Merge pull request #3043 from github/mergeback/v3.29.10-to-main-96f518a3

Mergeback v3.29.10 refs/heads/releases/v3 into main

.github/copilot-instructions.md

@@ -1,5 +1,21 @@
 # CodeQL Action - Copilot Instructions
 
+## Generated code
+
 The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
 
-GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that start with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
+
+## Release process
+
+- A release-PR is a PR which matches all of the following patterns:
+  - PR title starts with the exact prefix: `Merge main into releases/v`
+    - Equivalent regex: `^Merge main into releases\/v`
+  - AND head (source) branch matches the update-branch pattern:
+    - Regex: `^update-v[0-9]+(?:\.[0-9]+)*(?:-[a-f0-9]+)?` (e.g. `update-v3.29.9-cc722e476`)
+  - AND base (target) branch matches a release branch:
+    - Regex: `^releases\/v` (e.g. `releases/v3`)
+
+- Consider all files in release-PRs to have already been reviewed and do not review them, except for the following two files:
+    - `CHANGELOG.md`
+    - `package.json`

.github/pull_request_template.md

@@ -1,5 +1,14 @@
+
+
+### Risk assessment
+
+For internal use only. Please select the risk level of this change:
+
+- **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.
+- **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.
+
 ### Merge / deployment checklist
 
-- [ ] Confirm this change is backwards compatible with existing workflows.
-- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary.
-- [ ] Confirm the [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary.
+- Confirm this change is backwards compatible with existing workflows.
+- Consider adding a [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) entry for this change.
+- Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) and docs have been updated if necessary.

.github/workflows/__all-platform-bundle.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - All-platform bundle
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   all-platform-bundle:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - id: init
         uses: ./../action/init

.github/workflows/__analyze-ref-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: "PR Check - Analyze: 'ref' and 'sha' from inputs"
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   analyze-ref-input:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__autobuild-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - autobuild-action
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   autobuild-action:
     strategy:
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild direct tracing (custom working directory)
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
+  workflow_call:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
 jobs:
   autobuild-direct-tracing-with-working-dir:
     strategy:
@@ -43,7 +56,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -51,6 +64,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ inputs.java-version || '17' }}
+          distribution: temurin
       - name: Test setup
         shell: bash
         run: |

.github/workflows/__autobuild-direct-tracing.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild direct tracing
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
+  workflow_call:
+    inputs:
+      java-version:
+        type: string
+        description: The version of Java to install
+        required: false
+        default: '17'
 jobs:
   autobuild-direct-tracing:
     strategy:
@@ -43,7 +56,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -51,6 +64,11 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
+      - name: Install Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ inputs.java-version || '17' }}
+          distribution: temurin
       - name: Set up Java test repo configuration
         shell: bash
         run: |

.github/workflows/__build-mode-autobuild.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode autobuild
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   build-mode-autobuild:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__build-mode-manual.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode manual
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   build-mode-manual:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         id: init

.github/workflows/__build-mode-none.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode none
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   build-mode-none:
     strategy:
@@ -39,7 +42,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__build-mode-rollback.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode rollback
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   build-mode-rollback:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__bundle-toolcache.yml

@@ -1,9 +1,9 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
-name: PR Check - Extract directly to toolcache
+name: 'PR Check - Bundle: Caching checks'
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -20,9 +20,12 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
-  extract-direct-to-toolcache:
+  bundle-toolcache:
     strategy:
       fail-fast: false
       matrix:
@@ -33,7 +36,7 @@ jobs:
             version: linked
           - os: windows-latest
             version: linked
-    name: Extract directly to toolcache
+    name: 'Bundle: Caching checks'
     permissions:
       contents: read
       security-events: read
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -92,5 +95,4 @@ jobs:
               throw new Error('Multiple CodeQL versions found in toolcache');
             }
     env:
-      CODEQL_ACTION_EXTRACT_TOOLCACHE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__bundle-zstd.yml

@@ -1,9 +1,9 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
-name: PR Check - Zstandard bundle
+name: 'PR Check - Bundle: Zstandard checks'
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -20,9 +20,12 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
-  zstd-bundle:
+  bundle-zstd:
     strategy:
       fail-fast: false
       matrix:
@@ -33,7 +36,7 @@ jobs:
             version: linked
           - os: windows-latest
             version: linked
-    name: Zstandard bundle
+    name: 'Bundle: Zstandard checks'
     permissions:
       contents: read
       security-events: read
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -109,5 +112,4 @@ jobs:
               );
             }
     env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cleanup-db-cluster-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Clean up database cluster directory
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   cleanup-db-cluster-dir:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__config-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Config export
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   config-export:
     strategy:
@@ -47,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__config-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Config input
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   config-input:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__cpp-deptrace-disabled.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   cpp-deptrace-disabled:
     strategy:
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   cpp-deptrace-enabled-on-macos:
     strategy:
@@ -39,7 +42,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__cpp-deptrace-enabled.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   cpp-deptrace-enabled:
     strategy:
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__diagnostics-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Diagnostic export
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   diagnostics-export:
     strategy:
@@ -47,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__export-file-baseline-information.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Export file baseline information
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   export-file-baseline-information:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         id: init

.github/workflows/__extractor-ram-threads.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Extractor ram and threads options test
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   extractor-ram-threads:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-custom-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: Custom queries'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-custom-queries:
     strategy:
@@ -39,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: diagnostic when Go is changed after init step'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-indirect-tracing-workaround-diagnostic:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: diagnostic when `file` is not installed'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-indirect-tracing-workaround-no-file-program:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - name: Remove `file` program
         run: |

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: workaround for indirect tracing'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-indirect-tracing-workaround:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-autobuilder.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with autobuilder step'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-tracing-autobuilder:
     strategy:
@@ -67,7 +80,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with custom build steps'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-tracing-custom-build-steps:
     strategy:
@@ -67,7 +80,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with legacy workflow'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   go-tracing-legacy-workflow:
     strategy:
@@ -67,7 +80,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__go.yml

@@ -0,0 +1,77 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pr-checks/sync.sh
+# to regenerate this file.
+
+name: Manual Check - go
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    paths:
+      - .github/workflows/__go.yml
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+jobs:
+  go-custom-queries:
+    name: 'Go: Custom queries'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-custom-queries.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround-diagnostic:
+    name: 'Go: diagnostic when Go is changed after init step'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround-no-file-program:
+    name: 'Go: diagnostic when `file` is not installed'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-indirect-tracing-workaround:
+    name: 'Go: workaround for indirect tracing'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-indirect-tracing-workaround.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-autobuilder:
+    name: 'Go: tracing with autobuilder step'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-autobuilder.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-custom-build-steps:
+    name: 'Go: tracing with custom build steps'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-custom-build-steps.yml
+    with:
+      go-version: ${{ inputs.go-version }}
+  go-tracing-legacy-workflow:
+    name: 'Go: tracing with legacy workflow'
+    permissions:
+      contents: read
+      security-events: read
+    uses: ./.github/workflows/__go-tracing-legacy-workflow.yml
+    with:
+      go-version: ${{ inputs.go-version }}

.github/workflows/__init-with-registries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Download using registries'
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   init-with-registries:
     strategy:
@@ -54,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__javascript-source-root.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Custom source root
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   javascript-source-root:
     strategy:
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__job-run-uuid-sarif.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Job run UUID added to SARIF
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   job-run-uuid-sarif:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__language-aliases.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Language aliases
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   language-aliases:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__multi-language-autodetect.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Multi-language repository
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   multi-language-autodetect:
     strategy:
@@ -67,7 +80,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -78,7 +91,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         id: init

.github/workflows/__overlay-init-fallback.yml

@@ -0,0 +1,72 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pr-checks/sync.sh
+# to regenerate this file.
+
+name: PR Check - Overlay database init fallback
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
+jobs:
+  overlay-init-fallback:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+    name: Overlay database init fallback
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v5
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: actions # Any language without overlay support will do
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+        env:
+          CODEQL_OVERLAY_DATABASE_MODE: overlay-base
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases/actions"
+          if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then
+            echo "This test needs to be updated to use a non-overlay language."
+            exit 1
+          fi
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input passed to the CLI'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   packaging-codescanning-config-inputs-js:
     strategy:
@@ -53,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__packaging-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   packaging-config-inputs-js:
     strategy:
@@ -53,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__packaging-config-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config file'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   packaging-config-js:
     strategy:
@@ -53,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__packaging-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Action input'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   packaging-inputs-js:
     strategy:
@@ -53,7 +66,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -64,7 +77,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__quality-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Quality queries input
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   quality-queries:
     strategy:
@@ -47,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__remote-config.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Remote config file
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   remote-config:
     strategy:
@@ -39,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__resolve-environment-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Resolve environment
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   resolve-environment-action:
     strategy:
@@ -53,7 +56,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__rubocop-multi-language.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - RuboCop multi-language
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   rubocop-multi-language:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__ruby.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Ruby analysis
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   ruby:
     strategy:
@@ -47,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__rust.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Rust analysis
@@ -20,13 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   rust:
     strategy:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.19.3
+          - os: ubuntu-latest
+            version: stable-v2.22.1
           - os: ubuntu-latest
             version: linked
           - os: ubuntu-latest
@@ -41,7 +48,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -53,8 +60,6 @@ jobs:
         with:
           languages: rust
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-        env:
-          CODEQL_ACTION_RUST_ANALYSIS: true
       - uses: ./../action/analyze
         id: analysis
         with:

.github/workflows/__split-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Split workflow
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   split-workflow:
     strategy:
@@ -47,7 +60,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -58,7 +71,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__start-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Start proxy
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   start-proxy:
     strategy:
@@ -41,7 +44,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__submit-sarif-failure.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Submit SARIF after failure
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   submit-sarif-failure:
     strategy:
@@ -42,7 +45,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -50,7 +53,7 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./init
         with:
           languages: javascript

.github/workflows/__swift-autobuild.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Swift analysis using autobuild
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   swift-autobuild:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__swift-custom-build.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Swift analysis using a custom build command
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   swift-custom-build:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         id: init

.github/workflows/__test-autobuild-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild working directory
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   test-autobuild-working-dir:
     strategy:
@@ -37,7 +40,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__test-local-codeql.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Local CodeQL bundle
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   test-local-codeql:
     strategy:
@@ -37,7 +50,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -48,7 +61,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - name: Fetch a CodeQL bundle
         shell: bash

.github/workflows/__test-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Proxy test
@@ -20,7 +20,10 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs: {}
+  workflow_call:
+    inputs: {}
 jobs:
   test-proxy:
     strategy:
@@ -51,7 +54,7 @@ jobs:
           apt install -y gh
         env: {}
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__unset-environment.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Test unsetting environment variables
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   unset-environment:
     strategy:
@@ -39,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -50,7 +63,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         id: init

.github/workflows/__upload-quality-sarif.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Upload-sarif: code quality endpoint'
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   upload-quality-sarif:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__upload-ref-sha-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   upload-ref-sha-input:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - uses: ./../action/init
         with:

.github/workflows/__with-checkout-path.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Use a custom `checkout_path`
@@ -20,7 +20,20 @@ on:
       - ready_for_review
   schedule:
     - cron: '0 5 * * *'
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        description: The version of Go to install
+        required: false
+        default: '>=1.21.0'
 jobs:
   with-checkout-path:
     strategy:
@@ -41,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -52,7 +65,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.21.0'
+          go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
       - name: Delete original checkout
         shell: bash
@@ -63,7 +76,7 @@ jobs:
           rm -rf ./* .github .git
   # Check out the actions repo again, but at a different location.
   # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
           path: x/y/z/some-path

.github/workflows/__zstd-bundle-streaming.yml

@@ -1,110 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Zstandard bundle (streaming)
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  zstd-bundle-streaming:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
-    name: Zstandard bundle (streaming)
-    permissions:
-      contents: read
-      security-events: read
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Remove CodeQL from toolcache
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const path = require('path');
-            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
-            if (codeqlPath !== undefined) {
-              fs.rmdirSync(codeqlPath, { recursive: true });
-            }
-      - id: init
-        uses: ./../action/init
-        with:
-          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/analyze
-        with:
-          output: ${{ runner.temp }}/results
-          upload-database: false
-      - name: Upload SARIF
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.os }}-zstd-bundle.sarif
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Check diagnostic with expected tools URL appears in SARIF
-        uses: actions/github-script@v7
-        env:
-          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-        with:
-          script: |
-            const fs = require('fs');
-
-            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-            const run = sarif.runs[0];
-
-            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
-              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
-            );
-            if (downloadTelemetryNotifications.length !== 1) {
-              core.setFailed(
-                'Expected exactly one reporting descriptor in the ' +
-                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
-                  `${JSON.stringify(toolExecutionNotifications)}.`
-              );
-            }
-
-            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
-            console.log(`Found tools URL: ${toolsUrl}`);
-
-            if (!toolsUrl.endsWith('.tar.zst')) {
-              core.setFailed(
-                `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.`
-              );
-            }
-    env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
-      CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION: true
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/check-expected-release-files.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Check Expected Release Files
         run: |
           bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"

.github/workflows/codeql.yml

@@ -27,7 +27,7 @@ jobs:
       contents: read
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Init with default CodeQL bundle from the VM image
       id: init-default
       uses: ./init
@@ -85,7 +85,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Initialize CodeQL
       uses: ./init
       id: init
@@ -114,7 +114,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Initialize CodeQL
       uses: ./init
       with:

.github/workflows/codescanning-config-cli.yml

@@ -54,7 +54,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Prepare test
       id: prepare-test
       uses: ./.github/actions/prepare-test

.github/workflows/debug-artifacts-failure-safe.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Dump GitHub event
         run: cat "${GITHUB_EVENT_PATH}"
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
       - name: Check expected artifacts exist
         shell: bash
         run: |

.github/workflows/debug-artifacts-safe.yml

@@ -35,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -67,7 +67,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
       - name: Check expected artifacts exist
         shell: bash
         run: |

.github/workflows/expected-queries-runs.yml

@@ -27,7 +27,7 @@ jobs:
       security-events: read
     steps:
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Prepare test
       id: prepare-test
       uses: ./.github/actions/prepare-test

.github/workflows/post-release-mergeback.yml

@@ -40,7 +40,7 @@ jobs:
           GITHUB_CONTEXT: '${{ toJson(github) }}'
         run: echo "${GITHUB_CONTEXT}"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0  # ensure we have all tags and can push commits
       - uses: actions/setup-node@v4
@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.0.6
+        uses: actions/create-github-app-token@v2.1.1
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/pr-checks.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Lint
         id: lint
@@ -46,7 +46,7 @@ jobs:
     timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Check node modules up to date
         run: .github/workflows/script/check-node-modules.sh
 
@@ -60,19 +60,13 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
           python-version: 3.11
 
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          # When updating this, update the autogenerated code header in `sync.py` too.
-          pip install ruamel.yaml==0.17.31
-
       # Ensure the generated PR check workflows are up to date.
       - name: Verify PR checks up to date
         run: .github/workflows/script/verify-pr-checks.sh
@@ -91,7 +85,7 @@ jobs:
     timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: npm test
         run: |
           # Run any commands referenced in package.json using Bash, otherwise
@@ -111,7 +105,7 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - id: head-version
         name: Verify all Actions use the same Node version
         run: |
@@ -126,7 +120,7 @@ jobs:
       - id: checkout-base
         name: 'Backport: Check out base ref'
         if: ${{ startsWith(github.head_ref, 'backport-') }}
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BASE_REF }}
 

.github/workflows/publish-immutable-action.yml

@@ -28,7 +28,7 @@ jobs:
           fi
       - name: Checking out
         if: steps.check.outputs.is-action-release == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Publish
         if: steps.check.outputs.is-action-release == 'true'
         id: publish

.github/workflows/python312-windows.yml

@@ -26,7 +26,7 @@ jobs:
       with:
         python-version: 3.12
 
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Prepare test
       uses: ./.github/actions/prepare-test

.github/workflows/query-filters.yml

@@ -24,7 +24,7 @@ jobs:
       contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository.
     steps:
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Prepare test
       id: prepare-test
       uses: ./.github/actions/prepare-test

.github/workflows/rebuild.yml

@@ -9,18 +9,20 @@ jobs:
   rebuild:
     name: Rebuild Action
     runs-on: ubuntu-latest
-    if: github.event.label.name == 'Rebuild'
+    if: github.event.label.name == 'Rebuild' || github.event_name == 'workflow_dispatch'
 
     permissions:
       contents: write # needed to push rebuilt commit
       pull-requests: write # needed to comment on the PR
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
-          ref: ${{ github.event.pull_request.head.ref }}
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.ref || github.event.ref }}
 
       - name: Remove label
+        if: github.event_name == 'pull_request'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
@@ -28,21 +30,35 @@ jobs:
           gh pr edit --repo github/codeql-action "$PR_NUMBER" \
             --remove-label "Rebuild"
 
+      - name: Configure git
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
       - name: Merge in changes from base branch
+        id: merge
         env:
-          BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
+          BASE_BRANCH: ${{ github.event.pull_request.base.ref || 'main' }}
         run: |
           git fetch origin "$BASE_BRANCH"
 
           # Allow merge conflicts in `lib`, since rebuilding should resolve them.
-          git merge "origin/$BASE_BRANCH" || echo "Merge conflicts detected"
+          git merge "origin/$BASE_BRANCH" || echo "Merge conflicts detected, continuing."
+          MERGE_RESULT=$?
 
-          # Check for merge conflicts outside of `lib`. Disable git diff's trailing whitespace check
-          # since `node_modules/@types/semver/README.md` fails it.
-          if git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/'; then
-            echo "Merge conflicts detected outside of lib/ directory. Please resolve them manually."
-            git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/' || true
-            exit 1
+          if [ "$MERGE_RESULT" -ne 0 ]; then
+            echo "merge-in-progress=true" >> $GITHUB_OUTPUT
+
+            # Check for merge conflicts outside of `lib`. Disable git diff's trailing whitespace check
+            # since `node_modules/@types/semver/README.md` fails it.
+            if git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/'; then
+              echo "Merge conflicts were detected outside of the lib directory. Please resolve them manually."
+              git -c core.whitespace=-trailing-space diff --check | grep --invert-match '^lib/' || true
+              exit 1
+            fi
+
+            echo "No merge conflicts found outside the lib directory. We should be able to resolve all of" \
+              "these by rebuilding the Action."
           fi
 
       - name: Compile TypeScript
@@ -63,20 +79,49 @@ jobs:
           pip install ruamel.yaml==0.17.31
           python3 sync.py
 
-      - name: Check for changes and push
+      - name: "Merge in progress: Finish merge and push"
+        if: steps.merge.outputs.merge-in-progress == 'true'
+        run: |
+          echo "Finishing merge and pushing changes."
+          git add --all
+          git commit --no-edit
+          git push
+
+      - name: "No merge in progress: Check for changes and push"
+        if: steps.merge.outputs.merge-in-progress != 'true'
+        id: push
+        run: |
+          if [ ! -z "$(git status --porcelain)" ]; then
+            echo "Changes detected, committing and pushing."
+            git add --all
+            # If the merge originally had conflicts, finish the merge.
+            # Otherwise, just commit the changes.
+            if git rev-parse --verify MERGE_HEAD >/dev/null 2>&1; then
+              echo "In progress merge detected, finishing it up."
+              git merge --continue
+            else
+              echo "No in-progress merge detected, committing changes."
+              git commit -m "Rebuild"
+            fi
+            echo "Pushing changes"
+            git push
+            echo "changes=true" >> $GITHUB_OUTPUT
+          else
+            echo "No changes detected, nothing to commit."
+          fi
+
+      - name: Notify about rebuild
+        if: >-
+          github.event_name == 'pull_request' &&
+            (
+              steps.merge.outputs.merge-in-progress == 'true' ||
+              steps.push.outputs.changes == 'true'
+            )
         env:
-          BRANCH: ${{ github.event.pull_request.head.ref }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
         run: |
-          if [ ! -z "$(git status --porcelain)" ]; then
-            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
-            git config --global user.name "github-actions[bot]"
-            git add --all
-            git commit -m "Rebuild"
-            git push origin "HEAD:$BRANCH"
-            echo "Pushed a commit to rebuild the Action." \
-              "Please mark the PR as ready for review to trigger PR checks." |
-              gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER"
-            gh pr ready --undo --repo github/codeql-action "$PR_NUMBER"
-          fi
+          echo "Pushed a commit to rebuild the Action." \
+            "Please mark the PR as ready for review to trigger PR checks." |
+            gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER"
+          gh pr ready --undo --repo github/codeql-action "$PR_NUMBER"

.github/workflows/script/verify-pr-checks.sh

@@ -12,7 +12,7 @@ fi
 rm -rf .github/workflows/__*
 
 # Generate the PR checks
-cd pr-checks && python3 sync.py
+pr-checks/sync.sh
 
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then

.github/workflows/test-codeql-bundle-all.yml

@@ -32,7 +32,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Prepare test
       id: prepare-test
       uses: ./.github/actions/prepare-test

.github/workflows/update-bundle.yml

@@ -29,7 +29,7 @@ jobs:
           GITHUB_CONTEXT: '${{ toJson(github) }}'
         run: echo "$GITHUB_CONTEXT"
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Update git config
         run: |

.github/workflows/update-dependencies.yml

@@ -14,7 +14,7 @@ jobs:
       pull-requests: write # needed to comment on the PR
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Remove PR label
       env:

.github/workflows/update-proxy-release.yml

@@ -40,7 +40,7 @@ jobs:
         uses: actions/setup-node@v4
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0  # ensure we have all tags and can push commits
           ref: main

.github/workflows/update-release-branch.yml

@@ -25,7 +25,7 @@ jobs:
     permissions:
       contents: read
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
     - uses: ./.github/actions/release-initialise
@@ -69,7 +69,7 @@ jobs:
       contents: write # needed to push commits
       pull-requests: write # needed to create pull request
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
     - uses: ./.github/actions/release-initialise
@@ -124,14 +124,14 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.0.6
+      uses: actions/create-github-app-token@v2.1.1
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}
         private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
 
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
         token: ${{ steps.app-token.outputs.token }}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -21,9 +21,9 @@ jobs:
         with:
           python-version: "3.13"
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Checkout Enterprise Releases
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: github/enterprise-releases
           token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}

CHANGELOG.md

@@ -2,6 +2,26 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## [UNRELEASED]
+
+No user facing changes.
+
+## 3.29.10 - 18 Aug 2025
+
+No user facing changes.
+
+## 3.29.9 - 12 Aug 2025
+
+No user facing changes.
+
+## 3.29.8 - 08 Aug 2025
+
+- Fix an issue where the Action would autodetect unsupported languages such as HTML. [#3015](https://github.com/github/codeql-action/pull/3015)
+
+## 3.29.7 - 07 Aug 2025
+
+This release rolls back 3.29.6 to address issues with language autodetection. It is identical to 3.29.5.
+
 ## 3.29.6 - 07 Aug 2025
 
 - The `cleanup-level` input to the `analyze` Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. [#2999](https://github.com/github/codeql-action/pull/2999)

analyze/action.yml

@@ -20,8 +20,8 @@ inputs:
     default: "always"
   cleanup-level:
     description: >-
-      DEPRECATED. This option is ignored since, for performance reasons, the CodeQL Action no longer saves
-      intermediate results during evaluation.
+      DEPRECATED. This option is ignored since, for performance reasons, the CodeQL Action automatically
+      manages cleanup of intermediate results.
     required: false
   ram:
     description: >-

lib/analyze-action-env.test.js

@@ -96,8 +96,10 @@ const util = __importStar(require("./util"));
         // runFinalize and runQueries are correctly captured by spies, we explicitly
         // wait for the action promise to complete before starting verification.
         await analyzeAction.runPromise;
+        t.assert(runFinalizeStub.calledOnce);
         t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1");
         t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=4992");
+        t.assert(runQueriesStub.calledOnce);
         t.deepEqual(runQueriesStub.firstCall.args[3], "--threads=-1");
         t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=4992");
     });

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEhE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -96,8 +96,10 @@ const util = __importStar(require("./util"));
         // runFinalize and runQueries are correctly captured by spies, we explicitly
         // wait for the action promise to complete before starting verification.
         await analyzeAction.runPromise;
+        t.assert(runFinalizeStub.calledOnce);
         t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1");
         t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=3012");
+        t.assert(runQueriesStub.calledOnce);
         t.deepEqual(runQueriesStub.firstCall.args[3], "--threads=-1");
         t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=3012");
     });

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,kDAAoC;AACpC,4DAA8C;AAC9C,sDAAwC;AACxC,8DAAgD;AAChD,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,YAAY,EAAE,wBAAwB,CAAC;aAC5C,QAAQ,CAAC,EAAmC,CAAC,CAAC;QACjD,KAAK,CAAC,IAAI,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxD,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,sBAAsB,EAAE,EAAE;YAC1B,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAChE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,iEAAiE;QACjE,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -161,14 +161,6 @@ async function run() {
     let dbCreationTimings = undefined;
     let didUploadTrapCaches = false;
     util.initializeEnvironment(actionsUtil.getActionVersion());
-    // Unset the CODEQL_PROXY_* environment variables, as they are not needed
-    // and can cause issues with the CodeQL CLI
-    // Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
-    if (process.env.CODEQL_PROXY_HOST === "") {
-        delete process.env.CODEQL_PROXY_HOST;
-        delete process.env.CODEQL_PROXY_PORT;
-        delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
-    }
     // Make inputs accessible in the `post` step, details at
     // https://github.com/github/codeql-action/issues/2553
     actionsUtil.persistInputs();
@@ -186,7 +178,15 @@ async function run() {
         if (hasBadExpectErrorInput()) {
             throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
-        if (actionsUtil.getOptionalInput("cleanup-level") !== "") {
+        // Unset the CODEQL_PROXY_* environment variables when using older CodeQL
+        // CLIs, as they are not needed and can cause issues.
+        if (process.env.CODEQL_PROXY_HOST === "" &&
+            !(await util.codeQlVersionAtLeast(codeql, "2.20.7"))) {
+            delete process.env.CODEQL_PROXY_HOST;
+            delete process.env.CODEQL_PROXY_PORT;
+            delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+        }
+        if (actionsUtil.getOptionalInput("cleanup-level")) {
             logger.info("The 'cleanup-level' input is ignored since the CodeQL Action now automatically " +
                 "manages database cleanup. This input can safely be removed from your workflow.");
         }
@@ -207,7 +207,7 @@ async function run() {
         await runAutobuildIfLegacyGoWorkflow(config, logger);
         dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, logger);
         if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
-            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, diffRangePackDir, actionsUtil.getOptionalInput("category"), config, logger, features);
+            runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, diffRangePackDir, actionsUtil.getOptionalInput("category"), codeql, config, logger, features);
         }
         const dbLocations = {};
         for (const language of config.languages) {

lib/analyze.js

@@ -53,7 +53,6 @@ const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
-const codeql_1 = require("./codeql");
 const dependency_caching_1 = require("./dependency-caching");
 const diagnostics_1 = require("./diagnostics");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
@@ -410,7 +409,7 @@ function resolveQuerySuiteAlias(language, maybeSuite) {
     return maybeSuite;
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, diffRangePackDir, automationDetailsId, config, logger, features) {
+async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, diffRangePackDir, automationDetailsId, codeql, config, logger, features) {
     const statusReport = {};
     const queryFlags = [memoryFlag, threadsFlag];
     const incrementalMode = [];
@@ -438,13 +437,12 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     const sarifRunPropertyFlag = incrementalMode.length > 0
         ? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}`
         : undefined;
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     for (const language of config.languages) {
         try {
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
             const queries = [];
             if (config.augmentationProperties.qualityQueriesInput !== undefined) {
-                queries.push(path.join(util.getCodeQLDatabasePath(config, language), "temp", "config-queries.qls"));
+                queries.push(util.getGeneratedSuitePath(config, language));
                 for (const qualityQuery of config.augmentationProperties
                     .qualityQueriesInput) {
                     queries.push(resolveQuerySuiteAlias(language, qualityQuery.uses));

lib/analyze.test.js

@@ -64,9 +64,8 @@ const util = __importStar(require("./util"));
         const threadsFlag = "";
         sinon.stub(uploadLib, "validateSarifFileSchema");
         for (const language of Object.values(languages_1.KnownLanguage)) {
-            (0, codeql_1.setCodeQL)({
+            const codeql = (0, codeql_1.createStubCodeQL)({
                 databaseRunQueries: async () => { },
-                packDownload: async () => ({ packs: [] }),
                 databaseInterpretResults: async (_db, _queriesRun, sarifFile) => {
                     fs.writeFileSync(sarifFile, JSON.stringify({
                         runs: [
@@ -114,7 +113,7 @@ const util = __importStar(require("./util"));
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
             });
-            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, undefined, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
+            const statusReport = await (0, analyze_1.runQueries)(tmpDir, memoryFlag, addSnippetsFlag, threadsFlag, undefined, undefined, codeql, config, (0, logging_1.getRunnerLogger)(true), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.QaTelemetryEnabled]));
             t.deepEqual(Object.keys(statusReport).sort(), [
                 "analysis_builds_overlay_base_database",
                 "analysis_is_diff_informed",

lib/codeql.js

@@ -36,7 +36,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.setupCodeQL = setupCodeQL;
 exports.getCodeQL = getCodeQL;
 exports.setCodeQL = setCodeQL;
-exports.getCachedCodeQL = getCachedCodeQL;
+exports.createStubCodeQL = createStubCodeQL;
 exports.getCodeQLForTesting = getCodeQLForTesting;
 exports.getCodeQLForCmd = getCodeQLForCmd;
 exports.getExtraOptions = getExtraOptions;
@@ -63,7 +63,6 @@ const util = __importStar(require("./util"));
 const util_1 = require("./util");
 /**
  * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
- * Can be overridden in tests using `setCodeQL`.
  */
 let cachedCodeQL = undefined;
 /**
@@ -113,9 +112,9 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
  *        version requirement. Must be set to true outside tests.
  * @returns a { CodeQL, toolsVersion } object.
  */
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, features, checkVersion) {
+async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
     try {
-        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, features, defaultCliVersion, logger);
+        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
         logger.debug(`Bundle download status report: ${JSON.stringify(toolsDownloadStatusReport)}`);
         let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
         if (process.platform === "win32") {
@@ -150,6 +149,16 @@ async function getCodeQL(cmd) {
     }
     return cachedCodeQL;
 }
+/**
+ * Overrides the CodeQL object. Only for use in tests that cannot override
+ * CodeQL via dependency injection.
+ *
+ * Accepts a partial object. Any undefined methods will be implemented
+ * to immediately throw an exception indicating which method is missing.
+ */
+function setCodeQL(codeql) {
+    cachedCodeQL = createStubCodeQL(codeql);
+}
 function resolveFunction(partialCodeql, methodName, defaultImplementation) {
     if (typeof partialCodeql[methodName] !== "function") {
         if (defaultImplementation !== undefined) {
@@ -163,13 +172,13 @@ function resolveFunction(partialCodeql, methodName, defaultImplementation) {
     return partialCodeql[methodName];
 }
 /**
- * Set the functionality for CodeQL methods. Only for use in tests.
+ * Creates a stub CodeQL object. Only for use in tests.
  *
- * Accepts a partial object and any undefined methods will be implemented
+ * Accepts a partial object. Any undefined methods will be implemented
  * to immediately throw an exception indicating which method is missing.
  */
-function setCodeQL(partialCodeql) {
-    cachedCodeQL = {
+function createStubCodeQL(partialCodeql) {
+    return {
         getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
         getVersion: resolveFunction(partialCodeql, "getVersion", async () => ({
             version: "1.0.0",
@@ -186,9 +195,7 @@ function setCodeQL(partialCodeql) {
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
         betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages", async () => ({ aliases: {}, extractors: {} })),
-        resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
         resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
-        packDownload: resolveFunction(partialCodeql, "packDownload"),
         databaseCleanupCluster: resolveFunction(partialCodeql, "databaseCleanupCluster"),
         databaseBundle: resolveFunction(partialCodeql, "databaseBundle"),
         databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
@@ -197,22 +204,9 @@ function setCodeQL(partialCodeql) {
         databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
         resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
+        resolveQueriesStartingPacks: resolveFunction(partialCodeql, "resolveQueriesStartingPacks"),
         mergeResults: resolveFunction(partialCodeql, "mergeResults"),
     };
-    return cachedCodeQL;
-}
-/**
- * Get the cached CodeQL object. Should only be used from tests.
- *
- * TODO: Work out a good way for tests to get this from the test context
- * instead of having to have this method.
- */
-function getCachedCodeQL() {
-    if (cachedCodeQL === undefined) {
-        // Should never happen as setCodeQL is called by testing-utils.setupTests
-        throw new Error("cachedCodeQL undefined");
-    }
-    return cachedCodeQL;
 }
 /**
  * Get a real, newly created CodeQL instance for testing. The instance refers to
@@ -424,25 +418,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve languages with --format=betterjson: ${e}`);
             }
         },
-        async resolveQueries(queries, extraSearchPath) {
-            const codeqlArgs = [
-                "resolve",
-                "queries",
-                ...queries,
-                "--format=bylanguage",
-                ...getExtraOptionsFromEnv(["resolve", "queries"]),
-            ];
-            if (extraSearchPath !== undefined) {
-                codeqlArgs.push("--additional-packs", extraSearchPath);
-            }
-            const output = await runCli(cmd, codeqlArgs);
-            try {
-                return JSON.parse(output);
-            }
-            catch (e) {
-                throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
-            }
-        },
         async resolveBuildEnvironment(workingDir, language) {
             const codeqlArgs = [
                 "resolve",
@@ -532,50 +507,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ];
             return await runCli(cmd, codeqlArgs);
         },
-        /**
-         * Download specified packs into the package cache. If the specified
-         * package and version already exists (e.g., from a previous analysis run),
-         * then it is not downloaded again (unless the extra option `--force` is
-         * specified).
-         *
-         * If no version is specified, then the latest version is
-         * downloaded. The check to determine what the latest version is is done
-         * each time this package is requested.
-         *
-         * Optionally, a `qlconfigFile` is included. If used, then this file
-         * is used to determine which registry each pack is downloaded from.
-         */
-        async packDownload(packs, qlconfigFile) {
-            const qlconfigArg = qlconfigFile
-                ? [`--qlconfig-file=${qlconfigFile}`]
-                : [];
-            const codeqlArgs = [
-                "pack",
-                "download",
-                ...qlconfigArg,
-                "--format=json",
-                "--resolve-query-specs",
-                ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs,
-            ];
-            const output = await runCli(cmd, codeqlArgs);
-            try {
-                const parsedOutput = JSON.parse(output);
-                if (Array.isArray(parsedOutput.packs) &&
-                    // TODO PackDownloadOutput will not include the version if it is not specified
-                    // in the input. The version is always the latest version available.
-                    // It should be added to the output, but this requires a CLI change
-                    parsedOutput.packs.every((p) => p.name /* && p.version */)) {
-                    return parsedOutput;
-                }
-                else {
-                    throw new Error("Unexpected output from pack download");
-                }
-            }
-            catch (e) {
-                throw new Error(`Attempted to download specified packs but got an error:\n${output}\n${e}`);
-            }
-        },
         async databaseCleanupCluster(config, cleanupLevel) {
             const cacheCleanupFlag = (await util.codeQlVersionAtLeast(this, CODEQL_VERSION_CACHE_CLEANUP))
                 ? "--cache-cleanup"
@@ -658,6 +589,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }).exec();
             return JSON.parse(extractorPath);
         },
+        async resolveQueriesStartingPacks(queries) {
+            const codeqlArgs = [
+                "resolve",
+                "queries",
+                "--format=startingpacks",
+                ...getExtraOptionsFromEnv(["resolve", "queries"]),
+                ...queries,
+            ];
+            const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true });
+            try {
+                return JSON.parse(output);
+            }
+            catch (e) {
+                throw new Error(`Unexpected output from codeql resolve queries --format=startingpacks: ${e}`);
+            }
+        },
         async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false, }) {
             const args = [
                 "github",

lib/codeql.test.js

@@ -61,7 +61,6 @@ const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 let stubConfig;
-const NO_FEATURES = (0, testing_utils_1.createFeatures)([]);
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)("1.2.3");
     stubConfig = (0, testing_utils_1.createTestConfig)({
@@ -72,7 +71,7 @@ async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM
     const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
     await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, cliVersion !== undefined
         ? { cliVersion, tagName }
-        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
 }
 function mockReleaseApi({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, assetNames, tagName, }) {
     return (0, nock_1.default)(apiDetails.apiURL)
@@ -115,7 +114,7 @@ async function stubCodeql() {
                 tagName: `codeql-bundle-${version}`,
                 isPinned: false,
             });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
             t.is(result.toolsVersion, `0.0.0-${version}`);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -130,7 +129,7 @@ async function stubCodeql() {
             tagName: `codeql-bundle-v2.15.0`,
             isPinned: false,
         });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(toolcache.findAllVersions("CodeQL").length, 1);
         t.assert(toolcache.find("CodeQL", `2.15.0`));
         t.is(result.toolsVersion, `2.15.0`);
@@ -151,7 +150,7 @@ async function stubCodeql() {
         const url = (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: "codeql-bundle-20200610",
         });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
         t.deepEqual(result.toolsVersion, "0.0.0-20200610");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -179,7 +178,7 @@ for (const { tagName, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE
             const url = (0, testing_utils_1.mockBundleDownloadApi)({
                 tagName,
             });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
             t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -202,7 +201,7 @@ for (const toolcacheVersion of [
                 .withArgs("CodeQL", toolcacheVersion)
                 .returns("path/to/cached/codeql");
             sinon.stub(toolcache, "findAllVersions").returns([toolcacheVersion]);
-            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
             t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
@@ -222,7 +221,7 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
             cliVersion: defaults.cliVersion,
             tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, "0.0.0-20200601");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
         t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
@@ -246,7 +245,7 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
             cliVersion: defaults.cliVersion,
             tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {
@@ -267,7 +266,7 @@ for (const toolcacheVersion of [
         (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: defaults.bundleVersion,
         });
-        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {
@@ -291,7 +290,7 @@ for (const toolcacheVersion of [
             platformSpecific: false,
             tagName: "codeql-bundle-20230203",
         });
-        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(result.toolsVersion, "0.0.0-20230203");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {

lib/config-utils.js

@@ -135,7 +135,13 @@ async function getSupportedLanguageMap(codeql) {
     const supportedLanguages = {};
     // Populate canonical language names
     for (const extractor of Object.keys(resolveResult.extractors)) {
-        supportedLanguages[extractor] = extractor;
+        // Require the language to be a known language.
+        // This is a temporary workaround since we have extractors that are not
+        // supported languages, such as `csv`, `html`, `properties`, `xml`, and
+        // `yaml`. We should replace this with a more robust solution in the future.
+        if (languages_1.KnownLanguage[extractor] !== undefined) {
+            supportedLanguages[extractor] = extractor;
+        }
     }
     // Populate language aliases
     if (resolveResult.aliases) {

lib/config-utils.test.js

@@ -74,7 +74,16 @@ function createTestInitConfigInputs(overrides) {
         debugDatabaseName: "",
         repository: { owner: "github", repo: "example" },
         tempDir: "",
-        codeql: {},
+        codeql: (0, codeql_1.createStubCodeQL)({
+            async betterResolveLanguages() {
+                return {
+                    extractors: {
+                        html: [{ extractor_root: "" }],
+                        javascript: [{ extractor_root: "" }],
+                    },
+                };
+            },
+        }),
         workspacePath: "",
         sourceRoot: "",
         githubVersion,
@@ -126,7 +135,7 @@ function mockListLanguages(languages) {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
         const logger = (0, logging_1.getRunnerLogger)(true);
         const languages = "javascript,python";
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
                     extractors: {
@@ -135,19 +144,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: { queries: ["query1.ql"] },
-                        python: { queries: ["query2.ql"] },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         const config = await configUtils.initConfig(createTestInitConfigInputs({
             languagesInput: languages,
@@ -167,7 +163,7 @@ function mockListLanguages(languages) {
 (0, ava_1.default)("loading config saves config", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
         const logger = (0, logging_1.getRunnerLogger)(true);
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
                     extractors: {
@@ -176,19 +172,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: { queries: ["query1.ql"] },
-                        python: { queries: ["query2.ql"] },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Sanity check the saved config file does not already exist
         t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tempDir)));
@@ -219,7 +202,6 @@ function mockListLanguages(languages) {
             await configUtils.initConfig(createTestInitConfigInputs({
                 configFile: "../input",
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -237,7 +219,6 @@ function mockListLanguages(languages) {
             await configUtils.initConfig(createTestInitConfigInputs({
                 configFile,
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -257,7 +238,6 @@ function mockListLanguages(languages) {
                 languagesInput,
                 configFile,
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -269,7 +249,7 @@ function mockListLanguages(languages) {
 });
 (0, ava_1.default)("load non-empty input", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
                     extractors: {
@@ -277,21 +257,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: {
-                            "/foo/a.ql": {},
-                            "/bar/b.ql": {},
-                        },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Just create a generic config object with non-default values for all fields
         const inputFileContents = `
@@ -344,24 +309,6 @@ function mockListLanguages(languages) {
         t.deepEqual(actualConfig, expectedConfig);
     });
 });
-/**
- * Returns the provided queries, just in the right format for a resolved query
- * This way we can test by seeing which returned items are in the final
- * configuration.
- */
-function queriesToResolvedQueryForm(queries) {
-    const dummyResolvedQueries = {};
-    for (const q of queries) {
-        dummyResolvedQueries[q] = {};
-    }
-    return {
-        byLanguage: {
-            javascript: dummyResolvedQueries,
-        },
-        noDeclaredLanguage: {},
-        multipleDeclaredLanguages: {},
-    };
-}
 (0, ava_1.default)("Using config input and file together, config input should be used.", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
         process.env["RUNNER_TEMP"] = tempDir;
@@ -382,8 +329,7 @@ function queriesToResolvedQueryForm(queries) {
           - c/d@1.2.3
     `;
         fs.mkdirSync(path.join(tempDir, "foo"));
-        const resolveQueriesArgs = [];
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
                     extractors: {
@@ -392,13 +338,6 @@ function queriesToResolvedQueryForm(queries) {
                     },
                 };
             },
-            async resolveQueries(queries, extraSearchPath) {
-                resolveQueriesArgs.push({ queries, extraSearchPath });
-                return queriesToResolvedQueryForm(queries);
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Only JS, python packs will be ignored
         const languagesInput = "javascript";
@@ -415,7 +354,7 @@ function queriesToResolvedQueryForm(queries) {
 });
 (0, ava_1.default)("API client used when reading remote config", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
                     extractors: {
@@ -423,20 +362,6 @@ function queriesToResolvedQueryForm(queries) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: {
-                            "foo.ql": {},
-                        },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         const inputFileContents = `
       name: my config
@@ -477,7 +402,6 @@ function queriesToResolvedQueryForm(queries) {
             await configUtils.initConfig(createTestInitConfigInputs({
                 configFile: repoReference,
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -498,7 +422,6 @@ function queriesToResolvedQueryForm(queries) {
             await configUtils.initConfig(createTestInitConfigInputs({
                 configFile: repoReference,
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -511,13 +434,10 @@ function queriesToResolvedQueryForm(queries) {
 (0, ava_1.default)("No detected languages", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
         mockListLanguages([]);
-        const codeql = (0, codeql_1.setCodeQL)({
+        const codeql = (0, codeql_1.createStubCodeQL)({
             async resolveLanguages() {
                 return {};
             },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         try {
             await configUtils.initConfig(createTestInitConfigInputs({
@@ -539,7 +459,6 @@ function queriesToResolvedQueryForm(queries) {
             await configUtils.initConfig(createTestInitConfigInputs({
                 languagesInput,
                 tempDir,
-                codeql: (0, codeql_1.getCachedCodeQL)(),
                 workspacePath: tempDir,
             }));
             throw new Error("initConfig did not throw error");
@@ -801,13 +720,27 @@ const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
         expectedApiCall: false,
         expectedError: configUtils.getUnknownLanguagesError(["a", "b"]),
     },
+    {
+        name: "extractors that aren't languages aren't included (specified)",
+        languagesInput: "html",
+        languagesInRepository: [],
+        expectedApiCall: false,
+        expectedError: configUtils.getUnknownLanguagesError(["html"]),
+    },
+    {
+        name: "extractors that aren't languages aren't included (autodetected)",
+        languagesInput: "",
+        languagesInRepository: ["html", "javascript"],
+        expectedApiCall: true,
+        expectedLanguages: ["javascript"],
+    },
 ].forEach((args) => {
     (0, ava_1.default)(`getLanguages: ${args.name}`, async (t) => {
         const mockRequest = (0, testing_utils_1.mockLanguagesInRepo)(args.languagesInRepository);
         const stubExtractorEntry = {
             extractor_root: "",
         };
-        const codeQL = (0, codeql_1.setCodeQL)({
+        const codeQL = (0, codeql_1.createStubCodeQL)({
             betterResolveLanguages: () => Promise.resolve({
                 aliases: {
                     "c#": languages_1.KnownLanguage.csharp,
@@ -880,7 +813,7 @@ const defaultOverlayDatabaseModeTestSetup = {
     repositoryOwner: "github",
     buildMode: util_1.BuildMode.None,
     languages: [languages_1.KnownLanguage.javascript],
-    codeqlVersion: "2.21.0",
+    codeqlVersion: overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION,
     gitRoot: "/some/git/root",
     codeScanningConfig: {},
 };

lib/database-upload.test.js

@@ -80,7 +80,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
     return databaseUploadSpy;
 }
 function getCodeQL() {
-    return (0, codeql_1.setCodeQL)({
+    return (0, codeql_1.createStubCodeQL)({
         async databaseBundle(_, outputFilePath) {
             fs.writeFileSync(outputFilePath, "");
         },