,EAAED,OAAO,EAAE;EACvD,MAAMa,OAAO,GAAG,IAAIC,UAAU,EAAE;;EAEhCD,OAAO,CAACE,EAAE,CAAC,QAAQ,EAAE,UAAUhB,KAAK,EAAEiB,IAAI,EAAE;IACxC,MAAMC,UAAU,GAAG,CAAC,CAAClB,KAAK,CAACE,OAAO,CAACA,OAAO,CAACI,OAAO;IAClD,MAAMa,KAAK,GAAG,CAAC,CAACnB,KAAK,CAACE,OAAO,CAACA,OAAO,CAACK,UAAU;IAChDN,OAAO,CAACC,OAAO,CAACQ,UAAU,GAAGO,IAAI,CAACP,UAAU,GAAG,CAAC;IAChD,IAAIQ,UAAU,GAAGD,IAAI,CAACP,UAAU,EAAE;;;MAG9B,OAAOS,KAAK,GAAGpB,KAAK,CAACqB,mBAAmB;;GAE/C,CAAC;EACF,OAAON,OAAO,CAACO,QAAQ,CAACnB,OAAO,EAAED,OAAO,CAAC;AAC7C;;MCfaqB,OAAO,GAAG,mBAAmB;AAC1C,AAAO,SAASX,KAAK,CAACb,OAAO,EAAEyB,cAAc,EAAE;EAC3C,MAAMxB,KAAK,GAAGyB,MAAM,CAACC,MAAM,CAAC;IACxBC,OAAO,EAAE,IAAI;IACbN,mBAAmB,EAAE,IAAI;IACzBhB,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IACrCE,OAAO,EAAE;GACZ,EAAEiB,cAAc,CAACZ,KAAK,CAAC;EACxB,IAAIZ,KAAK,CAAC2B,OAAO,EAAE;IACf5B,OAAO,CAAC6B,IAAI,CAAC3B,KAAK,CAAC,SAAS,EAAEH,YAAY,CAAC+B,IAAI,CAAC,IAAI,EAAE9B,OAAO,EAAEC,KAAK,CAAC,CAAC;IACtED,OAAO,CAAC6B,IAAI,CAACE,IAAI,CAAC,SAAS,EAAEhB,WAAW,CAACe,IAAI,CAAC,IAAI,EAAE7B,KAAK,CAAC,CAAC;;EAE/D,OAAO;IACHY,KAAK,EAAE;MACHC,YAAY,EAAE,CAACZ,KAAK,EAAEM,OAAO,EAAEC,UAAU,KAAK;QAC1CP,KAAK,CAACE,OAAO,CAACA,OAAO,GAAGsB,MAAM,CAACC,MAAM,CAAC,EAAE,EAAEzB,KAAK,CAACE,OAAO,CAACA,OAAO,EAAE;UAC7DI,OAAO,EAAEA,OAAO;UAChBC,UAAU,EAAEA;SACf,CAAC;QACF,OAAOP,KAAK;;;GAGvB;AACL;AACAW,KAAK,CAACW,OAAO,GAAGA,OAAO;;;;;"}
+{
+  "version": 3,
+  "sources": ["../dist-src/index.js", "../dist-src/error-request.js", "../dist-src/wrap-request.js"],
+  "sourcesContent": ["import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nconst VERSION = \"5.0.2\";\nfunction retry(octokit, octokitOptions) {\n  const state = Object.assign(\n    {\n      enabled: true,\n      retryAfterBaseValue: 1e3,\n      doNotRetry: [400, 401, 403, 404, 422],\n      retries: 3\n    },\n    octokitOptions.retry\n  );\n  if (state.enabled) {\n    octokit.hook.error(\"request\", errorRequest.bind(null, state, octokit));\n    octokit.hook.wrap(\"request\", wrapRequest.bind(null, state, octokit));\n  }\n  return {\n    retry: {\n      retryRequest: (error, retries, retryAfter) => {\n        error.request.request = Object.assign({}, error.request.request, {\n          retries,\n          retryAfter\n        });\n        return error;\n      }\n    }\n  };\n}\nretry.VERSION = VERSION;\nexport {\n  VERSION,\n  retry\n};\n", "async function errorRequest(state, octokit, error, options) {\n  if (!error.request || !error.request.request) {\n    throw error;\n  }\n  if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n    const retries = options.request.retries != null ? options.request.retries : state.retries;\n    const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n    throw octokit.retry.retryRequest(error, retries, retryAfter);\n  }\n  throw error;\n}\nexport {\n  errorRequest\n};\n", "import Bottleneck from \"bottleneck/light\";\nimport { RequestError } from \"@octokit/request-error\";\nimport { errorRequest } from \"./error-request\";\nasync function wrapRequest(state, octokit, request, options) {\n  const limiter = new Bottleneck();\n  limiter.on(\"failed\", function(error, info) {\n    const maxRetries = ~~error.request.request.retries;\n    const after = ~~error.request.request.retryAfter;\n    options.request.retryCount = info.retryCount + 1;\n    if (maxRetries > info.retryCount) {\n      return after * state.retryAfterBaseValue;\n    }\n  });\n  return limiter.schedule(\n    requestWithGraphqlErrorHandling.bind(null, state, octokit, request),\n    options\n  );\n}\nasync function requestWithGraphqlErrorHandling(state, octokit, request, options) {\n  const response = await request(request, options);\n  if (response.data && response.data.errors && /Something went wrong while executing your query/.test(\n    response.data.errors[0].message\n  )) {\n    const error = new RequestError(response.data.errors[0].message, 500, {\n      request: options,\n      response\n    });\n    return errorRequest(state, octokit, error, options);\n  }\n  return response;\n}\nexport {\n  wrapRequest\n};\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,eAAe,aAAa,OAAO,SAAS,OAAO,SAAS;AAC1D,MAAI,CAAC,MAAM,WAAW,CAAC,MAAM,QAAQ,SAAS;AAC5C,UAAM;AAAA,EACR;AACA,MAAI,MAAM,UAAU,OAAO,CAAC,MAAM,WAAW,SAAS,MAAM,MAAM,GAAG;AACnE,UAAM,UAAU,QAAQ,QAAQ,WAAW,OAAO,QAAQ,QAAQ,UAAU,MAAM;AAClF,UAAM,aAAa,KAAK,KAAK,QAAQ,QAAQ,cAAc,KAAK,GAAG,CAAC;AACpE,UAAM,QAAQ,MAAM,aAAa,OAAO,SAAS,UAAU;AAAA,EAC7D;AACA,QAAM;AACR;;;ACVA,mBAAuB;AACvB,2BAA6B;AAE7B,eAAe,YAAY,OAAO,SAAS,SAAS,SAAS;AAC3D,QAAM,UAAU,IAAI,aAAAA,QAAW;AAC/B,UAAQ,GAAG,UAAU,SAAS,OAAO,MAAM;AACzC,UAAM,aAAa,CAAC,CAAC,MAAM,QAAQ,QAAQ;AAC3C,UAAM,QAAQ,CAAC,CAAC,MAAM,QAAQ,QAAQ;AACtC,YAAQ,QAAQ,aAAa,KAAK,aAAa;AAC/C,QAAI,aAAa,KAAK,YAAY;AAChC,aAAO,QAAQ,MAAM;AAAA,IACvB;AAAA,EACF,CAAC;AACD,SAAO,QAAQ;AAAA,IACb,gCAAgC,KAAK,MAAM,OAAO,SAAS,OAAO;AAAA,IAClE;AAAA,EACF;AACF;AACA,eAAe,gCAAgC,OAAO,SAAS,SAAS,SAAS;AAC/E,QAAM,WAAW,MAAM,QAAQ,SAAS,OAAO;AAC/C,MAAI,SAAS,QAAQ,SAAS,KAAK,UAAU,kDAAkD;AAAA,IAC7F,SAAS,KAAK,OAAO,CAAC,EAAE;AAAA,EAC1B,GAAG;AACD,UAAM,QAAQ,IAAI,kCAAa,SAAS,KAAK,OAAO,CAAC,EAAE,SAAS,KAAK;AAAA,MACnE,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,WAAO,aAAa,OAAO,SAAS,OAAO,OAAO;AAAA,EACpD;AACA,SAAO;AACT;;;AF5BA,IAAM,UAAU;AAChB,SAAS,MAAM,SAAS,gBAAgB;AACtC,QAAM,QAAQ,OAAO;AAAA,IACnB;AAAA,MACE,SAAS;AAAA,MACT,qBAAqB;AAAA,MACrB,YAAY,CAAC,KAAK,KAAK,KAAK,KAAK,GAAG;AAAA,MACpC,SAAS;AAAA,IACX;AAAA,IACA,eAAe;AAAA,EACjB;AACA,MAAI,MAAM,SAAS;AACjB,YAAQ,KAAK,MAAM,WAAW,aAAa,KAAK,MAAM,OAAO,OAAO,CAAC;AACrE,YAAQ,KAAK,KAAK,WAAW,YAAY,KAAK,MAAM,OAAO,OAAO,CAAC;AAAA,EACrE;AACA,SAAO;AAAA,IACL,OAAO;AAAA,MACL,cAAc,CAAC,OAAO,SAAS,eAAe;AAC5C,cAAM,QAAQ,UAAU,OAAO,OAAO,CAAC,GAAG,MAAM,QAAQ,SAAS;AAAA,UAC/D;AAAA,UACA;AAAA,QACF,CAAC;AACD,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;AACA,MAAM,UAAU;",
+  "names": ["Bottleneck"]
+}

node_modules/@octokit/plugin-retry/dist-src/error-request.js

@@ -1,15 +1,14 @@
-// @ts-ignore
-export async function errorRequest(octokit, state, error, options) {
-    if (!error.request || !error.request.request) {
-        // address https://github.com/octokit/plugin-retry.js/issues/8
-        throw error;
-    }
-    // retry all >= 400 && not doNotRetry
-    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
-        const retries = options.request.retries != null ? options.request.retries : state.retries;
-        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
-        throw octokit.retry.retryRequest(error, retries, retryAfter);
-    }
-    // Maybe eventually there will be more cases here
+async function errorRequest(state, octokit, error, options) {
+  if (!error.request || !error.request.request) {
     throw error;
+  }
+  if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
+    const retries = options.request.retries != null ? options.request.retries : state.retries;
+    const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
+    throw octokit.retry.retryRequest(error, retries, retryAfter);
+  }
+  throw error;
 }
+export {
+  errorRequest
+};

node_modules/@octokit/plugin-retry/dist-src/index.js

@@ -1,27 +1,34 @@
 import { errorRequest } from "./error-request";
 import { wrapRequest } from "./wrap-request";
-export const VERSION = "0.0.0-development";
-export function retry(octokit, octokitOptions) {
-    const state = Object.assign({
-        enabled: true,
-        retryAfterBaseValue: 1000,
-        doNotRetry: [400, 401, 403, 404, 422],
-        retries: 3,
-    }, octokitOptions.retry);
-    if (state.enabled) {
-        octokit.hook.error("request", errorRequest.bind(null, octokit, state));
-        octokit.hook.wrap("request", wrapRequest.bind(null, state));
+const VERSION = "0.0.0-development";
+function retry(octokit, octokitOptions) {
+  const state = Object.assign(
+    {
+      enabled: true,
+      retryAfterBaseValue: 1e3,
+      doNotRetry: [400, 401, 403, 404, 422],
+      retries: 3
+    },
+    octokitOptions.retry
+  );
+  if (state.enabled) {
+    octokit.hook.error("request", errorRequest.bind(null, state, octokit));
+    octokit.hook.wrap("request", wrapRequest.bind(null, state, octokit));
+  }
+  return {
+    retry: {
+      retryRequest: (error, retries, retryAfter) => {
+        error.request.request = Object.assign({}, error.request.request, {
+          retries,
+          retryAfter
+        });
+        return error;
+      }
     }
-    return {
-        retry: {
-            retryRequest: (error, retries, retryAfter) => {
-                error.request.request = Object.assign({}, error.request.request, {
-                    retries: retries,
-                    retryAfter: retryAfter,
-                });
-                return error;
-            },
-        },
-    };
+  };
 }
 retry.VERSION = VERSION;
+export {
+  VERSION,
+  retry
+};

node_modules/@octokit/plugin-retry/dist-src/version.js

@@ -1 +1,4 @@
-export const VERSION = "4.0.4";
+const VERSION = "5.0.2";
+export {
+  VERSION
+};

node_modules/@octokit/plugin-retry/dist-src/wrap-request.js

@@ -1,18 +1,34 @@
-// @ts-ignore
 import Bottleneck from "bottleneck/light";
-// @ts-ignore
-export async function wrapRequest(state, request, options) {
-    const limiter = new Bottleneck();
-    // @ts-ignore
-    limiter.on("failed", function (error, info) {
-        const maxRetries = ~~error.request.request.retries;
-        const after = ~~error.request.request.retryAfter;
-        options.request.retryCount = info.retryCount + 1;
-        if (maxRetries > info.retryCount) {
-            // Returning a number instructs the limiter to retry
-            // the request after that number of milliseconds have passed
-            return after * state.retryAfterBaseValue;
-        }
-    });
-    return limiter.schedule(request, options);
+import { RequestError } from "@octokit/request-error";
+import { errorRequest } from "./error-request";
+async function wrapRequest(state, octokit, request, options) {
+  const limiter = new Bottleneck();
+  limiter.on("failed", function(error, info) {
+    const maxRetries = ~~error.request.request.retries;
+    const after = ~~error.request.request.retryAfter;
+    options.request.retryCount = info.retryCount + 1;
+    if (maxRetries > info.retryCount) {
+      return after * state.retryAfterBaseValue;
+    }
+  });
+  return limiter.schedule(
+    requestWithGraphqlErrorHandling.bind(null, state, octokit, request),
+    options
+  );
 }
+async function requestWithGraphqlErrorHandling(state, octokit, request, options) {
+  const response = await request(request, options);
+  if (response.data && response.data.errors && /Something went wrong while executing your query/.test(
+    response.data.errors[0].message
+  )) {
+    const error = new RequestError(response.data.errors[0].message, 500, {
+      request: options,
+      response
+    });
+    return errorRequest(state, octokit, error, options);
+  }
+  return response;
+}
+export {
+  wrapRequest
+};

node_modules/@octokit/plugin-retry/dist-types/error-request.d.ts

@@ -1 +1 @@
-export declare function errorRequest(octokit: any, state: any, error: any, options: any): Promise<void>;
+export declare function errorRequest(state: any, octokit: any, error: any, options: any): Promise<void>;

node_modules/@octokit/plugin-retry/dist-types/index.d.ts

@@ -1,5 +1,5 @@
 import { Octokit } from "@octokit/core";
-import { RequestError } from "@octokit/request-error";
+import type { RequestError } from "@octokit/request-error";
 export declare const VERSION = "0.0.0-development";
 export declare function retry(octokit: Octokit, octokitOptions: any): {
     retry: {

node_modules/@octokit/plugin-retry/dist-types/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "4.0.4";
+export declare const VERSION = "5.0.2";

node_modules/@octokit/plugin-retry/dist-types/wrap-request.d.ts

@@ -1 +1 @@
-export declare function wrapRequest(state: any, request: any, options: any): Promise<any>;
+export declare function wrapRequest(state: any, octokit: any, request: any, options: any): Promise<any>;

node_modules/@octokit/plugin-retry/dist-web/index.js

@@ -1,64 +1,78 @@
-import Bottleneck from 'bottleneck/light';
-
-// @ts-ignore
-async function errorRequest(octokit, state, error, options) {
-    if (!error.request || !error.request.request) {
-        // address https://github.com/octokit/plugin-retry.js/issues/8
-        throw error;
-    }
-    // retry all >= 400 && not doNotRetry
-    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
-        const retries = options.request.retries != null ? options.request.retries : state.retries;
-        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
-        throw octokit.retry.retryRequest(error, retries, retryAfter);
-    }
-    // Maybe eventually there will be more cases here
+// pkg/dist-src/error-request.js
+async function errorRequest(state, octokit, error, options) {
+  if (!error.request || !error.request.request) {
     throw error;
+  }
+  if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {
+    const retries = options.request.retries != null ? options.request.retries : state.retries;
+    const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);
+    throw octokit.retry.retryRequest(error, retries, retryAfter);
+  }
+  throw error;
 }
 
-// @ts-ignore
-// @ts-ignore
-async function wrapRequest(state, request, options) {
-    const limiter = new Bottleneck();
-    // @ts-ignore
-    limiter.on("failed", function (error, info) {
-        const maxRetries = ~~error.request.request.retries;
-        const after = ~~error.request.request.retryAfter;
-        options.request.retryCount = info.retryCount + 1;
-        if (maxRetries > info.retryCount) {
-            // Returning a number instructs the limiter to retry
-            // the request after that number of milliseconds have passed
-            return after * state.retryAfterBaseValue;
-        }
-    });
-    return limiter.schedule(request, options);
-}
-
-const VERSION = "4.0.4";
-function retry(octokit, octokitOptions) {
-    const state = Object.assign({
-        enabled: true,
-        retryAfterBaseValue: 1000,
-        doNotRetry: [400, 401, 403, 404, 422],
-        retries: 3,
-    }, octokitOptions.retry);
-    if (state.enabled) {
-        octokit.hook.error("request", errorRequest.bind(null, octokit, state));
-        octokit.hook.wrap("request", wrapRequest.bind(null, state));
+// pkg/dist-src/wrap-request.js
+import Bottleneck from "bottleneck/light";
+import { RequestError } from "@octokit/request-error";
+async function wrapRequest(state, octokit, request, options) {
+  const limiter = new Bottleneck();
+  limiter.on("failed", function(error, info) {
+    const maxRetries = ~~error.request.request.retries;
+    const after = ~~error.request.request.retryAfter;
+    options.request.retryCount = info.retryCount + 1;
+    if (maxRetries > info.retryCount) {
+      return after * state.retryAfterBaseValue;
     }
-    return {
-        retry: {
-            retryRequest: (error, retries, retryAfter) => {
-                error.request.request = Object.assign({}, error.request.request, {
-                    retries: retries,
-                    retryAfter: retryAfter,
-                });
-                return error;
-            },
-        },
-    };
+  });
+  return limiter.schedule(
+    requestWithGraphqlErrorHandling.bind(null, state, octokit, request),
+    options
+  );
+}
+async function requestWithGraphqlErrorHandling(state, octokit, request, options) {
+  const response = await request(request, options);
+  if (response.data && response.data.errors && /Something went wrong while executing your query/.test(
+    response.data.errors[0].message
+  )) {
+    const error = new RequestError(response.data.errors[0].message, 500, {
+      request: options,
+      response
+    });
+    return errorRequest(state, octokit, error, options);
+  }
+  return response;
+}
+
+// pkg/dist-src/index.js
+var VERSION = "5.0.2";
+function retry(octokit, octokitOptions) {
+  const state = Object.assign(
+    {
+      enabled: true,
+      retryAfterBaseValue: 1e3,
+      doNotRetry: [400, 401, 403, 404, 422],
+      retries: 3
+    },
+    octokitOptions.retry
+  );
+  if (state.enabled) {
+    octokit.hook.error("request", errorRequest.bind(null, state, octokit));
+    octokit.hook.wrap("request", wrapRequest.bind(null, state, octokit));
+  }
+  return {
+    retry: {
+      retryRequest: (error, retries, retryAfter) => {
+        error.request.request = Object.assign({}, error.request.request, {
+          retries,
+          retryAfter
+        });
+        return error;
+      }
+    }
+  };
 }
 retry.VERSION = VERSION;
-
-export { VERSION, retry };
-//# sourceMappingURL=index.js.map
+export {
+  VERSION,
+  retry
+};

node_modules/@octokit/plugin-retry/dist-web/index.js.map

@@ -1 +1,7 @@
-{"version":3,"file":"index.js","sources":["../dist-src/error-request.js","../dist-src/wrap-request.js","../dist-src/index.js"],"sourcesContent":["// @ts-ignore\nexport async function errorRequest(octokit, state, error, options) {\n    if (!error.request || !error.request.request) {\n        // address https://github.com/octokit/plugin-retry.js/issues/8\n        throw error;\n    }\n    // retry all >= 400 && not doNotRetry\n    if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n        const retries = options.request.retries != null ? options.request.retries : state.retries;\n        const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n        throw octokit.retry.retryRequest(error, retries, retryAfter);\n    }\n    // Maybe eventually there will be more cases here\n    throw error;\n}\n","// @ts-ignore\nimport Bottleneck from \"bottleneck/light\";\n// @ts-ignore\nexport async function wrapRequest(state, request, options) {\n    const limiter = new Bottleneck();\n    // @ts-ignore\n    limiter.on(\"failed\", function (error, info) {\n        const maxRetries = ~~error.request.request.retries;\n        const after = ~~error.request.request.retryAfter;\n        options.request.retryCount = info.retryCount + 1;\n        if (maxRetries > info.retryCount) {\n            // Returning a number instructs the limiter to retry\n            // the request after that number of milliseconds have passed\n            return after * state.retryAfterBaseValue;\n        }\n    });\n    return limiter.schedule(request, options);\n}\n","import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nexport const VERSION = \"4.0.4\";\nexport function retry(octokit, octokitOptions) {\n    const state = Object.assign({\n        enabled: true,\n        retryAfterBaseValue: 1000,\n        doNotRetry: [400, 401, 403, 404, 422],\n        retries: 3,\n    }, octokitOptions.retry);\n    if (state.enabled) {\n        octokit.hook.error(\"request\", errorRequest.bind(null, octokit, state));\n        octokit.hook.wrap(\"request\", wrapRequest.bind(null, state));\n    }\n    return {\n        retry: {\n            retryRequest: (error, retries, retryAfter) => {\n                error.request.request = Object.assign({}, error.request.request, {\n                    retries: retries,\n                    retryAfter: retryAfter,\n                });\n                return error;\n            },\n        },\n    };\n}\nretry.VERSION = VERSION;\n"],"names":[],"mappings":";;AAAA;AACO,eAAe,YAAY,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE;AACnE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AAClD;AACA,QAAQ,MAAM,KAAK,CAAC;AACpB,KAAK;AACL;AACA,IAAI,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;AACzE,QAAQ,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;AAClG,QAAQ,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9E,QAAQ,MAAM,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;AACrE,KAAK;AACL;AACA,IAAI,MAAM,KAAK,CAAC;AAChB;;ACdA;AACA,AACA;AACA,AAAO,eAAe,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;AAC3D,IAAI,MAAM,OAAO,GAAG,IAAI,UAAU,EAAE,CAAC;AACrC;AACA,IAAI,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,UAAU,KAAK,EAAE,IAAI,EAAE;AAChD,QAAQ,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC;AAC3D,QAAQ,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;AACzD,QAAQ,OAAO,CAAC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;AACzD,QAAQ,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE;AAC1C;AACA;AACA,YAAY,OAAO,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC;AACrD,SAAS;AACT,KAAK,CAAC,CAAC;AACP,IAAI,OAAO,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC;;ACfW,MAAC,OAAO,GAAG,mBAAmB,CAAC;AAC3C,AAAO,SAAS,KAAK,CAAC,OAAO,EAAE,cAAc,EAAE;AAC/C,IAAI,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;AAChC,QAAQ,OAAO,EAAE,IAAI;AACrB,QAAQ,mBAAmB,EAAE,IAAI;AACjC,QAAQ,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;AAC7C,QAAQ,OAAO,EAAE,CAAC;AAClB,KAAK,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC;AAC7B,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE;AACvB,QAAQ,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/E,QAAQ,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AACpE,KAAK;AACL,IAAI,OAAO;AACX,QAAQ,KAAK,EAAE;AACf,YAAY,YAAY,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,KAAK;AAC1D,gBAAgB,KAAK,CAAC,OAAO,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE;AACjF,oBAAoB,OAAO,EAAE,OAAO;AACpC,oBAAoB,UAAU,EAAE,UAAU;AAC1C,iBAAiB,CAAC,CAAC;AACnB,gBAAgB,OAAO,KAAK,CAAC;AAC7B,aAAa;AACb,SAAS;AACT,KAAK,CAAC;AACN,CAAC;AACD,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;;;;"}
+{
+  "version": 3,
+  "sources": ["../dist-src/error-request.js", "../dist-src/wrap-request.js", "../dist-src/index.js"],
+  "sourcesContent": ["async function errorRequest(state, octokit, error, options) {\n  if (!error.request || !error.request.request) {\n    throw error;\n  }\n  if (error.status >= 400 && !state.doNotRetry.includes(error.status)) {\n    const retries = options.request.retries != null ? options.request.retries : state.retries;\n    const retryAfter = Math.pow((options.request.retryCount || 0) + 1, 2);\n    throw octokit.retry.retryRequest(error, retries, retryAfter);\n  }\n  throw error;\n}\nexport {\n  errorRequest\n};\n", "import Bottleneck from \"bottleneck/light\";\nimport { RequestError } from \"@octokit/request-error\";\nimport { errorRequest } from \"./error-request\";\nasync function wrapRequest(state, octokit, request, options) {\n  const limiter = new Bottleneck();\n  limiter.on(\"failed\", function(error, info) {\n    const maxRetries = ~~error.request.request.retries;\n    const after = ~~error.request.request.retryAfter;\n    options.request.retryCount = info.retryCount + 1;\n    if (maxRetries > info.retryCount) {\n      return after * state.retryAfterBaseValue;\n    }\n  });\n  return limiter.schedule(\n    requestWithGraphqlErrorHandling.bind(null, state, octokit, request),\n    options\n  );\n}\nasync function requestWithGraphqlErrorHandling(state, octokit, request, options) {\n  const response = await request(request, options);\n  if (response.data && response.data.errors && /Something went wrong while executing your query/.test(\n    response.data.errors[0].message\n  )) {\n    const error = new RequestError(response.data.errors[0].message, 500, {\n      request: options,\n      response\n    });\n    return errorRequest(state, octokit, error, options);\n  }\n  return response;\n}\nexport {\n  wrapRequest\n};\n", "import { errorRequest } from \"./error-request\";\nimport { wrapRequest } from \"./wrap-request\";\nconst VERSION = \"5.0.2\";\nfunction retry(octokit, octokitOptions) {\n  const state = Object.assign(\n    {\n      enabled: true,\n      retryAfterBaseValue: 1e3,\n      doNotRetry: [400, 401, 403, 404, 422],\n      retries: 3\n    },\n    octokitOptions.retry\n  );\n  if (state.enabled) {\n    octokit.hook.error(\"request\", errorRequest.bind(null, state, octokit));\n    octokit.hook.wrap(\"request\", wrapRequest.bind(null, state, octokit));\n  }\n  return {\n    retry: {\n      retryRequest: (error, retries, retryAfter) => {\n        error.request.request = Object.assign({}, error.request.request, {\n          retries,\n          retryAfter\n        });\n        return error;\n      }\n    }\n  };\n}\nretry.VERSION = VERSION;\nexport {\n  VERSION,\n  retry\n};\n"],
+  "mappings": ";AAAA,eAAe,aAAa,OAAO,SAAS,OAAO,SAAS;AAC1D,MAAI,CAAC,MAAM,WAAW,CAAC,MAAM,QAAQ,SAAS;AAC5C,UAAM;AAAA,EACR;AACA,MAAI,MAAM,UAAU,OAAO,CAAC,MAAM,WAAW,SAAS,MAAM,MAAM,GAAG;AACnE,UAAM,UAAU,QAAQ,QAAQ,WAAW,OAAO,QAAQ,QAAQ,UAAU,MAAM;AAClF,UAAM,aAAa,KAAK,KAAK,QAAQ,QAAQ,cAAc,KAAK,GAAG,CAAC;AACpE,UAAM,QAAQ,MAAM,aAAa,OAAO,SAAS,UAAU;AAAA,EAC7D;AACA,QAAM;AACR;;;ACVA,OAAO,gBAAgB;AACvB,SAAS,oBAAoB;AAE7B,eAAe,YAAY,OAAO,SAAS,SAAS,SAAS;AAC3D,QAAM,UAAU,IAAI,WAAW;AAC/B,UAAQ,GAAG,UAAU,SAAS,OAAO,MAAM;AACzC,UAAM,aAAa,CAAC,CAAC,MAAM,QAAQ,QAAQ;AAC3C,UAAM,QAAQ,CAAC,CAAC,MAAM,QAAQ,QAAQ;AACtC,YAAQ,QAAQ,aAAa,KAAK,aAAa;AAC/C,QAAI,aAAa,KAAK,YAAY;AAChC,aAAO,QAAQ,MAAM;AAAA,IACvB;AAAA,EACF,CAAC;AACD,SAAO,QAAQ;AAAA,IACb,gCAAgC,KAAK,MAAM,OAAO,SAAS,OAAO;AAAA,IAClE;AAAA,EACF;AACF;AACA,eAAe,gCAAgC,OAAO,SAAS,SAAS,SAAS;AAC/E,QAAM,WAAW,MAAM,QAAQ,SAAS,OAAO;AAC/C,MAAI,SAAS,QAAQ,SAAS,KAAK,UAAU,kDAAkD;AAAA,IAC7F,SAAS,KAAK,OAAO,CAAC,EAAE;AAAA,EAC1B,GAAG;AACD,UAAM,QAAQ,IAAI,aAAa,SAAS,KAAK,OAAO,CAAC,EAAE,SAAS,KAAK;AAAA,MACnE,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AACD,WAAO,aAAa,OAAO,SAAS,OAAO,OAAO;AAAA,EACpD;AACA,SAAO;AACT;;;AC5BA,IAAM,UAAU;AAChB,SAAS,MAAM,SAAS,gBAAgB;AACtC,QAAM,QAAQ,OAAO;AAAA,IACnB;AAAA,MACE,SAAS;AAAA,MACT,qBAAqB;AAAA,MACrB,YAAY,CAAC,KAAK,KAAK,KAAK,KAAK,GAAG;AAAA,MACpC,SAAS;AAAA,IACX;AAAA,IACA,eAAe;AAAA,EACjB;AACA,MAAI,MAAM,SAAS;AACjB,YAAQ,KAAK,MAAM,WAAW,aAAa,KAAK,MAAM,OAAO,OAAO,CAAC;AACrE,YAAQ,KAAK,KAAK,WAAW,YAAY,KAAK,MAAM,OAAO,OAAO,CAAC;AAAA,EACrE;AACA,SAAO;AAAA,IACL,OAAO;AAAA,MACL,cAAc,CAAC,OAAO,SAAS,eAAe;AAC5C,cAAM,QAAQ,UAAU,OAAO,OAAO,CAAC,GAAG,MAAM,QAAQ,SAAS;AAAA,UAC/D;AAAA,UACA;AAAA,QACF,CAAC;AACD,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AACF;AACA,MAAM,UAAU;",
+  "names": []
+}

node_modules/@octokit/plugin-retry/node_modules/@octokit/types/LICENSE

@@ -0,0 +1,7 @@
+MIT License Copyright (c) 2019 Octokit contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/@octokit/plugin-retry/node_modules/@octokit/types/README.md

@@ -0,0 +1,65 @@
+# types.ts
+
+> Shared TypeScript definitions for Octokit projects
+
+[![@latest](https://img.shields.io/npm/v/@octokit/types.svg)](https://www.npmjs.com/package/@octokit/types)
+[![Build Status](https://github.com/octokit/types.ts/workflows/Test/badge.svg)](https://github.com/octokit/types.ts/actions?workflow=Test)
+
+<!-- toc -->
+
+- [Usage](#usage)
+- [Examples](#examples)
+  - [Get parameter and response data types for a REST API endpoint](#get-parameter-and-response-data-types-for-a-rest-api-endpoint)
+  - [Get response types from endpoint methods](#get-response-types-from-endpoint-methods)
+- [Contributing](#contributing)
+- [License](#license)
+
+<!-- tocstop -->
+
+## Usage
+
+See all exported types at https://octokit.github.io/types.ts
+
+## Examples
+
+### Get parameter and response data types for a REST API endpoint
+
+```ts
+import { Endpoints } from "@octokit/types";
+
+type listUserReposParameters =
+  Endpoints["GET /repos/{owner}/{repo}"]["parameters"];
+type listUserReposResponse = Endpoints["GET /repos/{owner}/{repo}"]["response"];
+
+async function listRepos(
+  options: listUserReposParameters
+): listUserReposResponse["data"] {
+  // ...
+}
+```
+
+### Get response types from endpoint methods
+
+```ts
+import {
+  GetResponseTypeFromEndpointMethod,
+  GetResponseDataTypeFromEndpointMethod,
+} from "@octokit/types";
+import { Octokit } from "@octokit/rest";
+
+const octokit = new Octokit();
+type CreateLabelResponseType = GetResponseTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+type CreateLabelResponseDataType = GetResponseDataTypeFromEndpointMethod<
+  typeof octokit.issues.createLabel
+>;
+```
+
+## Contributing
+
+See [CONTRIBUTING.md](CONTRIBUTING.md)
+
+## License
+
+[MIT](LICENSE)

node_modules/@octokit/plugin-retry/node_modules/@octokit/types/dist-types/AuthInterface.d.ts

@@ -0,0 +1,31 @@
+import { EndpointOptions } from "./EndpointOptions";
+import { OctokitResponse } from "./OctokitResponse";
+import { RequestInterface } from "./RequestInterface";
+import { RequestParameters } from "./RequestParameters";
+import { Route } from "./Route";
+/**
+ * Interface to implement complex authentication strategies for Octokit.
+ * An object Implementing the AuthInterface can directly be passed as the
+ * `auth` option in the Octokit constructor.
+ *
+ * For the official implementations of the most common authentication
+ * strategies, see https://github.com/octokit/auth.js
+ */
+export interface AuthInterface<AuthOptions extends any[], Authentication extends any> {
+    (...args: AuthOptions): Promise<Authentication>;
+    hook: {
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {object} endpoint Must set `method` and `url`. Plus URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, options: EndpointOptions): Promise<OctokitResponse<T>>;
+        /**
+         * Sends a request using the passed `request` instance
+         *
+         * @param {string} route Request method + URL. Example: `'GET /orgs/{org}'`
+         * @param {object} [parameters] URL, query or body parameters, as well as `headers`, `mediaType.{format|previews}`, `request`, or `baseUrl`.
+         */
+        <T = any>(request: RequestInterface, route: Route, parameters?: RequestParameters): Promise<OctokitResponse<T>>;
+    };
+}

node_modules/@octokit/plugin-retry/node_modules/@octokit/types/dist-types/EndpointDefaults.d.ts

@@ -0,0 +1,21 @@
+import { RequestHeaders } from "./RequestHeaders";
+import { RequestMethod } from "./RequestMethod";
+import { RequestParameters } from "./RequestParameters";
+import { Url } from "./Url";
+/**
+ * The `.endpoint()` method is guaranteed to set all keys defined by RequestParameters
+ * as well as the method property.
+ */
+export type EndpointDefaults = RequestParameters & {
+    baseUrl: Url;
+    method: RequestMethod;
+    url?: Url;
+    headers: RequestHeaders & {
+        accept: string;
+        "user-agent": string;
+    };
+    mediaType: {
+        format: string;
+        previews: string[];
+    };
+};