Use new artifact dependency if not on GHES & feature flag enabled

lib/analyze-action-post.js

@@ -29,17 +29,29 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * other `post:` hooks.
  */
 const core = __importStar(require("@actions/core"));
+const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
+const config_utils_1 = require("./config-utils");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
         const logger = (0, logging_1.getActionsLogger)();
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
         // Upload SARIF artifacts if we determine that this is a first-party analysis run.
         // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
         if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
-            await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger));
+            const config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
+            if (config !== undefined) {
+                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, features));
+            }
         }
     }
     catch (error) {

lib/analyze-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAyC;AAEzC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAElC,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CAAC,MAAM,CAAC,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,iDAAuD;AACvD,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,mDAA2C;AAC3C,uCAAwD;AACxD,6CAAkD;AAClD,iCAIgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;YAChE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,QAAQ,CACT,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/debug-artifacts.js

@@ -32,6 +32,7 @@ exports.tryUploadAllAvailableDebugArtifacts = tryUploadAllAvailableDebugArtifact
 exports.uploadDebugArtifacts = uploadDebugArtifacts;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const artifact = __importStar(require("@actions/artifact"));
 const artifactLegacy = __importStar(require("@actions/artifact-legacy"));
 const core = __importStar(require("@actions/core"));
 const adm_zip_1 = __importDefault(require("adm-zip"));
@@ -40,6 +41,7 @@ const actions_util_1 = require("./actions-util");
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
@@ -49,7 +51,7 @@ function sanitizeArtifactName(name) {
  * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
  * environment variable is set
  */
-async function uploadCombinedSarifArtifacts(logger) {
+async function uploadCombinedSarifArtifacts(logger, gitHubVariant, features) {
     const tempDir = (0, actions_util_1.getTemporaryDirectory)();
     // Upload Actions SARIF artifacts for debugging when environment variable is set
     if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
@@ -68,7 +70,7 @@ async function uploadCombinedSarifArtifacts(logger) {
             }
         }
         try {
-            await uploadDebugArtifacts(toUpload, baseTempDir, "combined-sarif-artifacts");
+            await uploadDebugArtifacts(toUpload, baseTempDir, "combined-sarif-artifacts", gitHubVariant, features);
         }
         catch (e) {
             logger.warning(`Failed to upload combined SARIF files as Actions debugging artifact. Reason: ${(0, util_1.getErrorMessage)(e)}`);
@@ -128,7 +130,7 @@ async function tryBundleDatabase(config, language, logger) {
  *
  * Logs and suppresses any errors that occur.
  */
-async function tryUploadAllAvailableDebugArtifacts(config, logger) {
+async function tryUploadAllAvailableDebugArtifacts(config, logger, features) {
     const filesToUpload = [];
     try {
         for (const language of config.languages) {
@@ -168,13 +170,13 @@ async function tryUploadAllAvailableDebugArtifacts(config, logger) {
         return;
     }
     try {
-        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(filesToUpload, config.dbLocation, config.debugArtifactName));
+        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(filesToUpload, config.dbLocation, config.debugArtifactName, config.gitHubVersion.type, features));
     }
     catch (e) {
         logger.warning(`Failed to upload debug artifacts. Reason: ${(0, util_1.getErrorMessage)(e)}`);
     }
 }
-async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
+async function uploadDebugArtifacts(toUpload, rootDir, artifactName, ghVariant, features) {
     if (toUpload.length === 0) {
         return;
     }
@@ -189,11 +191,28 @@ async function uploadDebugArtifacts(toUpload, rootDir, artifactName) {
             core.info("Could not parse user-specified `matrix` input into JSON. The debug artifact will not be named with the user's `matrix` input.");
         }
     }
-    await artifactLegacy.create().uploadArtifact(sanitizeArtifactName(`${artifactName}${suffix}`), toUpload.map((file) => path.normalize(file)), path.normalize(rootDir), {
-        continueOnError: true,
-        // ensure we don't keep the debug artifacts around for too long since they can be large.
-        retentionDays: 7,
-    });
+    // `@actions/artifact@v2` is not yet supported on GHES so the legacy version of the client will be used on GHES
+    // until it is supported. We also use the legacy version of the client if the feature flag is disabled.
+    const artifactUploader = ghVariant !== util_1.GitHubVariant.GHES &&
+        (await features.getValue(feature_flags_1.Feature.ArtifactUpgrade))
+        ? new artifact.DefaultArtifactClient()
+        : artifactLegacy.create();
+    const artifactUploaderArgs = [
+        sanitizeArtifactName(`${artifactName}${suffix}`),
+        toUpload.map((file) => path.normalize(file)),
+        path.normalize(rootDir),
+        {
+            // ensure we don't keep the debug artifacts around for too long since they can be large.
+            retentionDays: 7,
+        },
+    ];
+    try {
+        await artifactUploader.uploadArtifact(...artifactUploaderArgs);
+    }
+    catch (e) {
+        // A failure to upload debug artifacts should not fail the entire action.
+        core.warning(`Failed to upload debug artifacts: ${e}`);
+    }
 }
 /**
  * If a database has not been finalized, we cannot run the `codeql database bundle`

lib/debug-artifacts.test.js

@@ -28,6 +28,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const feature_flags_1 = require("./feature-flags");
+const testing_utils_1 = require("./testing-utils");
+const util_1 = require("./util");
 (0, ava_1.default)("sanitizeArtifactName", (t) => {
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello-world_"), "hello-world_");
     t.deepEqual(debugArtifacts.sanitizeArtifactName("hello`world`"), "helloworld");
@@ -36,6 +39,7 @@ const debugArtifacts = __importStar(require("./debug-artifacts"));
 });
 (0, ava_1.default)("uploadDebugArtifacts", async (t) => {
     // Test that no error is thrown if artifacts list is empty.
-    await t.notThrowsAsync(debugArtifacts.uploadDebugArtifacts([], "rootDir", "artifactName"));
+    const mockFeature = (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.ArtifactUpgrade]);
+    await t.notThrowsAsync(debugArtifacts.uploadDebugArtifacts([], "rootDir", "artifactName", util_1.GitHubVariant.DOTCOM, mockFeature));
 });
 //# sourceMappingURL=debug-artifacts.test.js.map

lib/debug-artifacts.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AAEpD,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,2DAA2D;IAC3D,MAAM,CAAC,CAAC,cAAc,CACpB,cAAc,CAAC,oBAAoB,CAAC,EAAE,EAAE,SAAS,EAAE,cAAc,CAAC,CACnE,CAAC;AACJ,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,mDAA0C;AAC1C,mDAAiD;AACjD,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,2DAA2D;IAC3D,MAAM,WAAW,GAAG,IAAA,8BAAc,EAAC,CAAC,uBAAO,CAAC,eAAe,CAAC,CAAC,CAAC;IAC9D,MAAM,CAAC,CAAC,cAAc,CACpB,cAAc,CAAC,oBAAoB,CACjC,EAAE,EACF,SAAS,EACT,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,WAAW,CACZ,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/feature-flags.js

@@ -44,6 +44,7 @@ exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
  */
 var Feature;
 (function (Feature) {
+    Feature["ArtifactUpgrade"] = "artifact_upgrade";
     Feature["CleanupTrapCaches"] = "cleanup_trap_caches";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
@@ -53,6 +54,11 @@ var Feature;
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
+    [Feature.ArtifactUpgrade]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_ARTIFACT_UPGRADE",
+        minimumVersion: undefined,
+    },
     [Feature.CleanupTrapCaches]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",

lib/init-action-post-helper.js

@@ -132,7 +132,7 @@ async function run(uploadAllAvailableDebugArtifacts, printDebugLogs, config, rep
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
         logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
-        await uploadAllAvailableDebugArtifacts(config, logger);
+        await uploadAllAvailableDebugArtifacts(config, logger, features);
         await printDebugLogs(config);
     }
     if (actionsUtil.isSelfHostedRunner()) {

lib/start-proxy-action-post.js

@@ -28,10 +28,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * It will run after the all steps in this job, in reverse order in relation to
  * other `post:` hooks.
  */
+const artifact = __importStar(require("@actions/artifact"));
 const artifactLegacy = __importStar(require("@actions/artifact-legacy"));
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const configUtils = __importStar(require("./config-utils"));
+const feature_flags_1 = require("./feature-flags");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
@@ -47,13 +52,32 @@ async function runWrapper() {
     if ((config && config.debugMode) || core.isDebug()) {
         const logFilePath = core.getState("proxy-log-file");
         core.info("Debug mode is on. Uploading proxy log as Actions debugging artifact...");
+        if (config?.gitHubVersion.type === undefined) {
+            core.warning(`Did not upload debug artifacts because cannot determine the GitHub variant running.`);
+            return;
+        }
+        const logger = (0, logging_1.getActionsLogger)();
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         try {
-            await artifactLegacy
-                .create()
-                .uploadArtifact("proxy-log-file", [logFilePath], actionsUtil.getTemporaryDirectory(), {
-                continueOnError: true,
-                retentionDays: 7,
-            });
+            // `@actions/artifact@v2` is not yet supported on GHES so the legacy version of the client will be used on GHES
+            // until it is supported. We also use the legacy version of the client if the feature flag is disabled.
+            const artifactUploader = config?.gitHubVersion.type !== util_1.GitHubVariant.GHES &&
+                (await features.getValue(feature_flags_1.Feature.ArtifactUpgrade))
+                ? new artifact.DefaultArtifactClient()
+                : artifactLegacy.create();
+            const artifactUploaderArgs = [
+                "proxy-log-file",
+                [logFilePath],
+                actionsUtil.getTemporaryDirectory(),
+                {
+                    // ensure we don't keep the debug artifacts around for too long since they can be large.
+                    retentionDays: 7,
+                },
+            ];
+            await artifactUploader.uploadArtifact(...artifactUploaderArgs);
         }
         catch (e) {
             // A failure to upload debug artifacts should not fail the entire action.

lib/start-proxy-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"start-proxy-action-post.js","sourceRoot":"","sources":["../src/start-proxy-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,yEAA2D;AAC3D,oDAAsC;AAEtC,4DAA8C;AAC9C,4DAA8C;AAC9C,iCAAyC;AAEzC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC/C,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,wCAAwC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CACxC,WAAW,CAAC,qBAAqB,EAAE,EACnC,IAAI,CACL,CAAC;IAEF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,CACP,wEAAwE,CACzE,CAAC;QACF,IAAI,CAAC;YACH,MAAM,cAAc;iBACjB,MAAM,EAAE;iBACR,cAAc,CACb,gBAAgB,EAChB,CAAC,WAAW,CAAC,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC;gBACE,eAAe,EAAE,IAAI;gBACrB,aAAa,EAAE,CAAC;aACjB,CACF,CAAC;QACN,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,yEAAyE;YACzE,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"start-proxy-action-post.js","sourceRoot":"","sources":["../src/start-proxy-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,4DAA8C;AAC9C,yEAA2D;AAC3D,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,4DAA8C;AAC9C,mDAAoD;AACpD,uCAA6C;AAC7C,6CAAkD;AAClD,iCAKgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC/C,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,wCAAwC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CACjE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CACxC,WAAW,CAAC,qBAAqB,EAAE,EACnC,IAAI,CACL,CAAC;IAEF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,CACP,wEAAwE,CACzE,CAAC;QACF,IAAI,MAAM,EAAE,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,CACV,qFAAqF,CACtF,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;QAEF,IAAI,CAAC;YACH,+GAA+G;YAC/G,uGAAuG;YACvG,MAAM,gBAAgB,GACpB,MAAM,EAAE,aAAa,CAAC,IAAI,KAAK,oBAAa,CAAC,IAAI;gBACjD,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,eAAe,CAAC,CAAC;gBAChD,CAAC,CAAC,IAAI,QAAQ,CAAC,qBAAqB,EAAE;gBACtC,CAAC,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC;YAE9B,MAAM,oBAAoB,GAKtB;gBACF,gBAAgB;gBAChB,CAAC,WAAW,CAAC;gBACb,WAAW,CAAC,qBAAqB,EAAE;gBACnC;oBACE,wFAAwF;oBACxF,aAAa,EAAE,CAAC;iBACjB;aACF,CAAC;YAEF,MAAM,gBAAgB,CAAC,cAAc,CAAC,GAAG,oBAAoB,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,yEAAyE;YACzE,IAAI,CAAC,OAAO,CAAC,qCAAqC,CAAC,EAAE,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/upload-sarif-action-post.js

@@ -29,17 +29,29 @@ Object.defineProperty(exports, "__esModule", { value: true });
  * other `post:` hooks.
  */
 const core = __importStar(require("@actions/core"));
+const actions_util_1 = require("./actions-util");
+const api_client_1 = require("./api-client");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const util_1 = require("./util");
 async function runWrapper() {
     try {
         const logger = (0, logging_1.getActionsLogger)();
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
         // Upload SARIF artifacts if we determine that this is a third-party analysis run.
         // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
         if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
-            await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger));
+            if (gitHubVersion.type === undefined) {
+                core.warning(`Did not upload debug artifacts because cannot determine the GitHub variant running.`);
+                return;
+            }
+            await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, gitHubVersion.type, features));
         }
     }
     catch (error) {

lib/upload-sarif-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAyC;AAEzC,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,kFAAkF;QAClF,mFAAmF;QACnF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CAAC,MAAM,CAAC,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAClE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action-post.js","sourceRoot":"","sources":["../src/upload-sarif-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,iDAAuD;AACvD,6CAAgD;AAChD,kEAAoD;AACpD,+CAAuC;AACvC,mDAA2C;AAC3C,uCAAwD;AACxD,6CAAkD;AAClD,iCAIgB;AAEhB,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,kFAAkF;QAClF,mFAAmF;QACnF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,IAAI,aAAa,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBACrC,IAAI,CAAC,OAAO,CACV,qFAAqF,CACtF,CAAC;gBACF,OAAO;YACT,CAAC;YACD,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,aAAa,CAAC,IAAI,EAClB,QAAQ,CACT,CACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,yCAAyC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAClE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

src/analyze-action-post.ts

@@ -5,21 +5,48 @@
  */
 import * as core from "@actions/core";
 
+import { getTemporaryDirectory } from "./actions-util";
+import { getGitHubVersion } from "./api-client";
+import { getConfig } from "./config-utils";
 import * as debugArtifacts from "./debug-artifacts";
 import { EnvVar } from "./environment";
+import { Features } from "./feature-flags";
 import { getActionsLogger, withGroup } from "./logging";
-import { getErrorMessage } from "./util";
+import { parseRepositoryNwo } from "./repository";
+import {
+  checkGitHubVersionInRange,
+  getErrorMessage,
+  getRequiredEnvParam,
+} from "./util";
 
 async function runWrapper() {
   try {
     const logger = getActionsLogger();
+    const gitHubVersion = await getGitHubVersion();
+    checkGitHubVersionInRange(gitHubVersion, logger);
+    const repositoryNwo = parseRepositoryNwo(
+      getRequiredEnvParam("GITHUB_REPOSITORY"),
+    );
+    const features = new Features(
+      gitHubVersion,
+      repositoryNwo,
+      getTemporaryDirectory(),
+      logger,
+    );
 
     // Upload SARIF artifacts if we determine that this is a first-party analysis run.
     // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
     if (process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true") {
-      await withGroup("Uploading combined SARIF debug artifact", () =>
-        debugArtifacts.uploadCombinedSarifArtifacts(logger),
-      );
+      const config = await getConfig(getTemporaryDirectory(), logger);
+      if (config !== undefined) {
+        await withGroup("Uploading combined SARIF debug artifact", () =>
+          debugArtifacts.uploadCombinedSarifArtifacts(
+            logger,
+            config.gitHubVersion.type,
+            features,
+          ),
+        );
+      }
     }
   } catch (error) {
     core.setFailed(

src/debug-artifacts.test.ts

@@ -1,6 +1,9 @@
 import test from "ava";
 
 import * as debugArtifacts from "./debug-artifacts";
+import { Feature } from "./feature-flags";
+import { createFeatures } from "./testing-utils";
+import { GitHubVariant } from "./util";
 
 test("sanitizeArtifactName", (t) => {
   t.deepEqual(
@@ -20,7 +23,14 @@ test("sanitizeArtifactName", (t) => {
 
 test("uploadDebugArtifacts", async (t) => {
   // Test that no error is thrown if artifacts list is empty.
+  const mockFeature = createFeatures([Feature.ArtifactUpgrade]);
   await t.notThrowsAsync(
-    debugArtifacts.uploadDebugArtifacts([], "rootDir", "artifactName"),
+    debugArtifacts.uploadDebugArtifacts(
+      [],
+      "rootDir",
+      "artifactName",
+      GitHubVariant.DOTCOM,
+      mockFeature,
+    ),
   );
 });

src/debug-artifacts.ts

@@ -1,6 +1,7 @@
 import * as fs from "fs";
 import * as path from "path";
 
+import * as artifact from "@actions/artifact";
 import * as artifactLegacy from "@actions/artifact-legacy";
 import * as core from "@actions/core";
 import AdmZip from "adm-zip";
@@ -11,6 +12,7 @@ import { dbIsFinalized } from "./analyze";
 import { getCodeQL } from "./codeql";
 import { Config } from "./config-utils";
 import { EnvVar } from "./environment";
+import { Feature, FeatureEnablement } from "./feature-flags";
 import { Language } from "./languages";
 import { Logger, withGroup } from "./logging";
 import {
@@ -18,6 +20,7 @@ import {
   doesDirectoryExist,
   getCodeQLDatabasePath,
   getErrorMessage,
+  GitHubVariant,
   listFolder,
 } from "./util";
 
@@ -29,7 +32,11 @@ export function sanitizeArtifactName(name: string): string {
  * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
  * environment variable is set
  */
-export async function uploadCombinedSarifArtifacts(logger: Logger) {
+export async function uploadCombinedSarifArtifacts(
+  logger: Logger,
+  gitHubVariant: GitHubVariant,
+  features: FeatureEnablement,
+) {
   const tempDir = getTemporaryDirectory();
 
   // Upload Actions SARIF artifacts for debugging when environment variable is set
@@ -61,6 +68,8 @@ export async function uploadCombinedSarifArtifacts(logger: Logger) {
         toUpload,
         baseTempDir,
         "combined-sarif-artifacts",
+        gitHubVariant,
+        features,
       );
     } catch (e) {
       logger.warning(
@@ -153,6 +162,7 @@ async function tryBundleDatabase(
 export async function tryUploadAllAvailableDebugArtifacts(
   config: Config,
   logger: Logger,
+  features: FeatureEnablement,
 ) {
   const filesToUpload: string[] = [];
   try {
@@ -214,6 +224,8 @@ export async function tryUploadAllAvailableDebugArtifacts(
         filesToUpload,
         config.dbLocation,
         config.debugArtifactName,
+        config.gitHubVersion.type,
+        features,
       ),
     );
   } catch (e) {
@@ -227,6 +239,8 @@ export async function uploadDebugArtifacts(
   toUpload: string[],
   rootDir: string,
   artifactName: string,
+  ghVariant: GitHubVariant,
+  features: FeatureEnablement,
 ) {
   if (toUpload.length === 0) {
     return;
@@ -246,16 +260,35 @@ export async function uploadDebugArtifacts(
     }
   }
 
-  await artifactLegacy.create().uploadArtifact(
+  // `@actions/artifact@v2` is not yet supported on GHES so the legacy version of the client will be used on GHES
+  // until it is supported. We also use the legacy version of the client if the feature flag is disabled.
+  const artifactUploader =
+    ghVariant !== GitHubVariant.GHES &&
+    (await features.getValue(Feature.ArtifactUpgrade))
+      ? new artifact.DefaultArtifactClient()
+      : artifactLegacy.create();
+
+  const artifactUploaderArgs: [
+    string, // artifact name
+    string[], // file paths to upload
+    string, // root directory
+    artifact.UploadArtifactOptions,
+  ] = [
     sanitizeArtifactName(`${artifactName}${suffix}`),
     toUpload.map((file) => path.normalize(file)),
     path.normalize(rootDir),
     {
-      continueOnError: true,
       // ensure we don't keep the debug artifacts around for too long since they can be large.
       retentionDays: 7,
     },
-  );
+  ];
+
+  try {
+    await artifactUploader.uploadArtifact(...artifactUploaderArgs);
+  } catch (e) {
+    // A failure to upload debug artifacts should not fail the entire action.
+    core.warning(`Failed to upload debug artifacts: ${e}`);
+  }
 }
 
 /**

src/feature-flags.ts

@@ -40,6 +40,7 @@ export interface FeatureEnablement {
  * Legacy features should end with `_enabled`.
  */
 export enum Feature {
+  ArtifactUpgrade = "artifact_upgrade",
   CleanupTrapCaches = "cleanup_trap_caches",
   CppDependencyInstallation = "cpp_dependency_installation_enabled",
   DisableCsharpBuildless = "disable_csharp_buildless",
@@ -80,6 +81,11 @@ export const featureConfig: Record<
     toolsFeature?: ToolsFeature;
   }
 > = {
+  [Feature.ArtifactUpgrade]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_ARTIFACT_UPGRADE",
+    minimumVersion: undefined,
+  },
   [Feature.CleanupTrapCaches]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES",

src/init-action-post-helper.ts

@@ -161,6 +161,7 @@ export async function run(
   uploadAllAvailableDebugArtifacts: (
     config: Config,
     logger: Logger,
+    features: FeatureEnablement,
   ) => Promise<void>,
   printDebugLogs: (config: Config) => Promise<void>,
   config: Config,
@@ -210,7 +211,7 @@ export async function run(
     logger.info(
       "Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...",
     );
-    await uploadAllAvailableDebugArtifacts(config, logger);
+    await uploadAllAvailableDebugArtifacts(config, logger, features);
     await printDebugLogs(config);
   }
 

src/start-proxy-action-post.ts

@@ -3,12 +3,22 @@
  * It will run after the all steps in this job, in reverse order in relation to
  * other `post:` hooks.
  */
+import * as artifact from "@actions/artifact";
 import * as artifactLegacy from "@actions/artifact-legacy";
 import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import * as configUtils from "./config-utils";
-import { getErrorMessage } from "./util";
+import { Feature, Features } from "./feature-flags";
+import { getActionsLogger } from "./logging";
+import { parseRepositoryNwo } from "./repository";
+import {
+  checkGitHubVersionInRange,
+  getErrorMessage,
+  getRequiredEnvParam,
+  GitHubVariant,
+} from "./util";
 
 async function runWrapper() {
   try {
@@ -31,18 +41,51 @@ async function runWrapper() {
     core.info(
       "Debug mode is on. Uploading proxy log as Actions debugging artifact...",
     );
+    if (config?.gitHubVersion.type === undefined) {
+      core.warning(
+        `Did not upload debug artifacts because cannot determine the GitHub variant running.`,
+      );
+      return;
+    }
+
+    const logger = getActionsLogger();
+    const gitHubVersion = await getGitHubVersion();
+    checkGitHubVersionInRange(gitHubVersion, logger);
+    const repositoryNwo = parseRepositoryNwo(
+      getRequiredEnvParam("GITHUB_REPOSITORY"),
+    );
+    const features = new Features(
+      gitHubVersion,
+      repositoryNwo,
+      actionsUtil.getTemporaryDirectory(),
+      logger,
+    );
+
     try {
-      await artifactLegacy
-        .create()
-        .uploadArtifact(
-          "proxy-log-file",
-          [logFilePath],
-          actionsUtil.getTemporaryDirectory(),
-          {
-            continueOnError: true,
-            retentionDays: 7,
-          },
-        );
+      // `@actions/artifact@v2` is not yet supported on GHES so the legacy version of the client will be used on GHES
+      // until it is supported. We also use the legacy version of the client if the feature flag is disabled.
+      const artifactUploader =
+        config?.gitHubVersion.type !== GitHubVariant.GHES &&
+        (await features.getValue(Feature.ArtifactUpgrade))
+          ? new artifact.DefaultArtifactClient()
+          : artifactLegacy.create();
+
+      const artifactUploaderArgs: [
+        string, // artifact name
+        string[], // file paths to upload
+        string, // root directory
+        artifact.UploadArtifactOptions,
+      ] = [
+        "proxy-log-file",
+        [logFilePath],
+        actionsUtil.getTemporaryDirectory(),
+        {
+          // ensure we don't keep the debug artifacts around for too long since they can be large.
+          retentionDays: 7,
+        },
+      ];
+
+      await artifactUploader.uploadArtifact(...artifactUploaderArgs);
     } catch (e) {
       // A failure to upload debug artifacts should not fail the entire action.
       core.warning(`Failed to upload debug artifacts: ${e}`);

src/upload-sarif-action-post.ts

@@ -5,19 +5,49 @@
  */
 import * as core from "@actions/core";
 
+import { getTemporaryDirectory } from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import * as debugArtifacts from "./debug-artifacts";
 import { EnvVar } from "./environment";
+import { Features } from "./feature-flags";
 import { getActionsLogger, withGroup } from "./logging";
-import { getErrorMessage } from "./util";
+import { parseRepositoryNwo } from "./repository";
+import {
+  checkGitHubVersionInRange,
+  getErrorMessage,
+  getRequiredEnvParam,
+} from "./util";
 
 async function runWrapper() {
   try {
     const logger = getActionsLogger();
+    const gitHubVersion = await getGitHubVersion();
+    checkGitHubVersionInRange(gitHubVersion, logger);
+    const repositoryNwo = parseRepositoryNwo(
+      getRequiredEnvParam("GITHUB_REPOSITORY"),
+    );
+    const features = new Features(
+      gitHubVersion,
+      repositoryNwo,
+      getTemporaryDirectory(),
+      logger,
+    );
+
     // Upload SARIF artifacts if we determine that this is a third-party analysis run.
     // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
     if (process.env[EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
+      if (gitHubVersion.type === undefined) {
+        core.warning(
+          `Did not upload debug artifacts because cannot determine the GitHub variant running.`,
+        );
+        return;
+      }
       await withGroup("Uploading combined SARIF debug artifact", () =>
-        debugArtifacts.uploadCombinedSarifArtifacts(logger),
+        debugArtifacts.uploadCombinedSarifArtifacts(
+          logger,
+          gitHubVersion.type,
+          features,
+        ),
       );
     }
   } catch (error) {