diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c32d5ee7..39bfb13a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -- Added an experimental change which, when analyzing a PR with [improved incremental analysis](https://github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis when the latest version does not yet have a cached overlay-base database. We expect to roll this change out to everyone in May. [#3880](https://github.com/github/codeql-action/pull/3880) +- Added an experimental change which, when running a Code Scanning analysis for a PR with [improved incremental analysis](https://github.com/github/roadmap/issues/1158) enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis when the latest version does not yet have a cached overlay-base database. We expect to roll this change out to everyone in May. [#3880](https://github.com/github/codeql-action/pull/3880) ## 4.35.3 - 01 May 2026 diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 6d2b9f7a5..68ca02cf6 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91711,8 +91711,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -91729,7 +91729,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -91826,6 +91826,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -91845,6 +91846,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -92046,7 +92048,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -92057,6 +92059,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -92217,7 +92220,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -92232,6 +92235,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -94927,7 +94931,7 @@ var core14 = __toESM(require_core()); var toolrunner4 = __toESM(require_toolrunner()); var github2 = __toESM(require_github()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -94942,6 +94946,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -95100,6 +95105,8 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQLDefaultVersionInfo, void 0, // rawLanguages: upload-lib does not run analysis + false, + // useOverlayAwareDefaultCliVersion: upload-lib does not run analysis features, logger ); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ed46f610b..16d0bc507 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -132682,8 +132682,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -132700,7 +132700,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -132797,6 +132797,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -132816,6 +132817,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -133017,7 +133019,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -133028,6 +133030,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -133155,7 +133158,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -133170,6 +133173,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -135426,7 +135430,7 @@ var core14 = __toESM(require_core()); var toolrunner4 = __toESM(require_toolrunner()); var github2 = __toESM(require_github()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -135441,6 +135445,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -135599,6 +135604,8 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQLDefaultVersionInfo, void 0, // rawLanguages: upload-lib does not run analysis + false, + // useOverlayAwareDefaultCliVersion: upload-lib does not run analysis features, logger ); diff --git a/lib/init-action.js b/lib/init-action.js index 8424fffe0..7753d29fd 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86358,11 +86358,11 @@ function isAnalyzingPullRequest() { } // src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind3) => { - AnalysisKind3["CodeScanning"] = "code-scanning"; - AnalysisKind3["CodeQuality"] = "code-quality"; - AnalysisKind3["RiskAssessment"] = "risk-assessment"; - return AnalysisKind3; +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + AnalysisKind2["RiskAssessment"] = "risk-assessment"; + return AnalysisKind2; })(AnalysisKind || {}); var compatibilityMatrix = { ["code-scanning" /* CodeScanning */]: /* @__PURE__ */ new Set(["code-quality" /* CodeQuality */]), @@ -90640,8 +90640,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -90658,7 +90658,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -90755,6 +90755,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -90774,6 +90775,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -90975,7 +90977,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -90986,6 +90988,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -91135,7 +91138,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -91150,6 +91153,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -91739,7 +91743,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/init.ts -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -91754,6 +91758,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -92539,6 +92544,9 @@ async function run(startedAt) { const rawLanguages = getRawLanguagesNoAutodetect( getOptionalInput("languages") ); + const useOverlayAwareDefaultCliVersion = !!analysisKinds?.includes( + "code-scanning" /* CodeScanning */ + ); const initCodeQLResult = await initCodeQL( getOptionalInput("tools"), apiDetails, @@ -92546,6 +92554,7 @@ async function run(startedAt) { gitHubVersion.type, codeQLDefaultVersionInfo, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index f63f90a7e..64ad2f567 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -88082,8 +88082,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -88100,7 +88100,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -88197,6 +88197,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -88216,6 +88217,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -88417,7 +88419,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -88428,6 +88430,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -88555,7 +88558,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -88570,6 +88573,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -89159,7 +89163,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/init.ts -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -89174,6 +89178,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -89476,6 +89481,8 @@ async function run(startedAt) { codeQLDefaultVersionInfo, void 0, // rawLanguages: currently, setup-codeql is not language aware + false, + // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware features, logger ); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 5b9dd54b7..73465a343 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -90737,8 +90737,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -90755,7 +90755,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -90852,6 +90852,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -90871,6 +90872,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -91072,7 +91074,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -91083,6 +91085,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -91210,7 +91213,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -91225,6 +91228,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -92946,7 +92950,7 @@ var core12 = __toESM(require_core()); var toolrunner4 = __toESM(require_toolrunner()); var github2 = __toESM(require_github()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -92961,6 +92965,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -93119,6 +93124,8 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQLDefaultVersionInfo, void 0, // rawLanguages: upload-lib does not run analysis + false, + // useOverlayAwareDefaultCliVersion: upload-lib does not run analysis features, logger ); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index eca5b7f00..d376638ca 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -91414,8 +91414,8 @@ async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, raw } return overlayVersions; } -async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) { - if (!isAnalyzingPullRequest()) { +async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases( @@ -91432,7 +91432,7 @@ async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, feature } return defaultCliVersion.enabledVersions[0]; } -async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -91529,6 +91529,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -91548,6 +91549,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiD const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -91749,7 +91751,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -91760,6 +91762,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, @@ -91887,7 +91890,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4"; var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -91902,6 +91905,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger ); @@ -93623,7 +93627,7 @@ var core13 = __toESM(require_core()); var toolrunner4 = __toESM(require_toolrunner()); var github2 = __toESM(require_github()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, useOverlayAwareDefaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -93638,6 +93642,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true @@ -93725,6 +93730,8 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo codeQLDefaultVersionInfo, void 0, // rawLanguages: upload-lib does not run analysis + false, + // useOverlayAwareDefaultCliVersion: upload-lib does not run analysis features, logger ); diff --git a/src/codeql.test.ts b/src/codeql.test.ts index 60756101f..5169961ad 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -73,6 +73,7 @@ async function installIntoToolcache({ ? { enabledVersions: [{ cliVersion, tagName }] } : SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion createFeatures([]), getRunnerLogger(true), false, @@ -145,6 +146,7 @@ test.serial( util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -178,6 +180,7 @@ test.serial( util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -218,6 +221,7 @@ test.serial( util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -269,6 +273,7 @@ for (const { util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -314,6 +319,7 @@ for (const toolcacheVersion of [ util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -359,6 +365,7 @@ test.serial( ], }, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -406,6 +413,7 @@ test.serial( ], }, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -446,6 +454,7 @@ test.serial( util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, @@ -488,6 +497,7 @@ test.serial( util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, getRunnerLogger(true), false, diff --git a/src/codeql.ts b/src/codeql.ts index 046d3e719..66ed8cebe 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -306,6 +306,7 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; * @param variant * @param defaultCliVersion * @param rawLanguages Raw set of languages. + * @param useOverlayAwareDefaultCliVersion Whether to select an overlay-aware default CLI version. * @param features Information about the features that are enabled. * @param logger * @param checkVersion Whether to check that CodeQL CLI meets the minimum @@ -319,6 +320,7 @@ export async function setupCodeQL( variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, rawLanguages: string[] | undefined, + useOverlayAwareDefaultCliVersion: boolean, features: FeatureEnablement, logger: Logger, checkVersion: boolean, @@ -343,6 +345,7 @@ export async function setupCodeQL( variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, ); diff --git a/src/init-action.ts b/src/init-action.ts index 96745e203..b529b6804 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -304,6 +304,9 @@ async function run(startedAt: Date) { const rawLanguages = configUtils.getRawLanguagesNoAutodetect( getOptionalInput("languages"), ); + const useOverlayAwareDefaultCliVersion = !!analysisKinds?.includes( + AnalysisKind.CodeScanning, + ); const initCodeQLResult = await initCodeQL( getOptionalInput("tools"), apiDetails, @@ -311,6 +314,7 @@ async function run(startedAt: Date) { gitHubVersion.type, codeQLDefaultVersionInfo, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, ); diff --git a/src/init.ts b/src/init.ts index ef1f426d0..2533d9a89 100644 --- a/src/init.ts +++ b/src/init.ts @@ -40,6 +40,7 @@ export async function initCodeQL( variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, rawLanguages: string[] | undefined, + useOverlayAwareDefaultCliVersion: boolean, features: FeatureEnablement, logger: Logger, ): Promise<{ @@ -63,6 +64,7 @@ export async function initCodeQL( variant, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, true, diff --git a/src/setup-codeql-action.ts b/src/setup-codeql-action.ts index 5e6c82442..b9091a18b 100644 --- a/src/setup-codeql-action.ts +++ b/src/setup-codeql-action.ts @@ -146,6 +146,7 @@ async function run(startedAt: Date): Promise { gitHubVersion.type, codeQLDefaultVersionInfo, undefined, // rawLanguages: currently, setup-codeql is not language aware + false, // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware features, logger, ); diff --git a/src/setup-codeql.test.ts b/src/setup-codeql.test.ts index 39f2422bd..463dc61ae 100644 --- a/src/setup-codeql.test.ts +++ b/src/setup-codeql.test.ts @@ -108,6 +108,7 @@ test.serial( `https://github.com/github/codeql-action/releases/download/${tagName}/codeql-bundle-linux64.tar.gz`, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -132,6 +133,7 @@ test.serial( "linked", SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -158,6 +160,7 @@ test.serial( "latest", SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -215,6 +218,7 @@ test.serial( GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, logger, ); @@ -271,6 +275,7 @@ test.serial( GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion features, logger, ); @@ -323,6 +328,7 @@ test.serial( "nightly", SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -385,6 +391,7 @@ test.serial( undefined, SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -440,6 +447,7 @@ test.serial( "toolcache", SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -508,6 +516,7 @@ const toolcacheInputFallbackMacro = test.macro({ "toolcache", SAMPLE_DEFAULT_CLI_VERSION, undefined, // rawLanguages + false, // useOverlayAwareDefaultCliVersion SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, @@ -640,6 +649,82 @@ const overlayMatchEnabledVersions = { toolsFeatureFlagsValid: true, }; +test.serial( + "getCodeQLSource uses overlay-aware default version when requested for a PR", + async (t) => { + await withTmpDir(async (tmpDir) => { + setupActionsVars(tmpDir, tmpDir); + process.env["CODE_SCANNING_REF"] = "refs/heads/feature-branch"; + process.env["CODE_SCANNING_BASE_BRANCH"] = "main"; + + sinon.stub(api, "getAutomationID").resolves("test/"); + const listStub = sinon.stub(api, "listActionsCaches").resolves([ + { + key: "codeql-overlay-base-database-1-aaaaaaaaaaaaaaaa-javascript-2.20.1-abc-1-1", + }, + ]); + sinon + .stub(toolcache, "find") + .withArgs("CodeQL", "2.20.1") + .returns("/path/to/codeql-2.20.1"); + + const source = await setupCodeql.getCodeQLSource( + undefined, + overlayMatchEnabledVersions, + ["javascript"], + true, + SAMPLE_DOTCOM_API_DETAILS, + GitHubVariant.DOTCOM, + false, + makeOverlayMatchFeatures({ matchFlagEnabled: true }), + getRunnerLogger(true), + ); + + t.assert(listStub.calledOnce); + t.is(source.sourceType, "toolcache"); + t.is(source.toolsVersion, "2.20.1"); + }); + }, +); + +test.serial( + "getCodeQLSource skips overlay-aware default version when not requested", + async (t) => { + await withTmpDir(async (tmpDir) => { + setupActionsVars(tmpDir, tmpDir); + process.env["CODE_SCANNING_REF"] = "refs/heads/feature-branch"; + process.env["CODE_SCANNING_BASE_BRANCH"] = "main"; + + sinon.stub(api, "getAutomationID").resolves("test/"); + const listStub = sinon.stub(api, "listActionsCaches").resolves([ + { + key: "codeql-overlay-base-database-1-aaaaaaaaaaaaaaaa-javascript-2.20.1-abc-1-1", + }, + ]); + sinon + .stub(toolcache, "find") + .withArgs("CodeQL", "2.20.2") + .returns("/path/to/codeql-2.20.2"); + + const source = await setupCodeql.getCodeQLSource( + undefined, + overlayMatchEnabledVersions, + ["javascript"], + false, + SAMPLE_DOTCOM_API_DETAILS, + GitHubVariant.DOTCOM, + false, + makeOverlayMatchFeatures({ matchFlagEnabled: true }), + getRunnerLogger(true), + ); + + t.assert(listStub.notCalled); + t.is(source.sourceType, "toolcache"); + t.is(source.toolsVersion, "2.20.2"); + }); + }, +); + test.serial( "getEnabledVersionsWithOverlayBaseDatabases returns flag-enabled versions present in cache, sorted desc", async (t) => { diff --git a/src/setup-codeql.ts b/src/setup-codeql.ts index 108214735..53deca53b 100644 --- a/src/setup-codeql.ts +++ b/src/setup-codeql.ts @@ -360,16 +360,17 @@ export async function getEnabledVersionsWithOverlayBaseDatabases( /** * Resolves the newest enabled default CLI version that has a cached overlay-base database for the - * relevant languages, if analyzing a pull request and one exists. Otherwise, falls back to the - * newest enabled default CLI version. + * relevant languages, if running a Code Scanning analysis for a pull request and one exists. + * Otherwise, falls back to the newest enabled default CLI version. */ async function resolveDefaultCliVersion( defaultCliVersion: CodeQLDefaultVersionInfo, rawLanguages: string[] | undefined, + useOverlayAwareDefaultCliVersion: boolean, features: FeatureEnablement, logger: Logger, ): Promise { - if (!isAnalyzingPullRequest()) { + if (!useOverlayAwareDefaultCliVersion || !isAnalyzingPullRequest()) { return defaultCliVersion.enabledVersions[0]; } @@ -396,6 +397,7 @@ async function resolveDefaultCliVersion( * @param toolsInput The argument provided for the `tools` input, if any. * @param defaultCliVersion The default CLI version that's linked to the CodeQL Action. * @param rawLanguages Raw set of languages. + * @param useOverlayAwareDefaultCliVersion Whether to select an overlay-aware default CLI version. * @param apiDetails Information about the GitHub API. * @param variant The GitHub variant we are running on. * @param tarSupportsZstd Whether zstd is supported by `tar`. @@ -408,6 +410,7 @@ export async function getCodeQLSource( toolsInput: string | undefined, defaultCliVersion: CodeQLDefaultVersionInfo, rawLanguages: string[] | undefined, + useOverlayAwareDefaultCliVersion: boolean, apiDetails: api.GitHubApiDetails, variant: util.GitHubVariant, tarSupportsZstd: boolean, @@ -568,6 +571,7 @@ export async function getCodeQLSource( const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, ); @@ -590,6 +594,7 @@ export async function getCodeQLSource( const version = await resolveDefaultCliVersion( defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, features, logger, ); @@ -930,6 +935,7 @@ export async function setupCodeQLBundle( variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, rawLanguages: string[] | undefined, + useOverlayAwareDefaultCliVersion: boolean, features: FeatureEnablement, logger: Logger, ): Promise { @@ -944,6 +950,7 @@ export async function setupCodeQLBundle( toolsInput, defaultCliVersion, rawLanguages, + useOverlayAwareDefaultCliVersion, apiDetails, variant, zstdAvailability.available, diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 5db40f26d..83331aeed 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -166,6 +166,7 @@ async function combineSarifFilesUsingCLI( gitHubVersion.type, codeQLDefaultVersionInfo, undefined, // rawLanguages: upload-lib does not run analysis + false, // useOverlayAwareDefaultCliVersion: upload-lib does not run analysis features, logger, );