Enable overlay-aware version selection in setup-codeql

2026-05-09 23:30:28 +00:00 · 2026-05-08 17:54:17 +01:00
parent 4f815a68d3
commit 2a950b930c
3 changed files with 343 additions and 257 deletions
@@ -85857,6 +85857,66 @@ function isAnalyzingPullRequest() {
  return getPullRequestBranches() !== void 0;
 }

+// src/analyses.ts
+var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
+  AnalysisKind2["CodeScanning"] = "code-scanning";
+  AnalysisKind2["CodeQuality"] = "code-quality";
+  AnalysisKind2["RiskAssessment"] = "risk-assessment";
+  return AnalysisKind2;
+})(AnalysisKind || {});
+var compatibilityMatrix = {
+  ["code-scanning" /* CodeScanning */]: /* @__PURE__ */ new Set(["code-quality" /* CodeQuality */]),
+  ["code-quality" /* CodeQuality */]: /* @__PURE__ */ new Set(["code-scanning" /* CodeScanning */]),
+  ["risk-assessment" /* RiskAssessment */]: /* @__PURE__ */ new Set()
+};
+var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
+async function parseAnalysisKinds(input) {
+  const components = input.split(",");
+  if (components.length < 1) {
+    throw new ConfigurationError(
+      "At least one analysis kind must be configured."
+    );
+  }
+  for (const component of components) {
+    if (!supportedAnalysisKinds.has(component)) {
+      throw new ConfigurationError(`Unknown analysis kind: ${component}`);
+    }
+  }
+  return Array.from(
+    new Set(components.map((component) => component))
+  );
+}
+var cachedAnalysisKinds;
+async function getAnalysisKinds(logger, skipCache = false) {
+  if (!skipCache && cachedAnalysisKinds !== void 0) {
+    return cachedAnalysisKinds;
+  }
+  const analysisKinds = await parseAnalysisKinds(
+    getRequiredInput("analysis-kinds")
+  );
+  const qualityQueriesInput = getOptionalInput("quality-queries");
+  if (qualityQueriesInput !== void 0) {
+    logger.warning(
+      "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. Use the `analysis-kinds` input to configure different analysis kinds instead."
+    );
+  }
+  if (!analysisKinds.includes("code-quality" /* CodeQuality */) && qualityQueriesInput !== void 0) {
+    analysisKinds.push("code-quality" /* CodeQuality */);
+  }
+  for (const analysisKind of analysisKinds) {
+    for (const otherAnalysisKind of analysisKinds) {
+      if (analysisKind === otherAnalysisKind) continue;
+      if (!compatibilityMatrix[analysisKind].has(otherAnalysisKind)) {
+        throw new ConfigurationError(
+          `${analysisKind} and ${otherAnalysisKind} cannot be enabled at the same time`
+        );
+      }
+    }
+  }
+  cachedAnalysisKinds = analysisKinds;
+  return cachedAnalysisKinds;
+}
+
 // src/api-client.ts
 var core5 = __toESM(require_core());
 var githubUtils = __toESM(require_utils4());
@@ -86124,10 +86184,146 @@ function wrapApiConfigurationError(e) {
  return e;
 }

+// src/config-utils.ts
+var core9 = __toESM(require_core());
+
+// src/caching-utils.ts
+var crypto2 = __toESM(require("crypto"));
+var core6 = __toESM(require_core());
+var cacheKeyHashLength = 16;
+function createCacheKeyHash(components) {
+  const componentsJson = JSON.stringify(components);
+  return crypto2.createHash("sha256").update(componentsJson).digest("hex").substring(0, cacheKeyHashLength);
+}
+
+// src/config/db-config.ts
+var jsonschema = __toESM(require_lib2());
+var semver2 = __toESM(require_semver2());
+
+// src/feature-flags/properties.ts
+var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
+  RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay";
+  RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
+  RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
+  return RepositoryPropertyName2;
+})(RepositoryPropertyName || {});
+var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set(
+  Object.values(RepositoryPropertyName)
+);
+
+// src/config/db-config.ts
+var PACK_IDENTIFIER_PATTERN = (function() {
+  const alphaNumeric = "[a-z0-9]";
+  const alphaNumericDash = "[a-z0-9-]";
+  const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`;
+  return new RegExp(`^${component}/${component}$`);
+})();
+
+// src/diagnostics.ts
+var import_fs = require("fs");
+var import_path = __toESM(require("path"));
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/diagnostics.ts
+var unwrittenDiagnostics = [];
+var unwrittenDefaultLanguageDiagnostics = [];
+var diagnosticCounter = 0;
+function makeDiagnostic(id, name, data = void 0) {
+  return {
+    ...data,
+    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+    source: { ...data?.source, id, name }
+  };
+}
+function addDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  if ((0, import_fs.existsSync)(databasePath)) {
+    writeDiagnostic(config, language, diagnostic);
+  } else {
+    logger.debug(
+      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
+    );
+    unwrittenDiagnostics.push({ diagnostic, language });
+  }
+}
+function addNoLanguageDiagnostic(config, diagnostic) {
+  if (config !== void 0) {
+    addDiagnostic(
+      config,
+      // Arbitrarily choose the first language. We could also choose all languages, but that
+      // increases the risk of misinterpreting the data.
+      config.languages[0],
+      diagnostic
+    );
+  } else {
+    unwrittenDefaultLanguageDiagnostics.push(diagnostic);
+  }
+}
+function writeDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  const diagnosticsPath = import_path.default.resolve(
+    databasePath,
+    "diagnostic",
+    "codeql-action"
+  );
+  try {
+    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
+    const uniqueSuffix = (diagnosticCounter++).toString();
+    const sanitizedTimestamp = diagnostic.timestamp.replace(
+      /[^a-zA-Z0-9.-]/g,
+      ""
+    );
+    const jsonPath = import_path.default.resolve(
+      diagnosticsPath,
+      `codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
+    );
+    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
+  } catch (err) {
+    logger.warning(`Unable to write diagnostic message to database: ${err}`);
+    logger.debug(JSON.stringify(diagnostic));
+  }
+}
+function makeTelemetryDiagnostic(id, name, attributes) {
+  return makeDiagnostic(id, name, {
+    attributes,
+    visibility: {
+      cliSummaryTable: false,
+      statusPage: false,
+      telemetry: true
+    }
+  });
+}
+
 // src/feature-flags.ts
 var fs5 = __toESM(require("fs"));
-var path5 = __toESM(require("path"));
-var semver4 = __toESM(require_semver2());
+var path6 = __toESM(require("path"));
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.25.4";
@@ -86135,19 +86331,19 @@ var cliVersion = "2.25.4";

 // src/overlay/index.ts
 var fs4 = __toESM(require("fs"));
-var path4 = __toESM(require("path"));
+var path5 = __toESM(require("path"));

 // src/git-utils.ts
 var fs3 = __toESM(require("fs"));
-var path3 = __toESM(require("path"));
-var core6 = __toESM(require_core());
+var path4 = __toESM(require("path"));
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io());
-var semver2 = __toESM(require_semver2());
+var semver3 = __toESM(require_semver2());
 var runGitCommand = async function(workingDirectory, args, customErrorMessage, options) {
  let stdout = "";
  let stderr = "";
-  core6.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -86168,7 +86364,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage, o
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -86230,7 +86426,7 @@ var getGitRoot = async function(sourceRoot) {
  }
 };
 function hasSubmodules(gitRoot) {
-  return fs3.existsSync(path3.join(gitRoot, ".gitmodules"));
+  return fs3.existsSync(path4.join(gitRoot, ".gitmodules"));
 }
 var getFileOidsUnderPath = async function(basePath) {
  const gitRoot = await getGitRoot(basePath);
@@ -86297,7 +86493,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core6.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -86362,7 +86558,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
  const diffRangeFiles = await getDiffRangeFilePaths(sourceRoot, logger);
  const changedFiles = [.../* @__PURE__ */ new Set([...oidChangedFiles, ...diffRangeFiles])];
  const changedFilesJson = JSON.stringify({ changes: changedFiles });
-  const overlayChangesFile = path4.join(
+  const overlayChangesFile = path5.join(
    getTemporaryDirectory(),
    "overlay-changes.json"
  );
@@ -86428,13 +86624,13 @@ async function getDiffRangeFilePaths(sourceRoot, logger) {
    return [...new Set(diffRanges.map((r) => r.path))];
  }
  const relativePaths = diffRanges.map(
-    (r) => path4.relative(sourceRoot, path4.join(repoRoot, r.path)).replaceAll(path4.sep, "/")
+    (r) => path5.relative(sourceRoot, path5.join(repoRoot, r.path)).replaceAll(path5.sep, "/")
  ).filter((rel) => !rel.startsWith(".."));
  return [...new Set(relativePaths)];
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -86774,7 +86970,7 @@ var Features = class extends OfflineFeatures {
    super(logger);
    this.gitHubFeatureFlags = new GitHubFeatureFlags(
      repositoryNwo,
-      path5.join(tempDir, FEATURE_FLAGS_FILE_NAME),
+      path6.join(tempDir, FEATURE_FLAGS_FILE_NAME),
      logger
    );
  }
@@ -86833,7 +87029,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver4.valid(version)) {
+    if (!semver5.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -86850,7 +87046,7 @@ var GitHubFeatureFlags = class {
    const response = await this.getAllFeatures();
    const sortedCliVersions = Object.entries(response).map(
      ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0
-    ).filter((f) => f !== void 0).sort(semver4.rcompare);
+    ).filter((f) => f !== void 0).sort(semver5.rcompare);
    if (sortedCliVersions.length === 0) {
      this.logger.warning(
        `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.`
@@ -86994,6 +87190,99 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) {
  }
 }

+// src/languages/builtin.json
+var builtin_default = {
+  languages: [
+    "actions",
+    "cpp",
+    "csharp",
+    "go",
+    "java",
+    "javascript",
+    "python",
+    "ruby",
+    "rust",
+    "swift"
+  ],
+  aliases: {
+    c: "cpp",
+    "c-c++": "cpp",
+    "c-cpp": "cpp",
+    "c#": "csharp",
+    "c++": "cpp",
+    "java-kotlin": "java",
+    "javascript-typescript": "javascript",
+    kotlin: "java",
+    typescript: "javascript"
+  }
+};
+
+// src/languages/index.ts
+var builtInLanguageSet = new Set(builtin_default.languages);
+function isBuiltInLanguage(language) {
+  return builtInLanguageSet.has(language);
+}
+function parseBuiltInLanguage(language) {
+  language = language.trim().toLowerCase();
+  language = builtin_default.aliases[language] ?? language;
+  if (isBuiltInLanguage(language)) {
+    return language;
+  }
+  return void 0;
+}
+
+// src/overlay/status.ts
+var actionsCache = __toESM(require_cache4());
+
+// src/trap-caching.ts
+var actionsCache2 = __toESM(require_cache4());
+
+// src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
+function getRawLanguagesNoAutodetect(languagesInput) {
+  return (languagesInput || "").split(",").map((x) => x.trim().toLowerCase()).filter((x) => x.length > 0);
+}
+var OVERLAY_ANALYSIS_FEATURES = {
+  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
+  csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */,
+  go: "overlay_analysis_go" /* OverlayAnalysisGo */,
+  java: "overlay_analysis_java" /* OverlayAnalysisJava */,
+  javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */,
+  python: "overlay_analysis_python" /* OverlayAnalysisPython */,
+  ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */
+};
+var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
+  cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */,
+  csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */,
+  go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */,
+  java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */,
+  javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */,
+  python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */,
+  ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */
+};
+function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
+  const augmentedConfig = cloneObject(cliConfig);
+  if (extraQueryExclusions.length === 0) {
+    return augmentedConfig;
+  }
+  augmentedConfig["query-filters"] = [
+    // Ordering matters. If the first filter is an inclusion, it implicitly
+    // excludes all queries that are not included. If it is an exclusion,
+    // it implicitly includes all queries that are not excluded. So user
+    // filters (if any) should always be first to preserve intent.
+    ...augmentedConfig["query-filters"] || [],
+    ...extraQueryExclusions
+  ];
+  if (augmentedConfig["query-filters"]?.length === 0) {
+    delete augmentedConfig["query-filters"];
+  }
+  return augmentedConfig;
+}
+
 // src/init.ts
 var core12 = __toESM(require_core());
 var toolrunner4 = __toESM(require_toolrunner());
@@ -87254,241 +87543,6 @@ function wrapCliConfigurationError(cliError) {
  return new ConfigurationError(errorMessageBuilder);
 }

-// src/config-utils.ts
-var core9 = __toESM(require_core());
-
-// src/analyses.ts
-var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
-  AnalysisKind2["CodeScanning"] = "code-scanning";
-  AnalysisKind2["CodeQuality"] = "code-quality";
-  AnalysisKind2["RiskAssessment"] = "risk-assessment";
-  return AnalysisKind2;
-})(AnalysisKind || {});
-var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
-
-// src/caching-utils.ts
-var crypto2 = __toESM(require("crypto"));
-var core7 = __toESM(require_core());
-var cacheKeyHashLength = 16;
-function createCacheKeyHash(components) {
-  const componentsJson = JSON.stringify(components);
-  return crypto2.createHash("sha256").update(componentsJson).digest("hex").substring(0, cacheKeyHashLength);
-}
-
-// src/config/db-config.ts
-var jsonschema = __toESM(require_lib2());
-var semver5 = __toESM(require_semver2());
-
-// src/feature-flags/properties.ts
-var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
-  RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay";
-  RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
-  RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
-  return RepositoryPropertyName2;
-})(RepositoryPropertyName || {});
-var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set(
-  Object.values(RepositoryPropertyName)
-);
-
-// src/config/db-config.ts
-var PACK_IDENTIFIER_PATTERN = (function() {
-  const alphaNumeric = "[a-z0-9]";
-  const alphaNumericDash = "[a-z0-9-]";
-  const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`;
-  return new RegExp(`^${component}/${component}$`);
-})();
-
-// src/diagnostics.ts
-var import_fs = require("fs");
-var import_path = __toESM(require("path"));
-
-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
-// src/diagnostics.ts
-var unwrittenDiagnostics = [];
-var unwrittenDefaultLanguageDiagnostics = [];
-var diagnosticCounter = 0;
-function makeDiagnostic(id, name, data = void 0) {
-  return {
-    ...data,
-    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
-    source: { ...data?.source, id, name }
-  };
-}
-function addDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  if ((0, import_fs.existsSync)(databasePath)) {
-    writeDiagnostic(config, language, diagnostic);
-  } else {
-    logger.debug(
-      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
-    );
-    unwrittenDiagnostics.push({ diagnostic, language });
-  }
-}
-function addNoLanguageDiagnostic(config, diagnostic) {
-  if (config !== void 0) {
-    addDiagnostic(
-      config,
-      // Arbitrarily choose the first language. We could also choose all languages, but that
-      // increases the risk of misinterpreting the data.
-      config.languages[0],
-      diagnostic
-    );
-  } else {
-    unwrittenDefaultLanguageDiagnostics.push(diagnostic);
-  }
-}
-function writeDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  const diagnosticsPath = import_path.default.resolve(
-    databasePath,
-    "diagnostic",
-    "codeql-action"
-  );
-  try {
-    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
-    const uniqueSuffix = (diagnosticCounter++).toString();
-    const sanitizedTimestamp = diagnostic.timestamp.replace(
-      /[^a-zA-Z0-9.-]/g,
-      ""
-    );
-    const jsonPath = import_path.default.resolve(
-      diagnosticsPath,
-      `codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json`
-    );
-    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
-  } catch (err) {
-    logger.warning(`Unable to write diagnostic message to database: ${err}`);
-    logger.debug(JSON.stringify(diagnostic));
-  }
-}
-function makeTelemetryDiagnostic(id, name, attributes) {
-  return makeDiagnostic(id, name, {
-    attributes,
-    visibility: {
-      cliSummaryTable: false,
-      statusPage: false,
-      telemetry: true
-    }
-  });
-}
-
-// src/languages/builtin.json
-var builtin_default = {
-  languages: [
-    "actions",
-    "cpp",
-    "csharp",
-    "go",
-    "java",
-    "javascript",
-    "python",
-    "ruby",
-    "rust",
-    "swift"
-  ],
-  aliases: {
-    c: "cpp",
-    "c-c++": "cpp",
-    "c-cpp": "cpp",
-    "c#": "csharp",
-    "c++": "cpp",
-    "java-kotlin": "java",
-    "javascript-typescript": "javascript",
-    kotlin: "java",
-    typescript: "javascript"
-  }
-};
-
-// src/languages/index.ts
-var builtInLanguageSet = new Set(builtin_default.languages);
-function isBuiltInLanguage(language) {
-  return builtInLanguageSet.has(language);
-}
-function parseBuiltInLanguage(language) {
-  language = language.trim().toLowerCase();
-  language = builtin_default.aliases[language] ?? language;
-  if (isBuiltInLanguage(language)) {
-    return language;
-  }
-  return void 0;
-}
-
-// src/overlay/status.ts
-var actionsCache = __toESM(require_cache4());
-
-// src/trap-caching.ts
-var actionsCache2 = __toESM(require_cache4());
-
-// src/config-utils.ts
-var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
-var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
-var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
-var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
-var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
-var OVERLAY_ANALYSIS_FEATURES = {
-  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
-  csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */,
-  go: "overlay_analysis_go" /* OverlayAnalysisGo */,
-  java: "overlay_analysis_java" /* OverlayAnalysisJava */,
-  javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */,
-  python: "overlay_analysis_python" /* OverlayAnalysisPython */,
-  ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */
-};
-var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
-  cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */,
-  csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */,
-  go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */,
-  java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */,
-  javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */,
-  python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */,
-  ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */
-};
-function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
-  const augmentedConfig = cloneObject(cliConfig);
-  if (extraQueryExclusions.length === 0) {
-    return augmentedConfig;
-  }
-  augmentedConfig["query-filters"] = [
-    // Ordering matters. If the first filter is an inclusion, it implicitly
-    // excludes all queries that are not included. If it is an exclusion,
-    // it implicitly includes all queries that are not excluded. So user
-    // filters (if any) should always be first to preserve intent.
-    ...augmentedConfig["query-filters"] || [],
-    ...extraQueryExclusions
-  ];
-  if (augmentedConfig["query-filters"]?.length === 0) {
-    delete augmentedConfig["query-filters"];
-  }
-  return augmentedConfig;
-}
-
 // src/setup-codeql.ts
 var fs8 = __toESM(require("fs"));
 var path8 = __toESM(require("path"));
@@ -89468,16 +89522,23 @@ async function run(startedAt) {
    }
    const codeQLDefaultVersionInfo = await features.getEnabledDefaultCliVersions(gitHubVersion.type);
    toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
+    const rawLanguages = getRawLanguagesNoAutodetect(
+      getOptionalInput("languages")
+    );
+    const analysisKinds = await getAnalysisKinds(logger);
    const initCodeQLResult = await initCodeQL(
      getOptionalInput("tools"),
      apiDetails,
      getTemporaryDirectory(),
      gitHubVersion.type,
      codeQLDefaultVersionInfo,
-      void 0,
-      // rawLanguages: currently, setup-codeql is not language aware
-      false,
-      // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware
+      rawLanguages,
+      // Only consider the languages for overlay-aware version selection if the
+      // user has told us what they intend to analyze and Code Scanning is among
+      // the configured analysis kinds. Without `languages`, the subsequent
+      // `init` invocation may analyze a different set; without Code Scanning,
+      // overlay analysis is not in use anyway.
+      rawLanguages.length > 0 && analysisKinds.includes("code-scanning" /* CodeScanning */),
      features,
      logger
    );
@@ -19,6 +19,25 @@ inputs:
      If not specified, the Action will check in several places until it finds
      the CodeQL tools.
    required: false
+  languages:
+    description: >-
+      A comma-separated list of CodeQL languages that will be analyzed in subsequent
+      `github/codeql-action/init` and `github/codeql-action/analyze` invocations. If specified, the
+      Action may use this list to select a CodeQL CLI version that is best suited to analyzing those
+      languages, for example by preferring a version that has a cached overlay-base database for the
+      specified languages. This input is not remembered and must also be passed to
+      `github/codeql-action/init`.
+    required: false
+  analysis-kinds:
+    description: >-
+      [Internal] A comma-separated list of analysis kinds that subsequent
+      `github/codeql-action/init` invocations will enable. If specified, the Action may use this
+      list to select a CodeQL CLI version that is best suited to those analysis kinds. This input is
+      not remembered and must also be passed to `github/codeql-action/init`.
+
+      Available options are the same as for the `analysis-kinds` input on the `init` Action.
+    default: 'code-scanning'
+    required: true
  token:
    description: GitHub token to use for authenticating with this instance of GitHub.
    default: ${{ github.token }}
@@ -7,8 +7,10 @@ import {
  getRequiredInput,
  getTemporaryDirectory,
 } from "./actions-util";
+import { AnalysisKind, getAnalysisKinds } from "./analyses";
 import { getGitHubVersion } from "./api-client";
 import { CodeQL } from "./codeql";
+import { getRawLanguagesNoAutodetect } from "./config-utils";
 import { EnvVar } from "./environment";
 import { initFeatures } from "./feature-flags";
 import { initCodeQL } from "./init";
@@ -139,14 +141,18 @@ async function run(startedAt: Date): Promise<void> {
    const codeQLDefaultVersionInfo =
      await features.getEnabledDefaultCliVersions(gitHubVersion.type);
    toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
+    const rawLanguages = getRawLanguagesNoAutodetect(
+      getOptionalInput("languages"),
+    );
+    const analysisKinds = await getAnalysisKinds(logger);
    const initCodeQLResult = await initCodeQL(
      getOptionalInput("tools"),
      apiDetails,
      getTemporaryDirectory(),
      gitHubVersion.type,
      codeQLDefaultVersionInfo,
-      undefined, // rawLanguages: currently, setup-codeql is not language aware
-      false, // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware
+      rawLanguages,
+      analysisKinds.includes(AnalysisKind.CodeScanning),
      features,
      logger,
    );