Generate UserConfig from schema ... ish

- Throws a `ConfigurationError` if parsing the YAML fails
- Add a couple of tests for it

json-schemas.mjs

@@ -0,0 +1,29 @@
+import fs from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { globSync } from "glob";
+import { compileFromFile } from 'json-schema-to-typescript';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+const SRC_DIR = path.join(__dirname, "schemas");
+const OUT_DIR = path.join(__dirname, "src");
+
+async function generateTypings() {
+  const schemas = globSync(`${SRC_DIR}/*.json`);
+  for (const schema of schemas) {
+    const outPath = path.join(
+      OUT_DIR,
+      `${path.basename(schema, ".json")}.d.ts`,
+    );
+    const ts = await compileFromFile(schema, {
+      bannerComment:
+        "/* This file was automatically generated by `npm run generate:schemas`. Do not edit by hand. */",
+    });
+    fs.writeFileSync(outPath, ts, "utf-8");
+  }
+}
+
+await generateTypings();

lib/upload-lib.js

@@ -20885,19 +20885,19 @@ var require_validator = __commonJS({
     var SchemaError = helpers.SchemaError;
     var SchemaContext = helpers.SchemaContext;
     var anonymousBase = "/";
-    var Validator2 = function Validator3() {
-      this.customFormats = Object.create(Validator3.prototype.customFormats);
+    var Validator3 = function Validator4() {
+      this.customFormats = Object.create(Validator4.prototype.customFormats);
       this.schemas = {};
       this.unresolvedRefs = [];
       this.types = Object.create(types);
       this.attributes = Object.create(attribute.validators);
     };
-    Validator2.prototype.customFormats = {};
-    Validator2.prototype.schemas = null;
-    Validator2.prototype.types = null;
-    Validator2.prototype.attributes = null;
-    Validator2.prototype.unresolvedRefs = null;
-    Validator2.prototype.addSchema = function addSchema(schema2, base) {
+    Validator3.prototype.customFormats = {};
+    Validator3.prototype.schemas = null;
+    Validator3.prototype.types = null;
+    Validator3.prototype.attributes = null;
+    Validator3.prototype.unresolvedRefs = null;
+    Validator3.prototype.addSchema = function addSchema(schema2, base) {
       var self2 = this;
       if (!schema2) {
         return null;
@@ -20915,25 +20915,25 @@ var require_validator = __commonJS({
       });
       return this.schemas[ourUri];
     };
-    Validator2.prototype.addSubSchemaArray = function addSubSchemaArray(baseuri, schemas) {
+    Validator3.prototype.addSubSchemaArray = function addSubSchemaArray(baseuri, schemas) {
       if (!Array.isArray(schemas)) return;
       for (var i = 0; i < schemas.length; i++) {
         this.addSubSchema(baseuri, schemas[i]);
       }
     };
-    Validator2.prototype.addSubSchemaObject = function addSubSchemaArray(baseuri, schemas) {
+    Validator3.prototype.addSubSchemaObject = function addSubSchemaArray(baseuri, schemas) {
       if (!schemas || typeof schemas != "object") return;
       for (var p in schemas) {
         this.addSubSchema(baseuri, schemas[p]);
       }
     };
-    Validator2.prototype.setSchemas = function setSchemas(schemas) {
+    Validator3.prototype.setSchemas = function setSchemas(schemas) {
       this.schemas = schemas;
     };
-    Validator2.prototype.getSchema = function getSchema(urn) {
+    Validator3.prototype.getSchema = function getSchema(urn) {
       return this.schemas[urn];
     };
-    Validator2.prototype.validate = function validate(instance, schema2, options, ctx) {
+    Validator3.prototype.validate = function validate(instance, schema2, options, ctx) {
       if (typeof schema2 !== "boolean" && typeof schema2 !== "object" || schema2 === null) {
         throw new SchemaError("Expected `schema` to be an object or boolean");
       }
@@ -20971,7 +20971,7 @@ var require_validator = __commonJS({
       if (typeof ref == "string") return ref;
       return false;
     }
-    Validator2.prototype.validateSchema = function validateSchema(instance, schema2, options, ctx) {
+    Validator3.prototype.validateSchema = function validateSchema(instance, schema2, options, ctx) {
       var result = new ValidatorResult(instance, schema2, options, ctx);
       if (typeof schema2 === "boolean") {
         if (schema2 === true) {
@@ -21021,17 +21021,17 @@ var require_validator = __commonJS({
       }
       return result;
     };
-    Validator2.prototype.schemaTraverser = function schemaTraverser(schemaobj, s) {
+    Validator3.prototype.schemaTraverser = function schemaTraverser(schemaobj, s) {
       schemaobj.schema = helpers.deepMerge(schemaobj.schema, this.superResolve(s, schemaobj.ctx));
     };
-    Validator2.prototype.superResolve = function superResolve(schema2, ctx) {
+    Validator3.prototype.superResolve = function superResolve(schema2, ctx) {
       var ref = shouldResolve(schema2);
       if (ref) {
         return this.resolve(schema2, ref, ctx).subschema;
       }
       return schema2;
     };
-    Validator2.prototype.resolve = function resolve6(schema2, switchSchema, ctx) {
+    Validator3.prototype.resolve = function resolve6(schema2, switchSchema, ctx) {
       switchSchema = ctx.resolve(switchSchema);
       if (ctx.schemas[switchSchema]) {
         return { subschema: ctx.schemas[switchSchema], switchSchema };
@@ -21048,7 +21048,7 @@ var require_validator = __commonJS({
       }
       return { subschema, switchSchema };
     };
-    Validator2.prototype.testType = function validateType(instance, schema2, options, ctx, type2) {
+    Validator3.prototype.testType = function validateType(instance, schema2, options, ctx, type2) {
       if (type2 === void 0) {
         return;
       } else if (type2 === null) {
@@ -21063,7 +21063,7 @@ var require_validator = __commonJS({
       }
       return true;
     };
-    var types = Validator2.prototype.types = {};
+    var types = Validator3.prototype.types = {};
     types.string = function testString(instance) {
       return typeof instance == "string";
     };
@@ -21091,7 +21091,7 @@ var require_validator = __commonJS({
     types.object = function testObject(instance) {
       return instance && typeof instance === "object" && !Array.isArray(instance) && !(instance instanceof Date);
     };
-    module2.exports = Validator2;
+    module2.exports = Validator3;
   }
 });
 
@@ -21099,7 +21099,7 @@ var require_validator = __commonJS({
 var require_lib2 = __commonJS({
   "node_modules/jsonschema/lib/index.js"(exports2, module2) {
     "use strict";
-    var Validator2 = module2.exports.Validator = require_validator();
+    var Validator3 = module2.exports.Validator = require_validator();
     module2.exports.ValidatorResult = require_helpers().ValidatorResult;
     module2.exports.ValidatorResultError = require_helpers().ValidatorResultError;
     module2.exports.ValidationError = require_helpers().ValidationError;
@@ -21107,7 +21107,7 @@ var require_lib2 = __commonJS({
     module2.exports.SchemaScanResult = require_scan().SchemaScanResult;
     module2.exports.scan = require_scan().scan;
     module2.exports.validate = function(instance, schema2, options) {
-      var v = new Validator2();
+      var v = new Validator3();
       return v.validate(instance, schema2, options);
     };
   }
@@ -33618,7 +33618,8 @@ var require_package = __commonJS({
         ava: "npm run transpile && ava --serial --verbose",
         test: "npm run ava -- src/",
         "test-debug": "npm run test -- --timeout=20m",
-        transpile: "tsc --build --verbose"
+        transpile: "npm run generate:schemas && tsc --build --verbose",
+        "generate:schemas": "node json-schemas.mjs"
       },
       ava: {
         typescript: {
@@ -33684,6 +33685,7 @@ var require_package = __commonJS({
         "eslint-plugin-import": "2.29.1",
         "eslint-plugin-no-async-foreach": "^0.1.1",
         glob: "^11.0.3",
+        "json-schema-to-typescript": "^15.0.4",
         nock: "^14.0.10",
         sinon: "^21.0.0",
         typescript: "^5.9.3"
@@ -84865,7 +84867,7 @@ var path14 = __toESM(require("path"));
 var url = __toESM(require("url"));
 var import_zlib = __toESM(require("zlib"));
 var core11 = __toESM(require_core());
-var jsonschema = __toESM(require_lib2());
+var jsonschema2 = __toESM(require_lib2());
 
 // src/actions-util.ts
 var fs4 = __toESM(require("fs"));
@@ -88971,6 +88973,9 @@ var cliErrorsConfig = {
     cliErrorMessageCandidates: [
       new RegExp(
         "Query pack .* cannot be found\\. Check the spelling of the pack\\."
+      ),
+      new RegExp(
+        "is not a .ql file, .qls file, a directory, or a query pack specification."
       )
     ]
   },
@@ -89049,6 +89054,7 @@ var path9 = __toESM(require("path"));
 var core6 = __toESM(require_core());
 
 // src/config/db-config.ts
+var jsonschema = __toESM(require_lib2());
 var semver2 = __toESM(require_semver2());
 var PACK_IDENTIFIER_PATTERN = (function() {
   const alphaNumeric = "[a-z0-9]";
@@ -89530,6 +89536,11 @@ var featureConfig = {
     defaultValue: false,
     envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
     minimumVersion: "2.23.0"
+  },
+  ["validate_db_config" /* ValidateDbConfig */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
+    minimumVersion: void 0
   }
 };
 
@@ -92651,7 +92662,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) {
   }
   logger.info(`Validating ${sarifFilePath}`);
   const schema2 = require_sarif_schema_2_1_0();
-  const result = new jsonschema.Validator().validate(sarif, schema2);
+  const result = new jsonschema2.Validator().validate(sarif, schema2);
   const warningAttributes = ["uri-reference", "uri"];
   const errors = (result.errors ?? []).filter(
     (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument))

lib/upload-sarif-action.js

@@ -32321,7 +32321,8 @@ var require_package = __commonJS({
         ava: "npm run transpile && ava --serial --verbose",
         test: "npm run ava -- src/",
         "test-debug": "npm run test -- --timeout=20m",
-        transpile: "tsc --build --verbose"
+        transpile: "npm run generate:schemas && tsc --build --verbose",
+        "generate:schemas": "node json-schemas.mjs"
       },
       ava: {
         typescript: {
@@ -32387,6 +32388,7 @@ var require_package = __commonJS({
         "eslint-plugin-import": "2.29.1",
         "eslint-plugin-no-async-foreach": "^0.1.1",
         glob: "^11.0.3",
+        "json-schema-to-typescript": "^15.0.4",
         nock: "^14.0.10",
         sinon: "^21.0.0",
         typescript: "^5.9.3"
@@ -80374,19 +80376,19 @@ var require_validator2 = __commonJS({
     var SchemaError = helpers.SchemaError;
     var SchemaContext = helpers.SchemaContext;
     var anonymousBase = "/";
-    var Validator2 = function Validator3() {
-      this.customFormats = Object.create(Validator3.prototype.customFormats);
+    var Validator3 = function Validator4() {
+      this.customFormats = Object.create(Validator4.prototype.customFormats);
       this.schemas = {};
       this.unresolvedRefs = [];
       this.types = Object.create(types);
       this.attributes = Object.create(attribute.validators);
     };
-    Validator2.prototype.customFormats = {};
-    Validator2.prototype.schemas = null;
-    Validator2.prototype.types = null;
-    Validator2.prototype.attributes = null;
-    Validator2.prototype.unresolvedRefs = null;
-    Validator2.prototype.addSchema = function addSchema(schema2, base) {
+    Validator3.prototype.customFormats = {};
+    Validator3.prototype.schemas = null;
+    Validator3.prototype.types = null;
+    Validator3.prototype.attributes = null;
+    Validator3.prototype.unresolvedRefs = null;
+    Validator3.prototype.addSchema = function addSchema(schema2, base) {
       var self2 = this;
       if (!schema2) {
         return null;
@@ -80404,25 +80406,25 @@ var require_validator2 = __commonJS({
       });
       return this.schemas[ourUri];
     };
-    Validator2.prototype.addSubSchemaArray = function addSubSchemaArray(baseuri, schemas) {
+    Validator3.prototype.addSubSchemaArray = function addSubSchemaArray(baseuri, schemas) {
       if (!Array.isArray(schemas)) return;
       for (var i = 0; i < schemas.length; i++) {
         this.addSubSchema(baseuri, schemas[i]);
       }
     };
-    Validator2.prototype.addSubSchemaObject = function addSubSchemaArray(baseuri, schemas) {
+    Validator3.prototype.addSubSchemaObject = function addSubSchemaArray(baseuri, schemas) {
       if (!schemas || typeof schemas != "object") return;
       for (var p in schemas) {
         this.addSubSchema(baseuri, schemas[p]);
       }
     };
-    Validator2.prototype.setSchemas = function setSchemas(schemas) {
+    Validator3.prototype.setSchemas = function setSchemas(schemas) {
       this.schemas = schemas;
     };
-    Validator2.prototype.getSchema = function getSchema(urn) {
+    Validator3.prototype.getSchema = function getSchema(urn) {
       return this.schemas[urn];
     };
-    Validator2.prototype.validate = function validate(instance, schema2, options, ctx) {
+    Validator3.prototype.validate = function validate(instance, schema2, options, ctx) {
       if (typeof schema2 !== "boolean" && typeof schema2 !== "object" || schema2 === null) {
         throw new SchemaError("Expected `schema` to be an object or boolean");
       }
@@ -80460,7 +80462,7 @@ var require_validator2 = __commonJS({
       if (typeof ref == "string") return ref;
       return false;
     }
-    Validator2.prototype.validateSchema = function validateSchema(instance, schema2, options, ctx) {
+    Validator3.prototype.validateSchema = function validateSchema(instance, schema2, options, ctx) {
       var result = new ValidatorResult(instance, schema2, options, ctx);
       if (typeof schema2 === "boolean") {
         if (schema2 === true) {
@@ -80510,17 +80512,17 @@ var require_validator2 = __commonJS({
       }
       return result;
     };
-    Validator2.prototype.schemaTraverser = function schemaTraverser(schemaobj, s) {
+    Validator3.prototype.schemaTraverser = function schemaTraverser(schemaobj, s) {
       schemaobj.schema = helpers.deepMerge(schemaobj.schema, this.superResolve(s, schemaobj.ctx));
     };
-    Validator2.prototype.superResolve = function superResolve(schema2, ctx) {
+    Validator3.prototype.superResolve = function superResolve(schema2, ctx) {
       var ref = shouldResolve(schema2);
       if (ref) {
         return this.resolve(schema2, ref, ctx).subschema;
       }
       return schema2;
     };
-    Validator2.prototype.resolve = function resolve6(schema2, switchSchema, ctx) {
+    Validator3.prototype.resolve = function resolve6(schema2, switchSchema, ctx) {
       switchSchema = ctx.resolve(switchSchema);
       if (ctx.schemas[switchSchema]) {
         return { subschema: ctx.schemas[switchSchema], switchSchema };
@@ -80537,7 +80539,7 @@ var require_validator2 = __commonJS({
       }
       return { subschema, switchSchema };
     };
-    Validator2.prototype.testType = function validateType(instance, schema2, options, ctx, type2) {
+    Validator3.prototype.testType = function validateType(instance, schema2, options, ctx, type2) {
       if (type2 === void 0) {
         return;
       } else if (type2 === null) {
@@ -80552,7 +80554,7 @@ var require_validator2 = __commonJS({
       }
       return true;
     };
-    var types = Validator2.prototype.types = {};
+    var types = Validator3.prototype.types = {};
     types.string = function testString(instance) {
       return typeof instance == "string";
     };
@@ -80580,7 +80582,7 @@ var require_validator2 = __commonJS({
     types.object = function testObject(instance) {
       return instance && typeof instance === "object" && !Array.isArray(instance) && !(instance instanceof Date);
     };
-    module2.exports = Validator2;
+    module2.exports = Validator3;
   }
 });
 
@@ -80588,7 +80590,7 @@ var require_validator2 = __commonJS({
 var require_lib2 = __commonJS({
   "node_modules/jsonschema/lib/index.js"(exports2, module2) {
     "use strict";
-    var Validator2 = module2.exports.Validator = require_validator2();
+    var Validator3 = module2.exports.Validator = require_validator2();
     module2.exports.ValidatorResult = require_helpers3().ValidatorResult;
     module2.exports.ValidatorResultError = require_helpers3().ValidatorResultError;
     module2.exports.ValidationError = require_helpers3().ValidationError;
@@ -80596,7 +80598,7 @@ var require_lib2 = __commonJS({
     module2.exports.SchemaScanResult = require_scan2().SchemaScanResult;
     module2.exports.scan = require_scan2().scan;
     module2.exports.validate = function(instance, schema2, options) {
-      var v = new Validator2();
+      var v = new Validator3();
       return v.validate(instance, schema2, options);
     };
   }
@@ -89446,6 +89448,11 @@ var featureConfig = {
     defaultValue: false,
     envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
     minimumVersion: "2.23.0"
+  },
+  ["validate_db_config" /* ValidateDbConfig */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
+    minimumVersion: void 0
   }
 };
 var FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
@@ -89725,6 +89732,7 @@ var path10 = __toESM(require("path"));
 var core8 = __toESM(require_core());
 
 // src/config/db-config.ts
+var jsonschema = __toESM(require_lib2());
 var semver4 = __toESM(require_semver2());
 var PACK_IDENTIFIER_PATTERN = (function() {
   const alphaNumeric = "[a-z0-9]";
@@ -90009,7 +90017,7 @@ var path15 = __toESM(require("path"));
 var url = __toESM(require("url"));
 var import_zlib = __toESM(require("zlib"));
 var core12 = __toESM(require_core());
-var jsonschema = __toESM(require_lib2());
+var jsonschema2 = __toESM(require_lib2());
 
 // src/codeql.ts
 var fs12 = __toESM(require("fs"));
@@ -90223,6 +90231,9 @@ var cliErrorsConfig = {
     cliErrorMessageCandidates: [
       new RegExp(
         "Query pack .* cannot be found\\. Check the spelling of the pack\\."
+      ),
+      new RegExp(
+        "is not a .ql file, .qls file, a directory, or a query pack specification."
       )
     ]
   },
@@ -93305,7 +93316,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) {
   }
   logger.info(`Validating ${sarifFilePath}`);
   const schema2 = require_sarif_schema_2_1_0();
-  const result = new jsonschema.Validator().validate(sarif, schema2);
+  const result = new jsonschema2.Validator().validate(sarif, schema2);
   const warningAttributes = ["uri-reference", "uri"];
   const errors = (result.errors ?? []).filter(
     (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument))

package-lock.json

@@ -63,6 +63,7 @@
         "eslint-plugin-import": "2.29.1",
         "eslint-plugin-no-async-foreach": "^0.1.1",
         "glob": "^11.0.3",
+        "json-schema-to-typescript": "^15.0.4",
         "nock": "^14.0.10",
         "sinon": "^21.0.0",
         "typescript": "^5.9.3"
@@ -429,6 +430,24 @@
         "semver": "^6.1.0"
       }
     },
+    "node_modules/@apidevtools/json-schema-ref-parser": {
+      "version": "11.9.3",
+      "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-11.9.3.tgz",
+      "integrity": "sha512-60vepv88RwcJtSHrD6MjIL6Ta3SOYbgfnkHb+ppAVK+o9mXprRtulx7VlRl3lN3bbvysAfCS7WMVfhUYemB0IQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@jsdevtools/ono": "^7.1.3",
+        "@types/json-schema": "^7.0.15",
+        "js-yaml": "^4.1.0"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/philsturgeon"
+      }
+    },
     "node_modules/@ava/typescript": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/@ava/typescript/-/typescript-6.0.0.tgz",
@@ -1525,6 +1544,13 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/@jsdevtools/ono": {
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz",
+      "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@mapbox/node-pre-gyp": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-2.0.0.tgz",
@@ -2644,6 +2670,13 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/lodash": {
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-H3MHACvFUEiujabxhaI/ImO6gUrd8oOurg7LQtS7mbwIXA/cUqWrvBsaeJ23aZEPk1TAYkurjfMbSELfoCXlGA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@types/node": {
       "version": "20.19.9",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz",
@@ -6952,6 +6985,30 @@
         "node": ">=0.1.90"
       }
     },
+    "node_modules/json-schema-to-typescript": {
+      "version": "15.0.4",
+      "resolved": "https://registry.npmjs.org/json-schema-to-typescript/-/json-schema-to-typescript-15.0.4.tgz",
+      "integrity": "sha512-Su9oK8DR4xCmDsLlyvadkXzX6+GGXJpbhwoLtOGArAG61dvbW4YQmSEno2y66ahpIdmLMg6YUf/QHLgiwvkrHQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@apidevtools/json-schema-ref-parser": "^11.5.5",
+        "@types/json-schema": "^7.0.15",
+        "@types/lodash": "^4.17.7",
+        "is-glob": "^4.0.3",
+        "js-yaml": "^4.1.0",
+        "lodash": "^4.17.21",
+        "minimist": "^1.2.8",
+        "prettier": "^3.2.5",
+        "tinyglobby": "^0.2.9"
+      },
+      "bin": {
+        "json2ts": "dist/src/cli.js"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "dev": true,

package.json

@@ -12,7 +12,8 @@
     "ava": "npm run transpile && ava --serial --verbose",
     "test": "npm run ava -- src/",
     "test-debug": "npm run test -- --timeout=20m",
-    "transpile": "tsc --build --verbose"
+    "transpile": "npm run generate:schemas && tsc --build --verbose",
+    "generate:schemas": "node json-schemas.mjs"
   },
   "ava": {
     "typescript": {
@@ -78,6 +79,7 @@
     "eslint-plugin-import": "2.29.1",
     "eslint-plugin-no-async-foreach": "^0.1.1",
     "glob": "^11.0.3",
+    "json-schema-to-typescript": "^15.0.4",
     "nock": "^14.0.10",
     "sinon": "^21.0.0",
     "typescript": "^5.9.3"

schemas/db-config-schema.json

@@ -0,0 +1,145 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "title": "UserConfig",
+  "description": "Format of the config file supplied by the user for CodeQL analysis",
+  "type": "object",
+  "properties": {
+    "name": {
+      "type": "string",
+      "description": "Name of the configuration"
+    },
+    "disable-default-queries": {
+      "type": "boolean",
+      "description": "Whether to disable default queries"
+    },
+    "queries": {
+      "type": "array",
+      "description": "List of additional queries to run",
+      "items": {
+        "$ref": "#/definitions/QuerySpec"
+      }
+    },
+    "paths-ignore": {
+      "type": "array",
+      "description": "Paths to ignore during analysis",
+      "items": {
+        "type": "string"
+      }
+    },
+    "paths": {
+      "type": "array",
+      "description": "Paths to include in analysis",
+      "items": {
+        "type": "string"
+      }
+    },
+    "packs": {
+      "description": "Query packs to include. Can be a simple array for single-language analysis or an object with language-specific arrays for multi-language analysis",
+      "oneOf": [
+        {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        {
+          "type": "object",
+          "additionalProperties": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      ]
+    },
+    "query-filters": {
+      "type": "array",
+      "description": "Set of query filters to include and exclude extra queries based on CodeQL query suite include and exclude properties",
+      "items": {
+        "$ref": "#/definitions/QueryFilter"
+      }
+    }
+  },
+  "additionalProperties": true,
+  "definitions": {
+    "QuerySpec": {
+      "type": "object",
+      "description": "Detailed query specification object",
+      "properties": {
+        "name": {
+          "type": "string",
+          "description": "Optional name for the query"
+        },
+        "uses": {
+          "type": "string",
+          "description": "The query or query suite to use"
+        }
+      },
+      "required": ["uses"],
+      "additionalProperties": false
+    },
+    "QueryFilter": {
+      "description": "Query filter that can either include or exclude queries",
+      "oneOf": [
+        {
+          "$ref": "#/definitions/ExcludeQueryFilter"
+        },
+        {
+          "$ref": "#/definitions/IncludeQueryFilter"
+        },
+        {}
+      ]
+    },
+    "ExcludeQueryFilter": {
+      "type": "object",
+      "description": "Filter to exclude queries",
+      "properties": {
+        "exclude": {
+          "type": "object",
+          "description": "Queries to exclude",
+          "additionalProperties": {
+            "oneOf": [
+              {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "required": ["exclude"],
+      "additionalProperties": false
+    },
+    "IncludeQueryFilter": {
+      "type": "object",
+      "description": "Filter to include queries",
+      "properties": {
+        "include": {
+          "type": "object",
+          "description": "Queries to include",
+          "additionalProperties": {
+            "oneOf": [
+              {
+                "type": "array",
+                "items": {
+                  "type": "string"
+                }
+              },
+              {
+                "type": "string"
+              }
+            ]
+          }
+        }
+      },
+      "required": ["include"],
+      "additionalProperties": false
+    }
+  }
+}

src/cli-errors.test.ts

@@ -310,6 +310,20 @@ test("wrapCliConfigurationError - pack cannot be found", (t) => {
   t.true(wrappedError instanceof ConfigurationError);
 });
 
+test("wrapCliConfigurationError - unknown query file", (t) => {
+  const commandError = new CommandInvocationError(
+    "codeql",
+    ["database", "init"],
+    2,
+    "my-query-file is not a .ql file, .qls file, a directory, or a query pack specification. See the logs for more details.",
+  );
+  const cliError = new CliError(commandError);
+
+  const wrappedError = wrapCliConfigurationError(cliError);
+
+  t.true(wrappedError instanceof ConfigurationError);
+});
+
 test("wrapCliConfigurationError - pack missing auth", (t) => {
   const commandError = new CommandInvocationError(
     "codeql",

src/cli-errors.ts

@@ -264,6 +264,9 @@ export const cliErrorsConfig: Record<
       new RegExp(
         "Query pack .* cannot be found\\. Check the spelling of the pack\\.",
       ),
+      new RegExp(
+        "is not a .ql file, .qls file, a directory, or a query pack specification.",
+      ),
     ],
   },
   [CliConfigErrorCategory.PackMissingAuth]: {

src/config-utils.test.ts

@@ -148,6 +148,7 @@ test("load empty config", async (t) => {
     });
 
     const config = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: languages,
         repository: { owner: "github", repo: "example" },
@@ -187,6 +188,7 @@ test("load code quality config", async (t) => {
     });
 
     const config = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         analysisKinds: [AnalysisKind.CodeQuality],
         languagesInput: languages,
@@ -271,6 +273,7 @@ test("initActionState doesn't throw if there are queries configured in the repos
 
     await t.notThrowsAsync(async () => {
       const config = await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           analysisKinds: [AnalysisKind.CodeQuality],
           languagesInput: languages,
@@ -309,6 +312,7 @@ test("loading a saved config produces the same config", async (t) => {
     t.deepEqual(await configUtils.getConfig(tempDir, logger), undefined);
 
     const config1 = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: "javascript,python",
         tempDir,
@@ -360,6 +364,7 @@ test("loading config with version mismatch throws", async (t) => {
       .returns("does-not-exist");
 
     const config = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput: "javascript,python",
         tempDir,
@@ -388,6 +393,7 @@ test("load input outside of workspace", async (t) => {
   return await withTmpDir(async (tempDir) => {
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           configFile: "../input",
           tempDir,
@@ -415,6 +421,7 @@ test("load non-local input with invalid repo syntax", async (t) => {
 
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           configFile,
           tempDir,
@@ -443,6 +450,7 @@ test("load non-existent input", async (t) => {
 
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           languagesInput,
           configFile,
@@ -526,6 +534,7 @@ test("load non-empty input", async (t) => {
     const configFilePath = createConfigFile(inputFileContents, tempDir);
 
     const actualConfig = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput,
         buildModeInput: "none",
@@ -582,6 +591,7 @@ test("Using config input and file together, config input should be used.", async
     const languagesInput = "javascript";
 
     const config = await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput,
         configFile: configFilePath,
@@ -632,6 +642,7 @@ test("API client used when reading remote config", async (t) => {
     const languagesInput = "javascript";
 
     await configUtils.initConfig(
+      createFeatures([]),
       createTestInitConfigInputs({
         languagesInput,
         configFile,
@@ -652,6 +663,7 @@ test("Remote config handles the case where a directory is provided", async (t) =
     const repoReference = "octo-org/codeql-config/config.yaml@main";
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           configFile: repoReference,
           tempDir,
@@ -680,6 +692,7 @@ test("Invalid format of remote config handled correctly", async (t) => {
     const repoReference = "octo-org/codeql-config/config.yaml@main";
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           configFile: repoReference,
           tempDir,
@@ -709,6 +722,7 @@ test("No detected languages", async (t) => {
 
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           tempDir,
           codeql,
@@ -731,6 +745,7 @@ test("Unknown languages", async (t) => {
 
     try {
       await configUtils.initConfig(
+        createFeatures([]),
         createTestInitConfigInputs({
           languagesInput,
           tempDir,

src/config-utils.ts

@@ -19,6 +19,7 @@ import {
   calculateAugmentation,
   ExcludeQueryFilter,
   generateCodeScanningConfig,
+  parseUserConfig,
   UserConfig,
 } from "./config/db-config";
 import { shouldPerformDiffInformedAnalysis } from "./diff-informed-analysis-utils";
@@ -525,10 +526,12 @@ async function downloadCacheWithTime(
 }
 
 async function loadUserConfig(
+  logger: Logger,
   configFile: string,
   workspacePath: string,
   apiDetails: api.GitHubApiCombinedDetails,
   tempDir: string,
+  validateConfig: boolean,
 ): Promise<UserConfig> {
   if (isLocal(configFile)) {
     if (configFile !== userConfigFromActionPath(tempDir)) {
@@ -541,9 +544,14 @@ async function loadUserConfig(
         );
       }
     }
-    return getLocalConfig(configFile);
+    return getLocalConfig(logger, configFile, validateConfig);
   } else {
-    return await getRemoteConfig(configFile, apiDetails);
+    return await getRemoteConfig(
+      logger,
+      configFile,
+      apiDetails,
+      validateConfig,
+    );
   }
 }
 
@@ -779,7 +787,10 @@ function hasQueryCustomisation(userConfig: UserConfig): boolean {
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-export async function initConfig(inputs: InitConfigInputs): Promise<Config> {
+export async function initConfig(
+  features: FeatureEnablement,
+  inputs: InitConfigInputs,
+): Promise<Config> {
   const { logger, tempDir } = inputs;
 
   // if configInput is set, it takes precedence over configFile
@@ -799,11 +810,14 @@ export async function initConfig(inputs: InitConfigInputs): Promise<Config> {
     logger.debug("No configuration file was provided");
   } else {
     logger.debug(`Using configuration file: ${inputs.configFile}`);
+    const validateConfig = await features.getValue(Feature.ValidateDbConfig);
     userConfig = await loadUserConfig(
+      logger,
       inputs.configFile,
       inputs.workspacePath,
       inputs.apiDetails,
       tempDir,
+      validateConfig,
     );
   }
 
@@ -897,7 +911,11 @@ function isLocal(configPath: string): boolean {
   return configPath.indexOf("@") === -1;
 }
 
-function getLocalConfig(configFile: string): UserConfig {
+function getLocalConfig(
+  logger: Logger,
+  configFile: string,
+  validateConfig: boolean,
+): UserConfig {
   // Error if the file does not exist
   if (!fs.existsSync(configFile)) {
     throw new ConfigurationError(
@@ -905,12 +923,19 @@ function getLocalConfig(configFile: string): UserConfig {
     );
   }
 
-  return yaml.load(fs.readFileSync(configFile, "utf8")) as UserConfig;
+  return parseUserConfig(
+    logger,
+    configFile,
+    fs.readFileSync(configFile, "utf-8"),
+    validateConfig,
+  );
 }
 
 async function getRemoteConfig(
+  logger: Logger,
   configFile: string,
   apiDetails: api.GitHubApiCombinedDetails,
+  validateConfig: boolean,
 ): Promise<UserConfig> {
   // retrieve the various parts of the config location, and ensure they're present
   const format = new RegExp(
@@ -946,9 +971,12 @@ async function getRemoteConfig(
     );
   }
 
-  return yaml.load(
+  return parseUserConfig(
+    logger,
+    configFile,
     Buffer.from(fileContents, "base64").toString("binary"),
-  ) as UserConfig;
+    validateConfig,
+  );
 }
 
 /**

src/config/db-config.test.ts

@@ -2,7 +2,13 @@ import test, { ExecutionContext } from "ava";
 
 import { RepositoryProperties } from "../feature-flags/properties";
 import { KnownLanguage, Language } from "../languages";
-import { prettyPrintPack } from "../util";
+import { getRunnerLogger } from "../logging";
+import {
+  checkExpectedLogMessages,
+  getRecordingLogger,
+  LoggedMessage,
+} from "../testing-utils";
+import { ConfigurationError, prettyPrintPack } from "../util";
 
 import * as dbConfig from "./db-config";
 
@@ -391,3 +397,111 @@ test(
   {},
   /"a-pack-without-a-scope" is not a valid pack/,
 );
+
+test("parseUserConfig - successfully parses valid YAML", (t) => {
+  const result = dbConfig.parseUserConfig(
+    getRunnerLogger(true),
+    "test",
+    `
+    paths-ignore:
+      - "some/path"
+    queries:
+      - uses: foo
+    some-unknown-option: true
+    `,
+    true,
+  );
+  t.truthy(result);
+  if (t.truthy(result["paths-ignore"])) {
+    t.is(result["paths-ignore"].length, 1);
+    t.is(result["paths-ignore"][0], "some/path");
+  }
+  if (t.truthy(result["queries"])) {
+    t.is(result["queries"].length, 1);
+    t.deepEqual(result["queries"][0], { uses: "foo" });
+  }
+});
+
+test("parseUserConfig - throws a ConfigurationError if the file is not valid YAML", (t) => {
+  t.throws(
+    () =>
+      dbConfig.parseUserConfig(
+        getRunnerLogger(true),
+        "test",
+        `
+        paths-ignore:
+         - "some/path"
+         queries:
+         - foo
+        `,
+        true,
+      ),
+    {
+      instanceOf: ConfigurationError,
+    },
+  );
+});
+
+test("parseUserConfig - validation isn't picky about `query-filters`", (t) => {
+  const loggedMessages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(loggedMessages);
+
+  t.notThrows(() =>
+    dbConfig.parseUserConfig(
+      logger,
+      "test",
+      `
+        query-filters:
+          - something
+          - include: foo
+          - exclude: bar
+        `,
+      true,
+    ),
+  );
+});
+
+test("parseUserConfig - throws a ConfigurationError if validation fails", (t) => {
+  const loggedMessages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(loggedMessages);
+
+  t.throws(
+    () =>
+      dbConfig.parseUserConfig(
+        logger,
+        "test",
+        `
+        paths-ignore:
+         - "some/path"
+        queries: true
+        `,
+        true,
+      ),
+    {
+      instanceOf: ConfigurationError,
+      message:
+        'The configuration file "test" is invalid: instance.queries is not of a type(s) array.',
+    },
+  );
+
+  const expectedMessages = ["instance.queries is not of a type(s) array"];
+  checkExpectedLogMessages(t, loggedMessages, expectedMessages);
+});
+
+test("parseUserConfig - throws no ConfigurationError if validation should fail, but feature is disabled", (t) => {
+  const loggedMessages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(loggedMessages);
+
+  t.notThrows(() =>
+    dbConfig.parseUserConfig(
+      logger,
+      "test",
+      `
+        paths-ignore:
+         - "some/path"
+        queries: true
+        `,
+      false,
+    ),
+  );
+});

src/config/db-config.ts

@@ -1,7 +1,10 @@
 import * as path from "path";
 
+import * as yaml from "js-yaml";
+import * as jsonschema from "jsonschema";
 import * as semver from "semver";
 
+import type { UserConfig as DbConfig, QuerySpec } from "../db-config-schema";
 import * as errorMessages from "../error-messages";
 import {
   RepositoryProperties,
@@ -11,6 +14,8 @@ import { Language } from "../languages";
 import { Logger } from "../logging";
 import { cloneObject, ConfigurationError, prettyPrintPack } from "../util";
 
+export type { QuerySpec } from "../db-config-schema";
+
 export interface ExcludeQueryFilter {
   exclude: Record<string, string[] | string>;
 }
@@ -21,30 +26,14 @@ export interface IncludeQueryFilter {
 
 export type QueryFilter = ExcludeQueryFilter | IncludeQueryFilter;
 
-export interface QuerySpec {
-  name?: string;
-  uses: string;
-}
-
 /**
  * Format of the config file supplied by the user.
  */
-export interface UserConfig {
-  name?: string;
-  "disable-default-queries"?: boolean;
-  queries?: QuerySpec[];
-  "paths-ignore"?: string[];
-  paths?: string[];
-
-  // If this is a multi-language analysis, then the packages must be split by
-  // language. If this is a single language analysis, then no split by
-  // language is necessary.
-  packs?: Record<string, string[]> | string[];
-
+export type UserConfig = DbConfig & {
   // Set of query filters to include and exclude extra queries based on
   // codeql query suite `include` and `exclude` properties
   "query-filters"?: QueryFilter[];
-}
+};
 
 /**
  * Represents additional configuration data from a source other than
@@ -474,3 +463,53 @@ export function generateCodeScanningConfig(
 
   return augmentedConfig;
 }
+
+/**
+ * Attempts to parse `contents` into a `UserConfig` value.
+ *
+ * @param logger The logger to use.
+ * @param pathInput The path to the file where `contents` was obtained from, for use in error messages.
+ * @param contents The string contents of a YAML file to try and parse as a `UserConfig`.
+ * @param validateConfig Whether to validate the configuration file against the schema.
+ * @returns The `UserConfig` corresponding to `contents`, if parsing was successful.
+ * @throws A `ConfigurationError` if parsing failed.
+ */
+export function parseUserConfig(
+  logger: Logger,
+  pathInput: string,
+  contents: string,
+  validateConfig: boolean,
+): UserConfig {
+  try {
+    const schema =
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      require("../../schemas/db-config-schema.json") as jsonschema.Schema;
+
+    const doc = yaml.load(contents);
+
+    if (validateConfig) {
+      const result = new jsonschema.Validator().validate(doc, schema);
+
+      if (result.errors.length > 0) {
+        for (const error of result.errors) {
+          logger.error(error.stack);
+        }
+        throw new ConfigurationError(
+          errorMessages.getInvalidConfigFileMessage(
+            pathInput,
+            result.errors.map((e) => e.stack),
+          ),
+        );
+      }
+    }
+
+    return doc as UserConfig;
+  } catch (error) {
+    if (error instanceof yaml.YAMLException) {
+      throw new ConfigurationError(
+        errorMessages.getConfigFileParseErrorMessage(pathInput, error.message),
+      );
+    }
+    throw error;
+  }
+}

src/db-config-schema.d.ts

@@ -0,0 +1,53 @@
+/* This file was automatically generated by `npm run generate:schemas`. Do not edit by hand. */
+
+/**
+ * Format of the config file supplied by the user for CodeQL analysis
+ */
+export interface UserConfig {
+  /**
+   * Name of the configuration
+   */
+  name?: string;
+  /**
+   * Whether to disable default queries
+   */
+  "disable-default-queries"?: boolean;
+  /**
+   * List of additional queries to run
+   */
+  queries?: QuerySpec[];
+  /**
+   * Paths to ignore during analysis
+   */
+  "paths-ignore"?: string[];
+  /**
+   * Paths to include in analysis
+   */
+  paths?: string[];
+  /**
+   * Query packs to include. Can be a simple array for single-language analysis or an object with language-specific arrays for multi-language analysis
+   */
+  packs?:
+    | string[]
+    | {
+        [k: string]: string[];
+      };
+  /**
+   * Set of query filters to include and exclude extra queries based on CodeQL query suite include and exclude properties
+   */
+  "query-filters"?: unknown[];
+  [k: string]: unknown;
+}
+/**
+ * Detailed query specification object
+ */
+export interface QuerySpec {
+  /**
+   * Optional name for the query
+   */
+  name?: string;
+  /**
+   * The query or query suite to use
+   */
+  uses: string;
+}

src/error-messages.ts

@@ -14,6 +14,22 @@ export function getConfigFileDoesNotExistErrorMessage(
   return `The configuration file "${configFile}" does not exist`;
 }
 
+export function getConfigFileParseErrorMessage(
+  configFile: string,
+  message: string,
+): string {
+  return `Cannot parse "${configFile}": ${message}`;
+}
+
+export function getInvalidConfigFileMessage(
+  configFile: string,
+  messages: string[],
+): string {
+  const andMore =
+    messages.length > 10 ? `, and ${messages.length - 10} more.` : ".";
+  return `The configuration file "${configFile}" is invalid: ${messages.slice(0, 10).join(", ")}${andMore}`;
+}
+
 export function getConfigFileRepoFormatInvalidMessage(
   configFile: string,
 ): string {

src/feature-flags.ts

@@ -77,6 +77,7 @@ export enum Feature {
   QaTelemetryEnabled = "qa_telemetry_enabled",
   ResolveSupportedLanguagesUsingCli = "resolve_supported_languages_using_cli",
   UseRepositoryProperties = "use_repository_properties",
+  ValidateDbConfig = "validate_db_config",
 }
 
 export const featureConfig: Record<
@@ -287,6 +288,11 @@ export const featureConfig: Record<
     envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
     minimumVersion: "2.23.0",
   },
+  [Feature.ValidateDbConfig]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_VALIDATE_DB_CONFIG",
+    minimumVersion: undefined,
+  },
 };
 
 /**

src/init-action.ts

@@ -325,7 +325,7 @@ async function run() {
     }
 
     analysisKinds = await getAnalysisKinds(logger);
-    config = await initConfig({
+    config = await initConfig(features, {
       analysisKinds,
       languagesInput: getOptionalInput("languages"),
       queriesInput: getOptionalInput("queries"),

src/init.ts

@@ -61,10 +61,11 @@ export async function initCodeQL(
 }
 
 export async function initConfig(
+  features: FeatureEnablement,
   inputs: configUtils.InitConfigInputs,
 ): Promise<configUtils.Config> {
   return await withGroupAsync("Load language configuration", async () => {
-    return await configUtils.initConfig(inputs);
+    return await configUtils.initConfig(features, inputs);
   });
 }
 

src/testing-utils.ts

@@ -2,7 +2,7 @@ import { TextDecoder } from "node:util";
 import path from "path";
 
 import * as github from "@actions/github";
-import { TestFn } from "ava";
+import { ExecutionContext, TestFn } from "ava";
 import nock from "nock";
 import * as sinon from "sinon";
 
@@ -180,6 +180,23 @@ export function getRecordingLogger(messages: LoggedMessage[]): Logger {
   };
 }
 
+export function checkExpectedLogMessages(
+  t: ExecutionContext<any>,
+  messages: LoggedMessage[],
+  expectedMessages: string[],
+) {
+  for (const expectedMessage of expectedMessages) {
+    t.assert(
+      messages.some(
+        (msg) =>
+          typeof msg.message === "string" &&
+          msg.message.includes(expectedMessage),
+      ),
+      `Expected '${expectedMessage}' in the logger output, but didn't find it in:\n ${messages.map((m) => ` - '${m.message}'`).join("\n")}`,
+    );
+  }
+}
+
 /** Mock the HTTP request to the feature flags enablement API endpoint. */
 export function mockFeatureFlagApiEndpoint(
   responseStatusCode: number,