add pr check for node version

.github/actions/check-sarif/action.yml

@@ -16,5 +16,5 @@ inputs:
       Comma separated list of query ids that should NOT be included in this SARIF file.
 
 runs:
-  using: node20
+  using: 'node20'
   main: index.js

.github/actions/release-branches/release-branches.py

@@ -1,19 +1,12 @@
 import argparse
 import json
 import os
-import configparser
+import subprocess
 
 # Name of the remote
 ORIGIN = 'origin'
 
-script_dir = os.path.dirname(os.path.realpath(__file__))
-grandparent_dir = os.path.dirname(os.path.dirname(script_dir))
-
-config = configparser.ConfigParser()
-with open(os.path.join(grandparent_dir, 'releases.ini')) as stream:
-    config.read_string('[default]\n' + stream.read())
-
-OLDEST_SUPPORTED_MAJOR_VERSION = int(config['default']['OLDEST_SUPPORTED_MAJOR_VERSION'])
+OLDEST_SUPPORTED_MAJOR_VERSION = 2
 
 def main():
 

.github/actions/release-initialise/action.yml

@@ -16,7 +16,7 @@ runs:
       shell: bash
 
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       with:
         python-version: 3.8
 

.github/actions/setup-swift/action.yml

@@ -33,7 +33,7 @@ runs:
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
 
-    - uses: swift-actions/setup-swift@cdbe0f7f4c77929b6580e71983e8606e55ffe7e4 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+    - uses: swift-actions/setup-swift@f51889efb55dccf13be0ee727e3d6c89a096fb4c # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
       if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
       with:
         swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/dependabot.yml

@@ -2,8 +2,6 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     labels:
@@ -22,8 +20,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/"
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:
@@ -32,8 +28,6 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:

.github/releases.ini

@@ -1 +0,0 @@
-OLDEST_SUPPORTED_MAJOR_VERSION=2

.github/update-release-branch.py

@@ -1,6 +1,5 @@
 import argparse
 import datetime
-import re
 from github import Github
 import json
 import os
@@ -60,7 +59,7 @@ def open_pr(
 
   # Start constructing the body text
   body = []
-  body.append(f'Merging {source_branch_short_sha} into `{target_branch}`.')
+  body.append(f'Merging {source_branch_short_sha} into {target_branch}.')
 
   body.append('')
   body.append(f'Conductor for this PR is @{conductor}.')
@@ -92,7 +91,7 @@ def open_pr(
       'branch to resolve the merge conflicts.')
   body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.')
   body.append(' - [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.')
-  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the `{target_branch}` branch.')
+  body.append(f' - [ ] Check that there are not any unexpected commits being merged into the {target_branch} branch.')
   body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.')
 
   if not is_primary_release:
@@ -175,60 +174,6 @@ def get_today_string():
   today = datetime.datetime.today()
   return '{:%d %b %Y}'.format(today)
 
-def process_changelog_for_backports(source_branch_major_version, target_branch_major_version):
-
-  # changelog entries can use the following format to indicate
-  # that they only apply to newer versions
-  some_versions_only_regex = re.compile(r'\[v(\d+)\+ only\]')
-
-  output = ''
-
-  with open('CHANGELOG.md', 'r') as f:
-
-    # until we find the first section, just duplicate all lines
-    while True:
-      line = f.readline()
-      if not line:
-        raise Exception('Could not find any change sections in CHANGELOG.md') # EOF
-
-      output += line
-      if line.startswith('## '):
-        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
-        # we have found the first section, so now handle things differently
-        break
-
-    # found_content tracks whether we hit two headings in a row
-    found_content = False
-    output += '\n'
-    while True:
-      line = f.readline()
-      if not line:
-        break # EOF
-      line = line.rstrip('\n')
-
-      # filter out changenote entries that apply only to newer versions
-      match = some_versions_only_regex.search(line)
-      if match:
-        if int(target_branch_major_version) < int(match.group(1)):
-          continue
-
-      if line.startswith('## '):
-        line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
-        if found_content == False:
-          # we have found two headings in a row, so we need to add the placeholder message.
-          output += 'No user facing changes.\n'
-        found_content = False
-        output += f'\n{line}\n\n'
-      else:
-        if line.strip() != '':
-          found_content = True
-          # we use the original line here, rather than the stripped version
-          # so that we preserve indentation
-          output += line + '\n'
-
-    with open('CHANGELOG.md', 'w') as f:
-      f.write(output)
-
 def update_changelog(version):
   if (os.path.exists('CHANGELOG.md')):
     content = ''
@@ -379,7 +324,13 @@ def main():
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
     print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')
-    process_changelog_for_backports(source_branch_major_version, target_branch_major_version)
+    subprocess.check_output(['sed', '-i', f's/^## {source_branch_major_version}\./## {target_branch_major_version}./g', 'CHANGELOG.md'])
+
+    # Remove changelog notes from all versions that do not apply to the vOlder branch
+    print(f'Removing changelog notes that do not apply to v{target_branch_major_version}')
+    for v in range(int(source_branch_major_version), int(target_branch_major_version), -1):
+      print(f'Removing changelog notes that are tagged [v{v}+ only\]')
+      subprocess.check_output(['sed', '-i', f'/^- \[v{v}+ only\]/d', 'CHANGELOG.md'])
 
     # Amend the commit generated by `npm version` to update the CHANGELOG
     run_git('add', 'CHANGELOG.md')

.github/workflows/__all-platform-bundle.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'true'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - id: init

.github/workflows/__analyze-ref-input.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__autobuild-action.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__build-mode-autobuild.yml

@@ -1,88 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Build mode autobuild
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  build-mode-autobuild:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Build mode autobuild
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
-
-        matrix.version == 'stable-20221211' ||
-
-        matrix.version == 'stable-20230418' ||
-
-        matrix.version == 'stable-v2.13.5' ||
-
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Set up Java test repo configuration
-      run: |
-        mv * .github ../action/tests/multi-language-repo/
-        mv ../action/tests/multi-language-repo/.github/workflows .github
-        mv ../action/tests/java-repo/* .
-
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: autobuild
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "autobuild" ]]; then
-          echo "Expected build mode to be 'autobuild' but was $build_mode"
-          exit 1
-        fi
-
-    - uses: ./../action/analyze
-    env:
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-manual.yml

@@ -1,90 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Build mode manual
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  build-mode-manual:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Build mode manual
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
-
-        matrix.version == 'stable-20221211' ||
-
-        matrix.version == 'stable-20230418' ||
-
-        matrix.version == 'stable-v2.13.5' ||
-
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: manual
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "manual" ]]; then
-          echo "Expected build mode to be 'manual' but was $build_mode"
-          exit 1
-        fi
-
-    - uses: ./../action/.github/actions/setup-swift
-      with:
-        codeql-path: ${{ steps.init.outputs.codeql-path }}
-
-    - name: Build code
-      shell: bash
-      run: ./build.sh
-
-    - uses: ./../action/analyze
-    env:
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-none.yml

@@ -1,88 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Build mode none
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  build-mode-none:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Build mode none
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
-
-        matrix.version == 'stable-20221211' ||
-
-        matrix.version == 'stable-20230418' ||
-
-        matrix.version == 'stable-v2.13.5' ||
-
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: none
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "none" ]]; then
-          echo "Expected build mode to be 'none' but was $build_mode"
-          exit 1
-        fi
-
-  # The latest nightly supports omitting the autobuild Action when the build mode is specified.
-    - uses: ./../action/autobuild
-      if: matrix.version != 'nightly-latest'
-
-    - uses: ./../action/analyze
-    env:
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__build-mode-rollback.yml

@@ -1,89 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Build mode rollback
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  build-mode-rollback:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: nightly-latest
-    name: Build mode rollback
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
-
-        matrix.version == 'stable-20221211' ||
-
-        matrix.version == 'stable-20230418' ||
-
-        matrix.version == 'stable-v2.13.5' ||
-
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Set up Java test repo configuration
-      run: |
-        mv * .github ../action/tests/multi-language-repo/
-        mv ../action/tests/multi-language-repo/.github/workflows .github
-        mv ../action/tests/java-repo/* .
-
-    - uses: ./../action/init
-      id: init
-      with:
-        build-mode: none
-        db-location: ${{ runner.temp }}/customDbLocation
-        languages: java
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
-    - name: Validate database build mode
-      run: |
-        metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
-        build_mode=$(yq eval '.buildMode' "$metadata_path")
-        if [[ "$build_mode" != "autobuild" ]]; then
-          echo "Expected build mode to be 'autobuild' but was $build_mode"
-          exit 1
-        fi
-
-    - uses: ./../action/analyze
-    env:
-      CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-export.yml

@@ -45,10 +45,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -67,7 +69,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -101,15 +107,16 @@ jobs:
             core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
           }
           if (configSummary.disableDefaultQueries !== false) {
-            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
+            core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + 
               `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
           }
           const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
           // Use JSON.stringify to deep-equal the arrays.
           if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
-            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
+            core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + 
               `${JSON.stringify(configSummary.queries)}.`);
           }
           core.info('Finished config export tests.');
     env:
+      CODEQL_PASS_CONFIG_TO_CLI: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__config-input.yml

@@ -1,92 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Config input
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v*
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  config-input:
-    strategy:
-      matrix:
-        include:
-        - os: ubuntu-latest
-          version: latest
-    name: Config input
-    permissions:
-      contents: read
-      security-events: write
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
-      if: >-
-        matrix.os == 'macos-latest' && (
-
-        matrix.version == 'stable-20221211' ||
-
-        matrix.version == 'stable-20230418' ||
-
-        matrix.version == 'stable-v2.13.5' ||
-
-        matrix.version == 'stable-v2.14.6')
-      with:
-        python-version: '3.11'
-    - name: Check out repository
-      uses: actions/checkout@v4
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/actions/prepare-test
-      with:
-        version: ${{ matrix.version }}
-        use-all-platform-bundle: 'false'
-    - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
-      shell: bash
-      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - name: Copy queries into workspace
-      run: |
-        cp -a ../action/queries .
-
-    - uses: ./../action/init
-      with:
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-        languages: javascript
-        build-mode: none
-        config: |
-          disable-default-queries: true
-          queries:
-            - name: Run custom query
-              uses: ./queries/default-setup-environment-variables.ql
-          paths-ignore:
-            - tests
-            - lib
-
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-
-    - name: Check SARIF
-      uses: ./../action/.github/actions/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: javascript/codeql-action/default-setup-env-vars
-        queries-not-run: javascript/codeql-action/default-setup-context-properties
-    env:
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-disabled.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__cpp-deptrace-enabled.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__diagnostics-export.yml

@@ -51,10 +51,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,7 +75,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -136,7 +142,7 @@ jobs:
             core.setFailed(
               'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
                 `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                `${statusPageNotifications.length}. All notification reporting descriptors: ` +
+                `${statusPageNotifications.length}. All notification reporting descriptors: ` + 
                 `${JSON.stringify(toolExecutionNotifications)}.`
             );
           }

.github/workflows/__export-file-baseline-information.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__extractor-ram-threads.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__go-custom-queries.yml

@@ -25,6 +25,12 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -75,10 +81,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -97,7 +105,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,10 +59,14 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
       # We need a Go version that ships with statically linked binaries on Linux
         go-version: '>=1.21.0'
@@ -69,7 +75,7 @@ jobs:
         languages: go
         tools: ${{ steps.prepare-test.outputs.tools-url }}
   # Deliberately change Go after the `init` step
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
         go-version: '1.20'
     - name: Build code

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,10 +59,14 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
       # We need a Go version that ships with statically linked binaries on Linux
         go-version: '>=1.21.0'

.github/workflows/__go-tracing-autobuilder.yml

@@ -25,6 +25,10 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -61,10 +65,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -83,15 +89,16 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
-        go-version: ~1.22.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-        cache: false
+        go-version: ~1.21.1
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -25,6 +25,10 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -61,10 +65,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -83,15 +89,16 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
-        go-version: ~1.22.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-        cache: false
+        go-version: ~1.21.1
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -25,6 +25,10 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -61,10 +65,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -83,15 +89,16 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@v4
       with:
-        go-version: ~1.22.0
-      # to avoid potentially misleading autobuilder results where we expect it to download
-      # dependencies successfully, but they actually come from a warm cache
-        cache: false
+        go-version: ~1.21.1
     - uses: ./../action/init
       with:
         languages: go

.github/workflows/__init-with-registries.yml

@@ -52,10 +52,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -74,7 +76,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Init with registries

.github/workflows/__javascript-source-root.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Move codeql-action

.github/workflows/__language-aliases.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__multi-language-autodetect.yml

@@ -25,6 +25,10 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -61,10 +65,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -83,7 +89,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -146,7 +156,7 @@ jobs:
 
     - name: Check language autodetect for Swift
       if: >-
-        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
+        env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || 
             (runner.os != 'Windows' && matrix.version == 'nightly-latest')
       shell: bash
       run: |

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -51,10 +51,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,7 +75,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init
@@ -113,4 +119,6 @@ jobs:
           exit 1
         fi
     env:
+      CODEQL_PASS_CONFIG_TO_CLI: true
+
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-config-inputs-js.yml

@@ -51,10 +51,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,7 +75,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__packaging-config-js.yml

@@ -51,10 +51,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,7 +75,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__packaging-inputs-js.yml

@@ -51,10 +51,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -73,7 +75,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__remote-config.yml

@@ -25,6 +25,12 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -75,10 +81,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -97,7 +105,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__resolve-environment-action.yml

@@ -57,10 +57,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -79,7 +81,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__rubocop-multi-language.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Set up Ruby

.github/workflows/__ruby.yml

@@ -45,10 +45,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -67,7 +69,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__scaling-reserved-ram.yml

@@ -25,6 +25,10 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: macos-latest
@@ -61,10 +65,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -83,7 +89,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__split-workflow.yml

@@ -45,10 +45,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -67,7 +69,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__submit-sarif-failure.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: actions/checkout@v4

.github/workflows/__swift-custom-build.yml

@@ -45,10 +45,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -67,7 +69,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__test-autobuild-working-dir.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Test setup

.github/workflows/__test-local-codeql.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Fetch a CodeQL bundle

.github/workflows/__test-proxy.yml

@@ -35,10 +35,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -57,7 +59,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__unset-environment.yml

@@ -25,6 +25,8 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
         - os: ubuntu-latest
           version: stable-20221211
         - os: ubuntu-latest
@@ -47,10 +49,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -69,7 +73,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__upload-ref-sha-input.yml

@@ -39,10 +39,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +63,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - uses: ./../action/init

.github/workflows/__with-checkout-path.yml

@@ -25,12 +25,54 @@ jobs:
     strategy:
       matrix:
         include:
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
+        - os: ubuntu-latest
+          version: stable-20230418
+        - os: macos-latest
+          version: stable-20230418
+        - os: windows-latest
+          version: stable-20230418
+        - os: ubuntu-latest
+          version: stable-v2.13.5
+        - os: macos-latest
+          version: stable-v2.13.5
+        - os: windows-latest
+          version: stable-v2.13.5
+        - os: ubuntu-latest
+          version: stable-v2.14.6
+        - os: macos-latest
+          version: stable-v2.14.6
+        - os: windows-latest
+          version: stable-v2.14.6
+        - os: ubuntu-latest
+          version: default
+        - os: macos-latest
+          version: default
+        - os: windows-latest
+          version: default
         - os: ubuntu-latest
           version: latest
         - os: macos-latest
           version: latest
         - os: windows-latest
           version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-latest
+          version: nightly-latest
     name: Use a custom `checkout_path`
     permissions:
       contents: read
@@ -39,10 +81,12 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v4
       if: >-
         matrix.os == 'macos-latest' && (
 
+        matrix.version == 'stable-20220908' ||
+
         matrix.version == 'stable-20221211' ||
 
         matrix.version == 'stable-20230418' ||
@@ -61,7 +105,11 @@ jobs:
         version: ${{ matrix.version }}
         use-all-platform-bundle: 'false'
     - name: Set environment variable for Swift enablement
-      if: runner.os != 'Windows' && matrix.version == '20221211'
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
     - name: Delete original checkout
@@ -84,6 +132,7 @@ jobs:
       # it's enough to test one compiled language and one interpreted language
         languages: csharp,javascript
         source-root: x/y/z/some-path/tests/multi-language-repo
+        debug: true
 
     - name: Build code
       shell: bash

.github/workflows/codescanning-config-cli.yml

@@ -3,6 +3,7 @@
 name: Code-Scanning config CLI tests
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CODEQL_PASS_CONFIG_TO_CLI: true
 
 on:
   push:
@@ -203,3 +204,15 @@ jobs:
         packs: + codeql/javascript-queries
         config-file-test: .github/codeql/other-config-properties.yml
         tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Config not generated when env var is not set
+      if: success() || failure()
+      env:
+        CODEQL_PASS_CONFIG_TO_CLI: false
+      uses: ./../action/.github/actions/check-codescanning-config
+      with:
+        expected-config-file-contents: ""
+        languages: javascript
+        packs: + codeql/javascript-queries
+        config-file-test: .github/codeql/other-config-properties.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/debug-artifacts-failure.yml

@@ -20,12 +20,15 @@ on:
   workflow_dispatch: {}
 jobs:
   upload-artifacts:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
     name: Upload debug artifacts after failure in analyze
     continue-on-error: true
     env:
       CODEQL_ACTION_TEST_MODE: true
     timeout-minutes: 45
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Dump GitHub event
         run: cat "${GITHUB_EVENT_PATH}"
@@ -36,9 +39,20 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: latest
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -64,23 +78,27 @@ jobs:
       - name: Check expected artifacts exist
         shell: bash
         run: |
+          OPERATING_SYSTEMS="ubuntu-latest macos-latest"
           LANGUAGES="cpp csharp go java javascript python"
-          cd "./my-debug-artifacts"
-          echo "Artifacts from run:"
-          for language in $LANGUAGES; do
-            echo "- Checking $language"
-            if [[ ! -f "my-db-$language-partial.zip" ]] ; then
-              echo "Missing a partial database bundle for $language"
-              exit 1
-            fi
-            if [[ ! -d "log" ]] ; then
-              echo "Missing database initialization logs"
-              exit 1
-            fi
-            if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
-              echo "Missing logs for $language"
-              exit 1
-            fi
+          for os in $OPERATING_SYSTEMS; do
+            pushd "./my-debug-artifacts-$os"
+            echo "Artifacts from run on $os:"
+            for language in $LANGUAGES; do
+              echo "- Checking $language"
+              if [[ ! -f "my-db-$language-partial.zip" ]] ; then
+                echo "Missing a partial database bundle for $language"
+                exit 1
+              fi
+              if [[ ! -d "log" ]] ; then
+                echo "Missing database initialization logs"
+                exit 1
+              fi
+              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
+                echo "Missing logs for $language"
+                exit 1
+              fi
+            done
+            popd
           done
         env:
           GO111MODULE: auto

.github/workflows/debug-artifacts.yml

@@ -21,7 +21,11 @@ jobs:
   upload-artifacts:
     strategy:
       matrix:
+        os:
+        - ubuntu-latest
+        - macos-latest
         version:
+        - stable-20220908
         - stable-20221211
         - stable-20230418
         - stable-v2.13.5
@@ -33,7 +37,7 @@ jobs:
     env:
       CODEQL_ACTION_TEST_MODE: true
     timeout-minutes: 45
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
         uses: actions/checkout@v4
@@ -42,9 +46,20 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: ${{ matrix.version }}
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         id: init
         with:
@@ -71,27 +86,29 @@ jobs:
       - name: Check expected artifacts exist
         shell: bash
         run: |
-          VERSIONS="stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
+          VERSIONS="stable-20220908 stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest"
           LANGUAGES="cpp csharp go java javascript python"
           for version in $VERSIONS; do
-            pushd "./my-debug-artifacts-${version//./}"
-            echo "Artifacts from version $version:"
-            for language in $LANGUAGES; do
-              echo "- Checking $language"
-              if [[ ! -f "$language.sarif" ]] ; then
-                echo "Missing a SARIF file for $language"
-                exit 1
-              fi
-              if [[ ! -f "my-db-$language.zip" ]] ; then
-                echo "Missing a database bundle for $language"
-                exit 1
-              fi
-              if [[ ! -d "$language/log" ]] ; then
-                echo "Missing logs for $language"
-                exit 1
-              fi
+            for os in ubuntu-latest macos-latest; do
+              pushd "./my-debug-artifacts-$os-${version//./}"
+              echo "Artifacts from version $version on $os:"
+              for language in $LANGUAGES; do
+                echo "- Checking $language"
+                if [[ ! -f "$language.sarif" ]] ; then
+                  echo "Missing a SARIF file for $language"
+                  exit 1
+                fi
+                if [[ ! -f "my-db-$language.zip" ]] ; then
+                  echo "Missing a database bundle for $language"
+                  exit 1
+                fi
+                if [[ ! -d "$language/log" ]] ; then
+                  echo "Missing logs for $language"
+                  exit 1
+                fi
+              done
+              popd
             done
-            popd
           done
         env:
           GO111MODULE: auto

.github/workflows/post-release-mergeback.yml

@@ -133,8 +133,8 @@ jobs:
           # Update the version number ready for the next release
           npm version patch --no-git-tag-version
 
-          # Update the changelog, adding a new version heading directly above the most recent existing one
-          awk '!f && /##/{print "'"## [UNRELEASED]\n\nNo user facing changes.\n"'"; f=1}1' CHANGELOG.md > temp && mv temp CHANGELOG.md
+          # Update the changelog
+          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==5)' CHANGELOG.md
           git add .
           git commit -m "Update changelog and version after ${VERSION}"
 

.github/workflows/pr-checks.yml

@@ -17,7 +17,7 @@ jobs:
 
     strategy:
       matrix:
-        node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
+        node-types-version: [16.11, current] # run tests on 16.11 while codeql-action v2 is still supported
 
     steps:
       - name: Checkout
@@ -71,7 +71,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
         with:
           python-version: 3.11
 
@@ -95,6 +95,18 @@ jobs:
     timeout-minutes: 45
 
     steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+
       - uses: actions/checkout@v4
       - name: npm test
         run: |
@@ -103,43 +115,44 @@ jobs:
           npm config set script-shell bash
           npm test
 
-  check-node-version:
+  check-backport-node-versions:
     if: ${{ github.event.pull_request }}
-    name: Check Action Node versions
+    name: Check node version for backports
     runs-on: ubuntu-latest
     timeout-minutes: 45
     env:
-      BASE_REF: ${{ github.base_ref }}
+      BASE_REF: ${{ github.event.pull_request.base }}
 
     steps:
       - uses: actions/checkout@v4
       - id: head-version
-        name: Verify all Actions use the same Node version
+        name: check HEAD node version
         run: |
-          NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          # NB we are matching the node version string both with and without single quotes
+          NODE_VERSION=$(find . -name "*.yml" -exec grep -oh "using: 'node[0-9][0-9]\|using: node[0-9][0-9]" {} \; | sed -e "s/using: '//g" -e "s/using: //g" | sort | uniq)
           echo "NODE_VERSION: ${NODE_VERSION}"
           if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then
-            echo "::error::More than one node version used in 'action.yml' files."
+            echo "Error: More than one node version used in actions."
             exit 1
           fi
           echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
 
       - id: checkout-base
-        name: 'Backport: Check out base ref'
-        if: ${{ startsWith(github.head_ref, 'backport-') }}
+        name: check out base ref for backport check
+        if: ${{ startsWith(github.ref_name, 'backport-v') }}
         uses: actions/checkout@v4
         with:
           ref: ${{ env.BASE_REF }}
 
-      - name: 'Backport: Verify Node versions unchanged'
+      - name: compare with node version on base ref for backport check
         if: steps.checkout-base.outcome == 'success'
         env:
           HEAD_VERSION: ${{ steps.head-version.outputs.node_version }}
         run: |
-          BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          BASE_VERSION=$(find . -name "*.yml" -exec grep -oh "using: 'node[0-9][0-9]\|using: node[0-9][0-9]" {} \; | sed -e "s/using: '//g" -e "s/using: //g" | sort | uniq)
           echo "HEAD_VERSION: ${HEAD_VERSION}"
           echo "BASE_VERSION: ${BASE_VERSION}"
           if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then
-            echo "::error::Cannot change the Node version of an Action in a backport PR."
+            echo "Error: Cannot change node version in a backport PR."
             exit 1
           fi

.github/workflows/python-deps.yml

@@ -36,6 +36,18 @@ jobs:
       PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: |
+        matrix.os == 'macos-latest' && (
+        matrix.version == 'stable-20220908' ||
+        matrix.version == 'stable-20221211' ||
+        matrix.version == 'stable-20230418' ||
+        matrix.version == 'stable-v2.13.5' ||
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
@@ -139,7 +151,7 @@ jobs:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v5
+    - uses: actions/setup-python@v4
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/python312-windows.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-    - uses: actions/setup-python@v5
+    - uses: actions/setup-python@v4
       with:
         python-version: 3.12
 

.github/workflows/rebuild.yml

@@ -3,7 +3,6 @@ name: Rebuild Action
 on:
   pull_request:
     types: [labeled]
-  workflow_dispatch:
 
 jobs:
   rebuild:
@@ -25,23 +24,6 @@ jobs:
           gh pr edit --repo github/codeql-action "$PR_NUMBER" \
             --remove-label "Rebuild"
 
-      - name: Merge in changes from base branch
-        env:
-          BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
-        run: |
-          git fetch origin "$BASE_BRANCH"
-
-          # Allow merge conflicts in `lib`, since rebuilding should resolve them.
-          git merge "origin/$BASE_BRANCH" || echo "Merge conflicts detected"
-
-          # Check for merge conflicts outside of `lib`. Disable git diff's trailing whitespace check
-          # since `node_modules/@types/semver/README.md` fails it.
-          if git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/'; then
-            echo "Merge conflicts detected outside of lib/ directory. Please resolve them manually."
-            git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/' || true
-            exit 1
-          fi
-
       - name: Compile TypeScript
         run: |
           npm install
@@ -49,7 +31,7 @@ jobs:
           npm run build
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
         with:
           python-version: 3.11
 

.github/workflows/script/update-required-checks.sh

@@ -2,11 +2,6 @@
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-REPO_DIR="$(dirname "$SCRIPT_DIR")"
-GRANDPARENT_DIR="$(dirname "$REPO_DIR")"
-source "$GRANDPARENT_DIR/releases.ini"
-
 if ! gh auth status 2>/dev/null; then
   gh auth status
   echo "Failed: Not authorized. This script requires admin access to github/codeql-action through the gh CLI."
@@ -34,22 +29,7 @@ echo "$CHECKS" | jq
 
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 
-echo "Updating main"
-gh api --silent -X "PATCH" "repos/github/codeql-action/branches/main/protection/required_status_checks" --input checks.json
-
-# list all branchs on origin remote matching releases/v*
-BRANCHES="$(git ls-remote --heads origin 'releases/v*' | sed 's?.*refs/heads/??' | sort -V)"
-
-for BRANCH in $BRANCHES; do
-
-  # strip exact 'releases/v' prefix from $BRANCH using count of characters
-  VERSION="${BRANCH:10}"
-
-  if [ "$VERSION" -lt "$OLDEST_SUPPORTED_MAJOR_VERSION" ]; then
-    echo "Skipping $BRANCH"
-    continue
-  fi
-
+for BRANCH in main releases/v2; do
   echo "Updating $BRANCH"
   gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v4
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action

.gitignore

@@ -1,7 +1,2 @@
 # Ignore for example failing-tests.json from AVA
-node_modules/.cache/
-# Java build files
-.gradle/
-*.class
-# macOS
-.DS_Store
+node_modules/.cache

CHANGELOG.md

@@ -2,64 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
-Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
-
-## 3.24.6 - 29 Feb 2024
-
-No user facing changes.
-
-## 3.24.5 - 23 Feb 2024
-
-- Update default CodeQL bundle version to 2.16.3. [#2156](https://github.com/github/codeql-action/pull/2156)
-
-## 3.24.4 - 21 Feb 2024
-
-- Fix an issue where an existing, but empty, `/sys/fs/cgroup/cpuset.cpus` file always resulted in a single-threaded run. [#2151](https://github.com/github/codeql-action/pull/2151)
-
-## 3.24.3 - 15 Feb 2024
-
-- Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)
-
-## 3.24.2 - 15 Feb 2024
-
-- Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)
-
-## 3.24.1 - 13 Feb 2024
-
-- Update default CodeQL bundle version to 2.16.2. [#2124](https://github.com/github/codeql-action/pull/2124)
-- The CodeQL action no longer fails if it can't write to the telemetry api endpoint. [#2121](https://github.com/github/codeql-action/pull/2121)
-
-## 3.24.0 - 02 Feb 2024
-
-- CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See [release notes for 3.23.0](#3230---08-jan-2024) for more details. [#2106](https://github.com/github/codeql-action/pull/2106)
-
-## 3.23.2 - 26 Jan 2024
-
-- On Linux, the maximum possible value for the `--threads` option now respects the CPU count as specified in `cgroup` files to more accurately reflect the number of available cores when running in containers. [#2083](https://github.com/github/codeql-action/pull/2083)
-- Update default CodeQL bundle version to 2.16.1. [#2096](https://github.com/github/codeql-action/pull/2096)
-
-## 3.23.1 - 17 Jan 2024
-
-- Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)
-- Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. [#2079](https://github.com/github/codeql-action/pull/2079)
-
-## 3.23.0 - 08 Jan 2024
-
-- We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)
-- The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see [the corresponding changelog entry for CodeQL Action version 2.22.7](#2227---16-nov-2023). [#2009](https://github.com/github/codeql-action/pull/2009)
-
-## 3.22.12 - 22 Dec 2023
-
-- Update default CodeQL bundle version to 2.15.5. [#2047](https://github.com/github/codeql-action/pull/2047)
-
-## 3.22.11 - 13 Dec 2023
+## [UNRELEASED]
 
 - [v3+ only] The CodeQL Action now runs on Node.js v20. [#2006](https://github.com/github/codeql-action/pull/2006)
 
-## 2.22.10 - 12 Dec 2023
-
-- Update default CodeQL bundle version to 2.15.4. [#2016](https://github.com/github/codeql-action/pull/2016)
-
 ## 2.22.9 - 07 Dec 2023
 
 No user facing changes.

CONTRIBUTING.md

@@ -57,14 +57,18 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v3` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
 
     You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into releases/v3". Follow the steps on the checklist in the pull request. Once you've checked off all but the last two of these, approve the PR and automerge it.
-1. When the "Merge main into releases/v3" pull request is merged into the `releases/v3` branch, a mergeback pull request to `main` and a backport pull request to `releases/v2` will both be automatically created. This mergeback pull request incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v3" pull request, and bumps the patch version of the CodeQL Action. The backport pull request will incorporate the updates into `releases/v2`.
-1. Approve the mergeback and backport pull requests and automerge them.
+1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+1. Review the checklist items in the pull request description.
+    Once you've checked off all but the last two of these, approve the PR and automerge it.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
 
-Once the mergeback and backport pull request have been merged, the release is complete.
+    Approve the mergeback PR and automerge it.
+
+Once the mergeback has been merged to `main`, the release is complete.
 
 ## Keeping the PR checks up to date (admin access required)
 
@@ -72,9 +76,7 @@ Since the `codeql-action` runs most of its testing through individual Actions wo
 
 1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
 2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
-3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v2`, and `v3` have been updated.
-
-Note that any updates to checks need to be backported to the `releases/v2` branch, in order to maintain the same set of names for required checks.
+3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
 
 ## Deprecating a CodeQL version (write access required)
 
@@ -109,8 +111,8 @@ To deprecate an older version of the Action:
    - Add a changelog note announcing the deprecation.
    - Implement an Actions warning for customers using the deprecated version.
 1. Wait for the deprecation period to pass.
-1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported.
-1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [releases.ini](.github/releases.ini).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
+1. Upgrade the Actions warning for customers using the deprecated version to a non-fatal error, and mention that this version of the Action is no longer supported. 
+1. Make a PR to bump the `OLDEST_SUPPORTED_MAJOR_VERSION` in [release-branches.py](.github/actions/release-branches/release-branches.py).  Once this PR is merged, the release process will no longer backport changes to the deprecated release version.
 
 ## Resources
 

README.md

@@ -4,11 +4,20 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ
 
 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).
 
+## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
+Announcement for users of this Action and code scanning workflows on GitHub.com:
+
+- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
+- All code scanning workflows should continue to succeed regardless of the warning.
+- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
+
+For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
+
 ## License
 
 This project is released under the [MIT License](LICENSE).
 
-The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.
+The underlying CodeQL CLI, used in this action, is licensed under the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license). As such, this action may be used on open source projects hosted on GitHub, and on  private repositories that are owned by an organisation with GitHub Advanced Security enabled.
 
 ## Usage
 
@@ -16,23 +25,6 @@ We recommend using default setup to configure CodeQL analysis for your repositor
 
 You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "[Configuring advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" and "[Customizing your advanced setup for code scanning](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)."
 
-### Permissions
-
-All advanced setup code scanning workflows must have the `security-events: write` permission. Workflows in private repositories must additionally have the `contents: read` permission. For more information, see "[Assigning permissions to jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)."
-
-## Supported versions of the CodeQL Action
-
-The following versions of the CodeQL Action are currently supported:
-
-- v3 (latest)
-- v2 (deprecated, support will end on December 5th, 2024)
-
-The only difference between CodeQL Action v2 and v3 is the version of Node.js on which they run. CodeQL Action v3 runs on Node 20, while CodeQL Action v2 runs on Node 16.
-
-To provide the best experience to customers using older versions of GitHub Enterprise Server, we will continue to release CodeQL Action v2 so that these customers can continue to run the latest version of CodeQL as long as their version of GitHub Enterprise Server is supported. For example CodeQL Action v3.22.11 was the first release of CodeQL Action v3 and is functionally identical to v2.22.11. This approach provides an easy way to track exactly which features are included in different versions by looking at the minor and patch version numbers.
-
-For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
-
 ## Troubleshooting
 
 Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).

analyze/action.yml

@@ -52,10 +52,10 @@ inputs:
     # If changing this, make sure to update workflow.ts accordingly.
     default: ${{ github.workspace }}
   ref:
-    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
+    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks."
     required: false
   sha:
-    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
+    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is not available in pull requests from forks."
     required: false
   category:
     description: String used by Code Scanning for matching the analyses
@@ -69,8 +69,6 @@ inputs:
     required: true
     default: "true"
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
-    required: false
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
@@ -86,6 +84,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: node20
+  using: 'node20'
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -3,8 +3,6 @@ description: 'Attempt to automatically build code'
 author: 'GitHub'
 inputs:
   token:
-    description: "GitHub token to use for authenticating with this instance of GitHub. The token needs the `security-events: write` permission."
-    required: false
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
@@ -15,5 +13,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: node20
+  using: 'node20'
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -10,23 +10,6 @@ inputs:
     description: |
       A comma-separated value of the languages to be analysed e.g. python,javascript
     required: false
-  build-mode:
-    description: >-
-      [Experimental, for internal testing only] The build mode that will be used to analyze the language.
-      This input is only available in single-language analyses.
-
-      Available build modes will differ based on the language being analyzed. One of: 
-
-      - none:      The database will be created without building the source code.
-                   Available for all interpreted languages and some compiled languages.
-      - autobuild: The database will be created by attempting to automatically build the source code.
-                   To use this build mode, ensure that your workflow calls the `autobuild` action
-                   between the `init` and `analyze` steps.
-                   Available for all compiled languages.
-      - manual:    The database will be created by building the source code using a manually specified
-                   build command. To use this build mode, specify manual build steps in your workflow
-                   between the `init` and `analyze` steps. Available for all compiled languages.
-    required: false
   token:
     description: GitHub token to use for authenticating with this instance of GitHub. To download custom packs from multiple registries, use the registries input.
     default: ${{ github.token }}
@@ -126,6 +109,6 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: node20
+  using: 'node20'
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/actions-util.js

@@ -41,7 +41,7 @@ const pkg = require("../package.json");
 const getRequiredInput = function (name) {
     const value = core.getInput(name);
     if (!value) {
-        throw new util_1.ConfigurationError(`Input required and not supplied: ${name}`);
+        throw new util_1.UserError(`Input required and not supplied: ${name}`);
     }
     return value;
 };
@@ -177,7 +177,7 @@ async function getRef() {
     const hasShaInput = !!shaInput;
     // If one of 'ref' or 'sha' are provided, both are required
     if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
-        throw new util_1.ConfigurationError("Both 'ref' and 'sha' are required if one of them is provided.");
+        throw new util_1.UserError("Both 'ref' and 'sha' are required if one of them is provided.");
     }
     const ref = refInput || getRefFromEnv();
     const sha = shaInput || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");

lib/analysis-paths.js

@@ -0,0 +1,84 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.includeAndExcludeAnalysisPaths = exports.printPathFiltersWarning = exports.legalWindowsPathCharactersRegex = void 0;
+const path = __importStar(require("path"));
+function isInterpretedLanguage(language) {
+    return (language === "javascript" || language === "python" || language === "ruby");
+}
+// Matches a string containing only characters that are legal to include in paths on windows.
+exports.legalWindowsPathCharactersRegex = /^[^<>:"|?]*$/;
+// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
+function buildIncludeExcludeEnvVar(paths) {
+    // Ignore anything containing a *
+    paths = paths.filter((p) => p.indexOf("*") === -1);
+    // Some characters are illegal in path names in windows
+    if (process.platform === "win32") {
+        paths = paths.filter((p) => p.match(exports.legalWindowsPathCharactersRegex));
+    }
+    return paths.join("\n");
+}
+function printPathFiltersWarning(config, logger) {
+    // Index include/exclude/filters only work in javascript/python/ruby.
+    // If any other languages are detected/configured then show a warning.
+    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) &&
+        !config.languages.every(isInterpretedLanguage)) {
+        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby');
+    }
+}
+exports.printPathFiltersWarning = printPathFiltersWarning;
+function includeAndExcludeAnalysisPaths(config) {
+    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
+    // control which files/directories are traversed when scanning.
+    // This allows including files that otherwise would not be scanned, or
+    // excluding and not traversing entire file subtrees.
+    // It does not understand globs or double-globs because that would require it to
+    // traverse the entire file tree to determine which files are matched.
+    // Any paths containing "*" are not included in these.
+    if (config.paths.length !== 0) {
+        process.env["LGTM_INDEX_INCLUDE"] = buildIncludeExcludeEnvVar(config.paths);
+    }
+    // If the temporary or tools directory is in the working directory ignore that too.
+    const tempRelativeToWorking = path.relative(process.cwd(), config.tempDir);
+    let pathsIgnore = config.pathsIgnore;
+    if (!tempRelativeToWorking.startsWith("..") &&
+        !path.isAbsolute(tempRelativeToWorking)) {
+        pathsIgnore = pathsIgnore.concat(tempRelativeToWorking);
+    }
+    if (pathsIgnore.length !== 0) {
+        process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(pathsIgnore);
+    }
+    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
+    // extracted or ignored. It does not control which directories are traversed.
+    // This does understand the glob and double-glob syntax.
+    const filters = [];
+    filters.push(...config.paths.map((p) => `include:${p}`));
+    filters.push(...config.pathsIgnore.map((p) => `exclude:${p}`));
+    if (filters.length !== 0) {
+        process.env["LGTM_INDEX_FILTERS"] = filters.join("\n");
+    }
+}
+exports.includeAndExcludeAnalysisPaths = includeAndExcludeAnalysisPaths;
+//# sourceMappingURL=analysis-paths.js.map

lib/analysis-paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAK7B,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,CACL,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,MAAM,CAC1E,CAAC;AACJ,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,cAAc,CAAC;AAE9D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,qEAAqE;IACrE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,mGAAmG,CACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9E,CAAC;IACD,mFAAmF;IACnF,MAAM,qBAAqB,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3E,IAAI,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACrC,IACE,CAAC,qBAAqB,CAAC,UAAU,CAAC,IAAI,CAAC;QACvC,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EACvC,CAAC;QACD,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAC7E,CAAC;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAjCD,wEAiCC"}

lib/analysis-paths.test.js

@@ -0,0 +1,124 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path = __importStar(require("path"));
+const ava_1 = __importDefault(require("ava"));
+const analysisPaths = __importStar(require("./analysis-paths"));
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+(0, testing_utils_1.setupTests)(ava_1.default);
+(0, ava_1.default)("emptyPaths", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            pathsIgnore: [],
+            paths: [],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            codeQLCmd: "",
+            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            dbLocation: path.resolve(tmpDir, "codeql_databases"),
+            packs: {},
+            debugMode: false,
+            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            augmentationProperties: {
+                injectedMlQueries: false,
+                packsInputCombines: false,
+                queriesInputCombines: false,
+            },
+            trapCaches: {},
+            trapCacheDownloadTime: 0,
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
+        t.is(process.env["LGTM_INDEX_EXCLUDE"], undefined);
+        t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
+    });
+});
+(0, ava_1.default)("nonEmptyPaths", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            paths: ["path1", "path2", "**/path3"],
+            pathsIgnore: ["path4", "path5", "path6/**"],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            codeQLCmd: "",
+            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            dbLocation: path.resolve(tmpDir, "codeql_databases"),
+            packs: {},
+            debugMode: false,
+            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            augmentationProperties: {
+                injectedMlQueries: false,
+                packsInputCombines: false,
+                queriesInputCombines: false,
+            },
+            trapCaches: {},
+            trapCacheDownloadTime: 0,
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
+        t.is(process.env["LGTM_INDEX_EXCLUDE"], "path4\npath5");
+        t.is(process.env["LGTM_INDEX_FILTERS"], "include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**");
+    });
+});
+(0, ava_1.default)("exclude temp dir", async (t) => {
+    const tempDir = path.join(process.cwd(), "codeql-runner-temp");
+    const config = {
+        languages: [],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir,
+        codeQLCmd: "",
+        gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+        dbLocation: path.resolve(tempDir, "codeql_databases"),
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
+            injectedMlQueries: false,
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
+    t.is(process.env["LGTM_INDEX_EXCLUDE"], "codeql-runner-temp");
+    t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
+});
+//# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,OAAO;QACP,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;QACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;QACrD,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,KAAK;QAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,sBAAsB,EAAE;YACtB,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,KAAK;YACzB,oBAAoB,EAAE,KAAK;SAC5B;QACD,UAAU,EAAE,EAAE;QACd,qBAAqB,EAAE,CAAC;KACzB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -50,7 +50,7 @@ const util = __importStar(require("./util"));
         sinon
             .stub(statusReport, "createStatusReportBase")
             .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves();
+        sinon.stub(statusReport, "sendStatusReport").resolves(true);
         sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
         const gitHubVersion = {
             type: util.GitHubVariant.DOTCOM,

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -50,7 +50,7 @@ const util = __importStar(require("./util"));
         sinon
             .stub(statusReport, "createStatusReportBase")
             .resolves({});
-        sinon.stub(statusReport, "sendStatusReport").resolves();
+        sinon.stub(statusReport, "sendStatusReport").resolves(true);
         const gitHubVersion = {
             type: util.GitHubVariant.DOTCOM,
         };

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC5D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -31,6 +31,7 @@ const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const core = __importStar(require("@actions/core"));
+const safe_which_1 = require("@chrisgavin/safe-which");
 const actionsUtil = __importStar(require("./actions-util"));
 const analyze_1 = require("./analyze");
 const api_client_1 = require("./api-client");
@@ -38,6 +39,7 @@ const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const database_upload_1 = require("./database-upload");
+const diagnostics_1 = require("./diagnostics");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -48,9 +50,10 @@ const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
     const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)("finish", status, startedAt, await util.checkDiskUsage(), error?.message, error?.stack);
     const report = {
         ...statusReportBase,
         ...(stats || {}),
@@ -109,10 +112,6 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
     if (!config.languages.includes(languages_1.Language.go)) {
         return;
     }
-    if (config.buildMode) {
-        logger.debug("Skipping legacy Go autobuild since a build mode has been specified.");
-        return;
-    }
     if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] === "true") {
         logger.debug("Won't run Go autobuild since it has already been run.");
         return;
@@ -145,23 +144,46 @@ async function run() {
     util.initializeEnvironment(actionsUtil.getActionVersion());
     const logger = (0, logging_1.getActionsLogger)();
     try {
-        await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger));
+        if (!(await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)("finish", "starting", startedAt, await util.checkDiskUsage(logger))))) {
+            return;
+        }
         config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
         if (hasBadExpectErrorInput()) {
-            throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
+            throw new util.UserError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
         const repositoryNwo = (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY"));
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
-        util.checkActionVersion(actionsUtil.getActionVersion(), gitHubVersion);
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
+        // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
+        // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
+        // the setup tasks do not interfere with our analysis.
+        // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
+        // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
+        // thus potentially circumventing our workaround that allows tracing to work.
+        const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
+        if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
+            goInitPath !== undefined) {
+            const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
+            if (goInitPath !== goBinaryPath) {
+                core.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
+                (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
+                    markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
+                    visibility: {
+                        statusPage: true,
+                        telemetry: true,
+                        cliSummaryTable: true,
+                    },
+                    severity: "warning",
+                }));
+            }
+        }
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, features);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
@@ -178,7 +200,7 @@ async function run() {
         core.setOutput("sarif-output", path_1.default.resolve(outputDir));
         const uploadInput = actionsUtil.getOptionalInput("upload");
         if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
+            uploadResult = await uploadLib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger, { considerInvalidRequestUserError: false });
             core.setOutput("sarif-id", uploadResult.sarifID);
         }
         else {
@@ -193,7 +215,7 @@ async function run() {
         trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
         // We don't upload results in test mode, so don't wait for processing
         if (util.isInTestMode()) {
-            logger.debug("In test mode. Waiting for processing is disabled.");
+            core.debug("In test mode. Waiting for processing is disabled.");
         }
         else if (uploadResult !== undefined &&
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
@@ -206,7 +228,7 @@ async function run() {
         core.exportVariable(environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
     }
     catch (unwrappedError) {
-        const error = util.wrapError(unwrappedError);
+        const error = (0, util_1.wrapError)(unwrappedError);
         if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
             hasBadExpectErrorInput()) {
             core.setFailed(error.message);
@@ -239,9 +261,9 @@ async function runWrapper() {
         await exports.runPromise;
     }
     catch (error) {
-        core.setFailed(`analyze action failed: ${util.wrapError(error).message}`);
+        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
     }
-    await util.checkForTimeout();
+    await (0, util_1.checkForTimeout)();
 }
 void runWrapper();
 //# sourceMappingURL=analyze-action.js.map

lib/analyze.js

@@ -26,25 +26,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runCleanup = exports.warnIfGoInstalledAfterInit = exports.runFinalize = exports.runQueries = exports.dbIsFinalized = exports.runExtraction = exports.CodeQLAnalysisError = void 0;
+exports.validateQueryFilters = exports.runCleanup = exports.runFinalize = exports.createQuerySuiteContents = exports.convertPackToQuerySuiteEntry = exports.runQueries = exports.dbIsFinalized = exports.createdDBForScannedLanguages = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
-const safe_which_1 = require("@chrisgavin/safe-which");
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
-const autobuild_1 = require("./autobuild");
+const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
-const config_utils_1 = require("./config-utils");
-const diagnostics_1 = require("./diagnostics");
-const environment_1 = require("./environment");
+const configUtils = __importStar(require("./config-utils"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
-const tools_features_1 = require("./tools-features");
 const tracer_config_1 = require("./tracer-config");
 const upload_lib_1 = require("./upload-lib");
 const util = __importStar(require("./util"));
+const util_1 = require("./util");
 class CodeQLAnalysisError extends Error {
     constructor(queriesStatusReport, message) {
         super(message);
@@ -59,7 +56,7 @@ async function setupPythonExtractor(logger, features, codeql) {
         // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
         return;
     }
-    if (await (0, feature_flags_1.isPythonDependencyInstallationDisabled)(codeql, features)) {
+    if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallationEnabled, codeql)) {
         logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
             "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
         return;
@@ -81,39 +78,23 @@ async function setupPythonExtractor(logger, features, codeql) {
     logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
     process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
 }
-async function runExtraction(codeql, config, logger, features) {
+async function createdDBForScannedLanguages(codeql, config, logger, features) {
+    // Insert the LGTM_INDEX_X env vars at this point so they are set when
+    // we extract any scanned languages.
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
     for (const language of config.languages) {
-        if (dbIsFinalized(config, language, logger)) {
-            logger.debug(`Database for ${language} has already been finalized, skipping extraction.`);
-            continue;
-        }
-        if (shouldExtractLanguage(config, language)) {
+        if ((0, languages_1.isScannedLanguage)(language) &&
+            !dbIsFinalized(config, language, logger)) {
             logger.startGroup(`Extracting ${language}`);
             if (language === languages_1.Language.python) {
                 await setupPythonExtractor(logger, features, codeql);
             }
-            if (config.buildMode &&
-                (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
-                if (language === languages_1.Language.cpp &&
-                    config.buildMode === config_utils_1.BuildMode.Autobuild) {
-                    await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
-                }
-                await codeql.extractUsingBuildMode(config, language);
-            }
-            else {
-                await codeql.extractScannedLanguage(config, language);
-            }
+            await codeql.extractScannedLanguage(config, language);
             logger.endGroup();
         }
     }
 }
-exports.runExtraction = runExtraction;
-function shouldExtractLanguage(config, language) {
-    return (config.buildMode === config_utils_1.BuildMode.None ||
-        (config.buildMode === config_utils_1.BuildMode.Autobuild &&
-            process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") ||
-        (!config.buildMode && (0, languages_1.isScannedLanguage)(language)));
-}
+exports.createdDBForScannedLanguages = createdDBForScannedLanguages;
 function dbIsFinalized(config, language, logger) {
     const dbPath = util.getCodeQLDatabasePath(config, language);
     try {
@@ -129,7 +110,7 @@ exports.dbIsFinalized = dbIsFinalized;
 async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     const extractionStart = perf_hooks_1.performance.now();
-    await runExtraction(codeql, config, logger, features);
+    await createdDBForScannedLanguages(codeql, config, logger, features);
     const extractionTime = perf_hooks_1.performance.now() - extractionStart;
     const trapImportStart = perf_hooks_1.performance.now();
     for (const language of config.languages) {
@@ -153,30 +134,88 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     const statusReport = {};
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     const queryFlags = [memoryFlag, threadsFlag];
+    await (0, feature_flags_1.logCodeScanningConfigInCli)(codeql, features, logger);
     for (const language of config.languages) {
+        const queries = config.queries[language];
+        const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
+        const packsWithVersion = config.packs[language] || [];
         try {
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
-            // The work needed to generate the query suites
-            // is done in the CLI. We just need to make a single
-            // call to run all the queries for each language and
-            // another to interpret the results.
-            logger.startGroup(`Running queries for ${language}`);
-            const startTimeRunQueries = new Date().getTime();
-            const databasePath = util.getCodeQLDatabasePath(config, language);
-            await codeql.databaseRunQueries(databasePath, queryFlags);
-            logger.debug(`Finished running queries for ${language}.`);
-            // TODO should not be using `builtin` here. We should be using `all` instead.
-            // The status report does not support `all` yet.
-            statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
-                new Date().getTime() - startTimeRunQueries;
-            logger.startGroup(`Interpreting results for ${language}`);
-            const startTimeInterpretResults = new Date();
-            const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
-            const endTimeInterpretResults = new Date();
-            statusReport[`interpret_results_${language}_duration_ms`] =
-                endTimeInterpretResults.getTime() - startTimeInterpretResults.getTime();
-            logger.endGroup();
-            logger.info(analysisSummary);
+            let startTimeInterpretResults;
+            let endTimeInterpretResults;
+            if (await (0, feature_flags_1.useCodeScanningConfigInCli)(codeql, features)) {
+                // If we are using the code scanning config in the CLI,
+                // much of the work needed to generate the query suites
+                // is done in the CLI. We just need to make a single
+                // call to run all the queries for each language and
+                // another to interpret the results.
+                logger.startGroup(`Running queries for ${language}`);
+                const startTimeBuiltIn = new Date().getTime();
+                await runQueryGroup(language, "all", undefined, undefined, true);
+                // TODO should not be using `builtin` here. We should be using `all` instead.
+                // The status report does not support `all` yet.
+                statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
+                    new Date().getTime() - startTimeBuiltIn;
+                logger.startGroup(`Interpreting results for ${language}`);
+                startTimeInterpretResults = new Date();
+                const analysisSummary = await runInterpretResults(language, undefined, sarifFile, config.debugMode);
+                endTimeInterpretResults = new Date();
+                statusReport[`interpret_results_${language}_duration_ms`] =
+                    endTimeInterpretResults.getTime() -
+                        startTimeInterpretResults.getTime();
+                logger.endGroup();
+                logger.info(analysisSummary);
+            }
+            else {
+                // config was generated by the action, so must be interpreted by the action.
+                const hasBuiltinQueries = queries?.builtin.length > 0;
+                const hasCustomQueries = queries?.custom.length > 0;
+                const hasPackWithCustomQueries = packsWithVersion.length > 0;
+                if (!hasBuiltinQueries &&
+                    !hasCustomQueries &&
+                    !hasPackWithCustomQueries) {
+                    throw new util_1.UserError(`Unable to analyze ${language} as no queries were selected for this language`);
+                }
+                const customQueryIndices = [];
+                for (let i = 0; i < queries.custom.length; ++i) {
+                    if (queries.custom[i].queries.length > 0) {
+                        customQueryIndices.push(i);
+                    }
+                }
+                logger.startGroup(`Running queries for ${language}`);
+                const querySuitePaths = [];
+                if (queries.builtin.length > 0) {
+                    const startTimeBuiltIn = new Date().getTime();
+                    querySuitePaths.push((await runQueryGroup(language, "builtin", createQuerySuiteContents(queries.builtin, queryFilters), undefined, customQueryIndices.length === 0 && packsWithVersion.length === 0)));
+                    statusReport[`analyze_builtin_queries_${language}_duration_ms`] =
+                        new Date().getTime() - startTimeBuiltIn;
+                }
+                const startTimeCustom = new Date().getTime();
+                let ranCustom = false;
+                for (const i of customQueryIndices) {
+                    querySuitePaths.push((await runQueryGroup(language, `custom-${i}`, createQuerySuiteContents(queries.custom[i].queries, queryFilters), queries.custom[i].searchPath, i === customQueryIndices[customQueryIndices.length - 1] &&
+                        packsWithVersion.length === 0)));
+                    ranCustom = true;
+                }
+                if (packsWithVersion.length > 0) {
+                    querySuitePaths.push(await runQueryPacks(language, "packs", packsWithVersion, queryFilters, true));
+                    ranCustom = true;
+                }
+                if (ranCustom) {
+                    statusReport[`analyze_custom_queries_${language}_duration_ms`] =
+                        new Date().getTime() - startTimeCustom;
+                }
+                logger.endGroup();
+                logger.startGroup(`Interpreting results for ${language}`);
+                startTimeInterpretResults = new Date();
+                const analysisSummary = await runInterpretResults(language, querySuitePaths, sarifFile, config.debugMode);
+                endTimeInterpretResults = new Date();
+                statusReport[`interpret_results_${language}_duration_ms`] =
+                    endTimeInterpretResults.getTime() -
+                        startTimeInterpretResults.getTime();
+                logger.endGroup();
+                logger.info(analysisSummary);
+            }
             if (await features.getValue(feature_flags_1.Feature.QaTelemetryEnabled)) {
                 const perQueryAlertCounts = getPerQueryAlertCounts(sarifFile, logger);
                 const perQueryAlertCountEventReport = {
@@ -232,8 +271,54 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         const databasePath = util.getCodeQLDatabasePath(config, language);
         return await codeql.databasePrintBaseline(databasePath);
     }
+    async function runQueryGroup(language, type, querySuiteContents, searchPath, optimizeForLastQueryRun) {
+        const databasePath = util.getCodeQLDatabasePath(config, language);
+        // Pass the queries to codeql using a file instead of using the command
+        // line to avoid command line length restrictions, particularly on windows.
+        const querySuitePath = querySuiteContents
+            ? `${databasePath}-queries-${type}.qls`
+            : undefined;
+        if (querySuiteContents && querySuitePath) {
+            fs.writeFileSync(querySuitePath, querySuiteContents);
+            logger.debug(`Query suite file for ${language}-${type}...\n${querySuiteContents}`);
+        }
+        await codeql.databaseRunQueries(databasePath, searchPath, querySuitePath, queryFlags, optimizeForLastQueryRun, features);
+        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
+        return querySuitePath;
+    }
+    async function runQueryPacks(language, type, packs, queryFilters, optimizeForLastQueryRun) {
+        const databasePath = util.getCodeQLDatabasePath(config, language);
+        for (const pack of packs) {
+            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
+        }
+        // combine the list of packs into a query suite in order to run them all simultaneously.
+        const querySuite = packs.map(convertPackToQuerySuiteEntry).concat(queryFilters);
+        const querySuitePath = `${databasePath}-queries-${type}.qls`;
+        fs.writeFileSync(querySuitePath, yaml.dump(querySuite));
+        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
+        await codeql.databaseRunQueries(databasePath, undefined, querySuitePath, queryFlags, optimizeForLastQueryRun, features);
+        return querySuitePath;
+    }
 }
 exports.runQueries = runQueries;
+function convertPackToQuerySuiteEntry(packStr) {
+    const pack = configUtils.parsePacksSpecification(packStr);
+    return {
+        qlpack: !pack.path ? pack.name : undefined,
+        from: pack.path ? pack.name : undefined,
+        version: pack.version,
+        query: pack.path?.endsWith(".ql") ? pack.path : undefined,
+        queries: !pack.path?.endsWith(".ql") && !pack.path?.endsWith(".qls")
+            ? pack.path
+            : undefined,
+        apply: pack.path?.endsWith(".qls") ? pack.path : undefined,
+    };
+}
+exports.convertPackToQuerySuiteEntry = convertPackToQuerySuiteEntry;
+function createQuerySuiteContents(queries, queryFilters) {
+    return yaml.dump(queries.map((q) => ({ query: q })).concat(queryFilters));
+}
+exports.createQuerySuiteContents = createQuerySuiteContents;
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, features) {
     try {
         await (0, del_1.default)(outputDir, { force: true });
@@ -255,32 +340,6 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, f
     return timings;
 }
 exports.runFinalize = runFinalize;
-async function warnIfGoInstalledAfterInit(config, logger) {
-    // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
-    // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
-    // the setup tasks do not interfere with our analysis.
-    // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
-    // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
-    // thus potentially circumventing our workaround that allows tracing to work.
-    const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
-    if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
-        goInitPath !== undefined) {
-        const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
-        if (goInitPath !== goBinaryPath) {
-            logger.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
-            (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
-                markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
-                visibility: {
-                    statusPage: true,
-                    telemetry: true,
-                    cliSummaryTable: true,
-                },
-                severity: "warning",
-            }));
-        }
-    }
-}
-exports.warnIfGoInstalledAfterInit = warnIfGoInstalledAfterInit;
 async function runCleanup(config, cleanupLevel, logger) {
     logger.startGroup("Cleaning up databases");
     for (const language of config.languages) {
@@ -291,4 +350,28 @@ async function runCleanup(config, cleanupLevel, logger) {
     logger.endGroup();
 }
 exports.runCleanup = runCleanup;
+// exported for testing
+function validateQueryFilters(queryFilters) {
+    if (!queryFilters) {
+        return [];
+    }
+    if (!Array.isArray(queryFilters)) {
+        throw new util_1.UserError(`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`);
+    }
+    const errors = [];
+    for (const qf of queryFilters) {
+        const keys = Object.keys(qf);
+        if (keys.length !== 1) {
+            errors.push(`Query filter must have exactly one key: ${JSON.stringify(qf)}`);
+        }
+        if (!["exclude", "include"].includes(keys[0])) {
+            errors.push(`Only "include" or "exclude" filters are allowed:\n${JSON.stringify(qf)}`);
+        }
+    }
+    if (errors.length) {
+        throw new util_1.UserError(`Invalid query filter.\n${errors.join("\n")}`);
+    }
+    return queryFilters;
+}
+exports.validateQueryFilters = validateQueryFilters;
 //# sourceMappingURL=analyze.js.map

lib/analyze.test.js

@@ -29,6 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
@@ -39,23 +40,31 @@ const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
-/**
- * Checks the status report produced by the analyze Action.
+/** Checks that the duration fields are populated for the correct language
+ * and correct case of builtin or custom. Also checks the correct search
+ * paths are set in the database analyze invocation.
  *
- * - Checks that the duration fields are populated for the correct language.
- * - Checks that the QA telemetry status report fields are populated when the QA feature flag is enabled.
+ * Mocks the QA telemetry feature flag and checks the appropriate status report
+ * fields.
  */
-(0, ava_1.default)("status report fields", async (t) => {
+(0, ava_1.default)("status report fields and search path setting", async (t) => {
+    let searchPathsUsed = [];
     return await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const memoryFlag = "";
         const addSnippetsFlag = "";
         const threadsFlag = "";
+        const packs = {
+            [languages_1.Language.cpp]: ["a/b@1.0.0"],
+            [languages_1.Language.java]: ["c/d@2.0.0"],
+        };
         sinon.stub(uploadLib, "validateSarifFileSchema");
         for (const language of Object.values(languages_1.Language)) {
             (0, codeql_1.setCodeQL)({
-                databaseRunQueries: async () => { },
                 packDownload: async () => ({ packs: [] }),
+                databaseRunQueries: async (_db, searchPath) => {
+                    searchPathsUsed.push(searchPath);
+                },
                 databaseInterpretResults: async (_db, _queriesRun, sarifFile) => {
                     fs.writeFileSync(sarifFile, JSON.stringify({
                         runs: [
@@ -95,26 +104,369 @@ const util = __importStar(require("./util"));
                 },
                 databasePrintBaseline: async () => "",
             });
-            const config = (0, testing_utils_1.createTestConfig)({
+            searchPathsUsed = [];
+            const config = {
                 languages: [language],
+                queries: {},
+                pathsIgnore: [],
+                paths: [],
+                originalUserInput: {},
                 tempDir: tmpDir,
+                codeQLCmd: "",
+                gitHubVersion: {
+                    type: util.GitHubVariant.DOTCOM,
+                },
                 dbLocation: path.resolve(tmpDir, "codeql_databases"),
-            });
+                packs,
+                debugMode: false,
+                debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+                debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+                augmentationProperties: {
+                    packsInputCombines: false,
+                    queriesInputCombines: false,
+                },
+                trapCaches: {},
+                trapCacheDownloadTime: 0,
+            };
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
             });
-            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
-            t.deepEqual(Object.keys(statusReport).sort(), [
-                `analyze_builtin_queries_${language}_duration_ms`,
-                "event_reports",
-                `interpret_results_${language}_duration_ms`,
-            ]);
-            for (const eventReport of statusReport.event_reports) {
-                t.deepEqual(eventReport.event, "codeql database interpret-results");
-                t.true("properties" in eventReport);
-                t.true("alertCounts" in eventReport.properties);
+            config.queries[language] = {
+                builtin: ["foo.ql"],
+                custom: [],
+            };
+            const builtinStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            const hasPacks = language in packs;
+            const statusReportKeys = Object.keys(builtinStatusReport).sort();
+            if (hasPacks) {
+                t.deepEqual(statusReportKeys.length, 4, statusReportKeys.toString());
+                t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
+                t.deepEqual(statusReportKeys[1], `analyze_custom_queries_${language}_duration_ms`);
+                t.deepEqual(statusReportKeys[2], "event_reports");
+                t.deepEqual(statusReportKeys[3], `interpret_results_${language}_duration_ms`);
+            }
+            else {
+                t.deepEqual(statusReportKeys[0], `analyze_builtin_queries_${language}_duration_ms`);
+                t.deepEqual(statusReportKeys[1], "event_reports");
+                t.deepEqual(statusReportKeys[2], `interpret_results_${language}_duration_ms`);
+            }
+            if (builtinStatusReport.event_reports) {
+                for (const eventReport of builtinStatusReport.event_reports) {
+                    t.deepEqual(eventReport.event, "codeql database interpret-results");
+                    t.true("properties" in eventReport);
+                    t.true("alertCounts" in eventReport.properties);
+                }
+            }
+            config.queries[language] = {
+                builtin: [],
+                custom: [
+                    {
+                        queries: ["foo.ql"],
+                        searchPath: "/1",
+                    },
+                    {
+                        queries: ["bar.ql"],
+                        searchPath: "/2",
+                    },
+                ],
+            };
+            const customStatusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            t.deepEqual(Object.keys(customStatusReport).length, 3);
+            t.true(`analyze_custom_queries_${language}_duration_ms` in customStatusReport);
+            const expectedSearchPathsUsed = hasPacks
+                ? [undefined, undefined, "/1", "/2", undefined]
+                : [undefined, "/1", "/2"];
+            t.deepEqual(searchPathsUsed, expectedSearchPathsUsed);
+            t.true(`interpret_results_${language}_duration_ms` in customStatusReport);
+            t.true("event_reports" in customStatusReport);
+            if (customStatusReport.event_reports) {
+                for (const eventReport of customStatusReport.event_reports) {
+                    t.deepEqual(eventReport.event, "codeql database interpret-results");
+                    t.true("properties" in eventReport);
+                    t.true("alertCounts" in eventReport.properties);
+                }
             }
         }
+        verifyQuerySuites(tmpDir);
+    });
+    function verifyQuerySuites(tmpDir) {
+        const qlsContent = [
+            {
+                query: "foo.ql",
+            },
+        ];
+        const qlsContent2 = [
+            {
+                query: "bar.ql",
+            },
+        ];
+        for (const lang of Object.values(languages_1.Language)) {
+            t.deepEqual(readContents(`${lang}-queries-builtin.qls`), qlsContent);
+            t.deepEqual(readContents(`${lang}-queries-custom-0.qls`), qlsContent);
+            t.deepEqual(readContents(`${lang}-queries-custom-1.qls`), qlsContent2);
+        }
+        function readContents(name) {
+            const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");
+            console.log(x);
+            return yaml.load(fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8"));
+        }
+    }
+});
+function mockCodeQL() {
+    return {
+        getVersion: async () => (0, testing_utils_1.makeVersionInfo)("1.0.0"),
+        databaseRunQueries: sinon.spy(),
+        databaseInterpretResults: async () => "",
+        databasePrintBaseline: async () => "",
+    };
+}
+function createBaseConfig(tmpDir) {
+    return {
+        languages: [],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: "tempDir",
+        codeQLCmd: "",
+        gitHubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
+        dbLocation: path.resolve(tmpDir, "codeql_databases"),
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
+}
+function createQueryConfig(builtin, custom) {
+    return {
+        builtin,
+        custom: custom.map((c) => ({ searchPath: "/search", queries: [c] })),
+    };
+}
+async function runQueriesWithConfig(config, features) {
+    for (const language of config.languages) {
+        fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
+            recursive: true,
+        });
+    }
+    return (0, analyze_1.runQueries)("sarif-folder", "--memFlag", "--addSnippetsFlag", "--threadsFlag", undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)(features));
+}
+function getDatabaseRunQueriesCalls(mock) {
+    return mock.databaseRunQueries.getCalls();
+}
+(0, ava_1.default)("optimizeForLastQueryRun for one language", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp];
+        config.queries.cpp = createQueryConfig(["foo.ql"], []);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
     });
 });
+(0, ava_1.default)("optimizeForLastQueryRun for two languages", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], []);
+        config.queries.java = createQueryConfig(["bar.ql"], []);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
+        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, true, false, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, with custom queries and packs", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        config.queries.cpp = createQueryConfig(["foo.ql"], ["c1.ql", "c2.ql"]);
+        config.queries.java = createQueryConfig(["bar.ql"], ["c3.ql"]);
+        config.packs.cpp = ["a/cpp-pack1@0.1.0"];
+        config.packs.java = ["b/java-pack1@0.2.0", "b/java-pack2@0.3.3"];
+        await runQueriesWithConfig(config, []);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [false, false, false, true, false, false, true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for one language, CliConfigFileEnabled", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp];
+        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true]);
+    });
+});
+(0, ava_1.default)("optimizeForLastQueryRun for two languages, CliConfigFileEnabled", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeql = mockCodeQL();
+        (0, codeql_1.setCodeQL)(codeql);
+        const config = createBaseConfig(tmpDir);
+        config.languages = [languages_1.Language.cpp, languages_1.Language.java];
+        await runQueriesWithConfig(config, [feature_flags_1.Feature.CliConfigFileEnabled]);
+        t.deepEqual(getDatabaseRunQueriesCalls(codeql).map((c) => c.args[4]), [true, true]);
+    });
+});
+(0, ava_1.default)("validateQueryFilters", (t) => {
+    t.notThrows(() => (0, analyze_1.validateQueryFilters)([]));
+    t.notThrows(() => (0, analyze_1.validateQueryFilters)(undefined));
+    t.notThrows(() => {
+        return (0, analyze_1.validateQueryFilters)([
+            {
+                exclude: {
+                    "problem.severity": "recommendation",
+                },
+            },
+            {
+                exclude: {
+                    "tags contain": ["foo", "bar"],
+                },
+            },
+            {
+                include: {
+                    "problem.severity": "something-to-think-about",
+                },
+            },
+            {
+                include: {
+                    "tags contain": ["baz", "bop"],
+                },
+            },
+        ]);
+    });
+    t.throws(() => {
+        return (0, analyze_1.validateQueryFilters)([
+            {
+                exclude: {
+                    "tags contain": ["foo", "bar"],
+                },
+                include: {
+                    "tags contain": ["baz", "bop"],
+                },
+            },
+        ]);
+    }, { message: /Query filter must have exactly one key/ });
+    t.throws(() => {
+        return (0, analyze_1.validateQueryFilters)([{ xxx: "foo" }]);
+    }, { message: /Only "include" or "exclude" filters are allowed/ });
+    t.throws(() => {
+        // eslint-disable-next-line @typescript-eslint/no-unsafe-argument
+        return (0, analyze_1.validateQueryFilters)({ exclude: "foo" });
+    }, {
+        message: /Query filters must be an array of "include" or "exclude" entries/,
+    });
+});
+const convertPackToQuerySuiteEntryMacro = ava_1.default.macro({
+    exec: (t, packSpec, suiteEntry) => t.deepEqual((0, analyze_1.convertPackToQuerySuiteEntry)(packSpec), suiteEntry),
+    title: (_providedTitle, packSpec) => `Query Suite Entry: ${packSpec}`,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b", {
+    qlpack: "a/b",
+    from: undefined,
+    version: undefined,
+    query: undefined,
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3", {
+    qlpack: "a/b",
+    from: undefined,
+    version: "~1.2.3",
+    query: undefined,
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: undefined,
+    queries: "my/path",
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: undefined,
+    queries: "my/path",
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/query.ql", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: "my/path/query.ql",
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/query.ql", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: "my/path/query.ql",
+    queries: undefined,
+    apply: undefined,
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b:my/path/suite.qls", {
+    qlpack: undefined,
+    from: "a/b",
+    version: undefined,
+    query: undefined,
+    queries: undefined,
+    apply: "my/path/suite.qls",
+});
+(0, ava_1.default)(convertPackToQuerySuiteEntryMacro, "a/b@~1.2.3:my/path/suite.qls", {
+    qlpack: undefined,
+    from: "a/b",
+    version: "~1.2.3",
+    query: undefined,
+    queries: undefined,
+    apply: "my/path/suite.qls",
+});
+(0, ava_1.default)("convertPackToQuerySuiteEntry Failure", (t) => {
+    t.throws(() => (0, analyze_1.convertPackToQuerySuiteEntry)("this-is-not-a-pack"));
+});
+(0, ava_1.default)("createQuerySuiteContents", (t) => {
+    const yamlResult = (0, analyze_1.createQuerySuiteContents)(["query1.ql", "query2.ql"], [
+        {
+            exclude: { "problem.severity": "recommendation" },
+        },
+        {
+            include: { "problem.severity": "recommendation" },
+        },
+    ]);
+    const expected = `- query: query1.ql
+- query: query2.ql
+- exclude:
+    problem.severity: recommendation
+- include:
+    problem.severity: recommendation
+`;
+    t.deepEqual(yamlResult, expected);
+});
 //# sourceMappingURL=analyze.test.js.map

lib/api-client.js

@@ -78,6 +78,9 @@ async function getGitHubVersionFromApi(apiClient, apiDetails) {
     if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === undefined) {
         return { type: util_1.GitHubVariant.DOTCOM };
     }
+    if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "GitHub AE") {
+        return { type: util_1.GitHubVariant.GHAE };
+    }
     if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "ghe.com") {
         return { type: util_1.GitHubVariant.GHE_DOTCOM };
     }

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AAzBD,0DAyBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,WAAW,EAAE,CAAC;QACvE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AA7BD,0DA6BC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"}

lib/api-client.test.js

@@ -92,6 +92,15 @@ function mockGetMetaVersionHeader(versionHeader) {
     });
     t.deepEqual({ type: util.GitHubVariant.GHES, version: "2.0" }, v2);
 });
+(0, ava_1.default)("getGitHubVersion for GHAE", async (t) => {
+    mockGetMetaVersionHeader("GitHub AE");
+    const ghae = await api.getGitHubVersionFromApi(api.getApiClient(), {
+        auth: "",
+        url: "https://example.githubenterprise.com",
+        apiURL: undefined,
+    });
+    t.deepEqual({ type: util.GitHubVariant.GHAE }, ghae);
+});
 (0, ava_1.default)("getGitHubVersion for different domain", async (t) => {
     mockGetMetaVersionHeader(undefined);
     const v3 = await api.getGitHubVersionFromApi(api.getApiClient(), {

lib/api-client.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,uEAAyD;AACzD,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7E,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,EAAE,CAAC;IACjD,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACrE,oBAAoB;SACjB,QAAQ,CAAC,mBAAmB,CAAC;SAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACtC,oBAAoB;SACjB,QAAQ,CAAC,gBAAgB,CAAC;SAC1B,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAE1C,GAAG,CAAC,YAAY,EAAE,CAAC;IAEnB,CAAC,CAAC,MAAM,CACN,UAAU,CAAC,qBAAqB,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG;QACpB,SAAS,EAAE,iBAAiB,WAAW,CAAC,gBAAgB,EAAE,EAAE;KAC7D,CAAC,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,wBAAwB,CAC/B,aAAiC;IAEjC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE;YACP,6BAA6B,EAAE,aAAa;SAC7C;KACF,CAAC;IACF,MAAM,cAAc,GAAG,KAAK;SACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;QAC9B,iEAAiE;SAChE,QAAQ,CAAC,QAAe,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,oBAAoB;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,uBAAuB,CACzC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EACxB,UAAU,CACX,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CACT,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAwB,EACvE,EAAE,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACtE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,SAAS,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC"}
+{"version":3,"file":"api-client.test.js","sourceRoot":"","sources":["../src/api-client.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAC1C,uEAAyD;AACzD,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,kDAAoC;AACpC,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,UAAU,CAAC,GAAG,EAAE;IACnB,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,cAAc,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/B,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7E,MAAM,UAAU,GAAoB,KAAK,CAAC,IAAI,EAAE,CAAC;IACjD,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/B,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,oBAAoB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACrE,oBAAoB;SACjB,QAAQ,CAAC,mBAAmB,CAAC;SAC7B,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACtC,oBAAoB;SACjB,QAAQ,CAAC,gBAAgB,CAAC;SAC1B,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAE1C,GAAG,CAAC,YAAY,EAAE,CAAC;IAEnB,CAAC,CAAC,MAAM,CACN,UAAU,CAAC,qBAAqB,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,6BAA6B;QACtC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,GAAG;QACpB,SAAS,EAAE,iBAAiB,WAAW,CAAC,gBAAgB,EAAE,EAAE;KAC7D,CAAC,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,wBAAwB,CAC/B,aAAiC;IAEjC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE;YACP,6BAA6B,EAAE,aAAa;SAC7C;KACF,CAAC;IACF,MAAM,cAAc,GAAG,KAAK;SACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;QAC9B,iEAAiE;SAChE,QAAQ,CAAC,QAAe,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;IACpD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,IAAA,aAAI,EAAC,6BAA6B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9C,MAAM,UAAU,GAAG;QACjB,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,oBAAoB;QACzB,MAAM,EAAE,EAAE;KACX,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,MAAM,CAAC,GAAG,MAAM,GAAG,CAAC,uBAAuB,CACzC,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,EACxB,UAAU,CACX,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACjD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,KAAK,CAAC,CAAC;IAChC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CACT,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAwB,EACvE,EAAE,CACH,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC5C,wBAAwB,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACjE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,sCAAsC;QAC3C,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QAC/D,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,yBAAyB;QAC9B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,iCAAiC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAClD,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE;QACtE,IAAI,EAAE,EAAE;QACR,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,CAAC,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,SAAS,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC"}

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.12", "minimumVersion": "3.8" }
+{ "maximumVersion": "3.12", "minimumVersion": "3.7" }

lib/autobuild-action.js

@@ -27,16 +27,14 @@ const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
-const codeql_1 = require("./codeql");
-const config_utils_1 = require("./config-utils");
-const environment_1 = require("./environment");
+const configUtils = __importStar(require("./config-utils"));
 const logging_1 = require("./logging");
 const status_report_1 = require("./status-report");
 const util_1 = require("./util");
-async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) {
+async function sendCompletedStatusReport(logger, startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
     const status = (0, status_report_1.getActionsStatus)(cause, failingLanguage);
-    const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, status, startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, cause?.message, cause?.stack);
+    const statusReportBase = await (0, status_report_1.createStatusReportBase)("autobuild", status, startedAt, await (0, util_1.checkDiskUsage)(logger), cause?.message, cause?.stack);
     const statusReport = {
         ...statusReportBase,
         autobuild_languages: allLanguages.join(","),
@@ -47,20 +45,19 @@ async function sendCompletedStatusReport(config, logger, startedAt, allLanguages
 async function run() {
     const startedAt = new Date();
     const logger = (0, logging_1.getActionsLogger)();
-    let config;
-    let currentLanguage;
-    let languages;
+    let currentLanguage = undefined;
+    let languages = undefined;
     try {
-        await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger));
+        if (!(await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)("autobuild", "starting", startedAt, await (0, util_1.checkDiskUsage)(logger))))) {
+            return;
+        }
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
-        (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
-        config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
+        const config = await configUtils.getConfig((0, actions_util_1.getTemporaryDirectory)(), logger);
         if (config === undefined) {
             throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
         }
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-        languages = await (0, autobuild_1.determineAutobuildLanguages)(codeql, config, logger);
+        languages = await (0, autobuild_1.determineAutobuildLanguages)(config, logger);
         if (languages !== undefined) {
             const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
             if (workingDirectory) {
@@ -76,11 +73,10 @@ async function run() {
     catch (unwrappedError) {
         const error = (0, util_1.wrapError)(unwrappedError);
         core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps. ${error.message}`);
-        await sendCompletedStatusReport(config, logger, startedAt, languages ?? [], currentLanguage, error);
+        await sendCompletedStatusReport(logger, startedAt, languages ?? [], currentLanguage, error);
         return;
     }
-    core.exportVariable(environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY, "true");
-    await sendCompletedStatusReport(config, logger, startedAt, languages ?? []);
+    await sendCompletedStatusReport(logger, startedAt, languages ?? []);
 }
 async function runWrapper() {
     try {

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CACF,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAE9C,uCAAqD;AACrD,mDAKyB;AACzB,iCAKgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI,CAAC;QACH,IACE,CAAC,CAAC,MAAM,IAAA,gCAAgB,EACtB,MAAM,IAAA,sCAAsB,EAC1B,WAAW,EACX,UAAU,EACV,SAAS,EACT,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,CAC7B,CACF,CAAC,EACF,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,yBAAyB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/autobuild.js

@@ -23,25 +23,17 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.runAutobuild = exports.setupCppAutobuild = exports.determineAutobuildLanguages = void 0;
+exports.runAutobuild = exports.determineAutobuildLanguages = void 0;
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
-const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const repository_1 = require("./repository");
-const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
-async function determineAutobuildLanguages(codeql, config, logger) {
-    if ((config.buildMode === config_utils_1.BuildMode.None &&
-        (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
-        config.buildMode === config_utils_1.BuildMode.Manual) {
-        logger.info(`Using ${config.buildMode} build mode, nothing to autobuild.`);
-        return undefined;
-    }
+async function determineAutobuildLanguages(config, logger) {
     // Attempt to find a language to autobuild
     // We want pick the dominant language in the repo from the ones we're able to build
     // The languages are sorted in order specified by user or by lines of code if we got
@@ -134,7 +126,6 @@ async function setupCppAutobuild(codeql, logger) {
         core.exportVariable(envVar, "false");
     }
 }
-exports.setupCppAutobuild = setupCppAutobuild;
 async function runAutobuild(language, config, logger) {
     logger.startGroup(`Attempting to automatically build ${language} code`);
     const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,iDAA2C;AAC3C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAA0B,EAC1B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAtFD,kEAsFC;AAED,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IAC7D,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"}

lib/cli-errors.js

@@ -1,225 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
-const util_1 = require("./util");
-const NO_SOURCE_CODE_SEEN_DOCS_LINK = "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build";
-/**
- * A class of Error that we can classify as an error stemming from a CLI
- * invocation, with associated exit code, stderr,etc.
- */
-class CommandInvocationError extends Error {
-    constructor(cmd, args, exitCode, stderr, stdout) {
-        const prettyCommand = [cmd, ...args]
-            .map((x) => (x.includes(" ") ? `'${x}'` : x))
-            .join(" ");
-        const fatalErrors = extractFatalErrors(stderr);
-        const lastLine = stderr.trim().split("\n").pop()?.trim();
-        let error = fatalErrors
-            ? ` and error was: ${fatalErrors.trim()}`
-            : lastLine
-                ? ` and last log line was: ${lastLine}`
-                : "";
-        if (error[error.length - 1] !== ".") {
-            error += ".";
-        }
-        super(`Encountered a fatal error while running "${prettyCommand}". ` +
-            `Exit code was ${exitCode}${error} See the logs for more details.`);
-        this.exitCode = exitCode;
-        this.stderr = stderr;
-        this.stdout = stdout;
-    }
-}
-exports.CommandInvocationError = CommandInvocationError;
-/**
- * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
- * error.
- *
- * - If the CLI invocation failed with a fatal error, this returns that fatal error, followed by
- *   any fatal errors that occurred in plumbing commands.
- * - If the CLI invocation did not fail with a fatal error, this returns `undefined`.
- *
- * ### Example
- *
- * ```
- * Running TRAP import for CodeQL database at /home/runner/work/_temp/codeql_databases/javascript...
- * A fatal error occurred: Evaluator heap must be at least 384.00 MiB
- * A fatal error occurred: Dataset import for
- * /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2
- * ```
- *
- * becomes
- *
- * ```
- * Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset
- * --threads=2 --ram=2048 db". Exit code was 32 and error was: A fatal error occurred: Dataset
- * import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2.
- * Context: A fatal error occurred: Evaluator heap must be at least 384.00 MiB.
- * ```
- *
- * Where possible, this tries to summarize the error into a single line, as this displays better in
- * the Actions UI.
- */
-function extractFatalErrors(error) {
-    const fatalErrorRegex = /.*fatal error occurred:/gi;
-    let fatalErrors = [];
-    let lastFatalErrorIndex;
-    let match;
-    while ((match = fatalErrorRegex.exec(error)) !== null) {
-        if (lastFatalErrorIndex !== undefined) {
-            fatalErrors.push(error.slice(lastFatalErrorIndex, match.index).trim());
-        }
-        lastFatalErrorIndex = match.index;
-    }
-    if (lastFatalErrorIndex !== undefined) {
-        const lastError = error.slice(lastFatalErrorIndex).trim();
-        if (fatalErrors.length === 0) {
-            // No other errors
-            return lastError;
-        }
-        const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
-        if (isOneLiner) {
-            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
-        }
-        return [
-            ensureEndsInPeriod(lastError),
-            "Context:",
-            ...fatalErrors.reverse(),
-        ].join(isOneLiner ? " " : "\n");
-    }
-    return undefined;
-}
-function ensureEndsInPeriod(text) {
-    return text[text.length - 1] === "." ? text : `${text}.`;
-}
-/** Error messages from the CLI that we consider configuration errors and handle specially. */
-var CliConfigErrorCategory;
-(function (CliConfigErrorCategory) {
-    CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
-    CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice";
-    CliConfigErrorCategory["InvalidSourceRoot"] = "InvalidSourceRoot";
-    CliConfigErrorCategory["NoBuildCommandAutodetected"] = "NoBuildCommandAutodetected";
-    CliConfigErrorCategory["NoBuildMethodAutodetected"] = "NoBuildMethodAutodetected";
-    CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen";
-    CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded";
-    CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
-})(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
-/**
- * All of our caught CLI error messages that we handle specially: ie. if we
- * would like to categorize an error as a configuration error or not.
- */
-exports.cliErrorsConfig = {
-    // Version of CodeQL CLI is incompatible with this version of the CodeQL Action
-    [CliConfigErrorCategory.IncompatibleWithActionVersion]: {
-        cliErrorMessageCandidates: [
-            new RegExp("is not compatible with this CodeQL CLI"),
-        ],
-    },
-    [CliConfigErrorCategory.InitCalledTwice]: {
-        cliErrorMessageCandidates: [
-            new RegExp("Refusing to create databases .* but could not process any of it"),
-        ],
-        additionalErrorMessageToAppend: `Is the "init" action called twice in the same job?`,
-    },
-    // Expected source location for database creation does not exist
-    [CliConfigErrorCategory.InvalidSourceRoot]: {
-        cliErrorMessageCandidates: [new RegExp("Invalid source root")],
-    },
-    [CliConfigErrorCategory.NoBuildCommandAutodetected]: {
-        cliErrorMessageCandidates: [
-            new RegExp("Could not auto-detect a suitable build method"),
-        ],
-    },
-    [CliConfigErrorCategory.NoBuildMethodAutodetected]: {
-        cliErrorMessageCandidates: [
-            new RegExp("Could not detect a suitable build command for the source checkout"),
-        ],
-    },
-    // Usually when a manual build script has failed, or if an autodetected language
-    // was unintended to have CodeQL analysis run on it.
-    [CliConfigErrorCategory.NoSourceCodeSeen]: {
-        exitCode: 32,
-        cliErrorMessageCandidates: [
-            new RegExp("CodeQL detected code written in .* but could not process any of it"),
-            new RegExp("CodeQL did not detect any code written in languages supported by CodeQL"),
-            /**
-             * Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
-             * source code was found. This means that we don't get the no code found error from
-             * `codeql database finalize`. To ensure users get a good error message, we detect this manually
-             * here, and upon detection override the error message.
-             *
-             * This can be removed once support for CodeQL 2.11.6 is removed.
-             */
-            new RegExp("No JavaScript or TypeScript code found"),
-        ],
-    },
-    [CliConfigErrorCategory.NoSupportedBuildCommandSucceeded]: {
-        cliErrorMessageCandidates: [
-            new RegExp("No supported build command succeeded"),
-        ],
-    },
-    [CliConfigErrorCategory.NoSupportedBuildSystemDetected]: {
-        cliErrorMessageCandidates: [
-            new RegExp("No supported build system detected"),
-        ],
-    },
-};
-/**
- * Check if the given CLI error or exit code, if applicable, apply to any known
- * CLI errors in the configuration record. If either the CLI error message matches one of
- * the error messages in the config record, or the exit codes match, return the error category;
- * if not, return undefined.
- */
-function getCliConfigCategoryIfExists(cliError) {
-    for (const [category, configuration] of Object.entries(exports.cliErrorsConfig)) {
-        if (cliError.exitCode !== undefined &&
-            configuration.exitCode !== undefined &&
-            cliError.exitCode === configuration.exitCode) {
-            return category;
-        }
-        for (const e of configuration.cliErrorMessageCandidates) {
-            if (cliError.message.match(e) || cliError.stderr.match(e)) {
-                return category;
-            }
-        }
-    }
-    return undefined;
-}
-exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
-/**
- * Prepend a clearer error message with the docs link if the error message does not already
- * include it. Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs
- * should already include the doc link.
- */
-function prependDocsLinkIfApplicable(cliErrorMessage) {
-    if (!cliErrorMessage.includes(NO_SOURCE_CODE_SEEN_DOCS_LINK)) {
-        return `No code found during the build. Please see: ${NO_SOURCE_CODE_SEEN_DOCS_LINK}. Detailed error: ${cliErrorMessage}`;
-    }
-    return cliErrorMessage;
-}
-/**
- * Changes an error received from the CLI to a ConfigurationError with optionally an extra
- * error message appended, if it exists in a known set of configuration errors. Otherwise,
- * simply returns the original error.
- */
-function wrapCliConfigurationError(cliError) {
-    if (!(cliError instanceof CommandInvocationError)) {
-        return cliError;
-    }
-    const cliConfigErrorCategory = getCliConfigCategoryIfExists(cliError);
-    if (cliConfigErrorCategory === undefined) {
-        return cliError;
-    }
-    let errorMessageBuilder = cliError.message;
-    // Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs should
-    // already include the doc link.
-    if (cliConfigErrorCategory === CliConfigErrorCategory.NoSourceCodeSeen) {
-        errorMessageBuilder = prependDocsLinkIfApplicable(errorMessageBuilder);
-    }
-    const additionalErrorMessageToAppend = exports.cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend;
-    if (additionalErrorMessageToAppend !== undefined) {
-        errorMessageBuilder = `${errorMessageBuilder} ${additionalErrorMessageToAppend}`;
-    }
-    return new util_1.ConfigurationError(errorMessageBuilder);
-}
-exports.wrapCliConfigurationError = wrapCliConfigurationError;
-//# sourceMappingURL=cli-errors.js.map

lib/cli-errors.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cli-errors.js","sourceRoot":"","sources":["../src/cli-errors.ts"],"names":[],"mappings":";;;AAAA,iCAA4C;AAE5C,MAAM,6BAA6B,GACjC,8EAA8E,CAAC;AAEjF;;;GAGG;AACH,MAAa,sBAAuB,SAAQ,KAAK;IAC/C,YACE,GAAW,EACX,IAAc,EACP,QAAgB,EAChB,MAAc,EACd,MAAc;QAErB,MAAM,aAAa,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC5C,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,MAAM,WAAW,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,GAAG,WAAW;YACrB,CAAC,CAAC,mBAAmB,WAAW,CAAC,IAAI,EAAE,EAAE;YACzC,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,2BAA2B,QAAQ,EAAE;gBACvC,CAAC,CAAC,EAAE,CAAC;QACP,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACpC,KAAK,IAAI,GAAG,CAAC;QACf,CAAC;QAED,KAAK,CACH,4CAA4C,aAAa,KAAK;YAC5D,iBAAiB,QAAQ,GAAG,KAAK,iCAAiC,CACrE,CAAC;QAtBK,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;QACd,WAAM,GAAN,MAAM,CAAQ;IAqBvB,CAAC;CACF;AA5BD,wDA4BC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,eAAe,GAAG,2BAA2B,CAAC;IACpD,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,mBAAuC,CAAC;IAC5C,IAAI,KAA8B,CAAC;IACnC,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;YACtC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,mBAAmB,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,mBAAmB,GAAG,KAAK,CAAC,KAAK,CAAC;IACpC,CAAC;IACD,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,kBAAkB;YAClB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,UAAU,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9D,IAAI,UAAU,EAAE,CAAC;YACf,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QACD,OAAO;YACL,kBAAkB,CAAC,SAAS,CAAC;YAC7B,UAAU;YACV,GAAG,WAAW,CAAC,OAAO,EAAE;SACzB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,CAAC;AAC3D,CAAC;AAED,8FAA8F;AAC9F,IAAY,sBASX;AATD,WAAY,sBAAsB;IAChC,yFAA+D,CAAA;IAC/D,6DAAmC,CAAA;IACnC,iEAAuC,CAAA;IACvC,mFAAyD,CAAA;IACzD,iFAAuD,CAAA;IACvD,+DAAqC,CAAA;IACrC,+FAAqE,CAAA;IACrE,2FAAiE,CAAA;AACnE,CAAC,EATW,sBAAsB,sCAAtB,sBAAsB,QASjC;AASD;;;GAGG;AACU,QAAA,eAAe,GAGxB;IACF,+EAA+E;IAC/E,CAAC,sBAAsB,CAAC,6BAA6B,CAAC,EAAE;QACtD,yBAAyB,EAAE;YACzB,IAAI,MAAM,CAAC,wCAAwC,CAAC;SACrD;KACF;IACD,CAAC,sBAAsB,CAAC,eAAe,CAAC,EAAE;QACxC,yBAAyB,EAAE;YACzB,IAAI,MAAM,CACR,iEAAiE,CAClE;SACF;QACD,8BAA8B,EAAE,oDAAoD;KACrF;IACD,gEAAgE;IAChE,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,EAAE;QAC1C,yBAAyB,EAAE,CAAC,IAAI,MAAM,CAAC,qBAAqB,CAAC,CAAC;KAC/D;IACD,CAAC,sBAAsB,CAAC,0BAA0B,CAAC,EAAE;QACnD,yBAAyB,EAAE;YACzB,IAAI,MAAM,CAAC,+CAA+C,CAAC;SAC5D;KACF;IACD,CAAC,sBAAsB,CAAC,yBAAyB,CAAC,EAAE;QAClD,yBAAyB,EAAE;YACzB,IAAI,MAAM,CACR,mEAAmE,CACpE;SACF;KACF;IACD,gFAAgF;IAChF,oDAAoD;IACpD,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE;QACzC,QAAQ,EAAE,EAAE;QACZ,yBAAyB,EAAE;YACzB,IAAI,MAAM,CACR,oEAAoE,CACrE;YACD,IAAI,MAAM,CACR,yEAAyE,CAC1E;YACD;;;;;;;eAOG;YACH,IAAI,MAAM,CAAC,wCAAwC,CAAC;SACrD;KACF;IAED,CAAC,sBAAsB,CAAC,gCAAgC,CAAC,EAAE;QACzD,yBAAyB,EAAE;YACzB,IAAI,MAAM,CAAC,sCAAsC,CAAC;SACnD;KACF;IACD,CAAC,sBAAsB,CAAC,8BAA8B,CAAC,EAAE;QACvD,yBAAyB,EAAE;YACzB,IAAI,MAAM,CAAC,oCAAoC,CAAC;SACjD;KACF;CACF,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,4BAA4B,CAC1C,QAAgC;IAEhC,KAAK,MAAM,CAAC,QAAQ,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,uBAAe,CAAC,EAAE,CAAC;QACxE,IACE,QAAQ,CAAC,QAAQ,KAAK,SAAS;YAC/B,aAAa,CAAC,QAAQ,KAAK,SAAS;YACpC,QAAQ,CAAC,QAAQ,KAAK,aAAa,CAAC,QAAQ,EAC5C,CAAC;YACD,OAAO,QAAkC,CAAC;QAC5C,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,yBAAyB,EAAE,CAAC;YACxD,IAAI,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1D,OAAO,QAAkC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AApBD,oEAoBC;AAED;;;;GAIG;AACH,SAAS,2BAA2B,CAAC,eAAuB;IAC1D,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,6BAA6B,CAAC,EAAE,CAAC;QAC7D,OAAO,+CAA+C,6BAA6B,qBAAqB,eAAe,EAAE,CAAC;IAC5H,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;;;GAIG;AACH,SAAgB,yBAAyB,CAAC,QAAe;IACvD,IAAI,CAAC,CAAC,QAAQ,YAAY,sBAAsB,CAAC,EAAE,CAAC;QAClD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,sBAAsB,GAAG,4BAA4B,CAAC,QAAQ,CAAC,CAAC;IACtE,IAAI,sBAAsB,KAAK,SAAS,EAAE,CAAC;QACzC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAI,mBAAmB,GAAG,QAAQ,CAAC,OAAO,CAAC;IAE3C,2FAA2F;IAC3F,gCAAgC;IAChC,IAAI,sBAAsB,KAAK,sBAAsB,CAAC,gBAAgB,EAAE,CAAC;QACvE,mBAAmB,GAAG,2BAA2B,CAAC,mBAAmB,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,8BAA8B,GAClC,uBAAe,CAAC,sBAAsB,CAAC,CAAC,8BAA8B,CAAC;IACzE,IAAI,8BAA8B,KAAK,SAAS,EAAE,CAAC;QACjD,mBAAmB,GAAG,GAAG,mBAAmB,IAAI,8BAA8B,EAAE,CAAC;IACnF,CAAC;IAED,OAAO,IAAI,yBAAkB,CAAC,mBAAmB,CAAC,CAAC;AACrD,CAAC;AAzBD,8DAyBC"}

lib/codeql.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = void 0;
+exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -31,14 +31,35 @@ const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
-const cli_errors_1 = require("./cli-errors");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
-const tools_features_1 = require("./tools-features");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
+class CommandInvocationError extends Error {
+    constructor(cmd, args, exitCode, stderr, stdout) {
+        const prettyCommand = [cmd, ...args]
+            .map((x) => (x.includes(" ") ? `'${x}'` : x))
+            .join(" ");
+        const fatalErrors = extractFatalErrors(stderr);
+        const lastLine = stderr.trim().split("\n").pop()?.trim();
+        let error = fatalErrors
+            ? ` and error was: ${fatalErrors.trim()}`
+            : lastLine
+                ? ` and last log line was: ${lastLine}`
+                : "";
+        if (error[error.length - 1] !== ".") {
+            error += ".";
+        }
+        super(`Encountered a fatal error while running "${prettyCommand}". ` +
+            `Exit code was ${exitCode}${error} See the logs for more details.`);
+        this.exitCode = exitCode;
+        this.stderr = stderr;
+        this.stdout = stdout;
+    }
+}
+exports.CommandInvocationError = CommandInvocationError;
 /**
  * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
  * Can be overridden in tests using `setCodeQL`.
@@ -52,7 +73,7 @@ let cachedCodeQL = undefined;
  * The version flags below can be used to conditionally enable certain features
  * on versions newer than this.
  */
-const CODEQL_MINIMUM_VERSION = "2.11.6";
+const CODEQL_MINIMUM_VERSION = "2.10.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
@@ -66,14 +87,18 @@ const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7";
  */
 const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
 /*
- * Deprecated in favor of ToolsFeature.
- *
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
  * flag is older than the oldest supported version above, it may be removed.
  */
 /**
- * Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
+ * Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via
+ * `codeql database export-diagnostics` or `codeql diagnostics export`.
+ */
+exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
+const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
+/**
+ * Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
  * each language.
  */
 exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
@@ -86,6 +111,11 @@ exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
  * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
  */
 exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
+/**
+ * Versions 2.12.4+ of the CodeQL CLI provide a better error message when `database finalize`
+ * determines that no code has been found.
+ */
+exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = "2.12.4";
 /**
  * Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
  */
@@ -131,7 +161,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
             codeqlCmd += ".exe";
         }
         else if (process.platform !== "linux" && process.platform !== "darwin") {
-            throw new util.ConfigurationError(`Unsupported platform: ${process.platform}`);
+            throw new util.UserError(`Unsupported platform: ${process.platform}`);
         }
         cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
         return {
@@ -177,16 +207,13 @@ function resolveFunction(partialCodeql, methodName, defaultImplementation) {
 function setCodeQL(partialCodeql) {
     cachedCodeQL = {
         getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
-        getVersion: resolveFunction(partialCodeql, "getVersion", async () => ({
+        getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve({
             version: "1.0.0",
-        })),
+        }))),
         printVersion: resolveFunction(partialCodeql, "printVersion"),
-        supportsFeature: resolveFunction(partialCodeql, "supportsFeature", async (feature) => !!partialCodeql.getVersion &&
-            (0, tools_features_1.isSupportedToolsFeature)(await partialCodeql.getVersion(), feature)),
         databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
         runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
         extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
-        extractUsingBuildMode: resolveFunction(partialCodeql, "extractUsingBuildMode"),
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
         betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages"),
@@ -258,25 +285,23 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async printVersion() {
             await runTool(cmd, ["version", "--format=json"]);
         },
-        async supportsFeature(feature) {
-            return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
-        },
-        async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) {
+        async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
             const extraArgs = config.languages.map((language) => `--language=${language}`);
             if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
                 extraArgs.push("--begin-tracing");
                 extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
                 extraArgs.push(`--trace-process-name=${processName}`);
             }
-            const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
-            const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
-            extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
-            if (externalRepositoryToken) {
-                extraArgs.push("--external-repository-token-stdin");
-            }
-            if (config.buildMode !== undefined &&
-                (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
-                extraArgs.push(`--build-mode=${config.buildMode}`);
+            // A code scanning config file is only generated if the CliConfigFileEnabled feature flag is enabled.
+            const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, features, logger);
+            // Only pass external repository token if a config file is going to be parsed by the CLI.
+            let externalRepositoryToken;
+            if (codeScanningConfigFile) {
+                externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
+                extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
+                if (externalRepositoryToken) {
+                    extraArgs.push("--external-repository-token-stdin");
+                }
             }
             if (qlconfigFile !== undefined &&
                 (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
@@ -291,24 +316,16 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
                 extraArgs.push("--no-sublanguage-file-coverage");
             }
-            try {
-                await runTool(cmd, [
-                    "database",
-                    "init",
-                    "--db-cluster",
-                    config.dbLocation,
-                    `--source-root=${sourceRoot}`,
-                    ...(await getLanguageAliasingArguments(this)),
-                    ...extraArgs,
-                    ...getExtraOptionsFromEnv(["database", "init"]),
-                ], { stdin: externalRepositoryToken });
-            }
-            catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
-                }
-                throw e;
-            }
+            await runTool(cmd, [
+                "database",
+                "init",
+                "--db-cluster",
+                config.dbLocation,
+                `--source-root=${sourceRoot}`,
+                ...(await getLanguageAliasingArguments(this)),
+                ...extraArgs,
+                ...getExtraOptionsFromEnv(["database", "init"]),
+            ], { stdin: externalRepositoryToken });
         },
         async runAutobuild(language) {
             const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
@@ -336,15 +353,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             // When `DYLD_INSERT_LIBRARIES` is set in the environment for a step,
             // the Actions runtime introduces its own workaround for SIP
             // (https://github.com/actions/runner/pull/416).
-            try {
-                await runTool(autobuildCmd);
-            }
-            catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
-                }
-                throw e;
-            }
+            await runTool(autobuildCmd);
         },
         async extractScannedLanguage(config, language) {
             await runTool(cmd, [
@@ -356,16 +365,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 util.getCodeQLDatabasePath(config, language),
             ]);
         },
-        async extractUsingBuildMode(config, language) {
-            await runTool(cmd, [
-                "database",
-                "trace-command",
-                "--use-build-mode",
-                ...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
-                ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                util.getCodeQLDatabasePath(config, language),
-            ]);
-        },
         async finalizeDatabase(databasePath, threadsFlag, memoryFlag) {
             const args = [
                 "database",
@@ -380,8 +379,11 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 await runTool(cmd, args);
             }
             catch (e) {
-                if (e instanceof Error) {
-                    throw (0, cli_errors_1.wrapCliConfigurationError)(e);
+                if (e instanceof CommandInvocationError &&
+                    !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE)) &&
+                    isNoCodeFoundError(e)) {
+                    throw new util.UserError("No code found during the build. Please see: " +
+                        "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build");
                 }
                 throw e;
             }
@@ -456,7 +458,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve build-environment: ${e} in\n${output}`);
             }
         },
-        async databaseRunQueries(databasePath, flags) {
+        async databaseRunQueries(databasePath, extraSearchPath, querySuitePath, flags, optimizeForLastQueryRun, features) {
             const codeqlArgs = [
                 "database",
                 "run-queries",
@@ -466,12 +468,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "-v",
                 ...getExtraOptionsFromEnv(["database", "run-queries"]),
             ];
-            if (await util.supportExpectDiscardedCache(this)) {
+            if (optimizeForLastQueryRun &&
+                (await util.supportExpectDiscardedCache(this))) {
                 codeqlArgs.push("--expect-discarded-cache");
             }
-            if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
+            if (extraSearchPath !== undefined) {
+                codeqlArgs.push("--additional-packs", extraSearchPath);
+            }
+            if (querySuitePath) {
+                codeqlArgs.push(querySuitePath);
+            }
+            if (await features.getValue(feature_flags_1.Feature.EvaluatorFineGrainedParallelismEnabled, this)) {
                 codeqlArgs.push("--intra-layer-parallelism");
             }
+            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
+                codeqlArgs.push("--no-intra-layer-parallelism");
+            }
             await runTool(cmd, codeqlArgs);
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
@@ -491,7 +503,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 addSnippetsFlag,
                 "--print-diagnostics-summary",
                 "--print-metrics-summary",
-                "--sarif-add-baseline-file-info",
                 "--sarif-add-query-help",
                 "--sarif-group-rules-by-pack",
                 ...(await getCodeScanningConfigExportArguments(config, this)),
@@ -500,6 +511,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (automationDetailsId !== undefined) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
+            if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
+                codeqlArgs.push("--sarif-add-baseline-file-info");
+            }
             if (await isSublanguageFileCoverageEnabled(config, this)) {
                 codeqlArgs.push("--sublanguage-file-coverage");
             }
@@ -685,7 +699,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
     // CodeQL object is created.
     if (checkVersion &&
         !(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) {
-        throw new util.ConfigurationError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
+        throw new util.UserError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
     }
     else if (checkVersion &&
         process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
@@ -790,18 +804,83 @@ async function runTool(cmd, args = [], opts = {}) {
         ...(opts.stdin ? { input: Buffer.from(opts.stdin || "") } : {}),
     }).exec();
     if (exitCode !== 0) {
-        throw new cli_errors_1.CommandInvocationError(cmd, args, exitCode, error, output);
+        throw new CommandInvocationError(cmd, args, exitCode, error, output);
     }
     return output;
 }
 /**
- * Generates a code scanning configuration that is to be used for a scan.
+ * Provide a better error message from the stderr of a CLI invocation that failed with a fatal
+ * error.
+ *
+ * - If the CLI invocation failed with a fatal error, this returns that fatal error, followed by
+ *   any fatal errors that occurred in plumbing commands.
+ * - If the CLI invocation did not fail with a fatal error, this returns `undefined`.
+ *
+ * ### Example
+ *
+ * ```
+ * Running TRAP import for CodeQL database at /home/runner/work/_temp/codeql_databases/javascript...
+ * A fatal error occurred: Evaluator heap must be at least 384.00 MiB
+ * A fatal error occurred: Dataset import for
+ * /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2
+ * ```
+ *
+ * becomes
+ *
+ * ```
+ * Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset
+ * --threads=2 --ram=2048 db". Exit code was 32 and error was: A fatal error occurred: Dataset
+ * import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2.
+ * Context: A fatal error occurred: Evaluator heap must be at least 384.00 MiB.
+ * ```
+ *
+ * Where possible, this tries to summarize the error into a single line, as this displays better in
+ * the Actions UI.
+ */
+function extractFatalErrors(error) {
+    const fatalErrorRegex = /.*fatal error occurred:/gi;
+    let fatalErrors = [];
+    let lastFatalErrorIndex;
+    let match;
+    while ((match = fatalErrorRegex.exec(error)) !== null) {
+        if (lastFatalErrorIndex !== undefined) {
+            fatalErrors.push(error.slice(lastFatalErrorIndex, match.index).trim());
+        }
+        lastFatalErrorIndex = match.index;
+    }
+    if (lastFatalErrorIndex !== undefined) {
+        const lastError = error.slice(lastFatalErrorIndex).trim();
+        if (fatalErrors.length === 0) {
+            // No other errors
+            return lastError;
+        }
+        const isOneLiner = !fatalErrors.some((e) => e.includes("\n"));
+        if (isOneLiner) {
+            fatalErrors = fatalErrors.map(ensureEndsInPeriod);
+        }
+        return [
+            ensureEndsInPeriod(lastError),
+            "Context:",
+            ...fatalErrors.reverse(),
+        ].join(isOneLiner ? " " : "\n");
+    }
+    return undefined;
+}
+function ensureEndsInPeriod(text) {
+    return text[text.length - 1] === "." ? text : `${text}.`;
+}
+/**
+ * If appropriate, generates a code scanning configuration that is to be used for a scan.
+ * If the configuration is not to be generated, returns undefined.
  *
  * @param codeql The CodeQL object to use.
  * @param config The configuration to use.
  * @returns the path to the generated user configuration file.
  */
-async function generateCodeScanningConfig(config, logger) {
+async function generateCodeScanningConfig(codeql, config, features, logger) {
+    if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeql, features))) {
+        return;
+    }
     const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
     // make a copy so we can modify it
     const augmentedConfig = cloneObject(config.originalUserInput);
@@ -895,6 +974,18 @@ function getGeneratedCodeScanningConfigPath(config) {
     return path.resolve(config.tempDir, "user-config.yaml");
 }
 exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
+function isNoCodeFoundError(e) {
+    /**
+     * Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
+     * source code was found. This means that we don't get the no code found error from
+     * `codeql database finalize`. To ensure users get a good error message, we detect this manually
+     * here, and upon detection override the error message.
+     *
+     * This can be removed once support for CodeQL 2.11.6 is removed.
+     */
+    const javascriptNoCodeFoundWarning = "No JavaScript or TypeScript code found.";
+    return e.exitCode === 32 || e.stderr.includes(javascriptNoCodeFoundWarning);
+}
 async function isDiagnosticsExportInvalidSarifFixed(codeql) {
     return await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
 }

lib/codeql.test.js

@@ -28,6 +28,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.stubToolRunnerConstructor = void 0;
 const fs = __importStar(require("fs"));
+const path_1 = __importDefault(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const safeWhich = __importStar(require("@chrisgavin/safe-which"));
@@ -39,6 +40,7 @@ const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const codeql = __importStar(require("./codeql"));
 const defaults = __importStar(require("./defaults.json"));
+const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const setup_codeql_1 = require("./setup-codeql");
@@ -46,12 +48,37 @@ const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
+const sampleGHAEApiDetails = {
+    auth: "token",
+    url: "https://example.githubenterprise.com",
+    apiURL: "https://example.githubenterprise.com/api/v3",
+};
 let stubConfig;
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)("1.2.3");
-    stubConfig = (0, testing_utils_1.createTestConfig)({
+    stubConfig = {
         languages: [languages_1.Language.cpp],
-    });
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: "",
+        codeQLCmd: "",
+        gitHubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
+        dbLocation: "",
+        packs: {},
+        debugMode: false,
+        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
+        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        augmentationProperties: {
+            packsInputCombines: false,
+            queriesInputCombines: false,
+        },
+        trapCaches: {},
+        trapCacheDownloadTime: 0,
+    };
 });
 async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, cliVersion, isPinned, tagName, tmpDir, }) {
     const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
@@ -194,47 +221,49 @@ for (const toolcacheVersion of [
         });
     });
 }
-(0, ava_1.default)(`uses a cached bundle when no tools input is given on GHES`, async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await installIntoToolcache({
-            tagName: "codeql-bundle-20200601",
-            isPinned: true,
-            tmpDir,
+for (const variant of [util.GitHubVariant.GHAE, util.GitHubVariant.GHES]) {
+    (0, ava_1.default)(`uses a cached bundle when no tools input is given on ${util.GitHubVariant[variant]}`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            await installIntoToolcache({
+                tagName: "codeql-bundle-20200601",
+                isPinned: true,
+                tmpDir,
+            });
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
+                cliVersion: defaults.cliVersion,
+                tagName: defaults.bundleVersion,
+            }, (0, logging_1.getRunnerLogger)(true), false);
+            t.deepEqual(result.toolsVersion, "0.0.0-20200601");
+            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
+            t.is(result.toolsDownloadDurationMs, undefined);
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, 1);
         });
-        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
-            cliVersion: defaults.cliVersion,
-            tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), false);
-        t.deepEqual(result.toolsVersion, "0.0.0-20200601");
-        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
-        t.is(result.toolsDownloadDurationMs, undefined);
-        const cachedVersions = toolcache.findAllVersions("CodeQL");
-        t.is(cachedVersions.length, 1);
     });
-});
-(0, ava_1.default)(`downloads bundle if only an unpinned version is cached on GHES`, async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        await installIntoToolcache({
-            tagName: "codeql-bundle-20200601",
-            isPinned: false,
-            tmpDir,
+    (0, ava_1.default)(`downloads bundle if only an unpinned version is cached on ${util.GitHubVariant[variant]}`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            await installIntoToolcache({
+                tagName: "codeql-bundle-20200601",
+                isPinned: false,
+                tmpDir,
+            });
+            (0, testing_utils_1.mockBundleDownloadApi)({
+                tagName: defaults.bundleVersion,
+            });
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, variant, {
+                cliVersion: defaults.cliVersion,
+                tagName: defaults.bundleVersion,
+            }, (0, logging_1.getRunnerLogger)(true), false);
+            t.deepEqual(result.toolsVersion, defaults.cliVersion);
+            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, 2);
         });
-        (0, testing_utils_1.mockBundleDownloadApi)({
-            tagName: defaults.bundleVersion,
-        });
-        const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
-            cliVersion: defaults.cliVersion,
-            tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), false);
-        t.deepEqual(result.toolsVersion, defaults.cliVersion);
-        t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
-        t.assert(Number.isInteger(result.toolsDownloadDurationMs));
-        const cachedVersions = toolcache.findAllVersions("CodeQL");
-        t.is(cachedVersions.length, 2);
     });
-});
+}
 (0, ava_1.default)('downloads bundle if "latest" tools specified but not cached', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -254,6 +283,50 @@ for (const toolcacheVersion of [
         t.is(cachedVersions.length, 2);
     });
 });
+for (const isBundleVersionInUrl of [true, false]) {
+    const inclusionString = isBundleVersionInUrl
+        ? "includes"
+        : "does not include";
+    (0, ava_1.default)(`download codeql bundle from github ae endpoint (URL ${inclusionString} bundle version)`, async (t) => {
+        await util.withTmpDir(async (tmpDir) => {
+            (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+            const bundleAssetID = 10;
+            const platform = process.platform === "win32"
+                ? "win64"
+                : process.platform === "linux"
+                    ? "linux64"
+                    : "osx64";
+            const codeQLBundleName = `codeql-bundle-${platform}.tar.gz`;
+            const eventualDownloadUrl = isBundleVersionInUrl
+                ? `https://example.githubenterprise.com/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`
+                : `https://example.githubenterprise.com/api/v3/repos/github/codeql-action/releases/assets/${bundleAssetID}`;
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/find/${defaults.bundleVersion}`)
+                .reply(200, {
+                assets: { [codeQLBundleName]: bundleAssetID },
+            });
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(`/api/v3/enterprise/code-scanning/codeql-bundle/download/${bundleAssetID}`)
+                .reply(200, {
+                url: eventualDownloadUrl,
+            });
+            (0, nock_1.default)("https://example.githubenterprise.com")
+                .get(eventualDownloadUrl.replace("https://example.githubenterprise.com", ""))
+                .replyWithFile(200, path_1.default.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
+            mockApiDetails(sampleGHAEApiDetails);
+            sinon.stub(actionsUtil, "isRunningLocalAction").returns(false);
+            process.env["GITHUB_ACTION_REPOSITORY"] = "github/codeql-action";
+            const result = await codeql.setupCodeQL(undefined, sampleGHAEApiDetails, tmpDir, util.GitHubVariant.GHAE, {
+                cliVersion: defaults.cliVersion,
+                tagName: defaults.bundleVersion,
+            }, (0, logging_1.getRunnerLogger)(true), false);
+            t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
+            t.assert(Number.isInteger(result.toolsDownloadDurationMs));
+            const cachedVersions = toolcache.findAllVersions("CodeQL");
+            t.is(cachedVersions.length, 1);
+        });
+    });
+}
 (0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
@@ -300,20 +373,45 @@ for (const toolcacheVersion of [
     t.throws(() => codeql.getExtraOptions({ foo: 87 }, ["foo"], []));
     t.throws(() => codeql.getExtraOptions({ "*": [42], foo: { "*": 87, bar: [99] } }, ["foo", "bar"], []));
 });
+(0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.10.5"));
+        // safeWhich throws because of the test CodeQL object.
+        sinon.stub(safeWhich, "safeWhich").resolves("");
+        const thisStubConfig = {
+            ...stubConfig,
+            tempDir,
+            augmentationProperties: {
+                queriesInputCombines: false,
+                packsInputCombines: false,
+            },
+        };
+        await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should NOT have used an config file
+        const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
+        t.falsy(configArg, "Should NOT have injected a codescanning config");
+    });
+});
 // Test macro for ensuring different variants of injected augmented configurations
 const injectedConfigMacro = ava_1.default.macro({
     exec: async (t, augmentationProperties, configOverride, expectedConfig) => {
         await util.withTmpDir(async (tempDir) => {
             const runnerConstructorStub = stubToolRunnerConstructor();
             const codeqlObject = await codeql.getCodeQLForTesting();
-            sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("1.0.0"));
+            sinon
+                .stub(codeqlObject, "getVersion")
+                .resolves((0, testing_utils_1.makeVersionInfo)(feature_flags_1.featureConfig[feature_flags_1.Feature.CliConfigFileEnabled].minimumVersion ||
+                "1.0.0"));
             const thisStubConfig = {
                 ...stubConfig,
                 ...configOverride,
                 tempDir,
                 augmentationProperties,
             };
-            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true));
+            await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, (0, logging_1.getRunnerLogger)(true));
             const args = runnerConstructorStub.firstCall.args[1];
             // should have used an config file
             const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@@ -444,14 +542,30 @@ const injectedConfigMacro = ava_1.default.macro({
         queries: [],
     },
 }, {});
-(0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI", async (t) => {
+(0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
+    await util.withTmpDir(async (tempDir) => {
+        const runnerConstructorStub = stubToolRunnerConstructor();
+        const codeqlObject = await codeql.getCodeQLForTesting();
+        // stubbed version doesn't matter. It just needs to be valid semver.
+        sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("0.0.0"));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        const args = runnerConstructorStub.firstCall.args[1];
+        // should not have used a config file
+        const hasConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
+        t.false(hasConfigArg, "Should NOT have injected a codescanning config");
+        // should not have passed a qlconfig file
+        const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
+        t.false(hasQlconfigArg, "Should NOT have passed a qlconfig file");
+    });
+});
+(0, ava_1.default)("passes a code scanning config AND qlconfig to the CLI when CLI config passing is enabled", async (t) => {
     await util.withTmpDir(async (tempDir) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon
             .stub(codeqlObject, "getVersion")
             .resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         // should have used a config file
         const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -461,12 +575,12 @@ const injectedConfigMacro = ava_1.default.macro({
         t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
     });
 });
-(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI for CodeQL v2.12.2", async (t) => {
+(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI when CLI config passing is enabled", async (t) => {
     await util.withTmpDir(async (tempDir) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.2"));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         // should have used a config file
         const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@@ -483,13 +597,31 @@ const injectedConfigMacro = ava_1.default.macro({
         sinon
             .stub(codeqlObject, "getVersion")
             .resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
-        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
+        await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.CliConfigFileEnabled]), undefined, // undefined qlconfigFile
         (0, logging_1.getRunnerLogger)(true));
         const args = runnerConstructorStub.firstCall.args[1];
         const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
         t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
     });
 });
+(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3", async (t) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.3"));
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+    t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
+});
+(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
+    const runnerConstructorStub = stubToolRunnerConstructor();
+    const codeqlObject = await codeql.getCodeQLForTesting();
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.2"));
+    // safeWhich throws because of the test CodeQL object.
+    sinon.stub(safeWhich, "safeWhich").resolves("");
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+    t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
+});
 const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
     {
         codeqlVersion: "2.15.0",
@@ -554,9 +686,8 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
     await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", ""), {
-        instanceOf: util.ConfigurationError,
-        message: new RegExp("No code found during the build\\. Please see: " +
-            "https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
+        message: "No code found during the build. Please see: " +
+            "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build",
     });
 });
 (0, ava_1.default)("database finalize overrides no code found error on CodeQL 2.11.6", async (t) => {
@@ -566,9 +697,8 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
     await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", ""), {
-        instanceOf: util.ConfigurationError,
-        message: new RegExp("No code found during the build\\. Please see: " +
-            "https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
+        message: "No code found during the build. Please see: " +
+            "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build",
     });
 });
 (0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.4", async (t) => {
@@ -595,9 +725,8 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
     await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048"), {
-        instanceOf: util.ConfigurationError,
-        message: new RegExp('Encountered a fatal error while running \\"codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db\\"\\. ' +
-            `Exit code was 32 and error was: ${datasetImportError.replaceAll(".", "\\.")}\\. Context: ${heapError.replaceAll(".", "\\.")}\\. See the logs for more details\\.`),
+        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
+            `Exit code was 32 and error was: ${datasetImportError}. Context: ${heapError}. See the logs for more details.`,
     });
 });
 (0, ava_1.default)("runTool outputs last line of stderr if fatal error could not be found", async (t) => {
@@ -608,9 +737,8 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
     await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048"), {
-        instanceOf: util.ConfigurationError,
-        message: new RegExp('Encountered a fatal error while running \\"codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db\\"\\. ' +
-            "Exit code was 32 and last log line was: line5\\. See the logs for more details\\."),
+        message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
+            "Exit code was 32 and last log line was: line5. See the logs for more details.",
     });
 });
 function stubToolRunnerConstructor(exitCode = 0, stderr) {

lib/config-utils.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseBuildModeInput = exports.wrapEnvironment = exports.generateRegistries = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromInput = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getPacksStrInvalid = exports.defaultAugmentationProperties = exports.BuildMode = void 0;
+exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const perf_hooks_1 = require("perf_hooks");
@@ -31,18 +31,19 @@ const yaml = __importStar(require("js-yaml"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
+const externalQueries = __importStar(require("./external-queries"));
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const trap_caching_1 = require("./trap-caching");
 const util_1 = require("./util");
 // Property names from the user-supplied config file.
+const NAME_PROPERTY = "name";
+const DISABLE_DEFAULT_QUERIES_PROPERTY = "disable-default-queries";
+const QUERIES_PROPERTY = "queries";
+const QUERIES_USES_PROPERTY = "uses";
+const PATHS_IGNORE_PROPERTY = "paths-ignore";
+const PATHS_PROPERTY = "paths";
 const PACKS_PROPERTY = "packs";
-var BuildMode;
-(function (BuildMode) {
-    BuildMode["None"] = "none";
-    BuildMode["Autobuild"] = "autobuild";
-    BuildMode["Manual"] = "manual";
-})(BuildMode || (exports.BuildMode = BuildMode = {}));
 /**
  * The default, empty augmentation properties. This is most useful
  * for tests.
@@ -53,12 +54,284 @@ exports.defaultAugmentationProperties = {
     packsInput: undefined,
     queriesInput: undefined,
 };
+/**
+ * A list of queries from https://github.com/github/codeql that
+ * we don't want to run. Disabling them here is a quicker alternative to
+ * disabling them in the code scanning query suites. Queries should also
+ * be disabled in the suites, and removed from this list here once the
+ * bundle is updated to make those suite changes live.
+ *
+ * Format is a map from language to an array of path suffixes of .ql files.
+ */
+const DISABLED_BUILTIN_QUERIES = {
+    csharp: [
+        "ql/src/Security Features/CWE-937/VulnerablePackage.ql",
+        "ql/src/Security Features/CWE-451/MissingXFrameOptions.ql",
+    ],
+};
+function queryIsDisabled(language, query) {
+    return (DISABLED_BUILTIN_QUERIES[language] || []).some((disabledQuery) => query.endsWith(disabledQuery));
+}
+/**
+ * Asserts that the noDeclaredLanguage and multipleDeclaredLanguages fields are
+ * both empty and errors if they are not.
+ */
+function validateQueries(resolvedQueries) {
+    const noDeclaredLanguage = resolvedQueries.noDeclaredLanguage;
+    const noDeclaredLanguageQueries = Object.keys(noDeclaredLanguage);
+    if (noDeclaredLanguageQueries.length !== 0) {
+        throw new util_1.UserError(`${"The following queries do not declare a language. " +
+            "Their qlpack.yml files are either missing or is invalid.\n"}${noDeclaredLanguageQueries.join("\n")}`);
+    }
+    const multipleDeclaredLanguages = resolvedQueries.multipleDeclaredLanguages;
+    const multipleDeclaredLanguagesQueries = Object.keys(multipleDeclaredLanguages);
+    if (multipleDeclaredLanguagesQueries.length !== 0) {
+        throw new util_1.UserError(`${"The following queries declare multiple languages. " +
+            "Their qlpack.yml files are either missing or is invalid.\n"}${multipleDeclaredLanguagesQueries.join("\n")}`);
+    }
+}
+/**
+ * Run 'codeql resolve queries' and add the results to resultMap
+ *
+ * If a checkout path is given then the queries are assumed to be custom queries
+ * and an error will be thrown if there is anything invalid about the queries.
+ * If a checkout path is not given then the queries are assumed to be builtin
+ * queries, and error checking will be suppressed.
+ */
+async function runResolveQueries(codeQL, resultMap, toResolve, extraSearchPath) {
+    const resolvedQueries = await codeQL.resolveQueries(toResolve, extraSearchPath);
+    if (extraSearchPath !== undefined) {
+        validateQueries(resolvedQueries);
+    }
+    for (const [language, queryPaths] of Object.entries(resolvedQueries.byLanguage)) {
+        if (resultMap[language] === undefined) {
+            resultMap[language] = {
+                builtin: [],
+                custom: [],
+            };
+        }
+        const queries = Object.keys(queryPaths).filter((q) => !queryIsDisabled(language, q));
+        if (extraSearchPath !== undefined) {
+            resultMap[language].custom.push({
+                searchPath: extraSearchPath,
+                queries,
+            });
+        }
+        else {
+            resultMap[language].builtin.push(...queries);
+        }
+    }
+}
+/**
+ * Get the set of queries included by default.
+ */
+async function addDefaultQueries(codeQL, languages, resultMap) {
+    const suites = languages.map((l) => `${l}-code-scanning.qls`);
+    await runResolveQueries(codeQL, resultMap, suites, undefined);
+}
+// The set of acceptable values for built-in suites from the codeql bundle
+const builtinSuites = [
+    "security-experimental",
+    "security-extended",
+    "security-and-quality",
+];
+/**
+ * Determine the set of queries associated with suiteName's suites and add them to resultMap.
+ * Throws an error if suiteName is not a valid builtin suite.
+ */
+async function addBuiltinSuiteQueries(languages, codeQL, resultMap, suiteName, configFile) {
+    const found = builtinSuites.find((suite) => suite === suiteName);
+    if (!found) {
+        throw new util_1.UserError(getQueryUsesInvalid(configFile, suiteName));
+    }
+    if (suiteName === "security-experimental" &&
+        !(await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE))) {
+        throw new util_1.UserError(`The 'security-experimental' suite is not supported on CodeQL CLI versions earlier than
+      ${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE}. Please upgrade to CodeQL CLI version
+      ${codeql_1.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE} or later.`);
+    }
+    const suites = languages.map((l) => `${l}-${suiteName}.qls`);
+    await runResolveQueries(codeQL, resultMap, suites, undefined);
+}
+/**
+ * Retrieve the set of queries at localQueryPath and add them to resultMap.
+ */
+async function addLocalQueries(codeQL, resultMap, localQueryPath, workspacePath, configFile) {
+    // Resolve the local path against the workspace so that when this is
+    // passed to codeql it resolves to exactly the path we expect it to resolve to.
+    let absoluteQueryPath = path.join(workspacePath, localQueryPath);
+    // Check the file exists
+    if (!fs.existsSync(absoluteQueryPath)) {
+        throw new util_1.UserError(getLocalPathDoesNotExist(configFile, localQueryPath));
+    }
+    // Call this after checking file exists, because it'll fail if file doesn't exist
+    absoluteQueryPath = fs.realpathSync(absoluteQueryPath);
+    // Check the local path doesn't jump outside the repo using '..' or symlinks
+    if (!(absoluteQueryPath + path.sep).startsWith(fs.realpathSync(workspacePath) + path.sep)) {
+        throw new util_1.UserError(getLocalPathOutsideOfRepository(configFile, localQueryPath));
+    }
+    const extraSearchPath = workspacePath;
+    await runResolveQueries(codeQL, resultMap, [absoluteQueryPath], extraSearchPath);
+}
+/**
+ * Retrieve the set of queries at the referenced remote repo and add them to resultMap.
+ */
+async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile) {
+    let tok = queryUses.split("@");
+    if (tok.length !== 2) {
+        throw new util_1.UserError(getQueryUsesInvalid(configFile, queryUses));
+    }
+    const ref = tok[1];
+    tok = tok[0].split("/");
+    // The first token is the owner
+    // The second token is the repo
+    // The rest is a path, if there is more than one token combine them to form the full path
+    if (tok.length < 2) {
+        throw new util_1.UserError(getQueryUsesInvalid(configFile, queryUses));
+    }
+    // Check none of the parts of the repository name are empty
+    if (tok[0].trim() === "" || tok[1].trim() === "") {
+        throw new util_1.UserError(getQueryUsesInvalid(configFile, queryUses));
+    }
+    const nwo = `${tok[0]}/${tok[1]}`;
+    // Checkout the external repository
+    const checkoutPath = await externalQueries.checkoutExternalRepository(nwo, ref, apiDetails, tempDir, logger);
+    const queryPath = tok.length > 2
+        ? path.join(checkoutPath, tok.slice(2).join("/"))
+        : checkoutPath;
+    await runResolveQueries(codeQL, resultMap, [queryPath], checkoutPath);
+}
+/**
+ * Parse a query 'uses' field to a discrete set of query files and update resultMap.
+ *
+ * The logic for parsing the string is based on what actions does for
+ * parsing the 'uses' actions in the workflow file. So it can handle
+ * local paths starting with './', or references to remote repos, or
+ * a finite set of hardcoded terms for builtin suites.
+ */
+async function parseQueryUses(languages, codeQL, resultMap, queryUses, tempDir, workspacePath, apiDetails, features, logger, configFile) {
+    queryUses = queryUses.trim();
+    if (queryUses === "") {
+        throw new util_1.UserError(getQueryUsesInvalid(configFile));
+    }
+    // Check for the local path case before we start trying to parse the repository name
+    if (queryUses.startsWith("./")) {
+        await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile);
+        return;
+    }
+    // Check for one of the builtin suites
+    if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
+        await addBuiltinSuiteQueries(languages, codeQL, resultMap, queryUses, configFile);
+        return;
+    }
+    // Otherwise, must be a reference to another repo.
+    // If config parsing is handled in CLI, then this repo will be downloaded
+    // later by the CLI.
+    if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeQL, features))) {
+        await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
+    }
+}
+// Regex validating stars in paths or paths-ignore entries.
+// The intention is to only allow ** to appear when immediately
+// preceded and followed by a slash.
+const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
+// Characters that are supported by filters in workflows, but not by us.
+// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+const filterPatternCharactersRegex = /.*[?+[\]!].*/;
+// Checks that a paths of paths-ignore entry is valid, possibly modifying it
+// to make it valid, or if not possible then throws an error.
+function validateAndSanitisePath(originalPath, propertyName, configFile, logger) {
+    // Take a copy so we don't modify the original path, so we can still construct error messages
+    let newPath = originalPath;
+    // All paths are relative to the src root, so strip off leading slashes.
+    while (newPath.charAt(0) === "/") {
+        newPath = newPath.substring(1);
+    }
+    // Trailing ** are redundant, so strip them off
+    if (newPath.endsWith("/**")) {
+        newPath = newPath.substring(0, newPath.length - 2);
+    }
+    // An empty path is not allowed as it's meaningless
+    if (newPath === "") {
+        throw new util_1.UserError(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" is not an invalid path. ` +
+            `It is not necessary to include it, and it is not allowed to exclude it.`));
+    }
+    // Check for illegal uses of **
+    if (newPath.match(pathStarsRegex)) {
+        throw new util_1.UserError(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an invalid "**" wildcard. ` +
+            `They must be immediately preceded and followed by a slash as in "/**/", or come at the start or end.`));
+    }
+    // Check for other regex characters that we don't support.
+    // Output a warning so the user knows, but otherwise continue normally.
+    if (newPath.match(filterPatternCharactersRegex)) {
+        logger.warning(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an unsupported character. ` +
+            `The filter pattern characters ?, +, [, ], ! are not supported and will be matched literally.`));
+    }
+    // Ban any uses of backslash for now.
+    // This may not play nicely with project layouts.
+    // This restriction can be lifted later if we determine they are ok.
+    if (newPath.indexOf("\\") !== -1) {
+        throw new util_1.UserError(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an "\\" character. These are not allowed in filters. ` +
+            `If running on windows we recommend using "/" instead for path filters.`));
+    }
+    return newPath;
+}
+exports.validateAndSanitisePath = validateAndSanitisePath;
+// An undefined configFile in some of these functions indicates that
+// the property was in a workflow file, not a config file
+function getNameInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, NAME_PROPERTY, "must be a non-empty string");
+}
+exports.getNameInvalid = getNameInvalid;
+function getDisableDefaultQueriesInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, DISABLE_DEFAULT_QUERIES_PROPERTY, "must be a boolean");
+}
+exports.getDisableDefaultQueriesInvalid = getDisableDefaultQueriesInvalid;
+function getQueriesInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, "must be an array");
+}
+exports.getQueriesInvalid = getQueriesInvalid;
+function getQueriesMissingUses(configFile) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, "must be an array, with each entry having a 'uses' property");
+}
+exports.getQueriesMissingUses = getQueriesMissingUses;
+function getQueryUsesInvalid(configFile, queryUses) {
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `must be a built-in suite (${builtinSuites.join(" or ")}), a relative path, or be of the form "owner/repo[/path]@ref"${queryUses !== undefined ? `\n Found: ${queryUses}` : ""}`);
+}
+exports.getQueryUsesInvalid = getQueryUsesInvalid;
+function getPathsIgnoreInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, PATHS_IGNORE_PROPERTY, "must be an array of non-empty strings");
+}
+exports.getPathsIgnoreInvalid = getPathsIgnoreInvalid;
+function getPathsInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, PATHS_PROPERTY, "must be an array of non-empty strings");
+}
+exports.getPathsInvalid = getPathsInvalid;
+function getPacksRequireLanguage(lang, configFile) {
+    return getConfigFilePropertyError(configFile, PACKS_PROPERTY, `has "${lang}", but it is not a valid language.`);
+}
+function getPacksInvalidSplit(configFile) {
+    return getConfigFilePropertyError(configFile, PACKS_PROPERTY, "must split packages by language");
+}
+exports.getPacksInvalidSplit = getPacksInvalidSplit;
+function getPacksInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, PACKS_PROPERTY, "must be an array of non-empty strings");
+}
+exports.getPacksInvalid = getPacksInvalid;
 function getPacksStrInvalid(packStr, configFile) {
     return configFile
         ? getConfigFilePropertyError(configFile, PACKS_PROPERTY, `"${packStr}" is not a valid pack`)
         : `"${packStr}" is not a valid pack`;
 }
 exports.getPacksStrInvalid = getPacksStrInvalid;
+function getLocalPathOutsideOfRepository(configFile, localPath) {
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `is invalid as the local path "${localPath}" is outside of the repository`);
+}
+exports.getLocalPathOutsideOfRepository = getLocalPathOutsideOfRepository;
+function getLocalPathDoesNotExist(configFile, localPath) {
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `is invalid as the local path "${localPath}" does not exist in the repository`);
+}
+exports.getLocalPathDoesNotExist = getLocalPathDoesNotExist;
 function getConfigFileOutsideWorkspaceErrorMessage(configFile) {
     return `The configuration file "${configFile}" is outside of the workspace`;
 }
@@ -155,7 +428,7 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
     // If the languages parameter was not given and no languages were
     // detected then fail here as this is a workflow configuration error.
     if (languages.length === 0) {
-        throw new util_1.ConfigurationError(getNoLanguagesError());
+        throw new util_1.UserError(getNoLanguagesError());
     }
     // Make sure they are supported
     const parsedLanguages = [];
@@ -172,7 +445,7 @@ async function getLanguages(codeQL, languagesInput, repository, logger) {
     // Any unknown languages here would have come directly from the input
     // since we filter unknown languages coming from the GitHub API.
     if (unknownLanguages.length > 0) {
-        throw new util_1.ConfigurationError(getUnknownLanguagesError(unknownLanguages));
+        throw new util_1.UserError(getUnknownLanguagesError(unknownLanguages));
     }
     return parsedLanguages;
 }
@@ -216,21 +489,57 @@ async function getRawLanguages(languagesInput, repository, logger) {
     return { rawLanguages, autodetected };
 }
 exports.getRawLanguages = getRawLanguages;
+async function addQueriesFromWorkflow(codeQL, queriesInput, languages, resultMap, tempDir, workspacePath, apiDetails, features, logger) {
+    queriesInput = queriesInput.trim();
+    // "+" means "don't override config file" - see shouldAddConfigFileQueries
+    queriesInput = queriesInput.replace(/^\+/, "");
+    for (const query of queriesInput.split(",")) {
+        await parseQueryUses(languages, codeQL, resultMap, query, tempDir, workspacePath, apiDetails, features, logger);
+    }
+}
+// Returns true if either no queries were provided in the workflow.
+// or if the queries in the workflow were provided in "additive" mode,
+// indicating that they shouldn't override the config queries but
+// should instead be added in addition
+function shouldAddConfigFileQueries(queriesInput) {
+    if (queriesInput) {
+        return queriesInput.trimStart().slice(0, 1) === "+";
+    }
+    return true;
+}
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig({ languagesInput, queriesInput, packsInput, buildModeInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, githubVersion, features, logger, }) {
-    const languages = await getLanguages(codeql, languagesInput, repository, logger);
-    const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = calculateAugmentation(packsInput, queriesInput, languages);
-    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
+async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+    const languages = await getLanguages(codeQL, languagesInput, repository, logger);
+    const queries = {};
+    for (const language of languages) {
+        queries[language] = {
+            builtin: [],
+            custom: [],
+        };
+    }
+    await addDefaultQueries(codeQL, languages, queries);
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const packs = augmentationProperties.packsInput
+        ? {
+            [languages[0]]: augmentationProperties.packsInput,
+        }
+        : {};
+    if (rawQueriesInput) {
+        await addQueriesFromWorkflow(codeQL, rawQueriesInput, languages, queries, tempDir, workspacePath, apiDetails, features, logger);
+    }
+    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
     return {
         languages,
-        buildMode,
+        queries,
+        pathsIgnore: [],
+        paths: [],
+        packs,
         originalUserInput: {},
         tempDir,
-        codeQLCmd: codeql.getPath(),
-        gitHubVersion: githubVersion,
+        codeQLCmd: codeQL.getPath(),
+        gitHubVersion,
         dbLocation: dbLocationOrDefault(dbLocation, tempDir),
         debugMode,
         debugArtifactName,
@@ -254,33 +563,101 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
  * Load the config from the given file.
  */
-async function loadConfig({ languagesInput, queriesInput, packsInput, buildModeInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeql, workspacePath, githubVersion, apiDetails, features, logger, }) {
+async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
     let parsedYAML;
     if (isLocal(configFile)) {
-        if (configFile !== userConfigFromActionPath(tempDir)) {
-            // If the config file is not generated by the Action, it should be relative to the workspace.
-            configFile = path.resolve(workspacePath, configFile);
-            // Error if the config file is now outside of the workspace
-            if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-                throw new util_1.ConfigurationError(getConfigFileOutsideWorkspaceErrorMessage(configFile));
-            }
-        }
-        parsedYAML = getLocalConfig(configFile);
+        // Treat the config file as relative to the workspace
+        configFile = path.resolve(workspacePath, configFile);
+        parsedYAML = getLocalConfig(configFile, workspacePath);
     }
     else {
         parsedYAML = await getRemoteConfig(configFile, apiDetails);
     }
-    const languages = await getLanguages(codeql, languagesInput, repository, logger);
-    const buildMode = await parseBuildModeInput(buildModeInput, languages, features, logger);
-    const augmentationProperties = calculateAugmentation(packsInput, queriesInput, languages);
-    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeql, languages, logger);
+    // Validate that the 'name' property is syntactically correct,
+    // even though we don't use the value yet.
+    if (NAME_PROPERTY in parsedYAML) {
+        if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
+            throw new util_1.UserError(getNameInvalid(configFile));
+        }
+        if (parsedYAML[NAME_PROPERTY].length === 0) {
+            throw new util_1.UserError(getNameInvalid(configFile));
+        }
+    }
+    const languages = await getLanguages(codeQL, languagesInput, repository, logger);
+    const queries = {};
+    for (const language of languages) {
+        queries[language] = {
+            builtin: [],
+            custom: [],
+        };
+    }
+    const pathsIgnore = [];
+    const paths = [];
+    let disableDefaultQueries = false;
+    if (DISABLE_DEFAULT_QUERIES_PROPERTY in parsedYAML) {
+        if (typeof parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY] !== "boolean") {
+            throw new util_1.UserError(getDisableDefaultQueriesInvalid(configFile));
+        }
+        disableDefaultQueries = parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY];
+    }
+    if (!disableDefaultQueries) {
+        await addDefaultQueries(codeQL, languages, queries);
+    }
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const packs = parsePacks(parsedYAML[PACKS_PROPERTY] ?? {}, rawPacksInput, augmentationProperties.packsInputCombines, languages, configFile, logger);
+    // If queries were provided using `with` in the action configuration,
+    // they should take precedence over the queries in the config file
+    // unless they're prefixed with "+", in which case they supplement those
+    // in the config file.
+    if (rawQueriesInput) {
+        await addQueriesFromWorkflow(codeQL, rawQueriesInput, languages, queries, tempDir, workspacePath, apiDetails, features, logger);
+    }
+    if (shouldAddConfigFileQueries(rawQueriesInput) &&
+        QUERIES_PROPERTY in parsedYAML) {
+        const queriesArr = parsedYAML[QUERIES_PROPERTY];
+        if (!Array.isArray(queriesArr)) {
+            throw new util_1.UserError(getQueriesInvalid(configFile));
+        }
+        for (const query of queriesArr) {
+            if (typeof query[QUERIES_USES_PROPERTY] !== "string") {
+                throw new util_1.UserError(getQueriesMissingUses(configFile));
+            }
+            await parseQueryUses(languages, codeQL, queries, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, features, logger, configFile);
+        }
+    }
+    if (PATHS_IGNORE_PROPERTY in parsedYAML) {
+        if (!Array.isArray(parsedYAML[PATHS_IGNORE_PROPERTY])) {
+            throw new util_1.UserError(getPathsIgnoreInvalid(configFile));
+        }
+        for (const ignorePath of parsedYAML[PATHS_IGNORE_PROPERTY]) {
+            if (typeof ignorePath !== "string" || ignorePath === "") {
+                throw new util_1.UserError(getPathsIgnoreInvalid(configFile));
+            }
+            pathsIgnore.push(validateAndSanitisePath(ignorePath, PATHS_IGNORE_PROPERTY, configFile, logger));
+        }
+    }
+    if (PATHS_PROPERTY in parsedYAML) {
+        if (!Array.isArray(parsedYAML[PATHS_PROPERTY])) {
+            throw new util_1.UserError(getPathsInvalid(configFile));
+        }
+        for (const includePath of parsedYAML[PATHS_PROPERTY]) {
+            if (typeof includePath !== "string" || includePath === "") {
+                throw new util_1.UserError(getPathsInvalid(configFile));
+            }
+            paths.push(validateAndSanitisePath(includePath, PATHS_PROPERTY, configFile, logger));
+        }
+    }
+    const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
     return {
         languages,
-        buildMode,
+        queries,
+        pathsIgnore,
+        paths,
+        packs,
         originalUserInput: parsedYAML,
         tempDir,
-        codeQLCmd: codeql.getPath(),
-        gitHubVersion: githubVersion,
+        codeQLCmd: codeQL.getPath(),
+        gitHubVersion,
         dbLocation: dbLocationOrDefault(dbLocation, tempDir),
         debugMode,
         debugArtifactName,
@@ -330,7 +707,7 @@ function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) {
         ? rawQueriesInput.trim().slice(1).trim()
         : rawQueriesInput?.trim() ?? "";
     if (queriesInputCombines && trimmedInput.length === 0) {
-        throw new util_1.ConfigurationError(getConfigFilePropertyError(undefined, "queries", "A '+' was used in the 'queries' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
+        throw new util_1.UserError(getConfigFilePropertyError(undefined, "queries", "A '+' was used in the 'queries' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
     }
     return trimmedInput.split(",").map((query) => ({ uses: query.trim() }));
 }
@@ -345,31 +722,65 @@ const PACK_IDENTIFIER_PATTERN = (function () {
     return new RegExp(`^${component}/${component}$`);
 })();
 // Exported for testing
+function parsePacksFromConfig(packsByLanguage, languages, configFile, logger) {
+    const packs = {};
+    if (Array.isArray(packsByLanguage)) {
+        if (languages.length === 1) {
+            // single language analysis, so language is implicit
+            packsByLanguage = {
+                [languages[0]]: packsByLanguage,
+            };
+        }
+        else {
+            // this is an error since multi-language analysis requires
+            // packs split by language
+            throw new util_1.UserError(getPacksInvalidSplit(configFile));
+        }
+    }
+    for (const [lang, packsArr] of Object.entries(packsByLanguage)) {
+        if (!Array.isArray(packsArr)) {
+            throw new util_1.UserError(getPacksInvalid(configFile));
+        }
+        if (!languages.includes(lang)) {
+            // This particular language is not being analyzed in this run.
+            if (languages_1.Language[lang]) {
+                logger.info(`Ignoring packs for ${lang} since this language is not being analyzed in this run.`);
+                continue;
+            }
+            else {
+                // This language is invalid, probably a misspelling
+                throw new util_1.UserError(getPacksRequireLanguage(configFile, lang));
+            }
+        }
+        packs[lang] = packsArr.map((packStr) => validatePackSpecification(packStr, configFile));
+    }
+    return packs;
+}
+exports.parsePacksFromConfig = parsePacksFromConfig;
 function parsePacksFromInput(rawPacksInput, languages, packsInputCombines) {
     if (!rawPacksInput?.trim()) {
         return undefined;
     }
     if (languages.length > 1) {
-        throw new util_1.ConfigurationError("Cannot specify a 'packs' input in a multi-language analysis. Use a codeql-config.yml file instead and specify packs by language.");
+        throw new util_1.UserError("Cannot specify a 'packs' input in a multi-language analysis. Use a codeql-config.yml file instead and specify packs by language.");
     }
     else if (languages.length === 0) {
-        throw new util_1.ConfigurationError("No languages specified. Cannot process the packs input.");
+        throw new util_1.UserError("No languages specified. Cannot process the packs input.");
     }
     rawPacksInput = rawPacksInput.trim();
     if (packsInputCombines) {
         rawPacksInput = rawPacksInput.trim().substring(1).trim();
         if (!rawPacksInput) {
-            throw new util_1.ConfigurationError(getConfigFilePropertyError(undefined, "packs", "A '+' was used in the 'packs' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
+            throw new util_1.UserError(getConfigFilePropertyError(undefined, "packs", "A '+' was used in the 'packs' input to specify that you wished to add some packs to your CodeQL analysis. However, no packs were specified. Please either remove the '+' or specify some packs."));
         }
     }
     return {
         [languages[0]]: rawPacksInput.split(",").reduce((packs, pack) => {
-            packs.push(validatePackSpecification(pack));
+            packs.push(validatePackSpecification(pack, ""));
             return packs;
         }, []),
     };
 }
-exports.parsePacksFromInput = parsePacksFromInput;
 /**
  * Validates that this package specification is syntactically correct.
  * It may not point to any real package, but after this function returns
@@ -388,9 +799,9 @@ exports.parsePacksFromInput = parsePacksFromInput;
  * @param packStr the package specification to verify.
  * @param configFile Config file to use for error reporting
  */
-function parsePacksSpecification(packStr) {
+function parsePacksSpecification(packStr, configFile) {
     if (typeof packStr !== "string") {
-        throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
+        throw new util_1.UserError(getPacksStrInvalid(packStr, configFile));
     }
     packStr = packStr.trim();
     const atIndex = packStr.indexOf("@");
@@ -411,7 +822,7 @@ function parsePacksSpecification(packStr) {
         ? packStr.slice(pathStart, pathEnd).trim()
         : undefined;
     if (!PACK_IDENTIFIER_PATTERN.test(packName)) {
-        throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
+        throw new util_1.UserError(getPacksStrInvalid(packStr, configFile));
     }
     if (version) {
         try {
@@ -419,7 +830,7 @@ function parsePacksSpecification(packStr) {
         }
         catch (e) {
             // The range string is invalid. OK to ignore the caught error
-            throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
+            throw new util_1.UserError(getPacksStrInvalid(packStr, configFile));
         }
     }
     if (packPath &&
@@ -430,11 +841,11 @@ function parsePacksSpecification(packStr) {
             // which seems more awkward.
             path.normalize(packPath).split(path.sep).join("/") !==
                 packPath.split(path.sep).join("/"))) {
-        throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
+        throw new util_1.UserError(getPacksStrInvalid(packStr, configFile));
     }
     if (!packPath && pathStart) {
         // 0 length path
-        throw new util_1.ConfigurationError(getPacksStrInvalid(packStr));
+        throw new util_1.UserError(getPacksStrInvalid(packStr, configFile));
     }
     return {
         name: packName,
@@ -443,10 +854,26 @@ function parsePacksSpecification(packStr) {
     };
 }
 exports.parsePacksSpecification = parsePacksSpecification;
-function validatePackSpecification(pack) {
-    return (0, util_1.prettyPrintPack)(parsePacksSpecification(pack));
+function validatePackSpecification(pack, configFile) {
+    return (0, util_1.prettyPrintPack)(parsePacksSpecification(pack, configFile));
 }
 exports.validatePackSpecification = validatePackSpecification;
+// exported for testing
+function parsePacks(rawPacksFromConfig, rawPacksFromInput, packsInputCombines, languages, configFile, logger) {
+    const packsFomConfig = parsePacksFromConfig(rawPacksFromConfig, languages, configFile, logger);
+    const packsFromInput = parsePacksFromInput(rawPacksFromInput, languages, packsInputCombines);
+    if (!packsFromInput) {
+        return packsFomConfig;
+    }
+    if (!packsInputCombines) {
+        if (!packsFromInput) {
+            throw new util_1.UserError(getPacksInvalid(configFile));
+        }
+        return packsFromInput;
+    }
+    return combinePacks(packsFromInput, packsFomConfig);
+}
+exports.parsePacks = parsePacks;
 /**
  * The convention in this action is that an input value that is prefixed with a '+' will
  * be combined with the corresponding value in the config file.
@@ -460,38 +887,64 @@ exports.validatePackSpecification = validatePackSpecification;
 function shouldCombine(inputValue) {
     return !!inputValue?.trim().startsWith("+");
 }
+function combinePacks(packs1, packs2) {
+    const packs = {};
+    for (const lang of Object.keys(packs1)) {
+        packs[lang] = packs1[lang].concat(packs2[lang] || []);
+    }
+    for (const lang of Object.keys(packs2)) {
+        if (!packs[lang]) {
+            packs[lang] = packs2[lang];
+        }
+    }
+    return packs;
+}
 function dbLocationOrDefault(dbLocation, tempDir) {
     return dbLocation || path.resolve(tempDir, "codeql_databases");
 }
-function userConfigFromActionPath(tempDir) {
-    return path.resolve(tempDir, "user-config-from-action.yml");
-}
 /**
  * Load and return the config.
  *
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-async function initConfig(inputs) {
+async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, configInput, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
     let config;
-    const { logger, tempDir } = inputs;
     // if configInput is set, it takes precedence over configFile
-    if (inputs.configInput) {
-        if (inputs.configFile) {
+    if (configInput) {
+        if (configFile) {
             logger.warning(`Both a config file and config input were provided. Ignoring config file.`);
         }
-        inputs.configFile = userConfigFromActionPath(tempDir);
-        fs.writeFileSync(inputs.configFile, inputs.configInput);
-        logger.debug(`Using config from action input: ${inputs.configFile}`);
+        configFile = path.resolve(workspacePath, "user-config-from-action.yml");
+        fs.writeFileSync(configFile, configInput);
+        logger.debug(`Using config from action input: ${configFile}`);
     }
     // If no config file was provided create an empty one
-    if (!inputs.configFile) {
+    if (!configFile) {
         logger.debug("No configuration file was provided");
-        config = await getDefaultConfig(inputs);
+        config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
     }
     else {
-        // Convince the type checker that inputs.configFile is defined.
-        config = await loadConfig({ ...inputs, configFile: inputs.configFile });
+        config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
+    }
+    // When using the codescanning config in the CLI, pack downloads
+    // happen in the CLI during the `database init` command, so no need
+    // to download them here.
+    await (0, feature_flags_1.logCodeScanningConfigInCli)(codeQL, features, logger);
+    if (!(await (0, feature_flags_1.useCodeScanningConfigInCli)(codeQL, features))) {
+        // The list of queries should not be empty for any language. If it is then
+        // it is a user configuration error.
+        // This check occurs in the CLI when it parses the config file.
+        for (const language of config.languages) {
+            const hasBuiltinQueries = config.queries[language]?.builtin.length > 0;
+            const hasCustomQueries = config.queries[language]?.custom.length > 0;
+            const hasPacks = (config.packs[language]?.length || 0) > 0;
+            if (!hasPacks && !hasBuiltinQueries && !hasCustomQueries) {
+                throw new util_1.UserError(`Did not detect any queries to run for ${language}. ` +
+                    "Please make sure that the default queries are enabled, or you are specifying queries to run.");
+            }
+        }
+        await downloadPacks(codeQL, config.languages, config.packs, apiDetails, registriesInput, config.tempDir, logger);
     }
     // Save the config so we can easily access it again in the future
     await saveConfig(config, logger);
@@ -505,7 +958,7 @@ function parseRegistries(registriesInput) {
             : undefined;
     }
     catch (e) {
-        throw new util_1.ConfigurationError("Invalid registries input. Must be a YAML string.");
+        throw new util_1.UserError("Invalid registries input. Must be a YAML string.");
     }
 }
 function isLocal(configPath) {
@@ -515,10 +968,14 @@ function isLocal(configPath) {
     }
     return configPath.indexOf("@") === -1;
 }
-function getLocalConfig(configFile) {
+function getLocalConfig(configFile, workspacePath) {
+    // Error if the config file is now outside of the workspace
+    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
+        throw new util_1.UserError(getConfigFileOutsideWorkspaceErrorMessage(configFile));
+    }
     // Error if the file does not exist
     if (!fs.existsSync(configFile)) {
-        throw new util_1.ConfigurationError(getConfigFileDoesNotExistErrorMessage(configFile));
+        throw new util_1.UserError(getConfigFileDoesNotExistErrorMessage(configFile));
     }
     return yaml.load(fs.readFileSync(configFile, "utf8"));
 }
@@ -528,7 +985,7 @@ async function getRemoteConfig(configFile, apiDetails) {
     const pieces = format.exec(configFile);
     // 5 = 4 groups + the whole expression
     if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
-        throw new util_1.ConfigurationError(getConfigFileRepoFormatInvalidMessage(configFile));
+        throw new util_1.UserError(getConfigFileRepoFormatInvalidMessage(configFile));
     }
     const response = await api
         .getApiClientWithExternalAuth(apiDetails)
@@ -543,10 +1000,10 @@ async function getRemoteConfig(configFile, apiDetails) {
         fileContents = response.data.content;
     }
     else if (Array.isArray(response.data)) {
-        throw new util_1.ConfigurationError(getConfigFileDirectoryGivenMessage(configFile));
+        throw new util_1.UserError(getConfigFileDirectoryGivenMessage(configFile));
     }
     else {
-        throw new util_1.ConfigurationError(getConfigFileFormatInvalidMessage(configFile));
+        throw new util_1.UserError(getConfigFileFormatInvalidMessage(configFile));
     }
     return yaml.load(Buffer.from(fileContents, "base64").toString("binary"));
 }
@@ -583,6 +1040,36 @@ async function getConfig(tempDir, logger) {
     return JSON.parse(configString);
 }
 exports.getConfig = getConfig;
+async function downloadPacks(codeQL, languages, packs, apiDetails, registriesInput, tempDir, logger) {
+    // This code path is only used when config parsing occurs in the Action.
+    const { registriesAuthTokens, qlconfigFile } = await generateRegistries(registriesInput, tempDir, logger);
+    await wrapEnvironment({
+        GITHUB_TOKEN: apiDetails.auth,
+        CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
+    }, async () => {
+        let numPacksDownloaded = 0;
+        logger.startGroup("Downloading packs");
+        for (const language of languages) {
+            const packsWithVersion = packs[language];
+            if (packsWithVersion?.length) {
+                logger.info(`Downloading custom packs for ${language}`);
+                const results = await codeQL.packDownload(packsWithVersion, qlconfigFile);
+                numPacksDownloaded += results.packs.length;
+                logger.info(`Downloaded: ${results.packs
+                    .map((r) => `${r.name}@${r.version || "latest"}`)
+                    .join(", ")}`);
+            }
+        }
+        if (numPacksDownloaded > 0) {
+            logger.info(`Downloaded ${numPacksDownloaded} ${numPacksDownloaded === 1 ? "pack" : "packs"}`);
+        }
+        else {
+            logger.info("No packs to download");
+        }
+        logger.endGroup();
+    });
+}
+exports.downloadPacks = downloadPacks;
 /**
  * Generate a `qlconfig.yml` file from the `registries` input.
  * This file is used by the CodeQL CLI to list the registries to use for each
@@ -625,7 +1112,7 @@ exports.generateRegistries = generateRegistries;
 function createRegistriesBlock(registries) {
     if (!Array.isArray(registries) ||
         registries.some((r) => !r.url || !r.packages)) {
-        throw new util_1.ConfigurationError("Invalid 'registries' input. Must be an array of objects with 'url' and 'packages' properties.");
+        throw new util_1.UserError("Invalid 'registries' input. Must be an array of objects with 'url' and 'packages' properties.");
     }
     // be sure to remove the `token` field from the registry before writing it to disk.
     const safeRegistries = registries.map((registry) => ({
@@ -672,20 +1159,4 @@ async function wrapEnvironment(env, operation) {
     }
 }
 exports.wrapEnvironment = wrapEnvironment;
-// Exported for testing
-async function parseBuildModeInput(input, languages, features, logger) {
-    if (input === undefined) {
-        return undefined;
-    }
-    if (!Object.values(BuildMode).includes(input)) {
-        throw new util_1.ConfigurationError(`Invalid build mode: '${input}'. Supported build modes are: ${Object.values(BuildMode).join(", ")}.`);
-    }
-    if (languages.includes(languages_1.Language.java) &&
-        (await features.getValue(feature_flags_1.Feature.DisableJavaBuildlessEnabled))) {
-        logger.warning("Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.");
-        return BuildMode.Autobuild;
-    }
-    return input;
-}
-exports.parseBuildModeInput = parseBuildModeInput;
 //# sourceMappingURL=config-utils.js.map