Merge pull request #3026 from github/update-v3.29.9-cc722e476

Merge main into releases/v3

.github/pull_request_template.md

@@ -1,5 +1,14 @@
+
+
+### Risk assessment
+
+For internal use only. Please select the risk level of this change:
+
+- **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.
+- **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.
+
 ### Merge / deployment checklist
 
-- [ ] Confirm this change is backwards compatible with existing workflows.
-- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) has been updated if necessary.
-- [ ] Confirm the [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) has been updated if necessary.
+- Confirm this change is backwards compatible with existing workflows.
+- Consider adding a [changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) entry for this change.
+- Confirm the [readme](https://github.com/github/codeql-action/blob/main/README.md) and docs have been updated if necessary.

.github/workflows/__all-platform-bundle.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - All-platform bundle

.github/workflows/__analyze-ref-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: "PR Check - Analyze: 'ref' and 'sha' from inputs"

.github/workflows/__autobuild-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - autobuild-action

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild direct tracing (custom working directory)

.github/workflows/__autobuild-direct-tracing.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild direct tracing

.github/workflows/__build-mode-autobuild.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode autobuild

.github/workflows/__build-mode-manual.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode manual

.github/workflows/__build-mode-none.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode none

.github/workflows/__build-mode-rollback.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Build mode rollback

.github/workflows/__bundle-toolcache.yml

@@ -1,9 +1,9 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
-name: PR Check - Extract directly to toolcache
+name: 'PR Check - Bundle: Caching checks'
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -22,7 +22,7 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
-  extract-direct-to-toolcache:
+  bundle-toolcache:
     strategy:
       fail-fast: false
       matrix:
@@ -33,7 +33,7 @@ jobs:
             version: linked
           - os: windows-latest
             version: linked
-    name: Extract directly to toolcache
+    name: 'Bundle: Caching checks'
     permissions:
       contents: read
       security-events: read
@@ -92,5 +92,4 @@ jobs:
               throw new Error('Multiple CodeQL versions found in toolcache');
             }
     env:
-      CODEQL_ACTION_EXTRACT_TOOLCACHE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__bundle-zstd.yml

@@ -1,9 +1,9 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
-name: PR Check - Zstandard bundle
+name: 'PR Check - Bundle: Zstandard checks'
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -22,7 +22,7 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch: {}
 jobs:
-  zstd-bundle:
+  bundle-zstd:
     strategy:
       fail-fast: false
       matrix:
@@ -33,7 +33,7 @@ jobs:
             version: linked
           - os: windows-latest
             version: linked
-    name: Zstandard bundle
+    name: 'Bundle: Zstandard checks'
     permissions:
       contents: read
       security-events: read
@@ -109,5 +109,4 @@ jobs:
               );
             }
     env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cleanup-db-cluster-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Clean up database cluster directory

.github/workflows/__config-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Config export

.github/workflows/__config-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Config input

.github/workflows/__cpp-deptrace-disabled.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'

.github/workflows/__cpp-deptrace-enabled.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'

.github/workflows/__diagnostics-export.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Diagnostic export

.github/workflows/__export-file-baseline-information.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Export file baseline information

.github/workflows/__extractor-ram-threads.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Extractor ram and threads options test

.github/workflows/__go-custom-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: Custom queries'

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: diagnostic when Go is changed after init step'

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: diagnostic when `file` is not installed'

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: workaround for indirect tracing'

.github/workflows/__go-tracing-autobuilder.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with autobuilder step'

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with custom build steps'

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Go: tracing with legacy workflow'

.github/workflows/__init-with-registries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Download using registries'

.github/workflows/__javascript-source-root.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Custom source root

.github/workflows/__job-run-uuid-sarif.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Job run UUID added to SARIF

.github/workflows/__language-aliases.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Language aliases

.github/workflows/__multi-language-autodetect.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Multi-language repository

.github/workflows/__overlay-init-fallback.yml

@@ -0,0 +1,69 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pr-checks/sync.sh
+# to regenerate this file.
+
+name: PR Check - Overlay database init fallback
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  overlay-init-fallback:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: ubuntu-latest
+            version: nightly-latest
+    name: Overlay database init fallback
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: actions # Any language without overlay support will do
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+        env:
+          CODEQL_OVERLAY_DATABASE_MODE: overlay-base
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          cd "$RUNNER_TEMP/codeql_databases/actions"
+          if ! grep -q 'overlayBaseDatabase: false' codeql-database.yml ; then
+            echo "This test needs to be updated to use a non-overlay language."
+            exit 1
+          fi
+    env:
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input passed to the CLI'

.github/workflows/__packaging-config-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config and input'

.github/workflows/__packaging-config-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Config file'

.github/workflows/__packaging-inputs-js.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Packaging: Action input'

.github/workflows/__quality-queries.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Quality queries input

.github/workflows/__remote-config.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Remote config file

.github/workflows/__resolve-environment-action.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Resolve environment

.github/workflows/__rubocop-multi-language.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - RuboCop multi-language

.github/workflows/__ruby.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Ruby analysis

.github/workflows/__rust.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Rust analysis
@@ -27,6 +27,10 @@ jobs:
       fail-fast: false
       matrix:
         include:
+          - os: ubuntu-latest
+            version: stable-v2.19.3
+          - os: ubuntu-latest
+            version: stable-v2.22.1
           - os: ubuntu-latest
             version: linked
           - os: ubuntu-latest
@@ -53,8 +57,6 @@ jobs:
         with:
           languages: rust
           tools: ${{ steps.prepare-test.outputs.tools-url }}
-        env:
-          CODEQL_ACTION_RUST_ANALYSIS: true
       - uses: ./../action/analyze
         id: analysis
         with:

.github/workflows/__split-workflow.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Split workflow

.github/workflows/__start-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Start proxy

.github/workflows/__submit-sarif-failure.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Submit SARIF after failure

.github/workflows/__swift-autobuild.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Swift analysis using autobuild

.github/workflows/__swift-custom-build.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Swift analysis using a custom build command

.github/workflows/__test-autobuild-working-dir.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Autobuild working directory

.github/workflows/__test-local-codeql.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Local CodeQL bundle

.github/workflows/__test-proxy.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Proxy test

.github/workflows/__unset-environment.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Test unsetting environment variables

.github/workflows/__upload-quality-sarif.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: 'PR Check - Upload-sarif: code quality endpoint'

.github/workflows/__upload-ref-sha-input.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: "PR Check - Upload-sarif: 'ref' and 'sha' from inputs"

.github/workflows/__with-checkout-path.yml

@@ -1,6 +1,6 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+#     pr-checks/sync.sh
 # to regenerate this file.
 
 name: PR Check - Use a custom `checkout_path`

.github/workflows/__zstd-bundle-streaming.yml

@@ -1,110 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
-# to regenerate this file.
-
-name: PR Check - Zstandard bundle (streaming)
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-on:
-  push:
-    branches:
-      - main
-      - releases/v*
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-  schedule:
-    - cron: '0 5 * * *'
-  workflow_dispatch: {}
-jobs:
-  zstd-bundle-streaming:
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: macos-latest
-            version: linked
-          - os: ubuntu-latest
-            version: linked
-    name: Zstandard bundle (streaming)
-    permissions:
-      contents: read
-      security-events: read
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Prepare test
-        id: prepare-test
-        uses: ./.github/actions/prepare-test
-        with:
-          version: ${{ matrix.version }}
-          use-all-platform-bundle: 'false'
-          setup-kotlin: 'true'
-      - name: Remove CodeQL from toolcache
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-            const path = require('path');
-            const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL');
-            if (codeqlPath !== undefined) {
-              fs.rmdirSync(codeqlPath, { recursive: true });
-            }
-      - id: init
-        uses: ./../action/init
-        with:
-          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
-      - uses: ./../action/analyze
-        with:
-          output: ${{ runner.temp }}/results
-          upload-database: false
-      - name: Upload SARIF
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ matrix.os }}-zstd-bundle.sarif
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Check diagnostic with expected tools URL appears in SARIF
-        uses: actions/github-script@v7
-        env:
-          SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
-        with:
-          script: |
-            const fs = require('fs');
-
-            const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
-            const run = sarif.runs[0];
-
-            const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
-            const downloadTelemetryNotifications = toolExecutionNotifications.filter(n =>
-              n.descriptor.id === 'codeql-action/bundle-download-telemetry'
-            );
-            if (downloadTelemetryNotifications.length !== 1) {
-              core.setFailed(
-                'Expected exactly one reporting descriptor in the ' +
-                  `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
-                  `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` +
-                  `${JSON.stringify(toolExecutionNotifications)}.`
-              );
-            }
-
-            const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl;
-            console.log(`Found tools URL: ${toolsUrl}`);
-
-            if (!toolsUrl.endsWith('.tar.zst')) {
-              core.setFailed(
-                `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.`
-              );
-            }
-    env:
-      CODEQL_ACTION_ZSTD_BUNDLE: true
-      CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION: true
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/pr-checks.yml

@@ -67,12 +67,6 @@ jobs:
         with:
           python-version: 3.11
 
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          # When updating this, update the autogenerated code header in `sync.py` too.
-          pip install ruamel.yaml==0.17.31
-
       # Ensure the generated PR check workflows are up to date.
       - name: Verify PR checks up to date
         run: .github/workflows/script/verify-pr-checks.sh

.github/workflows/script/verify-pr-checks.sh

@@ -12,7 +12,7 @@ fi
 rm -rf .github/workflows/__*
 
 # Generate the PR checks
-cd pr-checks && python3 sync.py
+pr-checks/sync.sh
 
 # Check that repo is still clean
 if [ ! -z "$(git status --porcelain)" ]; then

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.29.9 - 12 Aug 2025
+
+No user facing changes.
+
 ## 3.29.8 - 08 Aug 2025
 
 - Fix an issue where the Action would autodetect unsupported languages such as HTML. [#3015](https://github.com/github/codeql-action/pull/3015)

analyze/action.yml

@@ -20,8 +20,8 @@ inputs:
     default: "always"
   cleanup-level:
     description: >-
-      DEPRECATED. This option is ignored since, for performance reasons, the CodeQL Action no longer saves
-      intermediate results during evaluation.
+      DEPRECATED. This option is ignored since, for performance reasons, the CodeQL Action automatically
+      manages cleanup of intermediate results.
     required: false
   ram:
     description: >-

lib/analyze-action.js

@@ -161,14 +161,6 @@ async function run() {
     let dbCreationTimings = undefined;
     let didUploadTrapCaches = false;
     util.initializeEnvironment(actionsUtil.getActionVersion());
-    // Unset the CODEQL_PROXY_* environment variables, as they are not needed
-    // and can cause issues with the CodeQL CLI
-    // Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
-    if (process.env.CODEQL_PROXY_HOST === "") {
-        delete process.env.CODEQL_PROXY_HOST;
-        delete process.env.CODEQL_PROXY_PORT;
-        delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
-    }
     // Make inputs accessible in the `post` step, details at
     // https://github.com/github/codeql-action/issues/2553
     actionsUtil.persistInputs();
@@ -186,6 +178,14 @@ async function run() {
         if (hasBadExpectErrorInput()) {
             throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
+        // Unset the CODEQL_PROXY_* environment variables when using older CodeQL
+        // CLIs, as they are not needed and can cause issues.
+        if (process.env.CODEQL_PROXY_HOST === "" &&
+            !(await util.codeQlVersionAtLeast(codeql, "2.20.7"))) {
+            delete process.env.CODEQL_PROXY_HOST;
+            delete process.env.CODEQL_PROXY_PORT;
+            delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+        }
         if (actionsUtil.getOptionalInput("cleanup-level") !== "") {
             logger.info("The 'cleanup-level' input is ignored since the CodeQL Action now automatically " +
                 "manages database cleanup. This input can safely be removed from your workflow.");

lib/analyze.js

@@ -442,7 +442,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
             const sarifFile = path.join(sarifFolder, `${language}.sarif`);
             const queries = [];
             if (config.augmentationProperties.qualityQueriesInput !== undefined) {
-                queries.push(path.join(util.getCodeQLDatabasePath(config, language), "temp", "config-queries.qls"));
+                queries.push(util.getGeneratedSuitePath(config, language));
                 for (const qualityQuery of config.augmentationProperties
                     .qualityQueriesInput) {
                     queries.push(resolveQuerySuiteAlias(language, qualityQuery.uses));

lib/analyze.test.js

@@ -66,7 +66,6 @@ const util = __importStar(require("./util"));
         for (const language of Object.values(languages_1.KnownLanguage)) {
             const codeql = (0, codeql_1.createStubCodeQL)({
                 databaseRunQueries: async () => { },
-                packDownload: async () => ({ packs: [] }),
                 databaseInterpretResults: async (_db, _queriesRun, sarifFile) => {
                     fs.writeFileSync(sarifFile, JSON.stringify({
                         runs: [

lib/codeql.js

@@ -112,9 +112,9 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1";
  *        version requirement. Must be set to true outside tests.
  * @returns a { CodeQL, toolsVersion } object.
  */
-async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, features, checkVersion) {
+async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) {
     try {
-        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, features, defaultCliVersion, logger);
+        const { codeqlFolder, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await setupCodeql.setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger);
         logger.debug(`Bundle download status report: ${JSON.stringify(toolsDownloadStatusReport)}`);
         let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
         if (process.platform === "win32") {
@@ -195,9 +195,7 @@ function createStubCodeQL(partialCodeql) {
         finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
         resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
         betterResolveLanguages: resolveFunction(partialCodeql, "betterResolveLanguages", async () => ({ aliases: {}, extractors: {} })),
-        resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
         resolveBuildEnvironment: resolveFunction(partialCodeql, "resolveBuildEnvironment"),
-        packDownload: resolveFunction(partialCodeql, "packDownload"),
         databaseCleanupCluster: resolveFunction(partialCodeql, "databaseCleanupCluster"),
         databaseBundle: resolveFunction(partialCodeql, "databaseBundle"),
         databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
@@ -206,6 +204,7 @@ function createStubCodeQL(partialCodeql) {
         databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
         resolveExtractor: resolveFunction(partialCodeql, "resolveExtractor"),
+        resolveQueriesStartingPacks: resolveFunction(partialCodeql, "resolveQueriesStartingPacks"),
         mergeResults: resolveFunction(partialCodeql, "mergeResults"),
     };
 }
@@ -419,25 +418,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 throw new Error(`Unexpected output from codeql resolve languages with --format=betterjson: ${e}`);
             }
         },
-        async resolveQueries(queries, extraSearchPath) {
-            const codeqlArgs = [
-                "resolve",
-                "queries",
-                ...queries,
-                "--format=bylanguage",
-                ...getExtraOptionsFromEnv(["resolve", "queries"]),
-            ];
-            if (extraSearchPath !== undefined) {
-                codeqlArgs.push("--additional-packs", extraSearchPath);
-            }
-            const output = await runCli(cmd, codeqlArgs);
-            try {
-                return JSON.parse(output);
-            }
-            catch (e) {
-                throw new Error(`Unexpected output from codeql resolve queries: ${e}`);
-            }
-        },
         async resolveBuildEnvironment(workingDir, language) {
             const codeqlArgs = [
                 "resolve",
@@ -527,50 +507,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ];
             return await runCli(cmd, codeqlArgs);
         },
-        /**
-         * Download specified packs into the package cache. If the specified
-         * package and version already exists (e.g., from a previous analysis run),
-         * then it is not downloaded again (unless the extra option `--force` is
-         * specified).
-         *
-         * If no version is specified, then the latest version is
-         * downloaded. The check to determine what the latest version is is done
-         * each time this package is requested.
-         *
-         * Optionally, a `qlconfigFile` is included. If used, then this file
-         * is used to determine which registry each pack is downloaded from.
-         */
-        async packDownload(packs, qlconfigFile) {
-            const qlconfigArg = qlconfigFile
-                ? [`--qlconfig-file=${qlconfigFile}`]
-                : [];
-            const codeqlArgs = [
-                "pack",
-                "download",
-                ...qlconfigArg,
-                "--format=json",
-                "--resolve-query-specs",
-                ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs,
-            ];
-            const output = await runCli(cmd, codeqlArgs);
-            try {
-                const parsedOutput = JSON.parse(output);
-                if (Array.isArray(parsedOutput.packs) &&
-                    // TODO PackDownloadOutput will not include the version if it is not specified
-                    // in the input. The version is always the latest version available.
-                    // It should be added to the output, but this requires a CLI change
-                    parsedOutput.packs.every((p) => p.name /* && p.version */)) {
-                    return parsedOutput;
-                }
-                else {
-                    throw new Error("Unexpected output from pack download");
-                }
-            }
-            catch (e) {
-                throw new Error(`Attempted to download specified packs but got an error:\n${output}\n${e}`);
-            }
-        },
         async databaseCleanupCluster(config, cleanupLevel) {
             const cacheCleanupFlag = (await util.codeQlVersionAtLeast(this, CODEQL_VERSION_CACHE_CLEANUP))
                 ? "--cache-cleanup"
@@ -653,6 +589,22 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }).exec();
             return JSON.parse(extractorPath);
         },
+        async resolveQueriesStartingPacks(queries) {
+            const codeqlArgs = [
+                "resolve",
+                "queries",
+                "--format=startingpacks",
+                ...getExtraOptionsFromEnv(["resolve", "queries"]),
+                ...queries,
+            ];
+            const output = await runCli(cmd, codeqlArgs, { noStreamStdout: true });
+            try {
+                return JSON.parse(output);
+            }
+            catch (e) {
+                throw new Error(`Unexpected output from codeql resolve queries --format=startingpacks: ${e}`);
+            }
+        },
         async mergeResults(sarifFiles, outputFile, { mergeRunsFromEqualCategory = false, }) {
             const args = [
                 "github",

lib/codeql.test.js

@@ -61,7 +61,6 @@ const util = __importStar(require("./util"));
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 let stubConfig;
-const NO_FEATURES = (0, testing_utils_1.createFeatures)([]);
 ava_1.default.beforeEach(() => {
     (0, util_1.initializeEnvironment)("1.2.3");
     stubConfig = (0, testing_utils_1.createTestConfig)({
@@ -72,7 +71,7 @@ async function installIntoToolcache({ apiDetails = testing_utils_1.SAMPLE_DOTCOM
     const url = (0, testing_utils_1.mockBundleDownloadApi)({ apiDetails, isPinned, tagName });
     await codeql.setupCodeQL(cliVersion !== undefined ? undefined : url, apiDetails, tmpDir, util.GitHubVariant.GHES, cliVersion !== undefined
         ? { cliVersion, tagName }
-        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
 }
 function mockReleaseApi({ apiDetails = testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, assetNames, tagName, }) {
     return (0, nock_1.default)(apiDetails.apiURL)
@@ -115,7 +114,7 @@ async function stubCodeql() {
                 tagName: `codeql-bundle-${version}`,
                 isPinned: false,
             });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
             t.is(result.toolsVersion, `0.0.0-${version}`);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -130,7 +129,7 @@ async function stubCodeql() {
             tagName: `codeql-bundle-v2.15.0`,
             isPinned: false,
         });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(toolcache.findAllVersions("CodeQL").length, 1);
         t.assert(toolcache.find("CodeQL", `2.15.0`));
         t.is(result.toolsVersion, `2.15.0`);
@@ -151,7 +150,7 @@ async function stubCodeql() {
         const url = (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: "codeql-bundle-20200610",
         });
-        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.assert(toolcache.find("CodeQL", "0.0.0-20200610"));
         t.deepEqual(result.toolsVersion, "0.0.0-20200610");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -179,7 +178,7 @@ for (const { tagName, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE
             const url = (0, testing_utils_1.mockBundleDownloadApi)({
                 tagName,
             });
-            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
             t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
@@ -202,7 +201,7 @@ for (const toolcacheVersion of [
                 .withArgs("CodeQL", toolcacheVersion)
                 .returns("path/to/cached/codeql");
             sinon.stub(toolcache, "findAllVersions").returns([toolcacheVersion]);
-            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+            const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
             t.is(result.toolsVersion, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION.cliVersion);
             t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
             t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
@@ -222,7 +221,7 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
             cliVersion: defaults.cliVersion,
             tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, "0.0.0-20200601");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Toolcache);
         t.is(result.toolsDownloadStatusReport?.combinedDurationMs, undefined);
@@ -246,7 +245,7 @@ for (const toolcacheVersion of [
         const result = await codeql.setupCodeQL(undefined, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.GHES, {
             cliVersion: defaults.cliVersion,
             tagName: defaults.bundleVersion,
-        }, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        }, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {
@@ -267,7 +266,7 @@ for (const toolcacheVersion of [
         (0, testing_utils_1.mockBundleDownloadApi)({
             tagName: defaults.bundleVersion,
         });
-        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL("latest", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.deepEqual(result.toolsVersion, defaults.cliVersion);
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {
@@ -291,7 +290,7 @@ for (const toolcacheVersion of [
             platformSpecific: false,
             tagName: "codeql-bundle-20230203",
         });
-        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        const result = await codeql.setupCodeQL("https://github.com/codeql-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
         t.is(result.toolsVersion, "0.0.0-20230203");
         t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
         if (result.toolsDownloadStatusReport) {

lib/config-utils.test.js

@@ -144,19 +144,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: { queries: ["query1.ql"] },
-                        python: { queries: ["query2.ql"] },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         const config = await configUtils.initConfig(createTestInitConfigInputs({
             languagesInput: languages,
@@ -185,19 +172,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: { queries: ["query1.ql"] },
-                        python: { queries: ["query2.ql"] },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Sanity check the saved config file does not already exist
         t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tempDir)));
@@ -283,21 +257,6 @@ function mockListLanguages(languages) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: {
-                            "/foo/a.ql": {},
-                            "/bar/b.ql": {},
-                        },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Just create a generic config object with non-default values for all fields
         const inputFileContents = `
@@ -350,24 +309,6 @@ function mockListLanguages(languages) {
         t.deepEqual(actualConfig, expectedConfig);
     });
 });
-/**
- * Returns the provided queries, just in the right format for a resolved query
- * This way we can test by seeing which returned items are in the final
- * configuration.
- */
-function queriesToResolvedQueryForm(queries) {
-    const dummyResolvedQueries = {};
-    for (const q of queries) {
-        dummyResolvedQueries[q] = {};
-    }
-    return {
-        byLanguage: {
-            javascript: dummyResolvedQueries,
-        },
-        noDeclaredLanguage: {},
-        multipleDeclaredLanguages: {},
-    };
-}
 (0, ava_1.default)("Using config input and file together, config input should be used.", async (t) => {
     return await (0, util_1.withTmpDir)(async (tempDir) => {
         process.env["RUNNER_TEMP"] = tempDir;
@@ -388,7 +329,6 @@ function queriesToResolvedQueryForm(queries) {
           - c/d@1.2.3
     `;
         fs.mkdirSync(path.join(tempDir, "foo"));
-        const resolveQueriesArgs = [];
         const codeql = (0, codeql_1.createStubCodeQL)({
             async betterResolveLanguages() {
                 return {
@@ -398,13 +338,6 @@ function queriesToResolvedQueryForm(queries) {
                     },
                 };
             },
-            async resolveQueries(queries, extraSearchPath) {
-                resolveQueriesArgs.push({ queries, extraSearchPath });
-                return queriesToResolvedQueryForm(queries);
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         // Only JS, python packs will be ignored
         const languagesInput = "javascript";
@@ -429,20 +362,6 @@ function queriesToResolvedQueryForm(queries) {
                     },
                 };
             },
-            async resolveQueries() {
-                return {
-                    byLanguage: {
-                        javascript: {
-                            "foo.ql": {},
-                        },
-                    },
-                    noDeclaredLanguage: {},
-                    multipleDeclaredLanguages: {},
-                };
-            },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         const inputFileContents = `
       name: my config
@@ -519,9 +438,6 @@ function queriesToResolvedQueryForm(queries) {
             async resolveLanguages() {
                 return {};
             },
-            async packDownload() {
-                return { packs: [] };
-            },
         });
         try {
             await configUtils.initConfig(createTestInitConfigInputs({
@@ -897,7 +813,7 @@ const defaultOverlayDatabaseModeTestSetup = {
     repositoryOwner: "github",
     buildMode: util_1.BuildMode.None,
     languages: [languages_1.KnownLanguage.javascript],
-    codeqlVersion: "2.21.0",
+    codeqlVersion: overlay_database_utils_1.CODEQL_OVERLAY_MINIMUM_VERSION,
     gitRoot: "/some/git/root",
     codeScanningConfig: {},
 };

lib/feature-flags.js

@@ -66,7 +66,6 @@ var Feature;
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
-    Feature["ExtractToToolcache"] = "extract_to_toolcache";
     Feature["OverlayAnalysis"] = "overlay_analysis";
     Feature["OverlayAnalysisActions"] = "overlay_analysis_actions";
     Feature["OverlayAnalysisCodeScanningActions"] = "overlay_analysis_code_scanning_actions";
@@ -91,7 +90,6 @@ var Feature;
     Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
     Feature["RustAnalysis"] = "rust_analysis";
-    Feature["ZstdBundleStreamingExtraction"] = "zstd_bundle_streaming_extraction";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
     [Feature.CleanupTrapCaches]: {
@@ -104,11 +102,6 @@ exports.featureConfig = {
         envVar: "CODEQL_EXTRACTOR_CPP_BUILD_MODE_NONE",
         minimumVersion: undefined,
     },
-    [Feature.ZstdBundleStreamingExtraction]: {
-        defaultValue: false,
-        envVar: "CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION",
-        minimumVersion: undefined,
-    },
     [Feature.CppDependencyInstallation]: {
         defaultValue: false,
         envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES",
@@ -143,11 +136,6 @@ exports.featureConfig = {
         legacyApi: true,
         minimumVersion: undefined,
     },
-    [Feature.ExtractToToolcache]: {
-        defaultValue: false,
-        envVar: "CODEQL_ACTION_EXTRACT_TOOLCACHE",
-        minimumVersion: undefined,
-    },
     [Feature.OverlayAnalysis]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",

lib/init-action.js

@@ -55,6 +55,7 @@ const repository_1 = require("./repository");
 const setup_codeql_1 = require("./setup-codeql");
 const status_report_1 = require("./status-report");
 const tools_features_1 = require("./tools-features");
+const tracer_config_1 = require("./tracer-config");
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
 async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, logger, error) {
@@ -180,7 +181,7 @@ async function run() {
         }
         const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(gitHubVersion.type);
         toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
-        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, codeQLDefaultVersionInfo, features, logger);
+        const initCodeQLResult = await (0, init_1.initCodeQL)((0, actions_util_1.getOptionalInput)("tools"), apiDetails, (0, actions_util_1.getTemporaryDirectory)(), gitHubVersion.type, codeQLDefaultVersionInfo, logger);
         codeql = initCodeQLResult.codeql;
         toolsDownloadStatusReport = initCodeQLResult.toolsDownloadStatusReport;
         toolsVersion = initCodeQLResult.toolsVersion;
@@ -457,7 +458,32 @@ async function run() {
                 core.exportVariable("CODEQL_EXTRACTOR_PYTHON_EXTRACT_STDLIB", "true");
             }
         }
-        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", (0, actions_util_1.getOptionalInput)("registries"), apiDetails, logger);
+        const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries((0, actions_util_1.getOptionalInput)("registries"), config.tempDir, logger);
+        const databaseInitEnvironment = {
+            GITHUB_TOKEN: apiDetails.auth,
+            CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
+        };
+        await (0, init_1.runDatabaseInitCluster)(databaseInitEnvironment, codeql, config, sourceRoot, "Runner.Worker.exe", qlconfigFile, logger);
+        // To check custom query packs for compatibility with overlay analysis, we
+        // need to first initialize the database cluster, which downloads the
+        // user-specified custom query packs. But we also want to check custom query
+        // pack compatibility first, because database cluster initialization depends
+        // on the overlay database mode. The solution is to initialize the database
+        // cluster first, check custom query pack compatibility, and if we need to
+        // revert to `OverlayDatabaseMode.None`, re-initialize the database cluster
+        // with the new overlay database mode.
+        if (config.augmentationProperties.overlayDatabaseMode !==
+            overlay_database_utils_1.OverlayDatabaseMode.None &&
+            !(await (0, init_1.checkPacksForOverlayCompatibility)(codeql, config, logger))) {
+            logger.info("Reverting overlay database mode to None due to incompatible packs.");
+            config.augmentationProperties.overlayDatabaseMode =
+                overlay_database_utils_1.OverlayDatabaseMode.None;
+            (0, init_1.cleanupDatabaseClusterDirectory)(config, logger, {
+                disableExistingDirectoryWarning: true,
+            });
+            await (0, init_1.runDatabaseInitCluster)(databaseInitEnvironment, codeql, config, sourceRoot, "Runner.Worker.exe", qlconfigFile, logger);
+        }
+        const tracerConfig = await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
         if (tracerConfig !== undefined) {
             for (const [key, value] of Object.entries(tracerConfig.env)) {
                 core.exportVariable(key, value);

lib/init.js

@@ -35,23 +35,24 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initCodeQL = initCodeQL;
 exports.initConfig = initConfig;
-exports.runInit = runInit;
+exports.runDatabaseInitCluster = runDatabaseInitCluster;
+exports.checkPacksForOverlayCompatibility = checkPacksForOverlayCompatibility;
 exports.checkInstallPython311 = checkInstallPython311;
 exports.cleanupDatabaseClusterDirectory = cleanupDatabaseClusterDirectory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const io = __importStar(require("@actions/io"));
+const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
-const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
-async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
+async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) {
     logger.startGroup("Setup CodeQL tools");
-    const { codeql, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await (0, codeql_1.setupCodeQL)(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, features, true);
+    const { codeql, toolsDownloadStatusReport, toolsSource, toolsVersion, zstdAvailability, } = await (0, codeql_1.setupCodeQL)(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, true);
     await codeql.printVersion();
     logger.endGroup();
     return {
@@ -67,16 +68,86 @@ async function initConfig(inputs) {
         return await configUtils.initConfig(inputs);
     });
 }
-async function runInit(codeql, config, sourceRoot, processName, registriesInput, apiDetails, logger) {
+async function runDatabaseInitCluster(databaseInitEnvironment, codeql, config, sourceRoot, processName, qlconfigFile, logger) {
     fs.mkdirSync(config.dbLocation, { recursive: true });
-    const { registriesAuthTokens, qlconfigFile } = await configUtils.generateRegistries(registriesInput, config.tempDir, logger);
-    await configUtils.wrapEnvironment({
-        GITHUB_TOKEN: apiDetails.auth,
-        CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
-    }, 
-    // Init a database cluster
-    async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger));
-    return await (0, tracer_config_1.getCombinedTracerConfig)(codeql, config);
+    await configUtils.wrapEnvironment(databaseInitEnvironment, async () => await codeql.databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger));
+}
+/**
+ * Check whether all query packs are compatible with the overlay analysis
+ * support in the CodeQL CLI. If the check fails, this function will log a
+ * warning and returns false.
+ *
+ * @param codeql A CodeQL instance.
+ * @param logger A logger.
+ * @returns `true` if all query packs are compatible with overlay analysis,
+ * `false` otherwise.
+ */
+async function checkPacksForOverlayCompatibility(codeql, config, logger) {
+    const codeQlOverlayVersion = (await codeql.getVersion()).overlayVersion;
+    if (codeQlOverlayVersion === undefined) {
+        logger.warning("The CodeQL CLI does not support overlay analysis.");
+        return false;
+    }
+    for (const language of config.languages) {
+        const suitePath = util.getGeneratedSuitePath(config, language);
+        const packDirs = await codeql.resolveQueriesStartingPacks([suitePath]);
+        if (packDirs.some((packDir) => !checkPackForOverlayCompatibility(packDir, codeQlOverlayVersion, logger))) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Check a single pack for its overlay compatibility. If the check fails, this
+ * function will log a warning and returns false.
+ *
+ * @param packDir Path to the directory containing the pack.
+ * @param codeQlOverlayVersion The overlay version of the CodeQL CLI.
+ * @param logger A logger.
+ * @returns `true` if the pack is compatible with overlay analysis, `false`
+ * otherwise.
+ */
+function checkPackForOverlayCompatibility(packDir, codeQlOverlayVersion, logger) {
+    try {
+        let qlpackPath = path.join(packDir, "qlpack.yml");
+        if (!fs.existsSync(qlpackPath)) {
+            qlpackPath = path.join(packDir, "codeql-pack.yml");
+        }
+        const qlpackContents = yaml.load(fs.readFileSync(qlpackPath, "utf8"));
+        if (!qlpackContents.buildMetadata) {
+            // This is a source-only pack, and overlay compatibility checks apply only
+            // to precompiled packs.
+            return true;
+        }
+        const packInfoPath = path.join(packDir, ".packinfo");
+        if (!fs.existsSync(packInfoPath)) {
+            logger.warning(`The query pack at ${packDir} does not have a .packinfo file, ` +
+                "so it cannot support overlay analysis. Recompiling the query pack " +
+                "with the latest CodeQL CLI should solve this problem.");
+            return false;
+        }
+        const packInfoFileContents = JSON.parse(fs.readFileSync(packInfoPath, "utf8"));
+        const packOverlayVersion = packInfoFileContents.overlayVersion;
+        if (typeof packOverlayVersion !== "number") {
+            logger.warning(`The .packinfo file for the query pack at ${packDir} ` +
+                "does not have the overlayVersion field, which indicates that " +
+                "the pack is not compatible with overlay analysis.");
+            return false;
+        }
+        if (packOverlayVersion !== codeQlOverlayVersion) {
+            logger.warning(`The query pack at ${packDir} was compiled with ` +
+                `overlay version ${packOverlayVersion}, but the CodeQL CLI ` +
+                `supports overlay version ${codeQlOverlayVersion}. The ` +
+                "query pack needs to be recompiled to support overlay analysis.");
+            return false;
+        }
+    }
+    catch (e) {
+        logger.warning(`Error while checking pack at ${packDir} ` +
+            `for overlay compatibility: ${util.getErrorMessage(e)}`);
+        return false;
+    }
+    return true;
 }
 /**
  * If we are running python 3.12+ on windows, we need to switch to python 3.11.
@@ -92,14 +163,16 @@ async function checkInstallPython311(languages, codeql) {
         ]).exec();
     }
 }
-function cleanupDatabaseClusterDirectory(config, logger, 
+function cleanupDatabaseClusterDirectory(config, logger, options = {}, 
 // We can't stub the fs module in tests, so we allow the caller to override the rmSync function
 // for testing.
 rmSync = fs.rmSync) {
     if (fs.existsSync(config.dbLocation) &&
         (fs.statSync(config.dbLocation).isFile() ||
             fs.readdirSync(config.dbLocation).length > 0)) {
-        logger.warning(`The database cluster directory ${config.dbLocation} must be empty. Attempting to clean it up.`);
+        if (!options.disableExistingDirectoryWarning) {
+            logger.warning(`The database cluster directory ${config.dbLocation} must be empty. Attempting to clean it up.`);
+        }
         try {
             rmSync(config.dbLocation, {
                 force: true,

lib/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,gCAyCC;AAED,gCAMC;AAED,0BAkCC;AAMD,sDAkBC;AAED,0EAkDC;AApLD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAElC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAsD;AACtD,uCAAmD;AAInD,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,QAA2B,EAC3B,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,QAAQ,EACR,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,eAAmC,EACnC,UAAoC,EACpC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAErD,MAAM,EAAE,oBAAoB,EAAE,YAAY,EAAE,GAC1C,MAAM,WAAW,CAAC,kBAAkB,CAClC,eAAe,EACf,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;IACJ,MAAM,WAAW,CAAC,eAAe,CAC/B;QACE,YAAY,EAAE,UAAU,CAAC,IAAI;QAC7B,sBAAsB,EAAE,oBAAoB;KAC7C;IAED,0BAA0B;IAC1B,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,MAAM,CACP,CACJ,CAAC;IACF,OAAO,MAAM,IAAA,uCAAuB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,yBAAa,CAAC,MAAM,CAAC;QACxC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc;AACd,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,EAC/C,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACF,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,gCAuCC;AAED,gCAMC;AAED,wDAqBC;AAYD,8EA6BC;AAmFD,sDAkBC;AAED,0EAqDC;AA9RD,uCAAyB;AACzB,2CAA6B;AAE7B,yEAA2D;AAC3D,gDAAkC;AAClC,8CAAgC;AAEhC,iDAAsE;AAEtE,qCAA+C;AAC/C,4DAA8C;AAE9C,2CAAsD;AACtD,uCAAmD;AAInD,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,UAA8B,EAC9B,UAA4B,EAC5B,OAAe,EACf,OAA2B,EAC3B,iBAA2C,EAC3C,MAAc;IAQd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,EACJ,MAAM,EACN,yBAAyB,EACzB,WAAW,EACX,YAAY,EACZ,gBAAgB,GACjB,GAAG,MAAM,IAAA,oBAAW,EACnB,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,EACjB,MAAM,EACN,IAAI,CACL,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO;QACL,MAAM;QACN,yBAAyB;QACzB,WAAW;QACX,YAAY;QACZ,gBAAgB;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,MAAoC;IAEpC,OAAO,MAAM,IAAA,wBAAc,EAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QACpE,OAAO,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,sBAAsB,CAC1C,uBAA2D,EAC3D,MAAc,EACd,MAA0B,EAC1B,UAAkB,EAClB,WAA+B,EAC/B,YAAgC,EAChC,MAAc;IAEd,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,MAAM,WAAW,CAAC,eAAe,CAC/B,uBAAuB,EACvB,KAAK,IAAI,EAAE,CACT,MAAM,MAAM,CAAC,mBAAmB,CAC9B,MAAM,EACN,UAAU,EACV,WAAW,EACX,YAAY,EACZ,MAAM,CACP,CACJ,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,MAAM,oBAAoB,GAAG,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,cAAc,CAAC;IACxE,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,mDAAmD,CAAC,CAAC;QACpE,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QACvE,IACE,QAAQ,CAAC,IAAI,CACX,CAAC,OAAO,EAAE,EAAE,CACV,CAAC,gCAAgC,CAC/B,OAAO,EACP,oBAAoB,EACpB,MAAM,CACP,CACJ,EACD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAOD;;;;;;;;;GASG;AACH,SAAS,gCAAgC,CACvC,OAAe,EACf,oBAA4B,EAC5B,MAAc;IAEd,IAAI,CAAC;QACH,IAAI,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAC9B,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAC1B,CAAC;QACZ,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;YAClC,0EAA0E;YAC1E,wBAAwB;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACrD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,OAAO,CACZ,qBAAqB,OAAO,mCAAmC;gBAC7D,oEAAoE;gBACpE,uDAAuD,CAC1D,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CACrC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CACtC,CAAC;QACF,MAAM,kBAAkB,GAAG,oBAAoB,CAAC,cAAc,CAAC;QAC/D,IAAI,OAAO,kBAAkB,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,OAAO,CACZ,4CAA4C,OAAO,GAAG;gBACpD,+DAA+D;gBAC/D,mDAAmD,CACtD,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,kBAAkB,KAAK,oBAAoB,EAAE,CAAC;YAChD,MAAM,CAAC,OAAO,CACZ,qBAAqB,OAAO,qBAAqB;gBAC/C,mBAAmB,kBAAkB,uBAAuB;gBAC5D,4BAA4B,oBAAoB,QAAQ;gBACxD,gEAAgE,CACnE,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,OAAO,CACZ,gCAAgC,OAAO,GAAG;YACxC,8BAA8B,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAC1D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,qBAAqB,CACzC,SAAqB,EACrB,MAAc;IAEd,IACE,SAAS,CAAC,QAAQ,CAAC,yBAAa,CAAC,MAAM,CAAC;QACxC,OAAO,CAAC,QAAQ,KAAK,OAAO;QAC5B,CAAC,CAAC,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EACxD,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CACzB,SAAS,EACT,iBAAiB,EACjB,oBAAoB,CACrB,CAAC;QACF,MAAM,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE;YAClE,MAAM;SACP,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAgB,+BAA+B,CAC7C,MAA0B,EAC1B,MAAc,EACd,UAAyD,EAAE;AAC3D,+FAA+F;AAC/F,eAAe;AACf,MAAM,GAAG,EAAE,CAAC,MAAM;IAElB,IACE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC;QAChC,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE;YACtC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,EAC/C,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE,CAAC;YAC7C,MAAM,CAAC,OAAO,CACZ,kCAAkC,MAAM,CAAC,UAAU,4CAA4C,CAChG,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;gBACxB,KAAK,EAAE,IAAI;gBACX,UAAU,EAAE,CAAC;gBACb,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CACT,yCAAyC,MAAM,CAAC,UAAU,GAAG,CAC9D,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,mEACZ,IAAA,+BAAgB,EAAC,aAAa,CAAC;gBAC7B,CAAC,CAAC,sCAAsC,MAAM,CAAC,UAAU,IAAI;gBAC7D,CAAC,CAAC,kCAAkC,MAAM,CAAC,UAAU,IAAI;oBACvD,yEACN,iEAAiE,CAAC;YAElE,kGAAkG;YAClG,IAAI,IAAA,iCAAkB,GAAE,EAAE,CAAC;gBACzB,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,GAAG,KAAK,4GAA4G;oBAClH,sEAAsE,IAAI,CAAC,eAAe,CACxF,CAAC,CACF,EAAE,CACN,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,sDAAsD;oBAC5D,+EAA+E;oBAC/E,yCAAyC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CACrE,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

lib/init.test.js

@@ -39,7 +39,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path_1 = __importDefault(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const codeql_1 = require("./codeql");
 const init_1 = require("./init");
+const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -88,7 +90,7 @@ for (const { runnerEnv, ErrorConstructor, message } of [
             fs.writeFileSync(fileToCleanUp, "");
             const rmSyncError = `Failed to clean up file ${fileToCleanUp}`;
             const messages = [];
-            t.throws(() => (0, init_1.cleanupDatabaseClusterDirectory)((0, testing_utils_1.createTestConfig)({ dbLocation }), (0, testing_utils_1.getRecordingLogger)(messages), () => {
+            t.throws(() => (0, init_1.cleanupDatabaseClusterDirectory)((0, testing_utils_1.createTestConfig)({ dbLocation }), (0, testing_utils_1.getRecordingLogger)(messages), {}, () => {
                 throw new Error(rmSyncError);
             }), {
                 instanceOf: ErrorConstructor,
@@ -100,4 +102,218 @@ for (const { runnerEnv, ErrorConstructor, message } of [
         });
     });
 }
+(0, ava_1.default)("cleanupDatabaseClusterDirectory can disable warning with options", async (t) => {
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        const dbLocation = path_1.default.resolve(tmpDir, "dbs");
+        fs.mkdirSync(dbLocation, { recursive: true });
+        const fileToCleanUp = path_1.default.resolve(dbLocation, "something-to-cleanup.txt");
+        fs.writeFileSync(fileToCleanUp, "");
+        const messages = [];
+        (0, init_1.cleanupDatabaseClusterDirectory)((0, testing_utils_1.createTestConfig)({ dbLocation }), (0, testing_utils_1.getRecordingLogger)(messages), { disableExistingDirectoryWarning: true });
+        // Should only have the info message, not the warning
+        t.is(messages.length, 1);
+        t.is(messages[0].type, "info");
+        t.is(messages[0].message, `Cleaned up database cluster directory ${dbLocation}.`);
+        t.false(fs.existsSync(fileToCleanUp));
+    });
+});
+const testCheckPacksForOverlayCompatibility = ava_1.default.macro({
+    exec: async (t, _title, { cliOverlayVersion, languages, packs, expectedResult, }) => {
+        await (0, util_1.withTmpDir)(async (tmpDir) => {
+            const packDirsByLanguage = new Map();
+            for (const [packName, packInfo] of Object.entries(packs)) {
+                const packPath = path_1.default.join(tmpDir, packName);
+                fs.mkdirSync(packPath, { recursive: true });
+                if (packInfo.packinfoContents) {
+                    fs.writeFileSync(path_1.default.join(packPath, ".packinfo"), packInfo.packinfoContents);
+                }
+                const qlpackFileName = packInfo.qlpackFileName || "qlpack.yml";
+                fs.writeFileSync(path_1.default.join(packPath, qlpackFileName), packInfo.sourceOnlyPack
+                    ? `name: ${packName}\nversion: 1.0.0\n`
+                    : `name: ${packName}\nversion: 1.0.0\nbuildMetadata:\n sha: 123abc\n`);
+                if (!packDirsByLanguage.has(packInfo.language)) {
+                    packDirsByLanguage.set(packInfo.language, []);
+                }
+                packDirsByLanguage.get(packInfo.language).push(packPath);
+            }
+            const codeql = (0, codeql_1.createStubCodeQL)({
+                getVersion: async () => ({
+                    version: "2.22.2",
+                    overlayVersion: cliOverlayVersion,
+                }),
+                resolveQueriesStartingPacks: async (suitePaths) => {
+                    for (const language of packDirsByLanguage.keys()) {
+                        const suiteForLanguage = path_1.default.join(language, "temp", "config-queries.qls");
+                        if (suitePaths[0].endsWith(suiteForLanguage)) {
+                            return packDirsByLanguage.get(language) || [];
+                        }
+                    }
+                    return [];
+                },
+            });
+            const messages = [];
+            const result = await (0, init_1.checkPacksForOverlayCompatibility)(codeql, (0, testing_utils_1.createTestConfig)({ dbLocation: tmpDir, languages }), (0, testing_utils_1.getRecordingLogger)(messages));
+            t.is(result, expectedResult);
+            t.deepEqual(messages.length, expectedResult ? 0 : 1, "Expected log messages");
+        });
+    },
+    title: (_, title) => `checkPacksForOverlayCompatibility: ${title}`,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when CLI does not support overlay", {
+    cliOverlayVersion: undefined,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when there are no query packs", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {},
+    expectedResult: true,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when query pack has not been compiled", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: undefined,
+            sourceOnlyPack: true,
+        },
+    },
+    expectedResult: true,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when query pack has expected overlay version", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+    },
+    expectedResult: true,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when query packs for all languages to analyze are compatible", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.cpp, languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/cpp-queries": {
+            language: languages_1.KnownLanguage.cpp,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+    },
+    expectedResult: true,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when query pack for a language not analyzed is incompatible", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/cpp-queries": {
+            language: languages_1.KnownLanguage.cpp,
+            packinfoContents: undefined,
+        },
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+    },
+    expectedResult: true,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when query pack for a language to analyze is incompatible", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.cpp, languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/cpp-queries": {
+            language: languages_1.KnownLanguage.cpp,
+            packinfoContents: '{"overlayVersion":1}',
+        },
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when query pack is missing .packinfo", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+        "custom/queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: undefined,
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when query pack has different overlay version", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+        "custom/queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":1}',
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when query pack is missing overlayVersion in .packinfo", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+        "custom/queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: "{}",
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns false when .packinfo is not valid JSON", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+        },
+        "custom/queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: "this_is_not_valid_json",
+        },
+    },
+    expectedResult: false,
+});
+(0, ava_1.default)(testCheckPacksForOverlayCompatibility, "returns true when query pack uses codeql-pack.yml filename", {
+    cliOverlayVersion: 2,
+    languages: [languages_1.KnownLanguage.java],
+    packs: {
+        "codeql/java-queries": {
+            language: languages_1.KnownLanguage.java,
+            packinfoContents: '{"overlayVersion":2}',
+            qlpackFileName: "codeql-pack.yml",
+        },
+    },
+    expectedResult: true,
+});
 //# sourceMappingURL=init.test.js.map

lib/overlay-database-utils.js

@@ -52,7 +52,7 @@ var OverlayDatabaseMode;
     OverlayDatabaseMode["OverlayBase"] = "overlay-base";
     OverlayDatabaseMode["None"] = "none";
 })(OverlayDatabaseMode || (exports.OverlayDatabaseMode = OverlayDatabaseMode = {}));
-exports.CODEQL_OVERLAY_MINIMUM_VERSION = "2.20.5";
+exports.CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.3";
 /**
  * Writes a JSON file containing Git OIDs for all tracked files (represented
  * by path relative to the source root) under the source root. The file is

lib/setup-codeql.js

@@ -47,7 +47,6 @@ exports.getCodeQLURLVersion = getCodeQLURLVersion;
 exports.setupCodeQLBundle = setupCodeQLBundle;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const perf_hooks_1 = require("perf_hooks");
 const toolcache = __importStar(require("@actions/tool-cache"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 const semver = __importStar(require("semver"));
@@ -56,7 +55,6 @@ const actions_util_1 = require("./actions-util");
 const api = __importStar(require("./api-client"));
 const defaults = __importStar(require("./defaults.json"));
 const feature_flags_1 = require("./feature-flags");
-const logging_1 = require("./logging");
 const tar = __importStar(require("./tar"));
 const tools_download_1 = require("./tools-download");
 const util = __importStar(require("./util"));
@@ -417,7 +415,7 @@ async function tryGetFallbackToolcacheVersion(cliVersion, tagName, logger) {
 }
 // Exported using `export const` for testing purposes. Specifically, we want to
 // be able to stub this function and have other functions in this file use that stub.
-const downloadCodeQL = async function (codeqlURL, compressionMethod, maybeBundleVersion, maybeCliVersion, apiDetails, tarVersion, tempDir, features, logger) {
+const downloadCodeQL = async function (codeqlURL, compressionMethod, maybeBundleVersion, maybeCliVersion, apiDetails, tarVersion, tempDir, logger) {
     const parsedCodeQLURL = new URL(codeqlURL);
     const searchParams = new URLSearchParams(parsedCodeQLURL.search);
     const headers = {
@@ -440,11 +438,8 @@ const downloadCodeQL = async function (codeqlURL, compressionMethod, maybeBundle
         logger.debug("Downloading CodeQL tools without an authorization token.");
     }
     const toolcacheInfo = getToolcacheDestinationInfo(maybeBundleVersion, maybeCliVersion, logger);
-    const extractToToolcache = !!toolcacheInfo && !!(await features.getValue(feature_flags_1.Feature.ExtractToToolcache));
-    const extractedBundlePath = extractToToolcache
-        ? toolcacheInfo.path
-        : getTempExtractionDir(tempDir);
-    let statusReport = await (0, tools_download_1.downloadAndExtract)(codeqlURL, compressionMethod, extractedBundlePath, authorization, { "User-Agent": "CodeQL Action", ...headers }, tarVersion, logger);
+    const extractedBundlePath = toolcacheInfo?.path ?? getTempExtractionDir(tempDir);
+    const statusReport = await (0, tools_download_1.downloadAndExtract)(codeqlURL, compressionMethod, extractedBundlePath, authorization, { "User-Agent": "CodeQL Action", ...headers }, tarVersion, logger);
     if (!toolcacheInfo) {
         logger.debug("Could not cache CodeQL tools because we could not determine the bundle version from the " +
             `URL ${codeqlURL}.`);
@@ -454,27 +449,9 @@ const downloadCodeQL = async function (codeqlURL, compressionMethod, maybeBundle
             toolsVersion: maybeCliVersion ?? "unknown",
         };
     }
-    let codeqlFolder = extractedBundlePath;
-    if (extractToToolcache) {
-        (0, tools_download_1.writeToolcacheMarkerFile)(toolcacheInfo.path, logger);
-    }
-    else {
-        logger.debug("Caching CodeQL bundle.");
-        const toolcacheStart = perf_hooks_1.performance.now();
-        codeqlFolder = await toolcache.cacheDir(extractedBundlePath, "CodeQL", toolcacheInfo.version);
-        const cacheDurationMs = perf_hooks_1.performance.now() - toolcacheStart;
-        logger.info(`Added CodeQL bundle to the tool cache (${(0, logging_1.formatDuration)(cacheDurationMs)}).`);
-        statusReport = {
-            ...statusReport,
-            cacheDurationMs,
-        };
-        // Defensive check: we expect `cacheDir` to copy the bundle to a new location.
-        if (codeqlFolder !== extractedBundlePath) {
-            await (0, util_1.cleanUpGlob)(extractedBundlePath, "CodeQL bundle from temporary directory", logger);
-        }
-    }
+    (0, tools_download_1.writeToolcacheMarkerFile)(toolcacheInfo.path, logger);
     return {
-        codeqlFolder,
+        codeqlFolder: extractedBundlePath,
         statusReport,
         toolsVersion: maybeCliVersion ?? toolcacheInfo.version,
     };
@@ -524,7 +501,7 @@ function getCanonicalToolcacheVersion(cliVersion, bundleVersion, logger) {
  *
  * @returns the path to the extracted bundle, and the version of the tools
  */
-async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, features, defaultCliVersion, logger) {
+async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) {
     if (!(await util.isBinaryAccessible("tar", logger))) {
         throw new util.ConfigurationError("Could not find tar in PATH, so unable to extract CodeQL bundle.");
     }
@@ -546,7 +523,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, featu
             toolsSource = ToolsSource.Toolcache;
             break;
         case "download": {
-            const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.compressionMethod, source.bundleVersion, source.cliVersion, apiDetails, zstdAvailability.version, tempDir, features, logger);
+            const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.compressionMethod, source.bundleVersion, source.cliVersion, apiDetails, zstdAvailability.version, tempDir, logger);
             toolsVersion = result.toolsVersion;
             codeqlFolder = result.codeqlFolder;
             toolsDownloadStatusReport = result.statusReport;

lib/setup-codeql.test.js

@@ -143,7 +143,7 @@ ava_1.default.beforeEach(() => {
     });
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const result = await setupCodeql.setupCodeQLBundle("linked", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, expectedFeatureEnablement, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
+        const result = await setupCodeql.setupCodeQLBundle("linked", testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
         // Basic sanity check that the version we got back is indeed
         // the linked (default) CLI version.
         t.is(result.toolsVersion, testing_utils_1.LINKED_CLI_VERSION.cliVersion);
@@ -174,7 +174,7 @@ ava_1.default.beforeEach(() => {
     });
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
-        const result = await setupCodeql.setupCodeQLBundle(bundleUrl, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, expectedFeatureEnablement, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
+        const result = await setupCodeql.setupCodeQLBundle(bundleUrl, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, "tmp/codeql_action_test/", util_1.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, logger);
         // Basic sanity check that the version we got back is indeed the version that the
         // bundle contains..
         t.is(result.toolsVersion, expectedVersion);

lib/testing-utils.js

@@ -227,15 +227,16 @@ function mockLanguagesInRepo(languages) {
 /**
  * Constructs a `VersionInfo` object for testing purposes only.
  */
-const makeVersionInfo = (version, features) => ({
+const makeVersionInfo = (version, features, overlayVersion) => ({
     version,
     features,
+    overlayVersion,
 });
 exports.makeVersionInfo = makeVersionInfo;
-function mockCodeQLVersion(version, features) {
+function mockCodeQLVersion(version, features, overlayVersion) {
     return codeql.createStubCodeQL({
         async getVersion() {
-            return (0, exports.makeVersionInfo)(version, features);
+            return (0, exports.makeVersionInfo)(version, features, overlayVersion);
         },
     });
 }

lib/upload-lib.js

@@ -210,7 +210,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
         };
         const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(gitHubVersion.type);
         const initCodeQLResult = await (0, init_1.initCodeQL)(undefined, // There is no tools input on the upload action
-        apiDetails, tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, features, logger);
+        apiDetails, tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, logger);
         codeQL = initCodeQLResult.codeql;
     }
     if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {

lib/util.js

@@ -48,6 +48,7 @@ exports.getThreadsFlagValue = getThreadsFlagValue;
 exports.getCgroupCpuCountFromCpus = getCgroupCpuCountFromCpus;
 exports.getThreadsFlag = getThreadsFlag;
 exports.getCodeQLDatabasePath = getCodeQLDatabasePath;
+exports.getGeneratedSuitePath = getGeneratedSuitePath;
 exports.parseGitHubUrl = parseGitHubUrl;
 exports.checkGitHubVersionInRange = checkGitHubVersionInRange;
 exports.apiVersionInRange = apiVersionInRange;
@@ -403,6 +404,12 @@ function getThreadsFlag(userInput, logger) {
 function getCodeQLDatabasePath(config, language) {
     return path.resolve(config.dbLocation, language);
 }
+/**
+ * Get the path where the generated query suite for the given language lives.
+ */
+function getGeneratedSuitePath(config, language) {
+    return path.resolve(config.dbLocation, language, "temp", "config-queries.qls");
+}
 /**
  * Parses user input of a github.com or GHES URL to a canonical form.
  * Removes any API prefix or suffix if one is present.

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.29.8",
+  "version": "3.29.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -221,9 +221,10 @@
       "integrity": "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="
     },
     "node_modules/@actions/cache": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.3.tgz",
-      "integrity": "sha512-SvrqFtYJ7I48A/uXNkoJrnukx5weQv1fGquhs3+4nkByZThBH109KTIqj5x/cGV7JGNvb8dLPVywUOqX1fjiXg==",
+      "version": "4.0.5",
+      "resolved": "https://registry.npmjs.org/@actions/cache/-/cache-4.0.5.tgz",
+      "integrity": "sha512-RjLz1/vvntOfp3FpkY3wB0MjVRbLq7bfQEuQG9UUTKwdtcYmFrKVmuD+9B6ADbzbkSfHM+dM4sMjdr3R4XIkFg==",
+      "license": "MIT",
       "dependencies": {
         "@actions/core": "^1.11.1",
         "@actions/exec": "^1.0.1",
@@ -233,7 +234,7 @@
         "@azure/abort-controller": "^1.1.0",
         "@azure/ms-rest-js": "^2.6.0",
         "@azure/storage-blob": "^12.13.0",
-        "@protobuf-ts/plugin": "^2.9.4",
+        "@protobuf-ts/runtime-rpc": "^2.11.1",
         "semver": "^6.3.1"
       }
     },
@@ -742,10 +743,11 @@
       }
     },
     "node_modules/@eslint/compat": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/@eslint/compat/-/compat-1.3.1.tgz",
-      "integrity": "sha512-k8MHony59I5EPic6EQTCNOuPoVBnoYXkP+20xvwFjN7t0qI3ImyvyBgg+hIVPwC8JaxVjjUZld+cLfBLFDLucg==",
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/@eslint/compat/-/compat-1.3.2.tgz",
+      "integrity": "sha512-jRNwzTbd6p2Rw4sZ1CgWRS8YMtqG15YyZf7zvb6gY2rB2u6n+2Z+ELW0GtL0fQgyl0pr4Y/BzBfng/BdsereRA==",
       "dev": true,
+      "license": "Apache-2.0",
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       },
@@ -823,9 +825,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.32.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.32.0.tgz",
-      "integrity": "sha512-BBpRFZK3eX6uMLKz8WxFOBIFFcGFJ/g8XuwjTHCqHROSIsopI+ddn/d5Cfh36+7+e5edVS8dbSHnBNhrLEX0zg==",
+      "version": "9.33.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.33.0.tgz",
+      "integrity": "sha512-5K1/mKhWaMfreBGJTwval43JJmkip0RmM+3+IuqupeSKNC/Th2Kc7ucaq5ovTSra/OOKB9c58CGSz3QMVbWt0A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1771,18 +1773,18 @@
       }
     },
     "node_modules/@protobuf-ts/runtime": {
-      "version": "2.9.4",
-      "resolved": "https://registry.npmjs.org/@protobuf-ts/runtime/-/runtime-2.9.4.tgz",
-      "integrity": "sha512-vHRFWtJJB/SiogWDF0ypoKfRIZ41Kq+G9cEFj6Qm1eQaAhJ1LDFvgZ7Ja4tb3iLOQhz0PaoPnnOijF1qmEqTxg==",
+      "version": "2.11.1",
+      "resolved": "https://registry.npmjs.org/@protobuf-ts/runtime/-/runtime-2.11.1.tgz",
+      "integrity": "sha512-KuDaT1IfHkugM2pyz+FwiY80ejWrkH1pAtOBOZFuR6SXEFTsnb/jiQWQ1rCIrcKx2BtyxnxW6BWwsVSA/Ie+WQ==",
       "license": "(Apache-2.0 AND BSD-3-Clause)"
     },
     "node_modules/@protobuf-ts/runtime-rpc": {
-      "version": "2.9.4",
-      "resolved": "https://registry.npmjs.org/@protobuf-ts/runtime-rpc/-/runtime-rpc-2.9.4.tgz",
-      "integrity": "sha512-y9L9JgnZxXFqH5vD4d7j9duWvIJ7AShyBRoNKJGhu9Q27qIbchfzli66H9RvrQNIFk5ER7z1Twe059WZGqERcA==",
+      "version": "2.11.1",
+      "resolved": "https://registry.npmjs.org/@protobuf-ts/runtime-rpc/-/runtime-rpc-2.11.1.tgz",
+      "integrity": "sha512-4CqqUmNA+/uMz00+d3CYKgElXO9VrEbucjnBFEjqI4GuDrEQ32MaI3q+9qPBvIGOlL4PmHXrzM32vBPWRhQKWQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@protobuf-ts/runtime": "^2.9.4"
+        "@protobuf-ts/runtime": "^2.11.1"
       }
     },
     "node_modules/@rollup/pluginutils": {
@@ -1996,17 +1998,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.39.0.tgz",
-      "integrity": "sha512-bhEz6OZeUR+O/6yx9Jk6ohX6H9JSFTaiY0v9/PuKT3oGK0rn0jNplLmyFUGV+a9gfYnVNwGDwS/UkLIuXNb2Rw==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.39.1.tgz",
+      "integrity": "sha512-yYegZ5n3Yr6eOcqgj2nJH8cH/ZZgF+l0YIdKILSDjYFRjgYQMgv/lRjV5Z7Up04b9VYUondt8EPMqg7kTWgJ2g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/type-utils": "8.39.0",
-        "@typescript-eslint/utils": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/scope-manager": "8.39.1",
+        "@typescript-eslint/type-utils": "8.39.1",
+        "@typescript-eslint/utils": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1",
         "graphemer": "^1.4.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
@@ -2020,20 +2022,20 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.39.0",
+        "@typescript-eslint/parser": "^8.39.1",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.0.tgz",
-      "integrity": "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.1.tgz",
+      "integrity": "sha512-RkBKGBrjgskFGWuyUGz/EtD8AF/GW49S21J8dvMzpJitOF1slLEbbHnNEtAHtnDAnx8qDEdRrULRnWVx27wGBw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0"
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2044,9 +2046,9 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.0.tgz",
-      "integrity": "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.1.tgz",
+      "integrity": "sha512-7sPDKQQp+S11laqTrhHqeAbsCfMkwJMrV7oTDvtDds4mEofJYir414bYKUEb8YPUm9QL3U+8f6L6YExSoAGdQw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2058,16 +2060,16 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.0.tgz",
-      "integrity": "sha512-ndWdiflRMvfIgQRpckQQLiB5qAKQ7w++V4LlCHwp62eym1HLB/kw7D9f2e8ytONls/jt89TEasgvb+VwnRprsw==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.1.tgz",
+      "integrity": "sha512-EKkpcPuIux48dddVDXyQBlKdeTPMmALqBUbEk38McWv0qVEZwOpVJBi7ugK5qVNgeuYjGNQxrrnoM/5+TI/BPw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.39.0",
-        "@typescript-eslint/tsconfig-utils": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/project-service": "8.39.1",
+        "@typescript-eslint/tsconfig-utils": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -2087,16 +2089,16 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.39.0.tgz",
-      "integrity": "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.39.1.tgz",
+      "integrity": "sha512-VF5tZ2XnUSTuiqZFXCZfZs1cgkdd3O/sSYmdo2EpSyDlC86UM/8YytTmKnehOW3TGAlivqTDT6bS87B/GQ/jyg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0"
+        "@typescript-eslint/scope-manager": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/typescript-estree": "8.39.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2111,13 +2113,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.0.tgz",
-      "integrity": "sha512-ldgiJ+VAhQCfIjeOgu8Kj5nSxds0ktPOSO9p4+0VDH2R2pLvQraaM5Oen2d7NxzMCm+Sn/vJT+mv2H5u6b/3fA==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.1.tgz",
+      "integrity": "sha512-W8FQi6kEh2e8zVhQ0eeRnxdvIoOkAp/CPAahcNio6nO9dsIwb9b34z90KOlheoyuVf6LSOEdjlkxSkapNEc+4A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
+        "@typescript-eslint/types": "8.39.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -2190,16 +2192,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.39.0.tgz",
-      "integrity": "sha512-g3WpVQHngx0aLXn6kfIYCZxM6rRJlWzEkVpqEFLT3SgEDsp9cpCbxxgwnE504q4H+ruSDh/VGS6nqZIDynP+vg==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.39.1.tgz",
+      "integrity": "sha512-pUXGCuHnnKw6PyYq93lLRiZm3vjuslIy7tus1lIQTYVK9bL8XBgJnCWm8a0KcTtHC84Yya1Q6rtll+duSMj0dg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/scope-manager": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/typescript-estree": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -2215,14 +2217,14 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.0.tgz",
-      "integrity": "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.1.tgz",
+      "integrity": "sha512-RkBKGBrjgskFGWuyUGz/EtD8AF/GW49S21J8dvMzpJitOF1slLEbbHnNEtAHtnDAnx8qDEdRrULRnWVx27wGBw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0"
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2233,9 +2235,9 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.0.tgz",
-      "integrity": "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.1.tgz",
+      "integrity": "sha512-7sPDKQQp+S11laqTrhHqeAbsCfMkwJMrV7oTDvtDds4mEofJYir414bYKUEb8YPUm9QL3U+8f6L6YExSoAGdQw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2247,16 +2249,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.0.tgz",
-      "integrity": "sha512-ndWdiflRMvfIgQRpckQQLiB5qAKQ7w++V4LlCHwp62eym1HLB/kw7D9f2e8ytONls/jt89TEasgvb+VwnRprsw==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.1.tgz",
+      "integrity": "sha512-EKkpcPuIux48dddVDXyQBlKdeTPMmALqBUbEk38McWv0qVEZwOpVJBi7ugK5qVNgeuYjGNQxrrnoM/5+TI/BPw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.39.0",
-        "@typescript-eslint/tsconfig-utils": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/project-service": "8.39.1",
+        "@typescript-eslint/tsconfig-utils": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -2276,13 +2278,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.0.tgz",
-      "integrity": "sha512-ldgiJ+VAhQCfIjeOgu8Kj5nSxds0ktPOSO9p4+0VDH2R2pLvQraaM5Oen2d7NxzMCm+Sn/vJT+mv2H5u6b/3fA==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.1.tgz",
+      "integrity": "sha512-W8FQi6kEh2e8zVhQ0eeRnxdvIoOkAp/CPAahcNio6nO9dsIwb9b34z90KOlheoyuVf6LSOEdjlkxSkapNEc+4A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
+        "@typescript-eslint/types": "8.39.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -2346,14 +2348,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.39.0.tgz",
-      "integrity": "sha512-CTzJqaSq30V/Z2Og9jogzZt8lJRR5TKlAdXmWgdu4hgcC9Kww5flQ+xFvMxIBWVNdxJO7OifgdOK4PokMIWPew==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.39.1.tgz",
+      "integrity": "sha512-8fZxek3ONTwBu9ptw5nCKqZOSkXshZB7uAxuFF0J/wTMkKydjXCzqqga7MlFMpHi9DoG4BadhmTkITBcg8Aybw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.39.0",
-        "@typescript-eslint/types": "^8.39.0",
+        "@typescript-eslint/tsconfig-utils": "^8.39.1",
+        "@typescript-eslint/types": "^8.39.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -2368,9 +2370,9 @@
       }
     },
     "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.0.tgz",
-      "integrity": "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.1.tgz",
+      "integrity": "sha512-7sPDKQQp+S11laqTrhHqeAbsCfMkwJMrV7oTDvtDds4mEofJYir414bYKUEb8YPUm9QL3U+8f6L6YExSoAGdQw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2400,9 +2402,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.39.0.tgz",
-      "integrity": "sha512-Fd3/QjmFV2sKmvv3Mrj8r6N8CryYiCS8Wdb/6/rgOXAWGcFuc+VkQuG28uk/4kVNVZBQuuDHEDUpo/pQ32zsIQ==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.39.1.tgz",
+      "integrity": "sha512-ePUPGVtTMR8XMU2Hee8kD0Pu4NDE1CN9Q1sxGSGd/mbOtGZDM7pnhXNJnzW63zk/q+Z54zVzj44HtwXln5CvHA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2417,15 +2419,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.39.0.tgz",
-      "integrity": "sha512-6B3z0c1DXVT2vYA9+z9axjtc09rqKUPRmijD5m9iv8iQpHBRYRMBcgxSiKTZKm6FwWw1/cI4v6em35OsKCiN5Q==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.39.1.tgz",
+      "integrity": "sha512-gu9/ahyatyAdQbKeHnhT4R+y3YLtqqHyvkfDxaBYk97EcbfChSJXyaJnIL3ygUv7OuZatePHmQvuH5ru0lnVeA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0",
-        "@typescript-eslint/utils": "8.39.0",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/typescript-estree": "8.39.1",
+        "@typescript-eslint/utils": "8.39.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -2442,14 +2444,14 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.0.tgz",
-      "integrity": "sha512-8QOzff9UKxOh6npZQ/4FQu4mjdOCGSdO3p44ww0hk8Vu+IGbg0tB/H1LcTARRDzGCC8pDGbh2rissBuuoPgH8A==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.39.1.tgz",
+      "integrity": "sha512-RkBKGBrjgskFGWuyUGz/EtD8AF/GW49S21J8dvMzpJitOF1slLEbbHnNEtAHtnDAnx8qDEdRrULRnWVx27wGBw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0"
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2460,9 +2462,9 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.0.tgz",
-      "integrity": "sha512-ArDdaOllnCj3yn/lzKn9s0pBQYmmyme/v1HbGIGB0GB/knFI3fWMHloC+oYTJW46tVbYnGKTMDK4ah1sC2v0Kg==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.39.1.tgz",
+      "integrity": "sha512-7sPDKQQp+S11laqTrhHqeAbsCfMkwJMrV7oTDvtDds4mEofJYir414bYKUEb8YPUm9QL3U+8f6L6YExSoAGdQw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2474,16 +2476,16 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.0.tgz",
-      "integrity": "sha512-ndWdiflRMvfIgQRpckQQLiB5qAKQ7w++V4LlCHwp62eym1HLB/kw7D9f2e8ytONls/jt89TEasgvb+VwnRprsw==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.39.1.tgz",
+      "integrity": "sha512-EKkpcPuIux48dddVDXyQBlKdeTPMmALqBUbEk38McWv0qVEZwOpVJBi7ugK5qVNgeuYjGNQxrrnoM/5+TI/BPw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.39.0",
-        "@typescript-eslint/tsconfig-utils": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/visitor-keys": "8.39.0",
+        "@typescript-eslint/project-service": "8.39.1",
+        "@typescript-eslint/tsconfig-utils": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/visitor-keys": "8.39.1",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -2503,16 +2505,16 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.39.0.tgz",
-      "integrity": "sha512-4GVSvNA0Vx1Ktwvf4sFE+exxJ3QGUorQG1/A5mRfRNZtkBT2xrA/BCO2H0eALx/PnvCS6/vmYwRdDA41EoffkQ==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.39.1.tgz",
+      "integrity": "sha512-VF5tZ2XnUSTuiqZFXCZfZs1cgkdd3O/sSYmdo2EpSyDlC86UM/8YytTmKnehOW3TGAlivqTDT6bS87B/GQ/jyg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.39.0",
-        "@typescript-eslint/types": "8.39.0",
-        "@typescript-eslint/typescript-estree": "8.39.0"
+        "@typescript-eslint/scope-manager": "8.39.1",
+        "@typescript-eslint/types": "8.39.1",
+        "@typescript-eslint/typescript-estree": "8.39.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2527,13 +2529,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.39.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.0.tgz",
-      "integrity": "sha512-ldgiJ+VAhQCfIjeOgu8Kj5nSxds0ktPOSO9p4+0VDH2R2pLvQraaM5Oen2d7NxzMCm+Sn/vJT+mv2H5u6b/3fA==",
+      "version": "8.39.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.39.1.tgz",
+      "integrity": "sha512-W8FQi6kEh2e8zVhQ0eeRnxdvIoOkAp/CPAahcNio6nO9dsIwb9b34z90KOlheoyuVf6LSOEdjlkxSkapNEc+4A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.39.0",
+        "@typescript-eslint/types": "8.39.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -6504,9 +6506,9 @@
       "license": "MIT"
     },
     "node_modules/nock": {
-      "version": "14.0.8",
-      "resolved": "https://registry.npmjs.org/nock/-/nock-14.0.8.tgz",
-      "integrity": "sha512-5DCGrkwK1f8kxUvqvzLWb97XuDUY4/t5M3ZcogPfLGvC2wO8wjRQsIDSXj2L6e1J0Dv8xscf9wWSvGnS3OL29Q==",
+      "version": "14.0.9",
+      "resolved": "https://registry.npmjs.org/nock/-/nock-14.0.9.tgz",
+      "integrity": "sha512-aVIPgW9WVyb3XPCqfrwETc+hazxzgt8/QvARHAhC6BYHtTsZONUjlXoIB8EGmwqUBkKvOew4yqkGRBmwctdCrw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {

node_modules/@actions/cache/lib/cache.js

@@ -41,6 +41,7 @@ const cacheTwirpClient = __importStar(require("./internal/shared/cacheTwirpClien
 const config_1 = require("./internal/config");
 const tar_1 = require("./internal/tar");
 const constants_1 = require("./internal/constants");
+const http_client_1 = require("@actions/http-client");
 class ValidationError extends Error {
     constructor(message) {
         super(message);
@@ -77,7 +78,17 @@ function checkKey(key) {
  * @returns boolean return true if Actions cache service feature is available, otherwise false
  */
 function isFeatureAvailable() {
-    return !!process.env['ACTIONS_CACHE_URL'];
+    const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
+    // Check availability based on cache service version
+    switch (cacheServiceVersion) {
+        case 'v2':
+            // For v2, we need ACTIONS_RESULTS_URL
+            return !!process.env['ACTIONS_RESULTS_URL'];
+        case 'v1':
+        default:
+            // For v1, we only need ACTIONS_CACHE_URL
+            return !!process.env['ACTIONS_CACHE_URL'];
+    }
 }
 exports.isFeatureAvailable = isFeatureAvailable;
 /**
@@ -162,8 +173,16 @@ function restoreCacheV1(paths, primaryKey, restoreKeys, options, enableCrossOsAr
                 throw error;
             }
             else {
-                // Supress all non-validation cache related errors because caching should be optional
-                core.warning(`Failed to restore: ${error.message}`);
+                // warn on cache restore failure and continue build
+                // Log server errors (5xx) as errors, all other errors as warnings
+                if (typedError instanceof http_client_1.HttpClientError &&
+                    typeof typedError.statusCode === 'number' &&
+                    typedError.statusCode >= 500) {
+                    core.error(`Failed to restore: ${error.message}`);
+                }
+                else {
+                    core.warning(`Failed to restore: ${error.message}`);
+                }
             }
         }
         finally {
@@ -216,7 +235,13 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
                 core.debug(`Cache not found for version ${request.version} of keys: ${keys.join(', ')}`);
                 return undefined;
             }
-            core.info(`Cache hit for: ${request.key}`);
+            const isRestoreKeyMatch = request.key !== response.matchedKey;
+            if (isRestoreKeyMatch) {
+                core.info(`Cache hit for restore-key: ${response.matchedKey}`);
+            }
+            else {
+                core.info(`Cache hit for: ${response.matchedKey}`);
+            }
             if (options === null || options === void 0 ? void 0 : options.lookupOnly) {
                 core.info('Lookup only - skipping download');
                 return response.matchedKey;
@@ -241,7 +266,15 @@ function restoreCacheV2(paths, primaryKey, restoreKeys, options, enableCrossOsAr
             }
             else {
                 // Supress all non-validation cache related errors because caching should be optional
-                core.warning(`Failed to restore: ${error.message}`);
+                // Log server errors (5xx) as errors, all other errors as warnings
+                if (typedError instanceof http_client_1.HttpClientError &&
+                    typeof typedError.statusCode === 'number' &&
+                    typedError.statusCode >= 500) {
+                    core.error(`Failed to restore: ${error.message}`);
+                }
+                else {
+                    core.warning(`Failed to restore: ${error.message}`);
+                }
             }
         }
         finally {
@@ -344,7 +377,15 @@ function saveCacheV1(paths, key, options, enableCrossOsArchive = false) {
                 core.info(`Failed to save: ${typedError.message}`);
             }
             else {
-                core.warning(`Failed to save: ${typedError.message}`);
+                // Log server errors (5xx) as errors, all other errors as warnings
+                if (typedError instanceof http_client_1.HttpClientError &&
+                    typeof typedError.statusCode === 'number' &&
+                    typedError.statusCode >= 500) {
+                    core.error(`Failed to save: ${typedError.message}`);
+                }
+                else {
+                    core.warning(`Failed to save: ${typedError.message}`);
+                }
             }
         }
         finally {
@@ -440,7 +481,15 @@ function saveCacheV2(paths, key, options, enableCrossOsArchive = false) {
                 core.info(`Failed to save: ${typedError.message}`);
             }
             else {
-                core.warning(`Failed to save: ${typedError.message}`);
+                // Log server errors (5xx) as errors, all other errors as warnings
+                if (typedError instanceof http_client_1.HttpClientError &&
+                    typeof typedError.statusCode === 'number' &&
+                    typedError.statusCode >= 500) {
+                    core.error(`Failed to save: ${typedError.message}`);
+                }
+                else {
+                    core.warning(`Failed to save: ${typedError.message}`);
+                }
             }
         }
         finally {

node_modules/@actions/cache/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actions/cache",
-  "version": "4.0.3",
+  "version": "4.0.5",
   "preview": true,
   "description": "Actions cache lib",
   "keywords": [
@@ -40,17 +40,18 @@
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.0.1",
     "@actions/glob": "^0.1.0",
+    "@protobuf-ts/runtime-rpc": "^2.11.1",
     "@actions/http-client": "^2.1.1",
     "@actions/io": "^1.0.1",
     "@azure/abort-controller": "^1.1.0",
     "@azure/ms-rest-js": "^2.6.0",
     "@azure/storage-blob": "^12.13.0",
-    "@protobuf-ts/plugin": "^2.9.4",
     "semver": "^6.3.1"
   },
   "devDependencies": {
     "@types/node": "^22.13.9",
     "@types/semver": "^6.0.0",
+    "@protobuf-ts/plugin": "^2.9.4",
     "typescript": "^5.2.2"
   }
-}
+}

node_modules/@eslint/compat/README.md

@@ -197,12 +197,11 @@ Apache 2.0
 The following companies, organizations, and individuals support ESLint's ongoing maintenance and development. [Become a Sponsor](https://eslint.org/donate)
 to get your logo on our READMEs and [website](https://eslint.org/sponsors).
 
-<h3>Diamond Sponsors</h3>
-<p><a href="https://www.ag-grid.com/"><img src="https://images.opencollective.com/ag-grid/bec0580/logo.png" alt="AG Grid" height="128"></a></p><h3>Platinum Sponsors</h3>
+<h3>Platinum Sponsors</h3>
 <p><a href="https://automattic.com"><img src="https://images.opencollective.com/automattic/d0ef3e1/logo.png" alt="Automattic" height="128"></a> <a href="https://www.airbnb.com/"><img src="https://images.opencollective.com/airbnb/d327d66/logo.png" alt="Airbnb" height="128"></a></p><h3>Gold Sponsors</h3>
 <p><a href="https://qlty.sh/"><img src="https://images.opencollective.com/qltysh/33d157d/logo.png" alt="Qlty Software" height="96"></a> <a href="https://trunk.io/"><img src="https://images.opencollective.com/trunkio/fb92d60/avatar.png" alt="trunk.io" height="96"></a> <a href="https://shopify.engineering/"><img src="https://avatars.githubusercontent.com/u/8085" alt="Shopify" height="96"></a></p><h3>Silver Sponsors</h3>
 <p><a href="https://vite.dev/"><img src="https://images.opencollective.com/vite/e6d15e1/logo.png" alt="Vite" height="64"></a> <a href="https://liftoff.io/"><img src="https://images.opencollective.com/liftoff/5c4fa84/logo.png" alt="Liftoff" height="64"></a> <a href="https://americanexpress.io"><img src="https://avatars.githubusercontent.com/u/3853301" alt="American Express" height="64"></a> <a href="https://stackblitz.com"><img src="https://avatars.githubusercontent.com/u/28635252" alt="StackBlitz" height="64"></a></p><h3>Bronze Sponsors</h3>
-<p><a href="https://sentry.io"><img src="https://github.com/getsentry.png" alt="Sentry" height="32"></a> <a href="https://syntax.fm"><img src="https://github.com/syntaxfm.png" alt="Syntax" height="32"></a> <a href="https://cybozu.co.jp/"><img src="https://images.opencollective.com/cybozu/933e46d/logo.png" alt="Cybozu" height="32"></a> <a href="https://www.crosswordsolver.org/anagram-solver/"><img src="https://images.opencollective.com/anagram-solver/2666271/logo.png" alt="Anagram Solver" height="32"></a> <a href="https://icons8.com/"><img src="https://images.opencollective.com/icons8/7fa1641/logo.png" alt="Icons8" height="32"></a> <a href="https://discord.com"><img src="https://images.opencollective.com/discordapp/f9645d9/logo.png" alt="Discord" height="32"></a> <a href="https://www.gitbook.com"><img src="https://avatars.githubusercontent.com/u/7111340" alt="GitBook" height="32"></a> <a href="https://nolebase.ayaka.io"><img src="https://avatars.githubusercontent.com/u/11081491" alt="Neko" height="32"></a> <a href="https://nx.dev"><img src="https://avatars.githubusercontent.com/u/23692104" alt="Nx" height="32"></a> <a href="https://opensource.mercedes-benz.com/"><img src="https://avatars.githubusercontent.com/u/34240465" alt="Mercedes-Benz Group" height="32"></a> <a href="https://herocoders.com"><img src="https://avatars.githubusercontent.com/u/37549774" alt="HeroCoders" height="32"></a> <a href="https://www.lambdatest.com"><img src="https://avatars.githubusercontent.com/u/171592363" alt="LambdaTest" height="32"></a></p>
+<p><a href="https://cybozu.co.jp/"><img src="https://images.opencollective.com/cybozu/933e46d/logo.png" alt="Cybozu" height="32"></a> <a href="https://www.crosswordsolver.org/anagram-solver/"><img src="https://images.opencollective.com/anagram-solver/2666271/logo.png" alt="Anagram Solver" height="32"></a> <a href="https://icons8.com/"><img src="https://images.opencollective.com/icons8/7fa1641/logo.png" alt="Icons8" height="32"></a> <a href="https://discord.com"><img src="https://images.opencollective.com/discordapp/f9645d9/logo.png" alt="Discord" height="32"></a> <a href="https://www.gitbook.com"><img src="https://avatars.githubusercontent.com/u/7111340" alt="GitBook" height="32"></a> <a href="https://nx.dev"><img src="https://avatars.githubusercontent.com/u/23692104" alt="Nx" height="32"></a> <a href="https://opensource.mercedes-benz.com/"><img src="https://avatars.githubusercontent.com/u/34240465" alt="Mercedes-Benz Group" height="32"></a> <a href="https://herocoders.com"><img src="https://avatars.githubusercontent.com/u/37549774" alt="HeroCoders" height="32"></a> <a href="https://www.lambdatest.com"><img src="https://avatars.githubusercontent.com/u/171592363" alt="LambdaTest" height="32"></a></p>
 <h3>Technology Sponsors</h3>
 Technology sponsors allow us to use their products and services for free as part of a contribution to the open source ecosystem and our work.
 <p><a href="https://netlify.com"><img src="https://raw.githubusercontent.com/eslint/eslint.org/main/src/assets/images/techsponsors/netlify-icon.svg" alt="Netlify" height="32"></a> <a href="https://algolia.com"><img src="https://raw.githubusercontent.com/eslint/eslint.org/main/src/assets/images/techsponsors/algolia-icon.svg" alt="Algolia" height="32"></a> <a href="https://1password.com"><img src="https://raw.githubusercontent.com/eslint/eslint.org/main/src/assets/images/techsponsors/1password-icon.svg" alt="1Password" height="32"></a></p>

node_modules/@eslint/compat/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint/compat",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "Compatibility utilities for ESLint",
   "type": "module",
   "main": "dist/esm/index.js",
@@ -49,7 +49,7 @@
   },
   "homepage": "https://github.com/eslint/rewrite/tree/main/packages/compat#readme",
   "devDependencies": {
-    "@eslint/core": "^0.15.1",
+    "@eslint/core": "^0.15.2",
     "eslint": "^9.27.0"
   },
   "peerDependencies": {

node_modules/@eslint/js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint/js",
-  "version": "9.32.0",
+  "version": "9.33.0",
   "description": "ESLint JavaScript language implementation",
   "funding": "https://eslint.org/donate",
   "main": "./src/index.js",

node_modules/@protobuf-ts/runtime-rpc/build/commonjs/rpc-output-stream.js

@@ -15,6 +15,10 @@ class RpcOutputStreamController {
             cmp: [],
         };
         this._closed = false;
+        // --- RpcOutputStream async iterator API
+        // iterator state.
+        // is undefined when no iterator has been acquired yet.
+        this._itState = { q: [] };
     }
     // --- RpcOutputStream callback API
     onNext(callback) {
@@ -114,10 +118,6 @@ class RpcOutputStreamController {
      *   messages are queued.
      */
     [Symbol.asyncIterator]() {
-        // init the iterator state, enabling pushIt()
-        if (!this._itState) {
-            this._itState = { q: [] };
-        }
         // if we are closed, we are definitely not receiving any more messages.
         // but we can't let the iterator get stuck. we want to either:
         // a) finish the new iterator immediately, because we are completed
@@ -150,8 +150,6 @@ class RpcOutputStreamController {
     // this either resolves a pending promise, or enqueues the result.
     pushIt(result) {
         let state = this._itState;
-        if (!state)
-            return;
         // is the consumer waiting for us?
         if (state.p) {
             // yes, consumer is waiting for this promise.